Added syncope draft

2025-04-28 10:26:54 +02:00 · 2025-04-27 18:11:28 +02:00 · 2025-04-27 18:11:28 +02:00 · cd2f5f8717
commit cd2f5f8717
parent fb96c5b7fb
11 changed files with 146 additions and 0 deletions
--- a/group_vars/all/03_domains.yml
+++ b/group_vars/all/03_domains.yml
@ -45,6 +45,7 @@ defaults_domains:
  roulette-wheel:          "roulette.{{primary_domain}}"
  snipe_it:                "inventory.{{primary_domain}}"
  sphinx:                  "docs.{{primary_domain}}"
+  syncope:                 "syncope.{{primary_domain}}"
  taiga:                   "kanban.{{primary_domain}}"
  yourls:                  "s.{{primary_domain}}"
  # ATTENTION: Will be owerwritten by the values in domains. Not merged.
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@ -56,6 +56,7 @@ ports:
      fusiondirectory:  8038
      presentation:     8039
      espocrm:          8040
+      syncope:          8041
      bigbluebutton:    48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port
  # Ports which are exposed to the World Wide Web
  public:
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@ -82,6 +82,8 @@ defaults_networks:
      subnet: 192.168.103.48/28
    espocrm:
      subnet: 192.168.103.64/28
+    syncope:
+      subnet: 192.168.103.80/28
      
    # /24 Networks / 254 Usable Clients
    bigbluebutton:
--- a/roles/docker-syncope/README.md
+++ b/roles/docker-syncope/README.md
@ -0,0 +1 @@
+https://syncope.apache.org/docs/getting-started.html#docker-compose-samples
--- a/roles/docker-syncope/tasks/main.yml
+++ b/roles/docker-syncope/tasks/main.yml
@ -0,0 +1,31 @@
+---
+- name: "include docker-central-database"
+  include_role: 
+    name: docker-central-database
+
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
+  include_role:
+    name: nginx-https-get-cert-modify-all
+
+- name: configure {{domain}}.conf
+  template: 
+    src:  "templates/proxy.conf.j2"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+  notify: restart nginx
+
+- name: configure {{domain}}.conf
+  template: 
+    src:  "templates/proxy.conf.j2"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+  notify: restart nginx
+
+- name: "create {{docker_compose.files.env}}"
+  template: 
+    src:  "database.j2" 
+    dest: "{{docker_compose.files.env}}"
+    mode: '770'
+    force: yes
+  notify: docker compose project setup
+
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml
--- a/roles/docker-syncope/templates/database.env.j2
+++ b/roles/docker-syncope/templates/database.env.j2
@ -0,0 +1,5 @@
+DB_URL={{ database_url_jdbc }}?stringtype=unspecified
+DB_USER=DB_URL={{ database_username }}
+DB_PASSWORD={{ database_password }}
+DB_POOL_MAX=20
+DB_POOL_MIN=5
--- a/roles/docker-syncope/templates/docker-compose.yml.j2
+++ b/roles/docker-syncope/templates/docker-compose.yml.j2
@ -0,0 +1,40 @@
+services:
+
+{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+
+   application: 
+     depends_on:
+       - db
+     image: apache/syncope:{{ applications[application_id].version }}
+     ports:
+       - "18080:8080"
+     restart: always
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+     environment:
+       SPRING_PROFILES_ACTIVE: docker,postgresql,saml2
+       OPENJPA_REMOTE_COMMIT: sjvm
+       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[rest]}}/
+    # database variablen auslesen
+
+   console: 
+     depends_on:
+       - syncope
+     image: apache/syncope-console:{{ applications[application_id].version }}
+     ports:
+       - "28080:8080"
+     restart: always
+     environment:
+       SPRING_PROFILES_ACTIVE: docker,saml2
+       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[console]}}/
+
+   enduser: 
+     depends_on:
+       - syncope
+     image: apache/syncope-enduser:{{ applications[application_id].version }}
+     ports:
+       - "38080:8080"
+     restart: always
+     environment:
+       SPRING_PROFILES_ACTIVE: docker,saml2
+       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[enduser]}}/
+       
--- a/roles/docker-syncope/templates/env.j2
+++ b/roles/docker-syncope/templates/env.j2
@ -0,0 +1,12 @@
+# Default variables
+
+KEYMASTER_USERNAME={{ syncope_anonymous_user }}
+KEYMASTER_PASSWORD={{ syncope_anonymous_password }}
+ANONYMOUS_USER={{ syncope_anonymous_user }}
+ANONYMOUS_KEY={{ syncope_anonymous_password }}
+KEYMASTER_ADDRESS={{ syncope_keymaster_address }}
+
+# Spring Boot Variables
+# @See https://docs.spring.io/spring-boot/docs/2.0.9.RELEASE/reference/html/boot-features-external-config.html
+SECURITY_ADMINUSER={{ syncope_administrator_user }}
+SECURITY_ADMINPASSWORD={{ syncope_administrator_password }}
--- a/roles/docker-syncope/templates/proxy.conf
+++ b/roles/docker-syncope/templates/proxy.conf
@ -0,0 +1,22 @@
+server
+{
+  server_name {{domain}};
+
+  {% if applications | get_oauth2_enabled(application_id) %}
+    {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
+  {% endif %}
+
+  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+  
+  {% if nginx_docker_reverse_proxy_extra_configuration is defined %}
+    {# Additional Domain Specific Configuration #}
+    {{nginx_docker_reverse_proxy_extra_configuration}}
+  {% endif %}
+
+  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+
+  {% for path in syncope_paths.values() %}
+    {% set location =  web_protocol ~ '://' ~ domains[application_id] ~ '/' ~ path ~ '/' %}
+    {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2'%}
+  {% endfor %}
+}
--- a/roles/docker-syncope/vars/main.yml
+++ b/roles/docker-syncope/vars/main.yml
@ -0,0 +1,17 @@
+# General Configuration
+application_id:                 syncope
+database_type:                  "postgres"
+database_password:              {{ domains[application_id].credentials.database.password }}
+
+# Application Specific
+syncope_keymaster_address:      http://localhost:8080/syncope/rest/keymaster
+syncope_paths:
+  rest:                         rest
+  console:                      console
+  enduser:                      enduser
+
+syncope_anonymous_user:         {{ domains[application_id].users.anonymous.username }}
+syncope_anonymous_password:     {{ domains[application_id].credentials.anonymous.password }}
+
+syncope_administrator_user:     {{ domains[application_id].users.administrator.username }}
+syncope_administrator_password: {{ domains[application_id].credentials.administrator.password }}
--- a/templates/vars/applications.yml.j2
+++ b/templates/vars/applications.yml.j2
@ -797,6 +797,20 @@ defaults_applications:
  'iframe':   	false,
 }) }}{% raw %}

+#  syncope:
+#    version:         "latest"
+#    credentials:
+#     anonymous:
+#       password:     # Set in environment file
+#     database:
+#       password:     # Set in environment file
+#     administrator:
+#       password:       "{{ users.administrator.password }}"
+#     users:
+#       administrator:
+#         username:     "{{ users.administrator.username }}"
+
+
  ## Taiga
  taiga:
    version:                      "latest"
				`@ -0,0 +1 @@`
				`https://syncope.apache.org/docs/getting-started.html#docker-compose-samples`