Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-keycloak/vars/configuration.yml
+++ b/roles/web-app-keycloak/vars/configuration.yml
@@ -0,0 +1,30 @@
+images: 
+  keycloak:           "quay.io/keycloak/keycloak:latest"
+import_realm:         True                                # If True realm will be imported. If false skip.
+features:
+  matomo:             true
+  css:                false
+  portfolio_iframe:   true
+  ldap:               true
+  central_database:   true
+  recaptcha:          true
+csp:
+  flags:
+    script-src-elem:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+    style-src:
+      unsafe-inline: true
+domains:
+  canonical:
+    - "auth.{{ primary_domain }}"
+scopes:
+  rbac_roles: rbac_roles
+  nextcloud:  nextcloud
+
+rbac_groups:  "/rbac"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -0,0 +1,14 @@
+application_id:                   "keycloak"
+database_type:                    "postgres"
+container_name:                   "{{application_id}}_application"
+import_directory_host:            "{{docker_compose.directories.volumes}}import/"           # Directory in which keycloack import files are placed on the host
+import_directory_docker:          "/opt/keycloak/data/import/"                              # Directory in which keycloack import files are placed in the running docker container
+keycloak_realm:                   "{{ primary_domain}}"                                     # This is the name of the default realm which is used by the applications
+keycloak_administrator:           "{{ applications[application_id].users.administrator }}"  # Master Administrator
+keycloak_administrator_username:  "{{ keycloak_administrator.username}}"                    # Master Administrator Username
+keycloak_administrator_password:  "{{ keycloak_administrator.password}}"                    # Master Administrator Password
+keycloak_kcadm_path:              "docker exec -i {{ container_name }} /opt/keycloak/bin/kcadm.sh"
+keycloak_server_internal_url:     "http://127.0.0.1:8080"
+keycloak_server_host:             "127.0.0.1:{{ports.localhost.http[application_id]}}"
+keycloak_server_host_url:         "http://{{ keycloak_server_host }}"
+