From fa61c584711faa26e7d18b5d033d0d0fd0d8288c Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sun, 15 Jan 2023 11:46:36 +0100
Subject: [PATCH] feat: oauth2proxy compose skel

---
 roles/web1/tasks/main.yaml                    | 19 ++++++++
 .../oauth-standalone-docker-compose.yaml      | 47 +++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 templates/oauth-standalone-docker-compose.yaml

diff --git a/roles/web1/tasks/main.yaml b/roles/web1/tasks/main.yaml
index c0cb521..59139c7 100644
--- a/roles/web1/tasks/main.yaml
+++ b/roles/web1/tasks/main.yaml
@@ -61,6 +61,25 @@
     - simple-log-server
     - soundlib-interface
 
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+    - python-flask-picture-factory
+    - simple-log-server
+    - soundlib-interface
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - python-flask-picture-factory
+    - simple-log-server
+    - soundlib-interface
+
 - name: Template Systemd Units
   template:
     src: "waitress-systemd-unit.j2"
diff --git a/templates/oauth-standalone-docker-compose.yaml b/templates/oauth-standalone-docker-compose.yaml
new file mode 100644
index 0000000..6619062
--- /dev/null
+++ b/templates/oauth-standalone-docker-compose.yaml
@@ -0,0 +1,47 @@
+version: "3.7"
+
+services:
+
+  web-app:
+    build: .
+
+  oauth2-proxy:
+    image: bitnami/oauth2-proxy:7.3.0
+    depends_on:
+      - redis
+    command:
+      - --http-address
+      - 0.0.0.0:4180
+      - --allowed-group soundlib
+    environment:
+      OAUTH2_PROXY_EMAIL_DOMAINS: '*'
+      OAUTH2_PROXY_PROVIDER: oidc
+      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Keycloak"
+      OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
+      OAUTH2_PROXY_REDIRECT_URL: http://localhost/oauth2/callback
+
+      OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
+      OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
+      OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].party_secret }}"
+
+      OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS: true
+      OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub
+
+      OAUTH2_PROXY_SET_XAUTHREQUEST: true
+      OAUTH2_PROXY_PASS_ACCESS_TOKEN: true
+
+      OAUTH2_PROXY_SESSION_STORE_TYPE: redis
+      OAUTH2_PROXY_REDIS_CONNECTION_URL: redis://redis
+
+      OAUTH2_PROXY_COOKIE_REFRESH: 30m
+      OAUTH2_PROXY_COOKIE_NAME: SESSION
+      OAUTH2_PROXY_COOKIE_SECRET: HISTORY_PURGED_SECRET
+
+  redis:
+    image: redis:7.0.2-alpine3.16
+    volumes:
+      - cache:/data
+
+volumes:
+  cache:
+    driver: local