Initial commit

3ce7150b · jurgenhaas · 61cc6be1 · 3ce7150b · 3ce7150b · 3ce7150b
Commit 3ce7150b authored 5 years ago by jurgenhaas
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+# file: roles/keycloak/handlers/main.yml
+
+- name: Re-create the keycloak containers
+  docker_service:
+    project_src: /mnt/{{ item.id }}
+    recreate: always
+  with_items: '{{ keycloak_settings }}'
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+
+dependencies:
+  - role: docker
--- a/tasks/keycloak.yml
+++ b/tasks/keycloak.yml
+---
+# file: roles/keycloak/tasks/keycloak.yml
+
+- name: Pull docker image
+  docker_image:
+    name: '{{ item }}'
+    source: pull
+    force_source: yes
+  with_items:
+    - jboss/keycloak
+    - postgres
+  notify:
+    - Re-create the keycloak containers
+
+- name: Create directories
+  file:
+    path: /mnt/{{ item.id }}
+    state: directory
+    mode: 0775
+  with_items: '{{ keycloak_settings }}'
+
+- name: Copy docker compose files
+  template:
+    src: docker-compose.yml
+    dest: /mnt/{{ item.id }}/docker-compose.yml
+  with_items: '{{ keycloak_settings }}'
+  notify:
+    - Re-create the keycloak containers
+
+- name: Create apache config
+  template:
+    src: vhost.conf
+    dest: /etc/apache2/sites-available/{{ item.id }}.conf
+  with_items: '{{ keycloak_settings }}'
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+# file: roles/keycloak/tasks/main.yml
+
+- name: Keycloak Role
+  set_fact:
+    role_keycloak_started: yes
+  tags:
+    - always
+
+- block:
+
+    - name: Import keycloak
+      import_tasks: keycloak.yml
+
+    - name: Remember that this role had been run
+      set_fact:
+        role_keycloak_completed: yes
+      tags:
+        - always
+
+  when: (not excluded_roles or "keycloak" not in excluded_roles) and role_keycloak_completed is not defined
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
+version: '3'
+
+volumes:
+  postgres_data:
+    driver: local
+
+services:
+  postgres:
+    image: postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    restart: always
+  keycloak:
+    image: jboss/keycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: postgres
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_SCHEMA: public
+      DB_PASSWORD: password
+      KEYCLOAK_USER: '{{ item.admin.username }}'
+      KEYCLOAK_PASSWORD: '{{ item.admin.password }}'
+    restart: always
+    ports:
+      - '{{ item.port }}:8080'
+    depends_on:
+      - postgres
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
+<VirtualHost *:80>
+  Include /etc/apache2/conf-available/global-redirect.conf
+  ServerName {{ item.domain }}
+  Include /etc/apache2/conf-available/redirect-ssl.conf
+  Include /etc/apache2/conf-available/letsencrypt-redirect.conf
+</VirtualHost>
+
+<VirtualHost *:443>
+  Include /etc/apache2/conf-available/global-redirect.conf
+
+  ServerName {{ item.domain }}
+
+  SSLEngine on
+  SSLCertificateFile /etc/letsencrypt/live/{{ item.domain }}/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/{{ item.domain }}/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/{{ item.domain }}/chain.pem
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256$
+  SSLProtocol All -SSLv2 -SSLv3
+  SSLCompression off
+  SSLHonorCipherOrder on
+
+  SetEnvIf Host "^(.*)$" THE_HOST=$1
+  RequestHeader setifempty X-Forwarded-Proto https
+  RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
+  ProxyAddHeaders Off
+
+  ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.1:{{ item.port }}/$1$2"
+  ProxyPass / "http://127.0.0.1:{{ item.port }}/"
+  ProxyPassReverse / "http://127.0.0.1:{{ item.port }}/"
+</VirtualHost>