Optimized keycloak variables

2025-08-18 09:45:03 +02:00 · 2025-08-17 11:40:15 +02:00 · 2025-08-17 11:40:15 +02:00 · 5c9ca20e04
commit 5c9ca20e04
parent bfe18dd83c
12 changed files with 24 additions and 19 deletions
--- a/roles/svc-db-openldap/templates/env.j2
+++ b/roles/svc-db-openldap/templates/env.j2
@ -3,7 +3,7 @@
      
 # GENERAL
 ## Admin (Data)
-LDAP_ADMIN_USERNAME=        {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} # LDAP database admin user.
+LDAP_ADMIN_USERNAME=        {{ applications | get_app_conf(application_id, 'users.administrator.username') }} # LDAP database admin user.
 LDAP_ADMIN_PASSWORD=        {{ldap.bind_credential}}                                      # LDAP database admin password.

 ## Users
@ -14,8 +14,8 @@ LDAP_ROOT=                  {{ldap.dn.root}}                # LDAP baseDN (or su
 ## Admin (Config)
 LDAP_ADMIN_DN=              {{ldap.dn.administrator.data}}
 LDAP_CONFIG_ADMIN_ENABLED=  yes
-LDAP_CONFIG_ADMIN_USERNAME= {{applications | get_app_conf(application_id, 'users.administrator.username', True)}}
-LDAP_CONFIG_ADMIN_PASSWORD= {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}
+LDAP_CONFIG_ADMIN_USERNAME= {{ applications | get_app_conf(application_id, 'users.administrator.username') }}
+LDAP_CONFIG_ADMIN_PASSWORD= {{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}
  
 # Network
 LDAP_PORT_NUMBER=           {{openldap_docker_port_open}}            # Route to default port
--- a/roles/web-app-espocrm/templates/env.j2
+++ b/roles/web-app-espocrm/templates/env.j2
@ -19,7 +19,7 @@ CRON_DISABLED=true
 # ------------------------------------------------
 # Initial admin account
 # ------------------------------------------------
-ESPOCRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}
+ESPOCRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
 ESPOCRM_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}

 # Public base URL of the EspoCRM instance
--- a/roles/web-app-fusiondirectory/templates/env.j2
+++ b/roles/web-app-fusiondirectory/templates/env.j2
@ -2,7 +2,7 @@
 # https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
      
 # Basic Configuration   
-LAM_PASSWORD=               {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}    # LAM configuration master password and password for server profile "lam
+LAM_PASSWORD=               {{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}    # LAM configuration master password and password for server profile "lam
     
 # Database
 LAM_CONFIGURATION_DATABASE= files                                               # configuration database (files or mysql) @todo implement mariadb
--- a/roles/web-app-keycloak/templates/env.j2
+++ b/roles/web-app-keycloak/templates/env.j2
@ -2,7 +2,7 @@
 # Documentation can be found here: 
 # @see https://www.keycloak.org/server/containers

-KC_HOSTNAME=                    https://{{ domains | get_domain(application_id) }}
+KC_HOSTNAME=                    {{ KEYCLOAK_URL }}
 KC_HTTP_ENABLED=                true

 # Health Checks
@ -11,18 +11,18 @@ KC_HEALTH_ENABLED=              true
 KC_METRICS_ENABLED=             true

 # Administrator
-KEYCLOAK_ADMIN=                 "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
-KEYCLOAK_ADMIN_PASSWORD=        "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
+KEYCLOAK_ADMIN=                 "{{ KEYCLOAK_ADMIN }}"
+KEYCLOAK_ADMIN_PASSWORD=        "{{ KEYCLOAK_ADMIN_PASSWORD }}"

 # Database
-KC_DB=                          postgres
-KC_DB_URL=                      {{database_url_jdbc}}
+KC_DB=                          {{ database_type }}
+KC_DB_URL=                      {{ database_url_jdbc }}
 KC_DB_USERNAME=                 {{ database_username }}
 KC_DB_PASSWORD=                 {{ database_password }}

 # If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
-KC_BOOTSTRAP_ADMIN_USERNAME=    "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
-KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
+KC_BOOTSTRAP_ADMIN_USERNAME=    "{{ KEYCLOAK_ADMIN }}"
+KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{ KEYCLOAK_ADMIN_PASSWORD }}"

 # Enable detailed logs
 {% if MODE_DEBUG | bool %}
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@ -5,11 +5,16 @@ database_type:                    "postgres"
 # Keycloak

 ## General
+KEYCLOAK_URL:                       "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 KEYCLOAK_REALM:                     "{{ OIDC.CLIENT.REALM }}" # This is the name of the default realm which is used by the applications
 KEYCLOAK_REALM_URL:                 "{{ WEB_PROTOCOL }}://{{ KEYCLOAK_REALM }}"
 KEYCLOAK_DEBUG_ENABLED:             "{{ MODE_DEBUG }}"
 KEYCLOAK_CLIENT_ID:                 "{{ OIDC.CLIENT.ID }}"

+# Credentials
+KEYCLOAK_ADMIN:                     "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
+KEYCLOAK_ADMIN_PASSWORD:            "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
+
 ## Docker
 KEYCLOAK_CONTAINER:                 "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name') }}"      # Name of the keycloak docker container
 KEYCLOAK_DOCKER_IMPORT_DIR:         "/opt/keycloak/data/import/"                                                              # Directory in which keycloak import files are placed in the running docker container
--- a/roles/web-app-lam/templates/env.j2
+++ b/roles/web-app-lam/templates/env.j2
@ -2,7 +2,7 @@
 # https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
      
 # Basic Configuration   
-LAM_PASSWORD=               {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}    # LAM configuration master password and password for server profile "lam
+LAM_PASSWORD=               {{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}    # LAM configuration master password and password for server profile "lam
     
 # Database
 LAM_CONFIGURATION_DATABASE= files                                               # configuration database (files or mysql) @todo implement mariadb
--- a/roles/web-app-listmonk/templates/env.j2
+++ b/roles/web-app-listmonk/templates/env.j2
@ -2,5 +2,5 @@ TZ={{ HOST_TIMEZONE }}

 # Administrator setup

-LISTMONK_ADMIN_USER={{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}
+LISTMONK_ADMIN_USER={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
 LISTMONK_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}
--- a/roles/web-app-matrix/tasks/01_docker.yml
+++ b/roles/web-app-matrix/tasks/01_docker.yml
@ -103,7 +103,7 @@

 - name: create admin account
  command:
-    cmd: docker compose exec -it synapse register_new_matrix_user -u {{ MATRIX_ADMINISTRATOR_USERNAME }} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
+    cmd: docker compose exec -it synapse register_new_matrix_user -u {{ MATRIX_ADMINISTRATOR_USERNAME }} -p {{ applications | get_app_conf(application_id, 'credentials.administrator_password') }} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
    chdir: "{{ docker_compose.directories.instance }}"
  ignore_errors: true
  when: applications | get_app_conf(application_id, 'setup', True) | bool
--- a/roles/web-app-moodle/templates/env.j2
+++ b/roles/web-app-moodle/templates/env.j2
@ -4,7 +4,7 @@ MOODLE_SITE_NAME="{{applications | get_app_conf(application_id, 'site_titel', Tr
 MOODLE_HOST="{{ domains | get_domain(application_id) }}"
 MOODLE_SSLPROXY=yes
 MOODLE_REVERSE_PROXY=yes
-MOODLE_USERNAME={{applications | get_app_conf(application_id, 'users.administrator.username', True)}}
+MOODLE_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
 MOODLE_PASSWORD={{applications | get_app_conf(application_id, 'credentials.user_password', True)}}
 MOODLE_EMAIL={{applications | get_app_conf(application_id, 'users.administrator.email', True)}}
 BITNAMI_DEBUG={% if MODE_DEBUG | bool %}true{% else %}false{% endif %}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@ -12,7 +12,7 @@ database_password:                              "{{ applications | get_app_conf(
 database_type:                                  "mariadb"                                                                                   # Database flavor

 nextcloud_plugins_enabled:                      "{{ applications | get_app_conf(application_id, 'plugins_enabled', True) }}"
-nextcloud_administrator_username:               "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
+nextcloud_administrator_username:               "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"

 # Control Node
 nextcloud_control_node_plugin_vars_directory:   "{{role_path}}/vars/plugins/"                                 # Folder in which the files for the plugin configuration are stored
--- a/roles/web-app-wordpress/tasks/02_install.yml
+++ b/roles/web-app-wordpress/tasks/02_install.yml
@ -5,7 +5,7 @@
    wp core install
      --url="{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
      --title="{{ applications | get_app_conf(application_id, 'title', True) }}"
-      --admin_user="{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
+      --admin_user="{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
      --admin_password="{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"
      --admin_email="{{ applications | get_app_conf(application_id, 'users.administrator.email', True) }}"
      --path="{{ wordpress_docker_html_path }}"
--- a/roles/web-app-yourls/vars/main.yml
+++ b/roles/web-app-yourls/vars/main.yml
@ -3,7 +3,7 @@ application_id:                 "web-app-yourls"
 database_type:                  "mariadb"

 # Yourls Specific
-yourls_user:                    "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
+yourls_user:                    "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
 yourls_password:                "{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"
 yourls_version:                 "{{ applications | get_app_conf(application_id, 'docker.services.yourls.version', True) }}"
 yourls_image:                   "{{ applications | get_app_conf(application_id, 'docker.services.yourls.image', True) }}"