feat(ess_pro): deploy Element Server Suite Pro via K3s + Helm
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
This commit is contained in:
parent
c11f019aae
commit
01fd12d75c
18 changed files with 1098 additions and 0 deletions
26
roles/ess-pro/examples/openbao-bootstrap.sh
Executable file
26
roles/ess-pro/examples/openbao-bootstrap.sh
Executable file
|
|
@ -0,0 +1,26 @@
|
|||
#!/usr/bin/env bash
|
||||
# Bootstrap the OpenBao secret needed by the ess-pro Ansible role.
|
||||
# Single KV v2 entry at kv/digitalboard/ess-pro with all keys flat
|
||||
# (same layout as digitalboard/bookstack, digitalboard/opnform, etc.).
|
||||
#
|
||||
# Requires: `bao` CLI in PATH, `BAO_ADDR` exported, authenticated.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
MOUNT="${MOUNT:-kv}"
|
||||
PATH_="${PATH_:-digitalboard/ess-pro}"
|
||||
|
||||
read -p "Element registry username (from customer.element.io): " REG_USER
|
||||
read -s -p "Element registry token: " REG_TOKEN; echo
|
||||
read -s -p "Keycloak ess-mas client secret: " OIDC_SECRET; echo
|
||||
read -p "Garage S3 access key: " S3_AK
|
||||
read -s -p "Garage S3 secret key: " S3_SK; echo
|
||||
|
||||
bao kv put "${MOUNT}/${PATH_}" \
|
||||
username="${REG_USER}" \
|
||||
token="${REG_TOKEN}" \
|
||||
client_secret="${OIDC_SECRET}" \
|
||||
s3_access_key="${S3_AK}" \
|
||||
s3_secret_key="${S3_SK}"
|
||||
|
||||
echo "Done. Verify with: bao kv get ${MOUNT}/${PATH_}"
|
||||
Loading…
Add table
Add a link
Reference in a new issue