diff --git a/group_vars/all/03_domains.yml b/group_vars/all/03_domains.yml index cfdbcd38..734a05aa 100644 --- a/group_vars/all/03_domains.yml +++ b/group_vars/all/03_domains.yml @@ -45,6 +45,7 @@ defaults_domains: roulette-wheel: "roulette.{{primary_domain}}" snipe_it: "inventory.{{primary_domain}}" sphinx: "docs.{{primary_domain}}" + syncope: "syncope.{{primary_domain}}" taiga: "kanban.{{primary_domain}}" yourls: "s.{{primary_domain}}" # ATTENTION: Will be owerwritten by the values in domains. Not merged. diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml index 4f1df7bb..4c6b3376 100644 --- a/group_vars/all/09_ports.yml +++ b/group_vars/all/09_ports.yml @@ -56,6 +56,7 @@ ports: fusiondirectory: 8038 presentation: 8039 espocrm: 8040 + syncope: 8041 bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port # Ports which are exposed to the World Wide Web public: diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml index 4c9aa677..9ae1e84b 100644 --- a/group_vars/all/10_networks.yml +++ b/group_vars/all/10_networks.yml @@ -82,6 +82,8 @@ defaults_networks: subnet: 192.168.103.48/28 espocrm: subnet: 192.168.103.64/28 + syncope: + subnet: 192.168.103.80/28 # /24 Networks / 254 Usable Clients bigbluebutton: diff --git a/roles/docker-syncope/README.md b/roles/docker-syncope/README.md new file mode 100644 index 00000000..e31b9a80 --- /dev/null +++ b/roles/docker-syncope/README.md @@ -0,0 +1 @@ +https://syncope.apache.org/docs/getting-started.html#docker-compose-samples \ No newline at end of file diff --git a/roles/docker-syncope/tasks/main.yml b/roles/docker-syncope/tasks/main.yml new file mode 100644 index 00000000..b5f5dfe3 --- /dev/null +++ b/roles/docker-syncope/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: "include docker-central-database" + include_role: + name: docker-central-database + +- name: "include role for {{application_id}} to recieve certs & do modification routines" + include_role: + name: nginx-https-get-cert-modify-all + +- name: configure {{domain}}.conf + template: + src: "templates/proxy.conf.j2" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" + notify: restart nginx + +- name: configure {{domain}}.conf + template: + src: "templates/proxy.conf.j2" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" + notify: restart nginx + +- name: "create {{docker_compose.files.env}}" + template: + src: "database.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes + notify: docker compose project setup + +- name: "copy docker-compose.yml and env file" + include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-syncope/templates/database.env.j2 b/roles/docker-syncope/templates/database.env.j2 new file mode 100644 index 00000000..60beb604 --- /dev/null +++ b/roles/docker-syncope/templates/database.env.j2 @@ -0,0 +1,5 @@ +DB_URL={{ database_url_jdbc }}?stringtype=unspecified +DB_USER=DB_URL={{ database_username }} +DB_PASSWORD={{ database_password }} +DB_POOL_MAX=20 +DB_POOL_MIN=5 \ No newline at end of file diff --git a/roles/docker-syncope/templates/docker-compose.yml.j2 b/roles/docker-syncope/templates/docker-compose.yml.j2 new file mode 100644 index 00000000..e95d8e3f --- /dev/null +++ b/roles/docker-syncope/templates/docker-compose.yml.j2 @@ -0,0 +1,40 @@ +services: + +{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} + + application: + depends_on: + - db + image: apache/syncope:{{ applications[application_id].version }} + ports: + - "18080:8080" + restart: always +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} + environment: + SPRING_PROFILES_ACTIVE: docker,postgresql,saml2 + OPENJPA_REMOTE_COMMIT: sjvm + SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[rest]}}/ + # database variablen auslesen + + console: + depends_on: + - syncope + image: apache/syncope-console:{{ applications[application_id].version }} + ports: + - "28080:8080" + restart: always + environment: + SPRING_PROFILES_ACTIVE: docker,saml2 + SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[console]}}/ + + enduser: + depends_on: + - syncope + image: apache/syncope-enduser:{{ applications[application_id].version }} + ports: + - "38080:8080" + restart: always + environment: + SPRING_PROFILES_ACTIVE: docker,saml2 + SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains[application_id] }}/{{syncope_paths[enduser]}}/ + \ No newline at end of file diff --git a/roles/docker-syncope/templates/env.j2 b/roles/docker-syncope/templates/env.j2 new file mode 100644 index 00000000..3968a2f6 --- /dev/null +++ b/roles/docker-syncope/templates/env.j2 @@ -0,0 +1,12 @@ +# Default variables + +KEYMASTER_USERNAME={{ syncope_anonymous_user }} +KEYMASTER_PASSWORD={{ syncope_anonymous_password }} +ANONYMOUS_USER={{ syncope_anonymous_user }} +ANONYMOUS_KEY={{ syncope_anonymous_password }} +KEYMASTER_ADDRESS={{ syncope_keymaster_address }} + +# Spring Boot Variables +# @See https://docs.spring.io/spring-boot/docs/2.0.9.RELEASE/reference/html/boot-features-external-config.html +SECURITY_ADMINUSER={{ syncope_administrator_user }} +SECURITY_ADMINPASSWORD={{ syncope_administrator_password }} \ No newline at end of file diff --git a/roles/docker-syncope/templates/proxy.conf b/roles/docker-syncope/templates/proxy.conf new file mode 100644 index 00000000..106ed3b9 --- /dev/null +++ b/roles/docker-syncope/templates/proxy.conf @@ -0,0 +1,22 @@ +server +{ + server_name {{domain}}; + + {% if applications | get_oauth2_enabled(application_id) %} + {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%} + {% endif %} + + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} + + {% if nginx_docker_reverse_proxy_extra_configuration is defined %} + {# Additional Domain Specific Configuration #} + {{nginx_docker_reverse_proxy_extra_configuration}} + {% endif %} + + {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + + {% for path in syncope_paths.values() %} + {% set location = web_protocol ~ '://' ~ domains[application_id] ~ '/' ~ path ~ '/' %} + {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2'%} + {% endfor %} +} \ No newline at end of file diff --git a/roles/docker-syncope/vars/main.yml b/roles/docker-syncope/vars/main.yml new file mode 100644 index 00000000..17587503 --- /dev/null +++ b/roles/docker-syncope/vars/main.yml @@ -0,0 +1,17 @@ +# General Configuration +application_id: syncope +database_type: "postgres" +database_password: {{ domains[application_id].credentials.database.password }} + +# Application Specific +syncope_keymaster_address: http://localhost:8080/syncope/rest/keymaster +syncope_paths: + rest: rest + console: console + enduser: enduser + +syncope_anonymous_user: {{ domains[application_id].users.anonymous.username }} +syncope_anonymous_password: {{ domains[application_id].credentials.anonymous.password }} + +syncope_administrator_user: {{ domains[application_id].users.administrator.username }} +syncope_administrator_password: {{ domains[application_id].credentials.administrator.password }} \ No newline at end of file diff --git a/templates/vars/applications.yml.j2 b/templates/vars/applications.yml.j2 index 94b503a3..eb3d909a 100644 --- a/templates/vars/applications.yml.j2 +++ b/templates/vars/applications.yml.j2 @@ -797,6 +797,20 @@ defaults_applications: 'iframe': false, }) }}{% raw %} +# syncope: +# version: "latest" +# credentials: +# anonymous: +# password: # Set in environment file +# database: +# password: # Set in environment file +# administrator: +# password: "{{ users.administrator.password }}" +# users: +# administrator: +# username: "{{ users.administrator.username }}" + + ## Taiga taiga: version: "latest"