CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 2
Code Issues 6 Pull requests 5 Wiki Activity Actions
ansible-infra/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

124 lines
3.9 KiB
Django/Jinja
Raw Blame History

## Secrets:
#
# Secrets should be provided via the relevant `x_secrets.env` files to the
# containers. Options to be set are documented by commented out environment
# variables.
#
## Links & Resources:
#
# https://www.keycloak.org/
# https://www.keycloak.org/documentation
# https://www.keycloak.org/getting-started/getting-started-docker
# https://www.keycloak.org/server/configuration
# https://www.keycloak.org/server/containers
# https://www.keycloak.org/server/configuration-production
# https://www.keycloak.org/server/db
# https://hub.docker.com/_/postgres
# https://github.com/docker-library/docs/blob/master/postgres/README.md
# https://www.keycloak.org/server/hostname
# https://www.keycloak.org/server/reverseproxy
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
# https://www.keycloak.org/server/all-config
services:
keycloak:
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4
pull_policy: always
restart: unless-stopped
command: start --optimized
depends_on:
- db
networks:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
KC_PROXY_HEADERS: xforwarded
KC_HTTP_ENABLED: true
ports:
- "8080:8080"
db:
image: docker.io/library/postgres:18.0@sha256:9a2e0383c38afd52cff14eeefe2b806fcde406b317002cd13ce513d309942751
restart: unless-stopped
networks:
- keycloak
volumes:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_DB: keycloak
id-invite-web:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
command: web
restart: unless-stopped
networks:
- web
- email
- keycloak
ports:
- 3000:3000
environment:
- "APP_EMAIL_BASE_URI=http://id-invite-email:3000"
- "APP_KEYCLOAK_BASE_URI=http://id-invite-keycloak:3000"
- "BOTTLE_HOST=0.0.0.0"
- "BOTTLE_URL_SCHEME=https"
- "IDINVITE_INVITE_REQUIRES_GROUP=id_invite"
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
id-invite-email:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
command: email
restart: unless-stopped
networks:
- email
- web
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
command: keycloak
restart: unless-stopped
networks:
- keycloak
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
networks:
keycloak:
external: false
web:
email:
external: false
Reference in a new issue View git blame Copy permalink