From 3ed2158b4cf4e4f8eac01728967b19ea1c4b39e5 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Sun, 28 Dec 2025 14:16:11 +0100 Subject: [PATCH] feat(playbooks/keycloak): add playbook --- README.md | 1 + galaxy.yml | 1 + playbooks/keycloak.md | 7 +++++ playbooks/keycloak.yml | 66 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+) create mode 100644 playbooks/keycloak.md create mode 100644 playbooks/keycloak.yml diff --git a/README.md b/README.md index b8c9441..77c3585 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ concise area of concern. - [`hedgedoc`](playbooks/hedgedoc.md) - [`jellyfin`](playbooks/jellyfin.md) +- [`keycloak`](playbooks/keycloak.md) - [`gitea`](playbooks/gitea.md) - [`phpldapadmin`](playbooks/phpldapadmin.md) - [`vaultwarden`](playbooks/vaultwarden.md) diff --git a/galaxy.yml b/galaxy.yml index 5462053..5f84de5 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -25,3 +25,4 @@ tags: - docker - phpldapadmin - pretix + - keycloak diff --git a/playbooks/keycloak.md b/playbooks/keycloak.md new file mode 100644 index 0000000..97cc98a --- /dev/null +++ b/playbooks/keycloak.md @@ -0,0 +1,7 @@ +# `finallycoffee.services.keycloak` ansible playbook + +## Feature toggles + +- `keycloak_configure_postgesql_client` (default `false`) +- `keycloak_configure_lego_rfc2136` (default `true`) +- `keycloak_configure_caddy_reverse_proxy` (default `false`) diff --git a/playbooks/keycloak.yml b/playbooks/keycloak.yml new file mode 100644 index 0000000..4d994a2 --- /dev/null +++ b/playbooks/keycloak.yml @@ -0,0 +1,66 @@ +--- +- import_playbook: finallycoffee.databases.postgresql_client + when: keycloak_configure_postgresql_client | default(false) + vars: + postgresql_hosts: >-2 + {{ keycloak_postgresql_client_host | default(keycloak_hosts | default('keycloak')) }} + postgresql_become: >-2 + {{ keycloak_postgresql_client_become | default(keycloak_become | default(false)) }} + postgresql_client_username: "{{ keycloak_database_username }}" + postgresql_client_password: "{{ keycloak_database_password }}" + postgresql_client_database: "{{ keycloak_database_database }}" + postgresql_client_database_lc_ctype: 'C' + postgresql_client_database_lc_collate: 'C' + postgresql_client_database_contype: host + postgresql_client_address: "172.17.0.0/24" + tags: + - keycloak + - keycloak-postgresql + +- import_playbook: finallycoffee.base.lego_certificate + when: keycloak_configure_lego_rfc2136 | default(true) | bool + vars: + target_domains: + - "{{ keycloak_domain }}" + target_acme_zone: "{{ acme_domain }}" + target_acme_account_email: "{{ keycloak_lego_acme_account_email }}" + target_dns_server: "{{ dns_server }}" + target_dns_additional_records: "{{ keycloak_dns_records }}" + target_dns_tsig_key: "{{ dns_tsig_keydata }}" + target_hosts: >-2 + {{ keycloak_lego_hosts | default(keycloak_hosts | default('keycloak')) }} + target_become: >-2 + {{ keycloak_lego_become | default(keycloak_become | default(false)) }} + target_gather_facts: >-2 + {{ keycloak_lego_gather_facts | default(false) | bool }} + tags: + - keycloak + - keycloak-lego + +- name: Set up and configure keycloak + hosts: "{{ keycloak_hosts | default('keycloak') }}" + become: "{{ keycloak_become | default(false) }}" + gather_facts: "{{ keycloak_gather_facts | default(false) }}" + roles: + - role: finallycoffee.services.keycloak + tags: + - keycloak + +- import_playbook: finallycoffee.base.caddy_reverse_proxy + when: keycloak_configure_caddy_reverse_proxy | default(false) + vars: + caddy_site_name: "{{ keycloak_domain }}" + caddy_reverse_proxy_backend_addr: "http://{{ keycloak_host_bind_ip }}" + caddy_reverse_proxy_template_block: >-2 + {{ keycloak_caddy_reverse_proxy_template_block | default(true, false) }} + caddy_reverse_proxy_block: >-2 + {{ keycloak_caddy_reverse_proxy_block | default('') }} + target_hosts: >-2 + {{ keycloak_caddy_hosts | default(keycloak_hosts | default('keycloak')) }} + target_become: >-2 + {{ keycloak_caddy_become | default(keycloak_become | default(false)) }} + target_gather_facts: >-2 + {{ keycloak_caddy_gather_facts | default(false) }} + tags: + - keycloak + - keycloak-caddy