Compare commits
No commits in common. "main" and "transcaffeine/snipe-it" have entirely different histories.
main
...
transcaffe
@ -23,9 +23,6 @@ concise area of concern.
|
||||
- [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
|
||||
the free software media system for streaming stored media to any device.
|
||||
|
||||
- [`keycloak`](roles/keycloak/README.md): Deploy [keycloak](https://www.keycloak.org/),
|
||||
the open source identity and access management solution.
|
||||
|
||||
- [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
|
||||
installation using the upstream provided docker-compose setup.
|
||||
|
||||
|
||||
@ -1,14 +1,13 @@
|
||||
namespace: finallycoffee
|
||||
name: services
|
||||
version: "0.1.13"
|
||||
version: 0.1.6
|
||||
readme: README.md
|
||||
authors:
|
||||
- transcaffeine <transcaffeine@finally.coffee>
|
||||
description: Various ansible roles useful for automating infrastructure
|
||||
dependencies:
|
||||
"community.crypto": "^2.22.0"
|
||||
"community.docker": "^4.0.0"
|
||||
"containers.podman": "^1.16.0"
|
||||
"community.crypto": "^2.0.0"
|
||||
"community.docker": "^3.0.0"
|
||||
license_file: LICENSE.md
|
||||
build_ignore:
|
||||
- '*.tar.gz'
|
||||
@ -20,5 +19,5 @@ tags:
|
||||
- hedgedoc
|
||||
- jellyfin
|
||||
- vaultwarden
|
||||
- snipeit
|
||||
- snipe-it
|
||||
- docker
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
---
|
||||
authelia_version: "4.38.19"
|
||||
authelia_version: "4.38.16"
|
||||
authelia_user: authelia
|
||||
authelia_base_dir: /opt/authelia
|
||||
authelia_domain: authelia.example.org
|
||||
authelia_state: present
|
||||
authelia_deployment_method: docker
|
||||
|
||||
authelia_config_dir: "{{ authelia_base_dir }}/config"
|
||||
authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
|
||||
|
||||
@ -4,7 +4,5 @@
|
||||
docker_container:
|
||||
name: "{{ authelia_container_name }}"
|
||||
state: started
|
||||
restart: true
|
||||
comparisons:
|
||||
'*': ignore
|
||||
restart: yes
|
||||
listen: restart-authelia
|
||||
|
||||
@ -1,61 +0,0 @@
|
||||
---
|
||||
- name: Ensure container mounts are present
|
||||
when: authelia_state == 'present'
|
||||
block:
|
||||
- name: Ensure sqlite database file exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_sqlite_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_storage_local_path | default(false, true)
|
||||
|
||||
- name: Ensure user database exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_user_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_authentication_backend_file_path | default(false, true)
|
||||
|
||||
- name: Ensure notification reports file exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_notification_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_notifier_filesystem_filename | default(false, true)
|
||||
|
||||
- name: Ensure authelia container image is {{ authelia_state }}
|
||||
community.docker.docker_image:
|
||||
name: "{{ authelia_container_image_ref }}"
|
||||
state: "{{ authelia_state }}"
|
||||
source: pull
|
||||
force_source: "{{ authelia_container_image_force_pull }}"
|
||||
register: authelia_container_image_info
|
||||
|
||||
- name: Ensure authelia container is {{ authelia_container_state }}
|
||||
community.docker.docker_container:
|
||||
name: "{{ authelia_container_name }}"
|
||||
image: "{{ authelia_container_image_ref }}"
|
||||
env: "{{ authelia_container_env }}"
|
||||
user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
|
||||
ports: "{{ authelia_container_ports | default(omit, true) }}"
|
||||
labels: "{{ authelia_container_labels }}"
|
||||
volumes: "{{ authelia_container_volumes }}"
|
||||
networks: "{{ authelia_container_networks | default(omit, true) }}"
|
||||
etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
|
||||
purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
|
||||
restart_policy: "{{ authelia_container_restart_policy }}"
|
||||
recreate: "{{ authelia_container_recreate | default(omit, true) }}"
|
||||
state: "{{ authelia_container_state }}"
|
||||
register: authelia_container_info
|
||||
@ -1,30 +1,16 @@
|
||||
---
|
||||
- name: Check for valid state
|
||||
ansible.builtin.fail:
|
||||
msg: >-2
|
||||
Unsupported state '{{ authelia_state }}'.
|
||||
Supported states are {{ authelia_states | join(', ') }}.
|
||||
when: authelia_state not in authelia_states
|
||||
|
||||
- name: Check for valid authelia deployment method
|
||||
ansible.builtin.fail:
|
||||
msg: >-2
|
||||
Unsupported deployment method '{{ authelia_deployment_method }}'.
|
||||
Supported states are {{ authelia_deployment_methods | join(', ') }}.
|
||||
when: authelia_deployment_method not in authelia_deployment_methods
|
||||
|
||||
- name: Ensure user {{ authelia_user }} is {{ authelia_state }}
|
||||
- name: Ensure user {{ authelia_user }} exists
|
||||
ansible.builtin.user:
|
||||
name: "{{ authelia_user }}"
|
||||
state: "{{ authelia_state }}"
|
||||
state: present
|
||||
system: true
|
||||
create_home: false
|
||||
register: authelia_user_info
|
||||
|
||||
- name: Ensure host directories are {{ authelia_state }}
|
||||
- name: Ensure host directories are created with correct permissions
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: "{{ (authelia_state == 'present') | ternary('directory', 'absent') }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner | default(authelia_user) }}"
|
||||
group: "{{ item.group | default(authelia_user) }}"
|
||||
mode: "{{ item.mode | default('0750') }}"
|
||||
@ -39,7 +25,7 @@
|
||||
- path: "{{ authelia_asset_dir }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Ensure config file is {{ authelia_state }}
|
||||
- name: Ensure config file is generated
|
||||
ansible.builtin.copy:
|
||||
content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}"
|
||||
dest: "{{ authelia_config_file }}"
|
||||
@ -47,8 +33,61 @@
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
notify: restart-authelia
|
||||
when: authelia_state == 'present'
|
||||
|
||||
- name: Deploy authelia using {{ authelia_deployment_method }}
|
||||
ansible.builtin.include_tasks:
|
||||
file: "deploy-{{ authelia_deployment_method }}.yml"
|
||||
- name: Ensure sqlite database file exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_sqlite_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_storage_local_path | default(false, true)
|
||||
|
||||
- name: Ensure user database exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_user_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_authentication_backend_file_path | default(false, true)
|
||||
|
||||
- name: Ensure notification reports file exists before mounting it
|
||||
ansible.builtin.file:
|
||||
path: "{{ authelia_notification_storage_file }}"
|
||||
state: touch
|
||||
owner: "{{ authelia_run_user }}"
|
||||
group: "{{ authelia_run_group }}"
|
||||
mode: "0640"
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
when: authelia_config_notifier_filesystem_filename | default(false, true)
|
||||
|
||||
- name: Ensure authelia container image is present
|
||||
community.docker.docker_image:
|
||||
name: "{{ authelia_container_image_ref }}"
|
||||
state: present
|
||||
source: pull
|
||||
force_source: "{{ authelia_container_image_force_pull }}"
|
||||
register: authelia_container_image_info
|
||||
|
||||
- name: Ensure authelia container is running
|
||||
community.docker.docker_container:
|
||||
name: "{{ authelia_container_name }}"
|
||||
image: "{{ authelia_container_image_ref }}"
|
||||
env: "{{ authelia_container_env }}"
|
||||
user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
|
||||
ports: "{{ authelia_container_ports | default(omit, true) }}"
|
||||
labels: "{{ authelia_container_labels }}"
|
||||
volumes: "{{ authelia_container_volumes }}"
|
||||
networks: "{{ authelia_container_networks | default(omit, true) }}"
|
||||
etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
|
||||
purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
|
||||
restart_policy: "{{ authelia_container_restart_policy }}"
|
||||
recreate: "{{ authelia_container_recreate | default(omit, true) }}"
|
||||
state: "{{ authelia_container_state }}"
|
||||
register: authelia_container_info
|
||||
|
||||
@ -1,9 +1,4 @@
|
||||
---
|
||||
authelia_states:
|
||||
- "present"
|
||||
- "absent"
|
||||
authelia_deployment_methods:
|
||||
- "docker"
|
||||
|
||||
authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}"
|
||||
authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}"
|
||||
@ -175,12 +170,7 @@ authelia_config_access_control:
|
||||
default_policy: "{{ authelia_config_access_control_default_policy }}"
|
||||
networks: "{{ authelia_config_access_control_networks }}"
|
||||
rules: "{{ authelia_config_access_control_rules }}"
|
||||
authelia_config_session: >-2
|
||||
{{ authelia_config_session_base
|
||||
| combine(({'redis': authelia_config_session_redis}
|
||||
if authelia_config_session_redis_host else {}), recursive=true)
|
||||
}}
|
||||
authelia_config_session_base:
|
||||
authelia_config_session:
|
||||
name: "{{ authelia_config_session_name }}"
|
||||
domain: "{{ authelia_config_session_domain }}"
|
||||
same_site: "{{ authelia_config_session_same_site }}"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
ghost_domain: ~
|
||||
ghost_version: "5.110.1"
|
||||
ghost_version: "5.96.0"
|
||||
ghost_user: ghost
|
||||
ghost_user_group: ghost
|
||||
ghost_base_path: /opt/ghost
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
gitea_version: "1.23.4"
|
||||
gitea_version: "1.22.3"
|
||||
gitea_user: git
|
||||
gitea_run_user: "{{ gitea_user }}"
|
||||
gitea_base_path: "/opt/gitea"
|
||||
@ -32,7 +32,6 @@ gitea_container_extra_labels: {}
|
||||
gitea_container_extra_ports: []
|
||||
gitea_container_extra_volumes: []
|
||||
gitea_container_state: started
|
||||
gitea_container_user: ~
|
||||
|
||||
# container defaults
|
||||
gitea_container_base_volumes:
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Ensure gitea user '{{ gitea_user }}' is present
|
||||
ansible.builtin.user:
|
||||
name: "{{ gitea_user }}"
|
||||
@ -74,7 +75,6 @@
|
||||
published_ports: "{{ gitea_container_ports }}"
|
||||
restart_policy: "{{ gitea_container_restart_policy }}"
|
||||
state: "{{ gitea_container_state }}"
|
||||
user: "{{ gitea_container_user | default(omit, true) }}"
|
||||
|
||||
- name: Ensure given configuration is set in the config file
|
||||
ansible.builtin.ini_file:
|
||||
|
||||
@ -53,5 +53,5 @@ hedgedoc_container_all_labels: >-2
|
||||
{{ hedgedoc_container_base_labels | default({}, true)
|
||||
| combine(hedgedoc_container_labels | default({}, true)) }}
|
||||
hedgedoc_container_restart_policy: >-2
|
||||
{{ (hedgedoc_deployment_method == 'docker')
|
||||
{{ (hedgedoc_deployment_method === 'docker')
|
||||
| ternary('unless-stopped', 'on-failure') }}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
hedgedoc_user: hedgedoc
|
||||
hedgedoc_version: "1.10.2"
|
||||
hedgedoc_version: "1.10.0"
|
||||
|
||||
hedgedoc_state: present
|
||||
hedgedoc_deployment_method: docker
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
- name: Ensure container image '{{ hedgedoc_container_image }}' is {{ hedgedoc_state }}
|
||||
containers.podman.podman_image:
|
||||
name: "{{ hedgedoc_container_image }}"
|
||||
state: "{{ hedgedoc_state }}"
|
||||
pull: "{{ (hedgedoc_container_image_source == 'pull') | bool }}"
|
||||
force: >-2
|
||||
{{ hedgedoc_container_force_source | default(
|
||||
hedgedoc_container_image_tag | default(false, true), true) }}
|
||||
register: hedgedoc_container_image_info
|
||||
until: hedgedoc_container_image_info is success
|
||||
retries: 5
|
||||
delay: 3
|
||||
|
||||
- name: Ensure container '{{ hedgedoc_container_name }}' is {{ hedgedoc_container_state }}
|
||||
containers.podman.podman_container:
|
||||
name: "{{ hedgedoc_container_name }}"
|
||||
image: "{{ hedgedoc_container_image }}"
|
||||
env: "{{ hedgedoc_container_env | default(omit, true) }}"
|
||||
user: "{{ hedgedoc_container_user | default(omit, true) }}"
|
||||
ports: "{{ hedgedoc_container_ports | default(omit, true) }}"
|
||||
labels: "{{ hedgedoc_container_all_labels }}"
|
||||
volumes: "{{ hedgedoc_container_all_volumes }}"
|
||||
etc_hosts: "{{ hedgedoc_container_etc_hosts | default(omit, true) }}"
|
||||
dns_servers: >-2
|
||||
{{ hedgedoc_container_dns_servers | default(omit, true) }}
|
||||
network_mode: >-2
|
||||
{{ hedgedoc_container_network_mode | default(omit, true) }}
|
||||
restart_policy: >-2
|
||||
{{ hedgedoc_container_restart_policy | default(omit, true) }}
|
||||
state: "{{ hedgedoc_container_state }}"
|
||||
@ -1,8 +1,7 @@
|
||||
---
|
||||
jellyfin_user: jellyfin
|
||||
jellyfin_version: "10.10.6"
|
||||
jellyfin_version: 10.9.11
|
||||
jellyfin_state: present
|
||||
jellyfin_deployment_method: docker
|
||||
|
||||
jellyfin_base_path: /opt/jellyfin
|
||||
jellyfin_config_path: "{{ jellyfin_base_path }}/config"
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
|
||||
community.docker.docker_image:
|
||||
name: "{{ jellyfin_container_image_ref }}"
|
||||
state: "{{ jellyfin_state }}"
|
||||
source: "{{ jellyfin_container_image_source }}"
|
||||
force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
|
||||
register: jellyfin_container_image_pull_result
|
||||
until: jellyfin_container_image_pull_result is succeeded
|
||||
retries: 5
|
||||
delay: 3
|
||||
|
||||
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
|
||||
community.docker.docker_container:
|
||||
name: "{{ jellyfin_container_name }}"
|
||||
image: "{{ jellyfin_container_image_ref }}"
|
||||
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
|
||||
labels: "{{ jellyfin_container_labels }}"
|
||||
volumes: "{{ jellyfin_container_volumes }}"
|
||||
networks: "{{ jellyfin_container_networks | default(omit, True) }}"
|
||||
network_mode: "{{ jellyfin_container_network_mode }}"
|
||||
restart_policy: "{{ jellyfin_container_restart_policy }}"
|
||||
state: "{{ jellyfin_container_state }}"
|
||||
@ -1,22 +0,0 @@
|
||||
---
|
||||
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
|
||||
containers.podman.podman_image:
|
||||
name: "{{ jellyfin_container_image_ref }}"
|
||||
state: "{{ jellyfin_state }}"
|
||||
pull: "{{ (jellyfin_container_image_source == 'pull') | bool }}"
|
||||
force: "{{ jellyfin_container_image_tag | default(false, true) }}"
|
||||
register: jellyfin_container_image_pull_result
|
||||
until: jellyfin_container_image_pull_result is succeeded
|
||||
retries: 5
|
||||
delay: 3
|
||||
|
||||
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
|
||||
containers.podman.podman_container:
|
||||
name: "{{ jellyfin_container_name }}"
|
||||
image: "{{ jellyfin_container_image_ref }}"
|
||||
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
|
||||
labels: "{{ jellyfin_container_labels }}"
|
||||
volumes: "{{ jellyfin_container_volumes }}"
|
||||
network: "{{ jellyfin_container_networks | default(omit, True) }}"
|
||||
restart_policy: "{{ jellyfin_container_restart_policy }}"
|
||||
state: "{{ jellyfin_container_state }}"
|
||||
@ -6,13 +6,6 @@
|
||||
states are {{ jellyfin_states | join(', ') }}.
|
||||
when: jellyfin_state not in jellyfin_states
|
||||
|
||||
- name: Check if deployment method is valid
|
||||
ansible.builtin.fail:
|
||||
msg: >-2
|
||||
Unsupported state '{{ jellyfin_deployment_method }}'. Supported
|
||||
states are {{ jellyfin_deployment_methods | join(', ') }}.
|
||||
when: jellyfin_deployment_method not in jellyfin_deployment_methods
|
||||
|
||||
- name: Ensure jellyfin user '{{ jellyfin_user }}' is {{ jellyfin_state }}
|
||||
ansible.builtin.user:
|
||||
name: "{{ jellyfin_user }}"
|
||||
@ -30,6 +23,25 @@
|
||||
mode: "{{ item.mode }}"
|
||||
loop: "{{ jellyfin_host_directories }}"
|
||||
|
||||
- name: Ensure jellyfin is deployed using {{ jellyfin_deployment_method }}
|
||||
ansible.builtin.include_tasks:
|
||||
file: "deploy-{{ jellyfin_deployment_method }}.yml"
|
||||
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
|
||||
community.docker.docker_image:
|
||||
name: "{{ jellyfin_container_image_ref }}"
|
||||
state: "{{ jellyfin_state }}"
|
||||
source: "{{ jellyfin_container_image_source }}"
|
||||
force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
|
||||
register: jellyfin_container_image_pull_result
|
||||
until: jellyfin_container_image_pull_result is succeeded
|
||||
retries: 5
|
||||
delay: 3
|
||||
|
||||
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
|
||||
community.docker.docker_container:
|
||||
name: "{{ jellyfin_container_name }}"
|
||||
image: "{{ jellyfin_container_image_ref }}"
|
||||
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
|
||||
labels: "{{ jellyfin_container_labels }}"
|
||||
volumes: "{{ jellyfin_container_volumes }}"
|
||||
networks: "{{ jellyfin_container_networks | default(omit, True) }}"
|
||||
network_mode: "{{ jellyfin_container_network_mode }}"
|
||||
restart_policy: "{{ jellyfin_container_restart_policy }}"
|
||||
state: "{{ jellyfin_container_state }}"
|
||||
|
||||
@ -2,9 +2,6 @@
|
||||
jellyfin_states:
|
||||
- present
|
||||
- absent
|
||||
jellyfin_deployment_methods:
|
||||
- docker
|
||||
- podman
|
||||
|
||||
jellyfin_container_base_volumes:
|
||||
- "{{ jellyfin_config_path }}:/config:z"
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
# `finallycoffee.services.keycloak` ansible role
|
||||
|
||||
Ansible role for deploying keycloak, currently only supports docker.
|
||||
|
||||
Migrated from `entropia.sso.keycloak`.
|
||||
|
||||
## Required variables
|
||||
|
||||
- `keycloak_database_password` - password for the database user
|
||||
- `keycloak_config_hostname` - public domain of the keycloak server
|
||||
|
||||
## Database configuration
|
||||
|
||||
- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
|
||||
- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
|
||||
- `keycloak_database_database` - name of the database to use, defaults to `keycloak`
|
||||
@ -1,51 +0,0 @@
|
||||
---
|
||||
keycloak_version: "26.1.2"
|
||||
keycloak_container_name: keycloak
|
||||
|
||||
keycloak_container_image_upstream_registry: quay.io
|
||||
keycloak_container_image_upstream_namespace: keycloak
|
||||
keycloak_container_image_upstream_name: keycloak
|
||||
keycloak_container_image_upstream: >-2
|
||||
{{
|
||||
([
|
||||
keycloak_container_image_upstream_registry | default([]),
|
||||
keycloak_container_image_upstream_namespace | default([]),
|
||||
keycloak_container_image_upstream_name,
|
||||
] | flatten | join('/'))
|
||||
}}
|
||||
keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
|
||||
|
||||
keycloak_container_database_vendor: postgres
|
||||
keycloak_base_path: /opt/keycloak
|
||||
keycloak_container_build_directory: "{{ keycloak_base_path }}/build"
|
||||
keycloak_container_build_jar_directory: providers
|
||||
keycloak_container_build_flags: {}
|
||||
keycloak_provider_jars_directory: "{{ keycloak_base_path }}/providers"
|
||||
keycloak_build_provider_jars_directory: "{{ keycloak_container_build_directory }}/{{ keycloak_container_build_jar_directory }}"
|
||||
|
||||
keycloak_database_hostname: localhost
|
||||
keycloak_database_port: 5432
|
||||
keycloak_database_username: keycloak
|
||||
keycloak_database_password: ~
|
||||
keycloak_database_database: keycloak
|
||||
|
||||
keycloak_container_env: {}
|
||||
keycloak_container_labels: ~
|
||||
keycloak_container_volumes: ~
|
||||
keycloak_container_restart_policy: unless-stopped
|
||||
keycloak_container_command: >-2
|
||||
start
|
||||
--db-username {{ keycloak_database_username }}
|
||||
--db-password {{ keycloak_database_password }}
|
||||
--db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
|
||||
{{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
|
||||
--proxy-headers=xforwarded
|
||||
--hostname {{ keycloak_config_hostname }}
|
||||
--optimized
|
||||
|
||||
keycloak_config_health_enabled: true
|
||||
keycloak_config_metrics_enabled: true
|
||||
|
||||
keycloak_config_hostname: localhost
|
||||
keycloak_config_admin_username: admin
|
||||
keycloak_config_admin_password: ~
|
||||
@ -1,13 +0,0 @@
|
||||
---
|
||||
allow_duplicates: true
|
||||
dependencies: []
|
||||
galaxy_info:
|
||||
role_name: keycloak
|
||||
description: Deploy keycloak, the opensource identity and access management solution
|
||||
galaxy_tags:
|
||||
- keycloak
|
||||
- sso
|
||||
- oidc
|
||||
- oauth2
|
||||
- iam
|
||||
- docker
|
||||
@ -1,72 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Ensure build directory exists
|
||||
ansible.builtin.file:
|
||||
name: "{{ keycloak_container_build_directory }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0700
|
||||
tags:
|
||||
- keycloak-build-container
|
||||
|
||||
- name: Ensure provider jars directory exists
|
||||
ansible.builtin.file:
|
||||
name: "{{ keycloak_provider_jars_directory }}"
|
||||
state: directory
|
||||
mode: 0775
|
||||
tags:
|
||||
- keycloak-build-container
|
||||
|
||||
- name: Ensure Dockerfile is templated
|
||||
ansible.builtin.template:
|
||||
src: Dockerfile.j2
|
||||
dest: "{{ keycloak_container_build_directory }}/Dockerfile"
|
||||
mode: 0700
|
||||
register: keycloak_buildfile_info
|
||||
tags:
|
||||
- keycloak-container
|
||||
- keycloak-build-container
|
||||
|
||||
- name: Ensure upstream Keycloak container image '{{ keycloak_container_image_upstream }}:{{ keycloak_version }}' is present
|
||||
community.docker.docker_image:
|
||||
name: "{{ keycloak_container_image_upstream }}:{{ keycloak_version }}"
|
||||
source: pull
|
||||
state: present
|
||||
register: keycloak_container_image_upstream_status
|
||||
tags:
|
||||
- keycloak-container
|
||||
- keycloak-build-container
|
||||
|
||||
- name: Ensure custom keycloak container image '{{ keycloak_container_image_name }}' is built
|
||||
community.docker.docker_image:
|
||||
name: "{{ keycloak_container_image_name }}"
|
||||
build:
|
||||
args:
|
||||
DB_VENDOR: "{{ keycloak_container_database_vendor }}"
|
||||
KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
|
||||
dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
|
||||
path: "{{ keycloak_container_build_directory }}"
|
||||
source: build
|
||||
state: present
|
||||
force_source: "{{ keycloak_buildfile_info.changed or keycloak_container_image_upstream_status.changed or (keycloak_force_rebuild_container | default(false))}}"
|
||||
register: keycloak_container_image_status
|
||||
tags:
|
||||
- keycloak-container
|
||||
- keycloak-build-container
|
||||
|
||||
- name: Ensure keycloak container is running
|
||||
community.docker.docker_container:
|
||||
name: "{{ keycloak_container_name }}"
|
||||
image: "{{ keycloak_container_image_name }}"
|
||||
env: "{{ keycloak_container_env | default(omit, true) }}"
|
||||
ports: "{{ keycloak_container_ports | default(omit, true) }}"
|
||||
hostname: "{{ keycloak_container_hostname | default(omit) }}"
|
||||
labels: "{{ keycloak_container_labels | default(omit, true) }}"
|
||||
volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
|
||||
restart_policy: "{{ keycloak_container_restart_policy }}"
|
||||
recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
|
||||
etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
|
||||
state: started
|
||||
command: "{{ keycloak_container_command }}"
|
||||
tags:
|
||||
- keycloak-container
|
||||
@ -1,43 +0,0 @@
|
||||
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }} as builder
|
||||
|
||||
# Enable health and metrics support
|
||||
ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
|
||||
ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
|
||||
|
||||
# Configure a database vendor
|
||||
ARG DB_VENDOR
|
||||
ENV KC_DB=$DB_VENDOR
|
||||
|
||||
WORKDIR {{ keycloak_container_working_directory }}
|
||||
|
||||
{% if keycloak_container_image_add_local_providers | default(true) %}
|
||||
ADD ./providers/* providers/
|
||||
{% endif %}
|
||||
# Workaround to set correct mode on jar files
|
||||
USER root
|
||||
RUN chmod -R 0770 providers/*
|
||||
USER keycloak
|
||||
|
||||
RUN {{ keycloak_container_working_directory }}/bin/kc.sh --verbose \
|
||||
{% for argument in keycloak_container_build_flags | dict2items(key_name='flag', value_name='value') %}
|
||||
--{{- argument['flag'] -}}{{- argument['value'] | default(false, true) | ternary('=' + argument['value'], '') }} \
|
||||
{% endfor%}
|
||||
build{% if keycloak_container_build_features | default([]) | length > 0 %} \
|
||||
{% endif %}
|
||||
{% if keycloak_container_build_features | default([]) | length > 0 %}
|
||||
--features="{{ keycloak_container_build_features | join(',') }}"
|
||||
{% endif %}
|
||||
|
||||
|
||||
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }}
|
||||
COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
|
||||
|
||||
ENV KC_HOSTNAME={{ keycloak_config_hostname }}
|
||||
ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
|
||||
ARG KC_ADMIN_PASSWORD
|
||||
{% if keycloak_version | split('.') | first | int > 21 %}
|
||||
ENV KEYCLOAK_ADMIN_PASSWORD=$KC_ADMIN_PASSWORD
|
||||
{% else %}
|
||||
ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
|
||||
{% endif %}
|
||||
ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]
|
||||
@ -1,3 +0,0 @@
|
||||
---
|
||||
|
||||
keycloak_container_working_directory: /opt/keycloak
|
||||
@ -2,9 +2,9 @@
|
||||
openproject_base_path: "/opt/openproject"
|
||||
|
||||
openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
|
||||
openproject_upstream_git_branch: "stable/14"
|
||||
openproject_upstream_git_branch: "stable/13"
|
||||
|
||||
openproject_compose_project_path: "{{ openproject_base_path }}"
|
||||
openproject_compose_project_path: "{{ openproject_base_path }}/compose"
|
||||
openproject_compose_project_name: "openproject"
|
||||
openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
|
||||
openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"
|
||||
|
||||
@ -26,13 +26,14 @@
|
||||
content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
|
||||
|
||||
- name: Ensure containers are pulled
|
||||
community.docker.docker_compose_v2:
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ openproject_compose_project_path }}"
|
||||
project_name: "{{ openproject_compose_project_name }}"
|
||||
pull: "missing"
|
||||
pull: true
|
||||
|
||||
- name: Ensure services are running
|
||||
community.docker.docker_compose_v2:
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ openproject_compose_project_path }}"
|
||||
project_name: "{{ openproject_compose_project_name }}"
|
||||
state: "present"
|
||||
build: false
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
snipe_it_user: snipeit
|
||||
snipe_it_version: "7.1.15"
|
||||
snipe_it_version: "7.0.13"
|
||||
snipe_it_domain: ~
|
||||
snipe_it_state: present
|
||||
snipe_it_deployment_method: docker
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
vaultwarden_user: vaultwarden
|
||||
vaultwarden_version: "1.33.2"
|
||||
vaultwarden_version: "1.32.2"
|
||||
|
||||
vaultwarden_config_file: "/etc/vaultwarden/config.json"
|
||||
vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"
|
||||
|
||||
@ -1,22 +0,0 @@
|
||||
---
|
||||
- name: Ensure container image '{{ vaultwarden_container_image }}' is {{ vaultwarden_state }}
|
||||
containers.podman.podman_image:
|
||||
name: "{{ vaultwarden_container_image }}"
|
||||
state: "{{ vaultwarden_state }}"
|
||||
pull: "{{ (vaultwarden_container_image_source == 'pull') | bool }}"
|
||||
force: "{{ vaultwarden_container_image_force_source }}"
|
||||
|
||||
- name: Ensure container '{{ vaultwarden_container_name }}' is {{ vaultwarden_container_state }}
|
||||
containers.podman.podman_container:
|
||||
name: "{{ vaultwarden_container_name }}"
|
||||
image: "{{ vaultwarden_container_image }}"
|
||||
env: "{{ vaultwarden_container_env | default(omit, true) }}"
|
||||
user: "{{ vaultwarden_container_user | default(omit, true) }}"
|
||||
ports: "{{ vaultwarden_container_ports | default(omit, true) }}"
|
||||
labels: "{{ vaultwarden_container_labels | default(omit, true) }}"
|
||||
volumes: "{{ vaultwarden_container_volumes }}"
|
||||
network: "{{ vaultwarden_container_networks | default(omit, true) }}"
|
||||
etc_hosts: "{{ vaultwarden_container_etc_hosts | default(omit, true) }}"
|
||||
dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}"
|
||||
restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}"
|
||||
state: "{{ vaultwarden_container_state | default(omit, true) }}"
|
||||
@ -4,7 +4,6 @@ vaultwarden_states:
|
||||
- absent
|
||||
vaultwarden_deployment_methods:
|
||||
- docker
|
||||
- podman
|
||||
vaultwarden_required_variables:
|
||||
- vaultwarden_config_domain
|
||||
vaultwarden_conditionally_required_variables:
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
---
|
||||
|
||||
vouch_proxy_user: vouch-proxy
|
||||
vouch_proxy_version: "0.41.0"
|
||||
vouch_proxy_version: 0.40.0
|
||||
vouch_proxy_base_path: /opt/vouch-proxy
|
||||
vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config"
|
||||
vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user