From a68fbd4838eb226b4371af41873a840d4e58afa0 Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sat, 7 Jan 2023 19:05:30 +0100
Subject: [PATCH] feat: usermanagement keycloak

---
 group_vars/all.yaml                           |  3 ++
 roles/base/tasks/main.yaml                    |  6 ++--
 roles/monitoring-client/tasks/main.yaml       |  2 +-
 roles/usermanagement/tasks/main.yaml          | 32 +++++++++----------
 roles/usermanagement/templates/keycloak.env   |  9 ++++++
 .../{ => templates}/keycloak.yaml             |  4 +--
 roles/usermanagement/templates/postgres.env   |  3 ++
 .../templates/postgres_password               |  1 +
 8 files changed, 37 insertions(+), 23 deletions(-)
 create mode 100644 roles/usermanagement/templates/keycloak.env
 rename roles/usermanagement/{ => templates}/keycloak.yaml (91%)
 create mode 100644 roles/usermanagement/templates/postgres.env
 create mode 100644 roles/usermanagement/templates/postgres_password

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 7b41e27..e263963 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -17,3 +17,6 @@ async_icinga_static_services:
     - { "name" : "backup_ths_server",       "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
     - { "name" : "backup_ths_storrage_box", "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
     - { "name" : "backup_kathi_laptop",     "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
+
+keycloak_admin_password: HISTORY_PURGED_SECRET
+keycloak_postgres_password: HISTORY_PURGED_SECRET
diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
index be954fa..02b3bbb 100644
--- a/roles/base/tasks/main.yaml
+++ b/roles/base/tasks/main.yaml
@@ -11,16 +11,16 @@
   file:
     name: /opt/
     state: directory
-    mode: 711
+    mode: 0711
 
 - name: Ensure backup info dir exists and accessible
   file:
     name: /opt/backup-info/
     state: directory
-    mode: 700
+    mode: 0700
 
 - name: Copy Backup Helper script
   copy:
     src: check_dir_size_for_backup.py
     dest: /opt/check_dir_size_for_backup.py
-    mode: 755
+    mode: 0755
diff --git a/roles/monitoring-client/tasks/main.yaml b/roles/monitoring-client/tasks/main.yaml
index 4fe2aa5..eae8af7 100644
--- a/roles/monitoring-client/tasks/main.yaml
+++ b/roles/monitoring-client/tasks/main.yaml
@@ -66,7 +66,7 @@
     src: monitoring.conf.j2
     dest: /etc/monitoring.conf
     owner: root
-    mode: 644
+    mode: 0644
 
 - name: Add monitoring report cronjob
   cron:
diff --git a/roles/usermanagement/tasks/main.yaml b/roles/usermanagement/tasks/main.yaml
index ecf26f6..ca6302a 100644
--- a/roles/usermanagement/tasks/main.yaml
+++ b/roles/usermanagement/tasks/main.yaml
@@ -3,30 +3,28 @@
     name: /data/
     state: directory
 
-- name: Create opt-dir
+- name: Create compose directory keycloak
   file:
-    name: /opt/
+    name: "/opt/keycloak/"
     state: directory
 
-- name: Create compose directories
-  file:
-    name: "/opt/{{ item }}"
-    state: directory
-  with_items:
-    - keycloak
-
-- name: Copy compose templates
+- name: Copy compose templates keycloak
   template:
-    src: "{{ item }}.yaml"
-    dest: "/opt/{{ item }}/"
+    src: "keycloak.yaml"
+    dest: "/opt/keycloak/"
+
+- name: Copy compose environment files keycloak
+  template:
+    src: "{{ item }}"
+    dest: "/opt/keycloak/"
   with_items:
-    - keycloak
+    - keycloak.env
+    - postgres.env
+    - postgres_password
 
 - name: Deploy compose templates
   community.docker.docker_compose:
-    project_src: "/opt/{{ item }}/"
+    project_src: "/opt/keycloak/"
     pull: true
     files:
-      - "{{ item }}.yaml"
-  with_items:
-    - keycloak
+      - "keycloak.yaml"
diff --git a/roles/usermanagement/templates/keycloak.env b/roles/usermanagement/templates/keycloak.env
new file mode 100644
index 0000000..8d85709
--- /dev/null
+++ b/roles/usermanagement/templates/keycloak.env
@@ -0,0 +1,9 @@
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
+PROXY_ADDRESS_FORWARDING=true
+KC_PROXY=edge
+KC_LOG_LEVEL=ALL
+
+KC_DB_URL_HOST=postgres
+KC_DB_USERNAME=keycloak
+KC_DB_PASSWORD={{ keycloak_postgres_password }}
diff --git a/roles/usermanagement/keycloak.yaml b/roles/usermanagement/templates/keycloak.yaml
similarity index 91%
rename from roles/usermanagement/keycloak.yaml
rename to roles/usermanagement/templates/keycloak.yaml
index 2760268..88c0544 100644
--- a/roles/usermanagement/keycloak.yaml
+++ b/roles/usermanagement/templates/keycloak.yaml
@@ -7,7 +7,7 @@ services:
     container_name: keycloak-container
     command: start-dev --http-enabled=true
     image: quay.io/keycloak/keycloak:18.0.0
-    env_file: .env.keycloak
+    env_file: keycloak.env
     restart: unless-stopped
     ports:
     - 5050:8080
@@ -18,7 +18,7 @@ services:
   postgres:
     container_name: postgres-container
     image: postgres:13.2
-    env_file: .env.postgres
+    env_file: postgres.env
     restart: unless-stopped
     secrets:
     - postgres_password
diff --git a/roles/usermanagement/templates/postgres.env b/roles/usermanagement/templates/postgres.env
new file mode 100644
index 0000000..d0d50cd
--- /dev/null
+++ b/roles/usermanagement/templates/postgres.env
@@ -0,0 +1,3 @@
+POSTGRES_DB=keycloak
+POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+POSTGRES_USER=keycloak
diff --git a/roles/usermanagement/templates/postgres_password b/roles/usermanagement/templates/postgres_password
new file mode 100644
index 0000000..b31ebc4
--- /dev/null
+++ b/roles/usermanagement/templates/postgres_password
@@ -0,0 +1 @@
+{{ keycloak_postgres_password }}