mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-06 07:51:35 +01:00
126 lines
3.8 KiB
YAML
126 lines
3.8 KiB
YAML
- name: Create data-dir
|
|
file:
|
|
name: /data/
|
|
state: directory
|
|
|
|
- name: Create keycloak psql mount
|
|
file:
|
|
name: /data/keycloak-postgres/
|
|
state: directory
|
|
|
|
- name: Clone keycloak Themes
|
|
git:
|
|
repo: https://github.com/FAUSheppy/atlantis-keycloak-themes
|
|
dest: "/data/atlantis-keycloak-themes/"
|
|
version: master
|
|
|
|
- name: Create compose directory keycloak
|
|
file:
|
|
name: "/opt/keycloak/"
|
|
state: directory
|
|
|
|
- name: Copy compose templates keycloak
|
|
template:
|
|
src: "keycloak.yaml"
|
|
dest: "/opt/keycloak/"
|
|
|
|
- name: Copy compose environment files keycloak
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "/opt/keycloak/"
|
|
with_items:
|
|
- postgres_password
|
|
|
|
- name: Deploy compose templates
|
|
community.docker.docker_compose:
|
|
project_src: "/opt/keycloak/"
|
|
pull: true
|
|
files:
|
|
- "keycloak.yaml"
|
|
|
|
- name: Check/Wait for Keycloak to be up
|
|
uri:
|
|
url: https://keycloak.atlantishq.de/
|
|
method: GET
|
|
return_content: yes
|
|
status_code: 200
|
|
body_format: json
|
|
register: result
|
|
until: result.status == 200 and result.json.status == "UP"
|
|
retries: 10
|
|
delay: 20
|
|
check_mode: false
|
|
|
|
- name: Create Keycloak Clients
|
|
local_action:
|
|
module: keycloak_client
|
|
auth_client_id: admin-cli
|
|
auth_keycloak_url: https://keycloak.atlantishq.de/
|
|
auth_realm: master
|
|
auth_username: admin
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
state: present
|
|
realm: master
|
|
client_id: '{{ keycloak_clients[item]["client_id"] }}'
|
|
id: '{{ keycloak_clients[item]["keycloak_id"] }}'
|
|
name: '{{ keycloak_clients[item]["client_id"] }}'
|
|
description: '{{ keycloak_clients[item]["description"] }}'
|
|
enabled: True
|
|
client_authenticator_type: client-secret
|
|
public_client: false
|
|
secret: '{{ keycloak_clients[item]["client_secret"] }}'
|
|
authorization_services_enabled: true
|
|
service_accounts_enabled: true
|
|
redirect_uris: '{{ keycloak_clients[item]["redirect_uris"] }}'
|
|
web_origins: '{{ keycloak_clients[item]["redirect_uris"] }}'
|
|
frontchannel_logout: False
|
|
protocol: openid-connect
|
|
protocol_mappers:
|
|
- config:
|
|
accesss.token.claim: true
|
|
claim.name: "groups"
|
|
id.token.claim: true
|
|
userinfo.token.claim: true
|
|
full.path: false
|
|
id: "{{ keycloak_clients[item]['keycloak_id'] | regex_replace('^(?P<X>.{2})(.)', '\\g<X>' ~ '1') }}"
|
|
consentRequired: false
|
|
protocol: "openid-connect"
|
|
protocolMapper: "oidc-group-membership-mapper"
|
|
name: "client-group-mapper"
|
|
- config:
|
|
included.client.audience: '{{ keycloak_clients[item]["client_id"] }}'
|
|
id.token.claim: false
|
|
access.token.claim: true
|
|
id: "{{ keycloak_clients[item]['keycloak_id'] | regex_replace('^(?P<X>.{2})(.)', '\\g<X>' ~ '2') }}"
|
|
# ist das regex zu stark bist du zu schwach
|
|
consentRequired: false
|
|
protocol: "openid-connect"
|
|
protocolMapper: "oidc-audience-mapper"
|
|
name: "aud-mapper-client"
|
|
with_items: "{{ keycloak_clients.keys() | list }}"
|
|
|
|
- name: Update master realm settings
|
|
community.general.keycloak_realm:
|
|
auth_client_id: admin-cli
|
|
auth_keycloak_url: https://keycloak.atlantishq.de/
|
|
auth_realm: master
|
|
auth_username: admin
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
state: present
|
|
realm: master
|
|
loginTheme: "atlantis"
|
|
resetPasswordAllowed: "true"
|
|
smtpServer :
|
|
password : "{{ smtp_service_pass }}"
|
|
replyToDisplayName: ""
|
|
starttls: "true"
|
|
auth: "true"
|
|
replyTo: ""
|
|
envelopeFrom: ""
|
|
from: "{{ smtp_service_user }}@atlantishq.de"
|
|
fromDisplayName: ""
|
|
host: "{{ smtp_internal_host }}"
|
|
port: "{{ smtp_internal_host_port }}"
|
|
ssl: "false"
|
|
user: "{{ smtp_service_user }}@atlantishq.de"
|