feat: skip auth paths

group_vars/all.yaml

@@ -41,6 +41,13 @@ keycloak_clients:
         keycloak_id: "00000000-0000-0000-0000-000000000001"
         groups: "images"
         master_address: "https://images.atlantishq.de"
+        skips:
+            - "/m/"
+            - "/media/"
+            - "/image/"
+            - "/images/"
+            - "/picture/"
+            - "/pictures/"
 
     simple-log-server:
         party_secret : "HISTORY_PURGED_SECRET"
@@ -52,6 +59,8 @@ keycloak_clients:
         keycloak_id: "00000000-0000-0000-0000-000000000002"
         groups: "monitoring"
         master_address: "https://sls.atlantishq.de"
+        skips:
+            - "/submit"
 
     soundlib-interface:
         party_secret : "HISTORY_PURGED_SECRET"
@@ -63,3 +72,4 @@ keycloak_clients:
         keycloak_id: "00000000-0000-0000-0000-000000000003"
         groups: "soundlib"
         master_address: "https://sounds.atlantishq.de"
+        skips:

roles/web1/handlers/main.yaml

@@ -0,0 +1,19 @@
+- name: systemctl restart image-factory
+  systemd:
+    name: image-factory
+    state: restarted
+
+- name: systemctl restart serien-ampel
+  systemd:
+    name: serien-ampel
+    state: restarted
+
+- name: systemctl restart simple-log-server
+  systemd:
+    name: simple-log-server
+    state: restarted
+
+- name: systemctl restart soundlib-interface
+  systemd:
+    name: soundlib-interface
+    state: restarted

roles/web1/tasks/main.yaml

@@ -83,13 +83,6 @@
     - simple-log-server
     - soundlib-interface
 
-- name: Deploy OAuth2Proxy
-  community.docker.docker_compose:
-    project_src: /opt/oauth2proxy/{{ item }}/
-    pull: true
-  with_items:
-    - soundlib-interface
-
 - name: Template Systemd Units
   template:
     src: "waitress-systemd-unit.j2"
@@ -97,13 +90,25 @@
   with_items:
     - { name : "image-factory",      path : "/var/www/python-flask-picture-factory" }
     - { name : "serien-ampel",       path : "/var/www/serien-ampel" }
-    - { name : "simple-log-server",  path : "/var/www/simple-log-server" }
+    - { name : "simple-log-server",  path : "/var/www/simple-log-server", external_oidc : true }
     - { name : "soundlib-interface", path : "/var/www/soundlib-interface", external_oidc : true }
   notify:
     - daemon reload
+    - systemctl restart image-factory
+    - systemctl restart serien-ampel
+    - systemctl restart simple-log-server
+    - systemctl restart soundlib-interface
 
 - meta: flush_handlers
 
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - soundlib-interface
+    - simple-log-server
+
 - name: Enable and Start Systemd Units
   systemd:
     name: "{{ item }}"

templates/oauth-standalone-docker-compose.yaml

@@ -7,6 +7,12 @@ services:
     depends_on:
       - redis
     command:
+{% if keycloak_clients[item].get("skips") %}
+{% for route in keycloak_clients[item].skips %}
+      - --skip-auth-route
+      - {{ route }}
+{% endfor %}
+{% endif %}
       - --http-address
       - 0.0.0.0:{{ services[item].port }}
     ports: