From 9baacd559725f2cf336ad541b76df061d91f79b0 Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Fri, 29 Dec 2023 15:06:19 +0000
Subject: [PATCH] feat: oidc config on harbor side

---
 roles/harbor-registry/files/harbor-oidc.json       | 10 +++++-----
 roles/harbor-registry/templates/harbor.config.yaml |  2 +-
 roles/openvpn/tasks/main.yaml                      |  5 +++--
 roles/openvpn/templates/atlantishq.conf            |  8 +++++---
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/roles/harbor-registry/files/harbor-oidc.json b/roles/harbor-registry/files/harbor-oidc.json
index 0a5e415..2bdefee 100644
--- a/roles/harbor-registry/files/harbor-oidc.json
+++ b/roles/harbor-registry/files/harbor-oidc.json
@@ -1,12 +1,12 @@
 {
   "auth_mode": "oidc_auth",
-  "oidc_name": "keycloak",
-  "oidc_endpoint": "https://",
+  "oidc_name": "AtlantisHQ Accounts",
+  "oidc_endpoint": "https://keycloak.atlantishq.de/realms/master",
   "oidc_groups_claim": "groups",
   "oidc_admin_group": "admin",
-  "oidc_client_id": "defaultwithclientkey",
-  "oidc_client_secret": "asdfasdfasdfasdfasddfasdfasdfasdf",
-  "oidc_scope": "openid,email,profile,offline_access",
+  "oidc_client_id": "z_harbor",
+  "oidc_client_secret": "HISTORY_PURGED_SECRET",
+  "oidc_scope": "openid,email,profile",
   "oidc_verify_cert": "true",
   "oidc_auto_onboard": "true",
   "oidc_user_claim": "preferred_username"
diff --git a/roles/harbor-registry/templates/harbor.config.yaml b/roles/harbor-registry/templates/harbor.config.yaml
index 0900492..9b4439d 100644
--- a/roles/harbor-registry/templates/harbor.config.yaml
+++ b/roles/harbor-registry/templates/harbor.config.yaml
@@ -28,7 +28,7 @@ http:
 
 # Uncomment external_url if you want to enable external proxy
 # And when it enabled the hostname will no longer used
-external_url: https://harbor.atlantishq.de
+external_url: https://harbor-registry.atlantishq.de
 
 # The initial password of Harbor admin
 # It only works in first time to install harbor
diff --git a/roles/openvpn/tasks/main.yaml b/roles/openvpn/tasks/main.yaml
index 5c27e90..68bac39 100644
--- a/roles/openvpn/tasks/main.yaml
+++ b/roles/openvpn/tasks/main.yaml
@@ -15,9 +15,10 @@
 - name: Deploy OpenVPN configs
   template:
     src: "{{ item }}.conf"
-    dest: "/etc/openvpn/{{ item }}/"
+    dest: "/etc/openvpn/{{ item }}-{{ item.dev_type }}/{{ item }}-{{ item.dev_type }}.conf"
   with_items:
-    - atlantishq
+    - { "name" : "atlantishq", "dev_type" : "tap", "port" : 7012 }
+    - { "name" : "atlantishq", "dev_type" : "tun", "port" : 7013 }
 
 - name: Openvpn Mgnt interface Pass file
   copy:
diff --git a/roles/openvpn/templates/atlantishq.conf b/roles/openvpn/templates/atlantishq.conf
index 90b9be2..2dc537b 100644
--- a/roles/openvpn/templates/atlantishq.conf
+++ b/roles/openvpn/templates/atlantishq.conf
@@ -2,13 +2,15 @@ server 172.16.1.0 255.255.255.0
 #server-ipv6 fd2a:aef:608:1::/64
 
 dev athq_sheppyvpn
-dev-type tap
+dev-type {{ dev_type }}
 
-proto tcp
-port 7012
+proto {{ proto }}
+port {{ port }}
 
+{% if dev_type == "tap" %}
 topology subnet
 client-to-client
+{% endif %}
 
 # disable logging
 #log /dev/null