From f2567c5e9f15241cb5b8153a67b8e189f14d919f Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Tue, 27 Jun 2023 10:49:10 +0000
Subject: [PATCH] feat: support for heimdall/hub page

---
 group_vars/all.yaml                              | 13 +++++++++++++
 roles/docker-deployments/tasks/main.yaml         |  7 +++++++
 roles/docker-deployments/templates/heimdall.yaml | 10 ++++++++++
 templates/oauth-standalone-docker-compose.yaml   |  5 ++++-
 vars/services.yaml                               |  2 ++
 5 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 roles/docker-deployments/templates/heimdall.yaml

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 38a6863..b85c9fd 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -120,3 +120,16 @@ keycloak_clients:
         groups: "trackmania"
         master_address: "https://trackmania.atlantishq.de"
         skips:
+
+    heimdall:
+        party_secret : "HISTORY_PURGED_SECRET"
+        client_id: z_heimdall
+        client_secret: "HISTORY_PURGED_SECRET"
+        client_secret: "HISTORY_PURGED_SECRET"
+        redirect_uris:
+            - "https://hub.atlantishq.de/*"
+        description: "AtlantisHQ Hub"
+        keycloak_id: "00000000-0000-0000-0000-000000000007"
+        groups:
+        master_address: "https://hub.atlantishq.de"
+        skips:
diff --git a/roles/docker-deployments/tasks/main.yaml b/roles/docker-deployments/tasks/main.yaml
index 2c188a4..57bcdc9 100644
--- a/roles/docker-deployments/tasks/main.yaml
+++ b/roles/docker-deployments/tasks/main.yaml
@@ -38,6 +38,7 @@
     state: directory
   with_items:
     - tmnf-replay-server
+    - heimdall
 
 - name: Create compose directories
   file:
@@ -50,6 +51,7 @@
     - sector32
     - async-icinga
     - tmnf-replay-server
+    - heimdall
 
 - name: Copy compose templates
   template:
@@ -62,6 +64,7 @@
     - sector32
     - async-icinga
     - tmnf-replay-server
+    - heimdall
 
 - name: Log into private registry
   docker_login:
@@ -82,6 +85,7 @@
     - sector32
     - async-icinga
     - tmnf-replay-server
+    - heimdall
 
 - name: OAuth2Proxy directories
   file:
@@ -90,6 +94,7 @@
     recurse: yes
   with_items:
     - tmnf-replay-server
+    - heimdall
 
 - name: include services ports
   include_vars: services.yaml
@@ -100,6 +105,7 @@
     dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
   with_items:
     - tmnf-replay-server
+    - heimdall
 
 - name: Deploy OAuth2Proxy
   community.docker.docker_compose:
@@ -107,3 +113,4 @@
     pull: true
   with_items:
     - tmnf-replay-server
+    - heimdall
diff --git a/roles/docker-deployments/templates/heimdall.yaml b/roles/docker-deployments/templates/heimdall.yaml
new file mode 100644
index 0000000..0287a13
--- /dev/null
+++ b/roles/docker-deployments/templates/heimdall.yaml
@@ -0,0 +1,10 @@
+heimdall:
+    image: linuxserver/heimdall:latest
+    restart: always
+    ports:
+        - 6011:80
+    volumes:
+        - /data/heimdall/:/config/
+    environment:
+        - PGID=1000
+        - PUID=1000
diff --git a/templates/oauth-standalone-docker-compose.yaml b/templates/oauth-standalone-docker-compose.yaml
index f7ac972..fcc05a3 100644
--- a/templates/oauth-standalone-docker-compose.yaml
+++ b/templates/oauth-standalone-docker-compose.yaml
@@ -28,7 +28,10 @@ services:
       OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
       OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
       OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].client_secret }}"
-      OAUTH2_PROXY_ALLOWED_GROUPS: {{ keycloak_clients[item].groups }}
+
+      {% if keycloak_clients[item].groups %}
+OAUTH2_PROXY_ALLOWED_GROUPS: {{ keycloak_clients[item].groups }}
+      {% endif %}
 
       OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub
       OAUTH2_PROXY_SET_XAUTHREQUEST: "true"
diff --git a/vars/services.yaml b/vars/services.yaml
index eca85b7..f6833b3 100644
--- a/vars/services.yaml
+++ b/vars/services.yaml
@@ -11,3 +11,5 @@ services:
         port: 5000
     tmnf-replay-server:
         port: 5010
+    heimdall:
+        port: 5011