From a04a1710d39bea4d3f58063180de1f09af262bf9 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 17 Jul 2025 07:16:38 +0200
Subject: [PATCH] Changed keycloak application id

---
 group_vars/all/09_ports.yml                            |  2 +-
 group_vars/all/10_networks.yml                         |  2 +-
 roles/web-app-keycloak/templates/import/realm.json.j2  |  4 ++--
 roles/web-app-keycloak/vars/main.yml                   |  2 +-
 roles/web-app-nextcloud/vars/plugins/sociallogin.yml   |  2 +-
 .../templates/oauth2-proxy-keycloak.cfg.j2             |  2 +-
 .../web-app-port-ui/templates/menu/applications.yml.j2 | 10 +++++-----
 7 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml
index d0d9fb12..d9f9201b 100644
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@@ -52,7 +52,7 @@ ports:
       web-app-port-ui: 8029
       bluesky_api: 8030
       bluesky_web: 8031
-      keycloak: 8032
+      web-app-keycloak: 8032
       lam: 8033
       phpmyadmin: 8034
       snipe-it: 8035
diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml
index f7e1656d..ed9701a8 100644
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@@ -28,7 +28,7 @@ defaults_networks:
       subnet: 192.168.101.128/28
     web-app-joomla:
       subnet: 192.168.101.144/28
-    keycloak:
+    web-app-keycloak:
       subnet: 192.168.101.160/28
     web-app-wordpress:
       subnet: 192.168.101.176/28
diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2
index d2fce6e9..cce08bfb 100644
--- a/roles/web-app-keycloak/templates/import/realm.json.j2
+++ b/roles/web-app-keycloak/templates/import/realm.json.j2
@@ -517,7 +517,7 @@
         "/realms/{{ keycloak_realm }}/account/*"
       ],
       "webOrigins": [
-        "{{ domains | get_url('keycloak', web_protocol) }}"
+        "{{ domains | get_url('web-app-keycloak', web_protocol) }}"
       ],
       "notBefore": 0,
       "bearerOnly": false,
@@ -1697,7 +1697,7 @@
     "replyTo": "",
     "host": "{{system_email.host}}",
     "from": "{{ users['no-reply'].email }}",
-    "fromDisplayName": "Keycloak Authentification System - {{domains | get_domain('keycloak')}}",
+    "fromDisplayName": "Keycloak Authentification System - {{domains | get_domain('web-app-keycloak')}}",
     "envelopeFrom": "",
     "ssl": "true",
     "user": "{{ users['no-reply'].email }}"
diff --git a/roles/web-app-keycloak/vars/main.yml b/roles/web-app-keycloak/vars/main.yml
index 9d88cca5..5839a19a 100644
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -1,4 +1,4 @@
-application_id:                   "keycloak"                                                                                      # Internal CyMaIS application id 
+application_id:                   "web-app-keycloak"                                                                                      # Internal CyMaIS application id 
 database_type:                    "postgres"                                                                                      # Database which will be used
 keycloak_container:               "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name', True) }}"      # Name of the keycloack docker container
 keycloak_host_import_directory:   "{{ docker_compose.directories.volumes }}import/"                                               # Directory in which keycloack import files are placed on the host
diff --git a/roles/web-app-nextcloud/vars/plugins/sociallogin.yml b/roles/web-app-nextcloud/vars/plugins/sociallogin.yml
index 206eef35..f73ec5d0 100644
--- a/roles/web-app-nextcloud/vars/plugins/sociallogin.yml
+++ b/roles/web-app-nextcloud/vars/plugins/sociallogin.yml
@@ -25,7 +25,7 @@ plugin_configuration:
     configkey: "custom_providers"
     configvalue: 
       custom_oidc:
-        - name: "{{ domains | get_domain('keycloak') }}"
+        - name: "{{ domains | get_domain('web-app-keycloak') }}"
           title: "keycloak"
           style: "keycloak"
           authorizeUrl: "{{ oidc.client.authorize_url }}"
diff --git a/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
index 3a2aed63..e7b097d7 100644
--- a/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -2,7 +2,7 @@ http_address            =   "0.0.0.0:4180"
 cookie_secret           =   "{{ applications | get_app_conf(oauth2_proxy_application_id, 'credentials.oauth2_proxy_cookie_secret', True) }}"
 cookie_secure           =   "true"                                                                                                                                                  # True is necessary to force the cookie set via https
 upstreams               =   "http://{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.application', True) }}:{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.port', True) }}"
-cookie_domains          =   ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('keycloak') }}"]                                                   # Required so cookie can be read on all subdomains.
+cookie_domains          =   ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('web-app-keycloak') }}"]                                                   # Required so cookie can be read on all subdomains.
 whitelist_domains       =   [".{{ primary_domain }}"]                                                                                                                               # Required to allow redirection back to original requested target.
 
 # keycloak provider
diff --git a/roles/web-app-port-ui/templates/menu/applications.yml.j2 b/roles/web-app-port-ui/templates/menu/applications.yml.j2
index 018d46e7..5ae17ef1 100644
--- a/roles/web-app-port-ui/templates/menu/applications.yml.j2
+++ b/roles/web-app-port-ui/templates/menu/applications.yml.j2
@@ -32,19 +32,19 @@ applications:
                 description: Access the central admin console
                 icon:
                   class: fa-solid fa-shield-halved
-                url: https://{{domains | get_domain('keycloak')}}/admin
-                iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
+                url: https://{{domains | get_domain('web-app-keycloak')}}/admin
+                iframe: {{ applications | get_domain( 'web-app-keycloak', 'features.port-ui-desktop', False) }}
               - name: Profile
                 description: Update your personal admin settings
                 icon:
                   class: fa-solid fa-user-gear
-                url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/account
-                iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
+                url: https://{{ domains | get_domain('web-app-keycloak') }}/realms/{{oidc.client.id}}/account
+                iframe: {{ applications | get_domain( 'web-app-keycloak', 'features.port-ui-desktop', False) }}
               - name: Logout
                 description: End your admin session securely
                 icon:
                   class: fa-solid fa-right-from-bracket
-                url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/protocol/openid-connect/logout
+                url: https://{{ domains | get_domain('web-app-keycloak') }}/realms/{{oidc.client.id}}/protocol/openid-connect/logout
                 iframe: false
 
             {% endif %}