forked from calvinbui/ansible-monorepo
/
dex.yml
115 lines (99 loc) · 3.36 KB
/
dex.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
- hosts: homelab
vars:
application: dex
docker_network: "{{ networks.pub }}"
handlers:
- name: Restart
community.docker.docker_container:
name: "{{ application }}"
restart: true
comparisons:
'*': ignore
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ config_directory }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
- name: Create postgres container
ansible.builtin.import_role:
name: postgres
vars:
postgres_version: 15
postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
33646632396130386533616463613266303030636635303861326135666536636462333264613564
6563373133626137333633666464666461646265393939310a653262353231396636386231313035
64633838646137363932393238316462306437393338383866653134336130393064343535633338
3135653532356636620a396162313731396138336631346563363432663864383832333532336364
63343065363032623763306631396261373037623134313635333763663165616162663932323136
3736666633383065306630326664646563663731393930623434
- name: Create config file
ansible.builtin.copy:
dest: "{{ config_directory }}/config.yaml"
mode: "755"
content: |
---
issuer: https://{{ application }}.{{ common_tld }}
storage:
type: postgres
config:
host: {{ _postgres_hostname }}
port: {{ _postgres_port }}
database: {{ _postgres_database }}
user: {{ _postgres_username }}
password: {{ _postgres_password }}
ssl:
mode: disable
web:
http: 0.0.0.0:5556
connectors:
- type: ldap
name: OpenLDAP
id: ldap
config:
host: {{ ldap_host }}:389
insecureNoSSL: true
bindDN: {{ ldap_admin_dn }}
bindPW: {{ ldap_admin_password }}
userSearch:
baseDN: ou={{ ldap_user_ou }},{{ ldap_base_dn }}
filter: "(objectClass=person)"
username: {{ ldap_account_attribute }}
idAttr: DN
emailAttr: mail
nameAttr: cn
groupSearch:
baseDN: ou={{ ldap_group_ou }},{{ ldap_base_dn }}
filter: "(objectClass=groupOfUniqueNames)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn
staticClients:
- id: outline
name: Outline
secret: {{ ldap_oidc_secrets.outline }}
redirectURIs:
- https://outline.{{ common_tld }}/auth/oidc.callback
notify: Restart
- name: Create container
ansible.builtin.include_role:
name: docker_container
vars:
image: ghcr.io/dexidp/dex:v2.37.0
command:
- dex
- serve
- --web-http-addr
- 0.0.0.0:5556
- /etc/dex/config.yaml
volumes:
- "{{ config_directory }}/config.yaml:/etc/dex/config.yaml"
traefik:
- port: 5556
blackbox:
path: /healthz