add: oauth2proxy cert/keycloak for cert manager

group_vars/all.yaml

@@ -96,3 +96,15 @@ keycloak_clients:
         groups: "pki"
         master_address: "https://pki.atlantishq.de"
         skips:
+
+    cert-manager:
+        party_secret : "HISTORY_PURGED_SECRET"
+        client_id: z_cert_manager
+        client_secret: "HISTORY_PURGED_SECRET"
+        redirect_uris: 
+            - "https://vpn.atlantishq.de/*"
+        description: "AtlantisHQ Certificate Manager"
+        keycloak_id: "00000000-0000-0000-0000-000000000005"
+        groups: "pki"
+        master_address: "https://vpn.atlantishq.de"
+        skips:

roles/openvpn/tasks/main.yaml

@@ -71,3 +71,29 @@
     pull: true
     files:
       - "certificate-manager.yaml"
+
+# setup oauth proxy #
+- name: include services ports
+  include_vars: services.yaml
+
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+    - cert-manager
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - cert-manager
+
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - cert-manager

roles/openvpn/templates/certificate-manager.yaml

@@ -2,7 +2,7 @@ certificate-manager:
     image: registry.atlantishq.de/certificate-manager:latest
     restart: always
     ports:
-        - 5000:5000
+        - 6000:5000
     volumes:
         - /data/certificate-manager/:/app/data/
     extra_hosts:

roles/usermanagement/tasks/ldap.yaml

@@ -118,6 +118,7 @@
     - mail
     - soundlib
     - monitoring
+    - pki
 
 - name: Deploy Backup Script
   copy:

vars/services.yaml

@@ -7,3 +7,5 @@ services:
         port: 5002
     soundlib-interface:
         port: 5003
+    cert-manager:
+        port: 5000