mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-09-24 11:06:24 +02:00
Kevin Veen-Birkenbach
5daf3387bf
- Added OIDC and LDAP feature flags in config - Introduced API/Console URL vars for proxy alignment - Implemented automatic MinIO policy creation for OIDC admin group - Replaced static env.J2 with dynamic env.j2 (OIDC-aware) - Added policy.json.j2 template with full admin rights - Cleaned up tasks to use stdin instead of file for mc policy apply Ref: https://chatgpt.com/share/68d1d3ef-ca84-800f-abe2-11ab70e20c4e
19 lines
701 B
Django/Jinja
19 lines
701 B
Django/Jinja
# MINIO
|
|
MINIO_ROOT_USER={{ users.administrator.username }}
|
|
MINIO_ROOT_PASSWORD={{ users.administrator.password }}
|
|
|
|
{% if MINIO_OIDC_ENABLED | bool %}
|
|
# OIDC basics
|
|
MINIO_IDENTITY_OPENID_CONFIG_URL={{ OIDC.CLIENT.DISCOVERY_DOCUMENT }}
|
|
MINIO_IDENTITY_OPENID_CLIENT_ID={{ OIDC.CLIENT.ID }}
|
|
MINIO_IDENTITY_OPENID_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
|
|
MINIO_IDENTITY_OPENID_SCOPES=openid,profile,email,groups
|
|
MINIO_IDENTITY_OPENID_DISPLAY_NAME={{ OIDC.BUTTON_TEXT }}
|
|
|
|
# We read policies from the custom 'policy' claim
|
|
MINIO_IDENTITY_OPENID_CLAIM_NAME={{ RBAC.GROUP.CLAIM }}
|
|
|
|
# Good practice behind proxies
|
|
MINIO_SERVER_URL={{ MINIO_API_URL }}
|
|
MINIO_BROWSER_REDIRECT_URL={{ MINIO_CONSOLE_URL }}
|
|
{% endif %} |