Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

chore: add basic keycloak service

Browse source
This commit is contained in:
Bert-Jan Fikse 2025-11-07 14:16:31 +01:00
parent 137075ee6f
commit 24b4f291a3
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
9 changed files with 246 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
roles/keycloak/README.md Normal file
View file

@ -0,0 +1,65 @@
Keycloak
=========
Ansible role to deploy Keycloak with PostgreSQL database using Docker Compose.
Requirements
------------
- Docker and Docker Compose installed on the target host
- Ansible collection: `community.docker`
- Traefik reverse proxy (for external access)
Role Variables
--------------
Key variables defined in `defaults/main.yml`:
**Base Configuration:**
- `docker_compose_base_dir`: Base directory for Docker Compose files (default: `/etc/docker/compose`)
- `docker_volume_base_dir`: Base directory for Docker volumes (default: `/srv/data`)
**Keycloak Configuration:**
- `keycloak_service_name`: Service name (default: `keycloak`)
- `keycloak_domain`: Domain name for Keycloak (default: `auth.digitalboard.ch`)
- `keycloak_image`: Keycloak Docker image (default: `quay.io/keycloak/keycloak:24.0.1`)
- `keycloak_port`: Internal Keycloak port (default: `8080`)
- `keycloak_admin_user`: Admin username (default: `admin`)
- `keycloak_admin_password`: Admin password (default: `changeme`)
- `keycloak_log_level`: Log level (default: `INFO`)
- `keycloak_proxy_mode`: Proxy mode (default: `edge`)
**PostgreSQL Configuration:**
- `keycloak_postgres_image`: PostgreSQL Docker image (default: `postgres:15`)
- `keycloak_postgres_db`: Database name (default: `keycloak`)
- `keycloak_postgres_user`: Database user (default: `keycloak`)
- `keycloak_postgres_password`: Database password (default: `changeme`)
**Traefik Configuration:**
- `keycloak_traefik_network`: Traefik network name (default: `proxy`)
- `keycloak_backend_network`: Backend network name (default: `backend`)
- `keycloak_use_ssl`: Enable SSL (default: `true`)
- `keycloak_cert_resolver`: Certificate resolver name (default: `dns`)
Dependencies
------------
This role requires the Traefik reverse proxy to be configured and the `proxy` network to be created.
Example Playbook
----------------
```yaml
- hosts: backend_servers
roles:
- role: keycloak
vars:
keycloak_domain: "auth.example.com"
keycloak_admin_password: "secure_password"
keycloak_postgres_password: "secure_db_password"
```
License
-------
MIT-0