reorganize (config) files and templates into one "resources" dir
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.
This commit is contained in:
parent
af4abdc50b
commit
d0a28589c6
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
83 changed files with 62 additions and 121 deletions
124
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
Normal file
124
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
Normal file
|
|
@ -0,0 +1,124 @@
|
|||
## Secrets:
|
||||
#
|
||||
# Secrets should be provided via the relevant `x_secrets.env` files to the
|
||||
# containers. Options to be set are documented by commented out environment
|
||||
# variables.
|
||||
#
|
||||
## Links & Resources:
|
||||
#
|
||||
# https://www.keycloak.org/
|
||||
# https://www.keycloak.org/documentation
|
||||
# https://www.keycloak.org/getting-started/getting-started-docker
|
||||
# https://www.keycloak.org/server/configuration
|
||||
# https://www.keycloak.org/server/containers
|
||||
# https://www.keycloak.org/server/configuration-production
|
||||
# https://www.keycloak.org/server/db
|
||||
# https://hub.docker.com/_/postgres
|
||||
# https://github.com/docker-library/docs/blob/master/postgres/README.md
|
||||
# https://www.keycloak.org/server/hostname
|
||||
# https://www.keycloak.org/server/reverseproxy
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
||||
# https://www.keycloak.org/server/all-config
|
||||
|
||||
services:
|
||||
keycloak:
|
||||
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
|
||||
pull_policy: always
|
||||
restart: unless-stopped
|
||||
command: start --optimized
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL_HOST: db
|
||||
KC_DB_USERNAME: keycloak
|
||||
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
|
||||
KC_HOSTNAME: https://id.hamburg.ccc.de
|
||||
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
|
||||
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
|
||||
KC_PROXY_HEADERS: xforwarded
|
||||
KC_HTTP_ENABLED: true
|
||||
ports:
|
||||
- "8080:8080"
|
||||
|
||||
db:
|
||||
image: postgres:15.2
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
volumes:
|
||||
- "./database:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
|
||||
POSTGRES_DB: keycloak
|
||||
|
||||
id-invite-web:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: web
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- web
|
||||
- email
|
||||
- keycloak
|
||||
ports:
|
||||
- 3000:3000
|
||||
environment:
|
||||
- "APP_EMAIL_BASE_URI=http://id-invite-email:3000"
|
||||
- "APP_KEYCLOAK_BASE_URI=http://id-invite-keycloak:3000"
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "BOTTLE_URL_SCHEME=https"
|
||||
- "IDINVITE_INVITE_REQUIRES_GROUP=id_invite"
|
||||
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
|
||||
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
|
||||
- "IDINVITE_VALID_HOURS=50"
|
||||
- "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
|
||||
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
|
||||
- "MAIL_FROM=no-reply@hamburg.ccc.de"
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
|
||||
id-invite-email:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: email
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- email
|
||||
- web
|
||||
environment:
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
|
||||
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
|
||||
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
|
||||
|
||||
id-invite-keycloak:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: keycloak
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
environment:
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
|
||||
- "KEYCLOAK_API_URL=http://keycloak:8080"
|
||||
- "KEYCLOAK_API_USERNAME=id-invite"
|
||||
- "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
|
||||
- "KEYCLOAK_API_REALM=ccchh"
|
||||
- 'KEYCLOAK_GROUPS=["user"]'
|
||||
|
||||
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
external: false
|
||||
web:
|
||||
email:
|
||||
external: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue