sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-09 15:08:33 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add hedgedoc \w oidc-auth

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-12-28 23:06:13 +00:00
parent c90d671ae3
commit b3094727e5
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
group_vars/all.yaml
View File

@@ -209,3 +209,14 @@ keycloak_clients:
master_address: "https://async-icinga.atlantishq.de" master_address: "https://async-icinga.atlantishq.de"
skips: skips:
- "/report" - "/report"
hedgedoc:
party_secret : "HISTORY_PURGED_SECRET"
client_id: z_hedgedoc
client_secret: "HISTORY_PURGED_SECRET"
redirect_uris:
- "https://hedgedoc.atlantishq.de/*"
description: "Hedgedoc"
keycloak_id: "00000000-0000-0000-0000-000000000012"
groups: "monitoring"
master_address: "https://async-icinga.atlantishq.de"

4
roles/docker-deployments/tasks/main.yaml
View File

@@ -50,6 +50,7 @@
- harbor - harbor
- event-dispatcher - event-dispatcher
- reactive-resume - reactive-resume
- hedgedoc
- name: Copy Harbor Registry config - name: Copy Harbor Registry config
copy: copy:
@@ -97,6 +98,7 @@
- event-dispatcher - event-dispatcher
- tor - tor
- reactive-resume - reactive-resume
- hedgedoc
- name: Copy compose templates - name: Copy compose templates
template: template:
@@ -115,6 +117,7 @@
- event-dispatcher - event-dispatcher
- tor - tor
- reactive-resume - reactive-resume
- hedgedoc
- name: Log into private registry - name: Log into private registry
docker_login: docker_login:
@@ -149,6 +152,7 @@
- event-dispatcher - event-dispatcher
- tor - tor
- reactive-resume - reactive-resume
- hedgedoc
- name: OAuth2Proxy directories - name: OAuth2Proxy directories
file: file:

39
roles/docker-deployments/templates/hedgedoc.yaml Normal file
View File

@@ -0,0 +1,39 @@
version: '3'
services:
database:
image: postgres:13.4-alpine
environment:
- POSTGRES_USER=hedgedoc
- POSTGRES_PASSWORD=HISTORY_PURGED_SECRET
- POSTGRES_DB=hedgedoc
volumes:
- /data/hedgedoc/pgsql:/var/lib/postgresql/data
restart: always
app:
# Make sure to use the latest release from https://hedgedoc.org/latest-release
image: quay.io/hedgedoc/hedgedoc:1.9.9
environment:
- CMD_DB_URL=postgres://hedgedoc:HISTORY_PURGED_SECRET@database:5432/hedgedoc
- CMD_DOMAIN=hedgedoc.atlantishq.de
- CMD_PROTOCOL_USESSL=true
- CMD_ALLOW_ORIGIN=['hedgedoc.atlantishq.de']
- CMD_EMAIL=false
- CMD_ALLOW_EMAIL_REGISTER=false
- CMD_OAUTH2_USER_PROFILE_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/userinfo
- CMD_OAUTH2_TOKEN_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token
- CMD_OAUTH2_AUTHORIZATION_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/auth
- CMD_OAUTH2_CLIENT_ID=z_hedgedoc
- CMD_OAUTH2_CLIENT_SECRET=HISTORY_PURGED_SECRET
- CMD_OAUTH2_SCOPE=openid email profile
- CMD_OAUTH2_ROLES_CLAIM=roles
- CMD_OAUTH2_PROVIDERNAME=AtlantisHQ Auth
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
volumes:
- /data/hedgedoc/uploads:/hedgedoc/public/uploads
ports:
- "5012:3000"
restart: always
depends_on:
- database