Provide secrets for keycloak VM from pass
This commit is contained in:
julian
parent
8fa4e5af3e
commit
51c1b667f4
3 changed files with 7 additions and 4 deletions
79
playbooks/templates/configs/keycloak/compose.yaml.j2
Normal file
79
playbooks/templates/configs/keycloak/compose.yaml.j2
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
## Secrets:
|
||||
#
|
||||
# Secrets should be provided via the relevant `x_secrets.env` files to the
|
||||
# containers. Options to be set are documented by commented out environment
|
||||
# variables.
|
||||
#
|
||||
## Links & Resources:
|
||||
#
|
||||
# https://www.keycloak.org/
|
||||
# https://www.keycloak.org/documentation
|
||||
# https://www.keycloak.org/getting-started/getting-started-docker
|
||||
# https://www.keycloak.org/server/configuration
|
||||
# https://www.keycloak.org/server/containers
|
||||
# https://www.keycloak.org/server/configuration-production
|
||||
# https://www.keycloak.org/server/db
|
||||
# https://hub.docker.com/_/postgres
|
||||
# https://github.com/docker-library/docs/blob/master/postgres/README.md
|
||||
# https://www.keycloak.org/server/hostname
|
||||
# https://www.keycloak.org/server/reverseproxy
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
||||
# https://www.keycloak.org/server/all-config
|
||||
|
||||
services:
|
||||
keycloak:
|
||||
build:
|
||||
context: .
|
||||
dockerfile_inline: |
|
||||
FROM quay.io/keycloak/keycloak:22.0 as builder
|
||||
|
||||
ENV KC_DB=postgres
|
||||
|
||||
WORKDIR /opt/keycloak
|
||||
RUN /opt/keycloak/bin/kc.sh build
|
||||
|
||||
FROM quay.io/keycloak/keycloak:22.0
|
||||
COPY --from=builder /opt/keycloak/ /opt/keycloak/
|
||||
|
||||
# Runtime options set in compose directly.
|
||||
|
||||
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
|
||||
restart: unless-stopped
|
||||
command: start --optimized
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL_HOST: db
|
||||
KC_DB_USERNAME: keycloak
|
||||
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
|
||||
KC_HOSTNAME: id.ccchh.net
|
||||
KC_HOSTNAME_STRICT_BACKCHANNEL: true
|
||||
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
|
||||
KC_PROXY: edge
|
||||
ports:
|
||||
- "8080:8080"
|
||||
env_file:
|
||||
- keycloak_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
|
||||
|
||||
db:
|
||||
image: postgres:15.2
|
||||
restart: always
|
||||
networks:
|
||||
- keycloak
|
||||
volumes:
|
||||
- "./database:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
|
||||
POSTGRES_DB: keycloak
|
||||
env_file:
|
||||
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
external: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue