Moved to one client for Oauth2-Proxy

2025-02-22 12:29:39 +01:00 · 2025-01-26 22:43:48 +01:00 · 2025-01-26 22:43:48 +01:00 · cb972b1b91
commit cb972b1b91
parent 54cac88d26
4 changed files with 15 additions and 27 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -279,21 +279,21 @@ matrix_synapse_version:         "latest"
 matrix_element_version:         "latest"

 #### Mailu
-mailu_version:          "2024.06"
-mailu_domain:           "{{primary_domain}}"
-mailu_subnet:           "192.168.203.0/24"
+mailu_version:                  "2024.06"
+mailu_domain:                   "{{primary_domain}}"
+mailu_subnet:                   "192.168.203.0/24"

 #### Moodle
-moodle_site_name:           "Global Learning Academy on {{primary_domain}}"
-moodle_administrator_name:  "{{administrator_username}}"
-moodle_administrator_email: "{{administrator_email}}"
-moodle_version:             "latest"
+moodle_site_name:               "Global Learning Academy on {{primary_domain}}"
+moodle_administrator_name:      "{{administrator_username}}"
+moodle_administrator_email:     "{{administrator_email}}"
+moodle_version:                 "latest"

 #### MyBB
-mybb_version:               "latest"
+mybb_version:                   "latest"

 #### Nextcloud
-nextcloud_version:          "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
+nextcloud_version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/

 #### OAuth2 Proxy
 oauth2_configuration_file:                    "oauth2-proxy-keycloak.cfg"
@ -307,19 +307,12 @@ oauth2_proxy_client_id:                       "{{primary_domain}}"
 oauth2_proxy_client_secret:                   "{{primary_oauth2_proxy_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
 oauth2_proxy_cookie_secret:                   "{{primary_oauth2_proxy_cookie_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16

-#### Open Project
-# openproject_oauth2_proxy_client_secret: Needs to be defined in inventory # The client ID configured in Keycloak for the application. 
-# openproject_oauth2_proxy_cookie_secret: Needs to be defined in inventory # The client secret configured in Keycloak for the application: 0dc07dc3b323921acbd96656f33dc55a
-
-
 #### Peertube
 peertube_version:                         "bookworm"

 #### PHPMyAdmin
 phpmyadmin_version:                       "latest"
 phpmyadmin_autologin:                     false     # This is a high security risk. Just activate this option if you know what you're doing
-# phpmyadmin_oauth2_proxy_client_secret:  Needs to be defined in inventory # The client ID configured in Keycloak for the application. 
-# phpmyadmin_oauth2_proxy_cookie_secret:  Needs to be defined in inventory # The client secret configured in Keycloak for the application.

 #### Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"
--- a/roles/docker-ldap/vars/main.yml
+++ b/roles/docker-ldap/vars/main.yml
@ -6,5 +6,5 @@ ldap_secure_internet_port:    636
 ldap_localhost_port:          389

 # OAuth2 Proxy Configuration
-oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}{{ ldap_webinterface }}80{% endif %}"
-oauth2_proxy_active:  true
+oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
+oauth2_proxy_active:                        true
--- a/roles/docker-openproject/vars/main.yml
+++ b/roles/docker-openproject/vars/main.yml
@ -1,15 +1,13 @@
 docker_compose_project_name:                  "openproject"
 repository_directory:                         "{{ path_docker_compose_instances }}{{docker_compose_project_name}}/"
 docker_compose_instance_directory:            "{{repository_directory}}compose/"
-database_password:                            "{{openproject_database_password}}"
 repository_address:                           "https://github.com/opf/openproject-deploy"
+database_password:                            "{{openproject_database_password}}"
 database_type:                                "postgres"
+
 # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
 dummy_volume:                                 "{{repository_directory}}dummy_volume"

 # OAuth2 Proxy Configuration
-oauth2_proxy_client_secret:                   "{{openproject_oauth2_proxy_client_secret}}"
-oauth2_proxy_cookie_secret:                   "{{openproject_oauth2_proxy_cookie_secret}}"
 oauth2_proxy_upstream_application_and_port:   "proxy:80"
-oauth2_proxy_active:                          true
-oauth2_proxy_client_id:                        "{{domain}}"
+oauth2_proxy_active:                          true
--- a/roles/docker-phpmyadmin/vars/main.yml
+++ b/roles/docker-phpmyadmin/vars/main.yml
@ -2,7 +2,4 @@ docker_compose_project_name:  "phpmyadmin"
 database_type:                "mariadb"
 database_host:                "{{ 'central-' + database_type if enable_central_database}}"
 # OAuth2 Proxy Configuration
-oauth2_proxy_client_secret: "{{phpmyadmin_oauth2_proxy_client_secret}}"
-oauth2_proxy_cookie_secret: "{{phpmyadmin_oauth2_proxy_cookie_secret}}"
-oauth2_proxy_active:        true
-oauth2_proxy_client_id:      "{{domain}}"
+oauth2_proxy_active:        true