Provide secrets for keycloak VM from pass
This commit is contained in:
parent
8fa4e5af3e
commit
51c1b667f4
|
@ -1,2 +1,5 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
inventory = ./inventories/z9/hosts.yaml
|
inventory = ./inventories/z9/hosts.yaml
|
||||||
|
|
||||||
|
[passwordstore_lookup]
|
||||||
|
backend = pass
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'configs/keycloak/compose.yaml') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'configs/keycloak/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: [ ]
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
||||||
cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz
|
cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz
|
||||||
|
|
|
@ -46,11 +46,11 @@ services:
|
||||||
- keycloak
|
- keycloak
|
||||||
environment:
|
environment:
|
||||||
KEYCLOAK_ADMIN: admin
|
KEYCLOAK_ADMIN: admin
|
||||||
# KEYCLOAK_ADMIN_PASSWORD: in secrets file
|
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
|
||||||
KC_DB: postgres
|
KC_DB: postgres
|
||||||
KC_DB_URL_HOST: db
|
KC_DB_URL_HOST: db
|
||||||
KC_DB_USERNAME: keycloak
|
KC_DB_USERNAME: keycloak
|
||||||
# KC_DB_PASSWORD: in secrets file
|
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
|
||||||
KC_HOSTNAME: id.ccchh.net
|
KC_HOSTNAME: id.ccchh.net
|
||||||
KC_HOSTNAME_STRICT_BACKCHANNEL: true
|
KC_HOSTNAME_STRICT_BACKCHANNEL: true
|
||||||
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
|
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
|
||||||
|
@ -69,7 +69,7 @@ services:
|
||||||
- "./database:/var/lib/postgresql/data"
|
- "./database:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: keycloak
|
POSTGRES_USER: keycloak
|
||||||
# POSTGRES_PASSWORD: in secrets file
|
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
|
||||||
POSTGRES_DB: keycloak
|
POSTGRES_DB: keycloak
|
||||||
env_file:
|
env_file:
|
||||||
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
|
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
|
Loading…
Reference in a new issue