CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Provide secrets for keycloak VM from pass

Browse source
This commit is contained in:
June 2023-07-29 00:55:46 +02:00 committed by julian
commit 51c1b667f4
3 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
playbooks/files/configs/keycloak/compose.yaml → playbooks/templates/configs/keycloak/compose.yaml.j2
View file

@ -46,11 +46,11 @@ services:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
# KEYCLOAK_ADMIN_PASSWORD: in secrets file
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
# KC_DB_PASSWORD: in secrets file
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
KC_HOSTNAME: id.ccchh.net
KC_HOSTNAME_STRICT_BACKCHANNEL: true
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
@ -69,7 +69,7 @@ services:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
# POSTGRES_PASSWORD: in secrets file
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
POSTGRES_DB: keycloak
env_file:
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.