CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 6 Pull requests 5 Wiki Activity Actions
ansible-infra/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
Renovate 2f8897751b
All checks were successful
/ Ansible Lint (pull_request) Successful in 1m59s
Details
/ Ansible Lint (push) Successful in 2m4s
Details
Pin dependencies
2025-10-23 12:15:38 +00:00

124 lines
4.2 KiB
Django/Jinja
Raw Blame History

## Secrets:
#
# Secrets should be provided via the relevant `x_secrets.env` files to the
# containers. Options to be set are documented by commented out environment
# variables.
#
## Links & Resources:
#
# https://www.keycloak.org/
# https://www.keycloak.org/documentation
# https://www.keycloak.org/getting-started/getting-started-docker
# https://www.keycloak.org/server/configuration
# https://www.keycloak.org/server/containers
# https://www.keycloak.org/server/configuration-production
# https://www.keycloak.org/server/db
# https://hub.docker.com/_/postgres
# https://github.com/docker-library/docs/blob/master/postgres/README.md
# https://www.keycloak.org/server/hostname
# https://www.keycloak.org/server/reverseproxy
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
# https://www.keycloak.org/server/all-config
services:
keycloak:
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:65d65fa0e858a608fd3e7d16ecfd7a5ced2fba4ab22a8fd3b86f3742ecec0a83
pull_policy: always
restart: unless-stopped
command: start --optimized
depends_on:
- db
networks:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
KC_HOSTNAME: https://id.hamburg.ccc.de
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
KC_PROXY_HEADERS: xforwarded
KC_HTTP_ENABLED: true
ports:
- "8080:8080"
db:
image: docker.io/library/postgres:15.14@sha256:9541969afa16d1ac724e16d1cf3c26ddd0c5bae5dd1c230118a7f5b9c14cde1f
restart: unless-stopped
networks:
- keycloak
volumes:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
POSTGRES_DB: keycloak
id-invite-web:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
command: web
restart: unless-stopped
networks:
- web
- email
- keycloak
ports:
- 3000:3000
environment:
- "APP_EMAIL_BASE_URI=http://id-invite-email:3000"
- "APP_KEYCLOAK_BASE_URI=http://id-invite-keycloak:3000"
- "BOTTLE_HOST=0.0.0.0"
- "BOTTLE_URL_SCHEME=https"
- "IDINVITE_INVITE_REQUIRES_GROUP=id_invite"
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "IDINVITE_VALID_HOURS=50"
- "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "MAIL_FROM=no-reply@hamburg.ccc.de"
- "BOTTLE_HOST=0.0.0.0"
id-invite-email:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
command: email
restart: unless-stopped
networks:
- email
- web
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
- "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
id-invite-keycloak:
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a
command: keycloak
restart: unless-stopped
networks:
- keycloak
environment:
- "BOTTLE_HOST=0.0.0.0"
- "IDINVITE_CLIENT_ID=id-invite"
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
- "KEYCLOAK_API_URL=http://keycloak:8080"
- "KEYCLOAK_API_USERNAME=id-invite"
- "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
- "KEYCLOAK_API_REALM=ccchh"
- 'KEYCLOAK_GROUPS=["user"]'
networks:
keycloak:
external: false
web:
email:
external: false
Reference in a new issue View git blame Copy permalink