feat: add atlantis verify

2025-12-06 12:01:37 +01:00 · 2024-01-04 21:07:15 +00:00
parent 99128d1acb
commit 783eea004f
4 changed files with 48 additions and 0 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -231,3 +231,14 @@ keycloak_clients:
        keycloak_id: "00000000-0000-0000-0000-000000000013"
        groups: "pki"
        master_address: "https://harbor-registry.atlantishq.de"
+
+    atlantis-verify:
+        party_secret: "3HISTORY_PURGED_SECRET"
+        client_id: z_at_verify
+        client_secret: "HISTORY_PURGED_SECRET"
+        redirect_uris:
+            - "https://verify.atlantishq.de/*"
+        description: "Atlantis Verification"
+        keycloak_id: "00000000-0000-0000-0000-000000000014"
+        groups:
+        master_address: "https://verify.atlantishq.de"
--- a/roles/docker-deployments/tasks/main.yaml
+++ b/roles/docker-deployments/tasks/main.yaml
@@ -50,6 +50,7 @@
    - event-dispatcher
    - reactive-resume
    - hedgedoc
+    - atlantis-verify

 - name: Copy AtlantisHub config
  copy:
@@ -93,6 +94,7 @@
    - tor
    - reactive-resume
    - hedgedoc
+    - atlantis-verify

 - name: Copy compose templates
  template:
@@ -111,6 +113,7 @@
    - tor
    - reactive-resume
    - hedgedoc
+    - atlantis-verify

 - name: Log into private registry
  docker_login:
@@ -137,6 +140,7 @@
    - tor
    - reactive-resume
    - hedgedoc
+    - atlantis-verify

 - name: OAuth2Proxy directories
  file:
@@ -148,6 +152,7 @@
    - atlantis-hub
    - grafana
    - async-icinga
+    - atlantis-verify

 - name: include services ports
  include_vars: services.yaml
@@ -161,6 +166,7 @@
    - atlantis-hub
    - grafana
    - async-icinga
+    - atlantis-verify

 - name: Deploy OAuth2Proxy
  community.docker.docker_compose:
@@ -171,3 +177,4 @@
    - atlantis-hub
    - grafana
    - async-icinga
+    - atlantis-verify
--- a/roles/docker-deployments/templates/atlantis-verify.yaml
+++ b/roles/docker-deployments/templates/atlantis-verify.yaml
@@ -0,0 +1,28 @@
+atlantis-verify:
+    image: harbor-registry.atlantishq.de/atlantishq/atlantis-verify:latest
+    restart: always
+    environment:
+
+        LDAP_SERVER: ldap://{{ ldap_server }}
+        LDAP_BIND_DN: {{ ldap_bind_dn }}
+        LDAP_BIND_PW: {{ ldap_password }}
+        LDAP_BASE_DN: {{ ldap_user_dn }}
+
+        DISPATCH_SERVER: {{ event_dispatcher_address }}
+
+        SQLALCHEMY_DATABASE_URI: "instance/database.sqlite"
+        
+        KEYCLOAK_URL: https://{{ keycloak_address }}
+        KEYCLOAK_REALM: master
+        KEYCLOAK_ADMIN_USER: admin
+        KEYCLOAK_ADMIN_PASS: {{ keycloak_admin_password }}
+
+        MAIN_HOME: https://hub.atlantishq.de
+
+        DISPATCH_AUTH_USER: {{ event_dispatcher_user }}
+        DISPATCH_AUTH_PASSWORD: {{ event_dispatcher_pass }}
+
+    ports:
+        - 6013:5000
+    volumes:
+        - /data/atlantis-verify/instance/:/app/instance/
--- a/vars/services.yaml
+++ b/vars/services.yaml
@@ -21,3 +21,5 @@ services:
        port: 3000
    async-icinga:
        port: 5006
+    atlantis-verify:
+        port: 5013