Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-oauth2-proxy/Todo.md
+++ b/roles/docker-oauth2-proxy/Todo.md
@@ -0,0 +1,2 @@
+# Todo
+- Implement RBAC based authentification for admins
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -1,5 +1,5 @@
 http_address            =   "0.0.0.0:4180"
-cookie_secret           =   "{{applications[application_id].oauth2_proxy.cookie_secret}}"
+cookie_secret           =   "{{ applications[application_id].credentials.oauth2_proxy_cookie_secret }}"
 email_domains           =   "{{primary_domain}}"
 cookie_secure           =   "true"                                                  # True is necessary to force the cookie set via https
 upstreams               =   "http://{{applications[application_id].oauth2_proxy.application}}:{{applications[application_id].oauth2_proxy.port}}"
@@ -16,5 +16,5 @@ provider_display_name   =   "Keycloak"

 # role restrictions
 #cookie_roles           =   "realm_access.roles"
-#allowed_groups           =   "{{applications.oauth2_proxy.allowed_roles}}"           # This is not correct here. needs to be placed in applications @todo move there when implementing
+#allowed_groups         =   "{{applications.oauth2_proxy.allowed_roles}}"           # This is not correct here. needs to be placed in applications @todo move there when implementing
 # @see https://chatgpt.com/share/67f42607-bf68-800f-b587-bd56fe9067b5
--- a/roles/docker-oauth2-proxy/vars/configuration.yml
+++ b/roles/docker-oauth2-proxy/vars/configuration.yml
@@ -0,0 +1,8 @@
+configuration_file: "oauth2-proxy-keycloak.cfg"                                                                 # Needs to be set true in the roles which use it
+version:            "latest"                                                                                    # Docker Image version
+redirect_url:       "{{ web_protocol }}://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
+allowed_roles:      admin                                                                                       # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
+features:
+  matomo: true
+  css: true
+  landingpage_iframe: false