reorganize (config) files and templates into one "resources" dir

This groups the files and templates for each host together and therefore
makes it easier to see all the (config) files for a host.

Also clean up incorrect, unused docker_compose config for mumble and
clean up unused engelsystem configs.

resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

@@ -0,0 +1,124 @@
+## Secrets:
+#
+# Secrets should be provided via the relevant `x_secrets.env` files to the
+# containers. Options to be set are documented by commented out environment
+# variables.
+#
+## Links & Resources:
+#
+# https://www.keycloak.org/
+# https://www.keycloak.org/documentation
+# https://www.keycloak.org/getting-started/getting-started-docker
+# https://www.keycloak.org/server/configuration
+# https://www.keycloak.org/server/containers
+# https://www.keycloak.org/server/configuration-production
+# https://www.keycloak.org/server/db
+# https://hub.docker.com/_/postgres
+# https://github.com/docker-library/docs/blob/master/postgres/README.md
+# https://www.keycloak.org/server/hostname
+# https://www.keycloak.org/server/reverseproxy
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
+# https://www.keycloak.org/server/all-config
+
+services:
+  keycloak:
+    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
+    pull_policy: always
+    restart: unless-stopped
+    command: start --optimized
+    depends_on:
+      - db
+    networks:
+      - keycloak
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+      KC_DB: postgres
+      KC_DB_URL_HOST: db
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+      KC_HOSTNAME: https://id.hamburg.ccc.de
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
+      KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
+      KC_PROXY_HEADERS: xforwarded
+      KC_HTTP_ENABLED: true
+    ports:
+      - "8080:8080"
+
+  db:
+    image: postgres:15.2
+    restart: unless-stopped
+    networks:
+      - keycloak
+    volumes:
+      - "./database:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+      POSTGRES_DB: keycloak
+
+  id-invite-web:
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
+    command: web
+    restart: unless-stopped
+    networks:
+      - web
+      - email
+      - keycloak
+    ports:
+      - 3000:3000
+    environment:
+      - "APP_EMAIL_BASE_URI=http://id-invite-email:3000"
+      - "APP_KEYCLOAK_BASE_URI=http://id-invite-keycloak:3000"
+      - "BOTTLE_HOST=0.0.0.0"
+      - "BOTTLE_URL_SCHEME=https"
+      - "IDINVITE_INVITE_REQUIRES_GROUP=id_invite"
+      - "IDINVITE_URL=https://invite.hamburg.ccc.de"
+      - "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
+      - "IDINVITE_VALID_HOURS=50"
+      - "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
+      - "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
+      - "IDINVITE_CLIENT_ID=id-invite"
+      - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+      - "MAIL_FROM=no-reply@hamburg.ccc.de"
+      - "BOTTLE_HOST=0.0.0.0"
+
+  id-invite-email:
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
+    command: email
+    restart: unless-stopped
+    networks:
+      - email
+      - web
+    environment:
+      - "BOTTLE_HOST=0.0.0.0"
+      - "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
+      - "MAIL_FROM=no-reply@id.hamburg.ccc.de"
+      - "SMTP_HOSTNAME=cow.hamburg.ccc.de"
+      - "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
+      - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
+
+  id-invite-keycloak:
+    image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
+    command: keycloak
+    restart: unless-stopped
+    networks:
+      - keycloak
+    environment:
+      - "BOTTLE_HOST=0.0.0.0"
+      - "IDINVITE_CLIENT_ID=id-invite"
+      - "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
+      - "KEYCLOAK_API_URL=http://keycloak:8080"
+      - "KEYCLOAK_API_USERNAME=id-invite"
+      - "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
+      - "KEYCLOAK_API_REALM=ccchh"
+      - 'KEYCLOAK_GROUPS=["user"]'
+
+
+
+networks:
+  keycloak:
+    external: false
+  web:
+  email:
+    external: false