feat: oauth2 role

3a3d5074 · Lukas Koenen · 3a3d5074 · 3a3d5074 · 3a3d5074 · 3a3d5074
Commit 3a3d5074 authored 2 years ago by Lukas Koenen
--- a/.gitignore
+++ b/.gitignore
+### Ansible template
+*.retry
+
+### JetBrains
+.idea
+
+### Python venv
+.venv
--- a/README.md
+++ b/README.md
+ansible-oauth2
+=========
+
+Ansible role to deploy oauth2-proxy container as a system service
+
+
+Role Variables
+--------------
+
+```yaml
+oauth2_version: "v7.2.1"
+oauth2_listen_address: ":443"
+oauth2_container_name: "oauth2-proxy"
+oauth2_cert_directory: "/etc/oauth2-proxy"
+oauth2_upstream: "http://127.0.0.1:8080"
+oauth2_cookie_secret: "cookie_secret"
+oauth2_client_secret: "client_secret"
+oauth2_client_id: "client_id"
+oauth2_client_provider: "gitlab"
+oauth2_redirect_url: "https://example.de/oauth2/callback"
+oauth2_oidc_issuer_url: "https://gitlab.com"
+oauth2_email_domain: "*"
+
+# See for full list of options https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options
+oauth2_command_line_options: "--provider-display-name='provider'"
+```
+
+Example Playbook
+----------------
+```yaml
+- hosts: all
+  roles:
+    - hdacloud.oauth2
+```
--- a/defauts/main.yaml
+++ b/defauts/main.yaml
+---
+oauth2_version: "v7.2.1"
+oauth2_listen_address: ":443"
+oauth2_container_name: "oauth2-proxy"
+oauth2_cert_directory: "/etc/oauth2-proxy"
+oauth2_upstream: "http://127.0.0.1 :8080"
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
+handlers:
+  - name: Restart Oauth2-Proxy
+    ansible.builtin.service:
+      name: oauth2-proxy.service
+      state: restarted
+    become: true
--- a/meta/main.yml
+++ b/meta/main.yml
+galaxy_info:
+  author: hdacloud
+  description: Ansible role to deploy oauth2-proxy container as a system service
+
+dependencies: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+- name: Ensure Docker Is Installed
+  block:
+    - name: Fetch Package Facts
+      ansible.builtin.package_facts:
+        manager: auto
+
+    - name: Check Docker Package Exists
+      ansible.builtin.fail:
+        msg: Missing Docker Installation
+      when: "'docker' not in ansible_facts.packages"
+
+- name: Render Systemd-Unit File
+  ansible.builtin.template:
+    src: oauth2-proxy.service.j2
+    dest: /lib/systemd/system/oauth2-proxy.service
+    mode: "0644"
+  notify: Restart Oauth2-Proxy
+  become: true
+
+- name: Enable Systemd Service
+  ansible.builtin.systemd:
+    name: cve-scanner.service
+    state: started
+    enabled: true
+    daemon_reload: true
+  become: true
--- a/templates/oauth2-proxy.service.j2
+++ b/templates/oauth2-proxy.service.j2
+[Unit]
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=docker run \
+          -d \
+          --name {{ oauth2_container_name }} \
+          --entrypoint "" \
+          --network host \
+          --volume {{ oauth2_cert_directory }}:/etc/tls/private \
+          quay.io/oauth2-proxy/oauth2-proxy:{{ oauth2_version }}\
+          oauth2-proxy \
+          --https-address={{ oauth2_listen_address }} \
+          --tls-cert-file=/etc/tls/private/fullchain.pem \
+          --tls-key-file=/etc/tls/private/privkey.pem \
+          --upstream={{ oauth2_upstream }} \
+          --cookie-secret={{ oauth2_cookie_secret }} \
+          --client-secret={{ oauth2_client_secret }} \
+          --client-id={{ oauth2_client_id }} \
+          --provider={{ oauth2_client_provider }} \
+          --redirect-url={{ oauth2_redirect_url }} \
+          --oidc-issuer-url={{ oauth2_oidc_issuer_url }} \
+          --email-domain={{ oauth2_email_domain }} \
+          {{ oauth2_command_line_options }}
+ExecStop=docker container rm \
+         --force {{ oauth2_container_name }}
+
+[Install]
+WantedBy=multi-user.target