mirror of
https://github.com/famedly/ansible-collection-services
synced 2024-11-12 23:07:07 +00:00
feat(dex): add initial role and playbook
This commit is contained in:
Jan Christian Grünhage
parent
7ce8425d13
commit
cdcc652ad7
8 changed files with 161 additions and 0 deletions
|
|
@ -1,4 +1,5 @@
|
|||
roles/bitwarden/ @ratzupaltuff @jcgruenhage
|
||||
roles/dex/ @jcgruenhage
|
||||
roles/ghost/ @ratzupaltuff
|
||||
roles/hedgedoc/ @jcgruenhage
|
||||
roles/matomo/ @jcgruenhage
|
||||
|
|
|
|||
6
playbooks/dex.yml
Normal file
6
playbooks/dex.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Deploy Dex - A Federated OpenID Connect Provider
|
||||
hosts: "{{ dex_hosts | default('dex') }}"
|
||||
become: true
|
||||
roles:
|
||||
- dex
|
||||
23
roles/dex/README.md
Normal file
23
roles/dex/README.md
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
# famedly.services.dex
|
||||
|
||||
Deploys a [Dex](https://dexidp.io) instance into a container.
|
||||
|
||||
## Requirements
|
||||
|
||||
- docker
|
||||
|
||||
## Role Variables
|
||||
|
||||
TODO
|
||||
|
||||
## Example Playbook
|
||||
|
||||
TODO
|
||||
|
||||
## License
|
||||
|
||||
AGPL-3.0-or-later
|
||||
|
||||
## Author Information
|
||||
|
||||
- Jan Christian Grünhage <jan.christian@gruenhage.xyz>
|
||||
21
roles/dex/defaults/main.yml
Normal file
21
roles/dex/defaults/main.yml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
# defaults file for dex
|
||||
|
||||
dex_version: "2.33.1"
|
||||
dex_container_image_ref: ghcr.io/dexidp/dex
|
||||
dex_container_image_tag:
|
||||
dex_container_image: "{{ dex_container_image_ref }}:{{ dex_container_image_tag | default('v' + dex_version, True) }}"
|
||||
dex_container_image_force_pull: "{{ true if dex_container_image_tag else false }}"
|
||||
|
||||
dex_container_name: "dex"
|
||||
dex_container_networks: []
|
||||
dex_container_etc_hosts: {}
|
||||
dex_container_extra_volumes: []
|
||||
dex_container_ports: []
|
||||
dex_container_labels: {}
|
||||
dex_container_env: {}
|
||||
dex_container_recreate: false
|
||||
|
||||
dex_user: "dex"
|
||||
dex_base_path: /opt/dex
|
||||
dex_extra_config: {}
|
||||
8
roles/dex/handlers/main.yml
Normal file
8
roles/dex/handlers/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
# handlers file for dex
|
||||
- name: Restart dex container
|
||||
docker_container:
|
||||
name: "{{ dex_container_name }}"
|
||||
state: started
|
||||
restart: yes
|
||||
listen: restart-dex
|
||||
16
roles/dex/meta/main.yml
Normal file
16
roles/dex/meta/main.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Jan Christian Grünhage <jan.christian@gruenhage.xyz>
|
||||
description: Deploys a containerised Dex instance
|
||||
company: Famedly GmbH
|
||||
|
||||
license: AGPL-2.0-or-later
|
||||
min_ansible_version: "2.5"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- bullseye
|
||||
|
||||
galaxy_tags: []
|
||||
dependencies: []
|
||||
62
roles/dex/tasks/main.yml
Normal file
62
roles/dex/tasks/main.yml
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
# tasks file for dex
|
||||
- name: Create system user for dex
|
||||
ansible.builtin.user:
|
||||
name: "{{ dex_user }}"
|
||||
state: present
|
||||
system: yes
|
||||
register: dex_user_res
|
||||
tags: ['prepare', 'prepare-dex',
|
||||
'deploy', 'deploy-dex' ]
|
||||
|
||||
- name: Ensure host directories are present
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0700
|
||||
owner: "{{ dex_user_res.uid }}"
|
||||
group: "{{ dex_user_res.group }}"
|
||||
loop:
|
||||
- "{{ dex_base_path }}"
|
||||
tags: [ 'prepare', 'prepare-dex' ]
|
||||
|
||||
- name: Template dex configuration
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
{{ 'Managed by ansible' | comment('plain', prefix='#####', postfix='#####') }}
|
||||
{{ dex_config | to_nice_yaml }}
|
||||
dest: "{{ dex_base_path }}/config.yaml"
|
||||
mode: 0600
|
||||
owner: "{{ dex_user_res.uid }}"
|
||||
group: "{{ dex_user_res.group }}"
|
||||
notify:
|
||||
- restart-dex
|
||||
tags: [ 'deploy', 'deploy-dex' ]
|
||||
|
||||
- name: Ensure dex container image is present
|
||||
community.docker.docker_image:
|
||||
name: "{{ dex_container_image }}"
|
||||
force_source: "{{ dex_container_image_force_pull }}"
|
||||
source: pull
|
||||
state: present
|
||||
register: dex_container_image_pulled
|
||||
until: dex_container_image_pulled is success
|
||||
retries: 10
|
||||
delay: 5
|
||||
tags: [ 'prepare', 'prepare-dex' ]
|
||||
|
||||
- name: Ensure dex container is running
|
||||
community.docker.docker_container:
|
||||
name: "{{ dex_container_name }}"
|
||||
image: "{{ dex_container_image }}"
|
||||
networks: "{{ dex_container_networks }}"
|
||||
etc_hosts: "{{ dex_container_etc_hosts }}"
|
||||
ports: "{{ dex_container_ports }}"
|
||||
labels: "{{ dex_container_labels_complete }}"
|
||||
env: "{{ dex_container_env }}"
|
||||
user: "{{ dex_user_res.uid }}"
|
||||
recreate: "{{ dex_container_recreate }}"
|
||||
volumes: "{{ dex_container_volumes }}"
|
||||
restart_policy: unless-stopped
|
||||
state: started
|
||||
tags: [ 'deploy', 'deploy-dex' ]
|
||||
24
roles/dex/vars/main.yml
Normal file
24
roles/dex/vars/main.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
# vars file for dex
|
||||
|
||||
dex_config: "{{ dex_base_config | combine(dex_extra_config, recursive=True) }}"
|
||||
dex_base_config:
|
||||
issuer: https://{{ dex_domain }}
|
||||
storage:
|
||||
type: memory # TODO: this should be backed by a database of some sort
|
||||
web:
|
||||
http: 0.0.0.0:5556
|
||||
telemetry:
|
||||
http: 0.0.0.0:5558
|
||||
logger:
|
||||
level: info
|
||||
staticClients: "{{ dex_static_clients }}"
|
||||
connectors: "{{ dex_connectors }}"
|
||||
|
||||
dex_container_labels_base:
|
||||
version: "{{ dex_version }}"
|
||||
dex_container_labels_complete: "{{ dex_container_labels_base | combine(dex_container_labels) }}"
|
||||
|
||||
dex_container_base_volumes:
|
||||
- "{{ dex_base_path }}/config.yaml:/etc/dex/config.docker.yaml"
|
||||
dex_container_volumes: "{{ dex_container_base_volumes + dex_container_extra_volumes | default([]) }}"
|
||||
Loading…
Reference in a new issue