Provide secrets for keycloak VM from pass

This commit is contained in:
June 2023-07-29 00:55:46 +02:00 committed by julian
parent 8fa4e5af3e
commit 51c1b667f4
3 changed files with 7 additions and 4 deletions

View file

@ -1,2 +1,5 @@
[defaults] [defaults]
inventory = ./inventories/z9/hosts.yaml inventory = ./inventories/z9/hosts.yaml
[passwordstore_lookup]
backend = pass

View file

@ -1,4 +1,4 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'configs/keycloak/compose.yaml') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'configs/keycloak/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ] docker_compose__configuration_files: [ ]
cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz

View file

@ -46,11 +46,11 @@ services:
- keycloak - keycloak
environment: environment:
KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN: admin
# KEYCLOAK_ADMIN_PASSWORD: in secrets file KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
KC_DB: postgres KC_DB: postgres
KC_DB_URL_HOST: db KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak KC_DB_USERNAME: keycloak
# KC_DB_PASSWORD: in secrets file KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
KC_HOSTNAME: id.ccchh.net KC_HOSTNAME: id.ccchh.net
KC_HOSTNAME_STRICT_BACKCHANNEL: true KC_HOSTNAME_STRICT_BACKCHANNEL: true
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
@ -69,7 +69,7 @@ services:
- "./database:/var/lib/postgresql/data" - "./database:/var/lib/postgresql/data"
environment: environment:
POSTGRES_USER: keycloak POSTGRES_USER: keycloak
# POSTGRES_PASSWORD: in secrets file POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
POSTGRES_DB: keycloak POSTGRES_DB: keycloak
env_file: env_file:
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible. - db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.