Provide secrets for keycloak VM from pass
This commit is contained in:
parent
8fa4e5af3e
commit
51c1b667f4
3 changed files with 7 additions and 4 deletions
|
@ -1,2 +1,5 @@
|
|||
[defaults]
|
||||
inventory = ./inventories/z9/hosts.yaml
|
||||
|
||||
[passwordstore_lookup]
|
||||
backend = pass
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'configs/keycloak/compose.yaml') }}"
|
||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'configs/keycloak/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz
|
||||
|
|
|
@ -46,11 +46,11 @@ services:
|
|||
- keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
# KEYCLOAK_ADMIN_PASSWORD: in secrets file
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL_HOST: db
|
||||
KC_DB_USERNAME: keycloak
|
||||
# KC_DB_PASSWORD: in secrets file
|
||||
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
|
||||
KC_HOSTNAME: id.ccchh.net
|
||||
KC_HOSTNAME_STRICT_BACKCHANNEL: true
|
||||
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
|
||||
|
@ -69,7 +69,7 @@ services:
|
|||
- "./database:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
# POSTGRES_PASSWORD: in secrets file
|
||||
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
|
||||
POSTGRES_DB: keycloak
|
||||
env_file:
|
||||
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
|
Loading…
Reference in a new issue