mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-21 03:05:02 +02:00
Kevin Veen-Birkenbach
d1cd87c843
- Fixed incorrect handling of RBAC group configuration (moved from OIDC claims into dedicated RBAC variable set).
- Unified RBAC group usage across applications (LAM, pgAdmin, phpLDAPadmin, phpMyAdmin, YOURLS).
- Replaced old 'KEYCLOAK_OIDC_RBAC_SCOPE_NAME' with dedicated 'KEYCLOAK_RBAC_GROUP_*' variables.
- Updated OAuth2 Proxy configuration to use 'RBAC.GROUP.CLAIM'.
- Refactored Keycloak role task structure:
* Renamed and reorganized task files for clarity ('_update.yml', '02_cleanup.yml', etc.).
* Introduced meta and dependency handling separation.
- Cleaned up Keycloak config defaults and recaptcha placeholders.
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
|
|
oauth2_proxy:
|
|
port: "80"
|
|
application: "application"
|
|
allowed_groups:
|
|
- "{{ [RBAC.GROUP.NAME, 'web-app-phpmyadmin-administrator'] | path_join }}"
|
|
features:
|
|
matomo: true
|
|
css: false
|
|
desktop: false # Opens itself in a new window, when it's loaded in an iframe.
|
|
# it's anyhow not so enduser relevant, so it can be kept like this
|
|
central_database: true
|
|
oauth2: true
|
|
logout: true
|
|
server:
|
|
csp:
|
|
flags:
|
|
style-src:
|
|
unsafe-inline: true
|
|
script-src-elem:
|
|
unsafe-inline: true
|
|
domains:
|
|
aliases:
|
|
- "mysql.{{ PRIMARY_DOMAIN }}"
|
|
- "mariadb.{{ PRIMARY_DOMAIN }}"
|
|
canonical:
|
|
- phpmyadmin.{{ PRIMARY_DOMAIN }}
|
|
docker:
|
|
services:
|
|
database:
|
|
enabled: true
|
|
phpmyadmin:
|
|
version: "latest" # Use the latest phpmyadmin version
|
|
name: "phpmyadmin"
|
|
image: phpmyadmin/phpmyadmin
|