mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-09 13:08:34 +01:00
feat: oauth2proxy compose skel
This commit is contained in:
@@ -61,6 +61,25 @@
|
|||||||
- simple-log-server
|
- simple-log-server
|
||||||
- soundlib-interface
|
- soundlib-interface
|
||||||
|
|
||||||
|
- name: OAuth2Proxy directories
|
||||||
|
file:
|
||||||
|
path: "/opt/oauth2proxy/{{ item }}/"
|
||||||
|
state: directory
|
||||||
|
recurse: yes
|
||||||
|
with_items:
|
||||||
|
- python-flask-picture-factory
|
||||||
|
- simple-log-server
|
||||||
|
- soundlib-interface
|
||||||
|
|
||||||
|
- name: Deploy OAuth2Proxy compose files
|
||||||
|
template:
|
||||||
|
src: oauth-standalone-docker-compose.yaml
|
||||||
|
dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
|
||||||
|
with_items:
|
||||||
|
- python-flask-picture-factory
|
||||||
|
- simple-log-server
|
||||||
|
- soundlib-interface
|
||||||
|
|
||||||
- name: Template Systemd Units
|
- name: Template Systemd Units
|
||||||
template:
|
template:
|
||||||
src: "waitress-systemd-unit.j2"
|
src: "waitress-systemd-unit.j2"
|
||||||
|
|||||||
47
templates/oauth-standalone-docker-compose.yaml
Normal file
47
templates/oauth-standalone-docker-compose.yaml
Normal file
@@ -0,0 +1,47 @@
|
|||||||
|
version: "3.7"
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
web-app:
|
||||||
|
build: .
|
||||||
|
|
||||||
|
oauth2-proxy:
|
||||||
|
image: bitnami/oauth2-proxy:7.3.0
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
command:
|
||||||
|
- --http-address
|
||||||
|
- 0.0.0.0:4180
|
||||||
|
- --allowed-group soundlib
|
||||||
|
environment:
|
||||||
|
OAUTH2_PROXY_EMAIL_DOMAINS: '*'
|
||||||
|
OAUTH2_PROXY_PROVIDER: oidc
|
||||||
|
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Keycloak"
|
||||||
|
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
|
||||||
|
OAUTH2_PROXY_REDIRECT_URL: http://localhost/oauth2/callback
|
||||||
|
|
||||||
|
OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
|
||||||
|
OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
|
||||||
|
OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].party_secret }}"
|
||||||
|
|
||||||
|
OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS: true
|
||||||
|
OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub
|
||||||
|
|
||||||
|
OAUTH2_PROXY_SET_XAUTHREQUEST: true
|
||||||
|
OAUTH2_PROXY_PASS_ACCESS_TOKEN: true
|
||||||
|
|
||||||
|
OAUTH2_PROXY_SESSION_STORE_TYPE: redis
|
||||||
|
OAUTH2_PROXY_REDIS_CONNECTION_URL: redis://redis
|
||||||
|
|
||||||
|
OAUTH2_PROXY_COOKIE_REFRESH: 30m
|
||||||
|
OAUTH2_PROXY_COOKIE_NAME: SESSION
|
||||||
|
OAUTH2_PROXY_COOKIE_SECRET: HISTORY_PURGED_SECRET
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:7.0.2-alpine3.16
|
||||||
|
volumes:
|
||||||
|
- cache:/data
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
cache:
|
||||||
|
driver: local
|
||||||
Reference in New Issue
Block a user