Solved ooauth2 bugs and restructured postgres roile to implement extensions used by discourse

2025-08-30 23:38:13 +02:00 · 2025-07-23 13:24:55 +02:00
parent d1fcbedef6
commit 0472fecd64
22 changed files with 187 additions and 78 deletions
--- a/roles/cmp-docker-oauth2/README.md
+++ b/roles/cmp-docker-oauth2/README.md
@@ -0,0 +1,21 @@
+# cmp-docker-oauth2
+
+This Ansible role enhances a Docker Compose application by conditionally enabling OAuth2-based authentication. It ensures that the `docker-compose` role is always loaded, and if the application has OAuth2 support enabled via `features.oauth2`, it also configures the OAuth2 proxy.
+
+## Features
+
+- Loads the `docker-compose` role
+- Conditionally configures OAuth2 reverse proxy via `web-app-oauth2-proxy`
+- Supports OIDC providers like Keycloak
+- Application-driven behavior via `features.oauth2` in the configuration
+
+## License
+
+CyMaIS NonCommercial License (CNCL)
+See: [https://s.veen.world/cncl](https://s.veen.world/cncl)
+
+## Author
+
+Kevin Veen-Birkenbach
+Consulting & Coaching Solutions
+[https://www.veen.world](https://www.veen.world)
--- a/roles/cmp-docker-oauth2/meta/main.yml
+++ b/roles/cmp-docker-oauth2/meta/main.yml
@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: >
+    Loads the docker-compose role and adds OAuth2 proxy support if enabled
+    in the application's configuration. This ensures authentication via a
+    centralized OIDC provider (e.g., Keycloak) with minimal configuration overhead.
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Docker
+      versions:
+        - "latest"
+  galaxy_tags:
+    - docker
+    - compose
+    - oauth2
+    - oidc
+    - authentication
+    - proxy
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
--- a/roles/cmp-docker-oauth2/tasks/main.yml
+++ b/roles/cmp-docker-oauth2/tasks/main.yml
@@ -0,0 +1,14 @@
+# run_once_cmp_docker_oauth2: disabled
+
+- name: "For '{{ application_id }}': Load docker-compose"
+  include_role: 
+    name: docker-compose
+
+- name: "set oauth2_proxy_application_id (Needed due to lazzy loading issue)"
+  set_fact:
+    oauth2_proxy_application_id: "{{ application_id }}"
+  when: applications | get_app_conf(application_id, 'features.oauth2', False)
+
+- name: "include the web-app-oauth2-proxy role {{domain}}"
+  include_tasks: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/tasks/main.yml"
+  when: applications | get_app_conf(application_id, 'features.oauth2', False)