feat(mastodon): add OIDC login support

2022-08-26 18:02:33 +02:00
parent 275976f1e6
commit 998d2a5f5e
2 changed files with 63 additions and 0 deletions
--- a/roles/mastodon/templates/env.j2
+++ b/roles/mastodon/templates/env.j2
@ -51,8 +51,12 @@ ES_ENABLED={{ mastodon_elasticsearch_enabled }}
 ES_HOST={{ mastodon_elasticsearch_host }}
 ES_PORT={{ mastodon_elasticsearch_port }}
 # Authentication for ES (optional)
+{% if mastodon_elasticsearch_user %}
 ES_USER={{ mastodon_elasticsearch_user }}
+{% endif %}
+{% if mastodon_elasticsearch_pass %}
 ES_PASS={{ mastodon_elasticsearch_pass }}
+{% endif %}

 # Secrets
 # -------
@ -84,3 +88,41 @@ AWS_ACCESS_KEY_ID={{ mastodon_s3_aws_access_key_id }}
 AWS_SECRET_ACCESS_KEY={{ mastodon_s3_aws_secret_access_key }}
 S3_ALIAS_HOST={{ mastodon_s3_alias_host }}

+# OpenId connect (optional)
+OIDC_ENABLED={{ mastodon_oidc_enabled | bool | string | lower }}
+OIDC_ISSUER={{ mastodon_oidc_issuer_url }}
+OIDC_DISCOVERY={{ mastodon_oidc_discovery | bool | string | lower }}
+OIDC_CLIENT_AUTH_METHOD={{ mastodon_oidc_client_auth_method }}
+OIDC_CLIENT_ID={{ mastodon_oidc_client_id }}
+OIDC_CLIENT_SECRET={{ mastodon_oidc_client_secret }}
+OIDC_SCOPE={{ mastodon_oidc_scope }}
+{% if mastodon_oidc_auth_endpoint %}
+OIDC_AUTH_ENDPOINT={{ mastodon_oidc_auth_endpoint }}
+{% endif %}
+{% if mastodon_oidc_token_endpoint %}
+OIDC_TOKEN_ENDPOINT={{ mastodon_oidc_token_endpoint }}
+{% endif %}
+{% if mastodon_oidc_user_info_endpoint %}
+OIDC_USER_INFO_ENDPOINT={{ mastodon_oidc_user_info_endpoint }}
+{% endif %}
+{% if mastodon_oidc_end_session_endpoint %}
+OIDC_END_SESSION_ENDPOINT={{ mastodon_oidc_end_session_endpoint }}
+{% endif %}
+{% if mastodon_oidc_jwks_uri %}
+OIDC_JWKS_URI={{ mastodon_oidc_jwks_uri }}
+{% endif %}
+{% if mastodon_oidc_redirect_uri %}
+OIDC_REDIRECT_URI={{ mastodon_oidc_redirect_uri }}
+{% endif %}
+{% if mastodon_oidc_idp_logout_redirect_uri %}
+OIDC_IDP_LOGOUT_REDIRECT_URI={{ mastodon_oidc_idp_logout_redirect_uri }}
+{% endif %}
+OIDC_DISPLAY_NAME={{ mastodon_oidc_display_name }}
+OIDC_UID_FIELD={{ mastodon_oidc_uid_field }}
+{% if mastodon_oidc_response_mode %}
+OIDC_RESPONSE_MODE={{ mastodon_oidc_response_mode }}
+{% endif %}
+{% if mastodon_oidc_response_type %}
+OIDC_RESPONSE_TYPE={{ mastodon_oidc_response_type }}
+{% endif %}
+OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED={{ mastodon_oidc_security_assume_email_is_verified | bool | string | lower }}