tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(docker): Add karakeep and keycloak services

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-04-24 20:24:33 +02:00
parent 6934a9f5fc
commit 42196a32dc
11 changed files with 776 additions and 629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/docker_host/handlers/main.yml
View File

@@ -11,5 +11,3 @@
state: present
retries: 3
delay: 5
register: result
until: result.rc == 0

9
roles/docker_host/tasks/directory_setup.yml
View File

@@ -9,9 +9,9 @@
- /media/series
- /media/movies
- /media/songs
- "{{ docker.directories.opt }}"
- "{{ docker.directories.local }}"
- "{{ docker.directories.config }}"
- "{{ docker.directories.compose }}"
- /opt/local
become: true
- name: Set ownership to {{ user }}
@@ -20,8 +20,9 @@
owner: "{{ user }}"
group: "{{ user }}"
loop:
- "{{ docker.directories.opt }}"
- /opt/local
- "{{ docker.directories.local }}"
- "{{ docker.directories.config }}"
- "{{ docker.directories.compose }}"
- /media
become: true

3
roles/docker_host/tasks/main.yml
View File

@@ -11,6 +11,9 @@
- name: Setup directory structure for docker
ansible.builtin.include_tasks: directory_setup.yml
- name: Deploy configs
ansible.builtin.include_tasks: provision.yml
- name: Deploy docker compose
ansible.builtin.include_tasks: deploy_compose.yml

31
roles/docker_host/tasks/provision.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: Set fact if this host should run Keycloak
ansible.builtin.set_fact:
is_keycloak_host: "{{ inventory_hostname in (services | selectattr('name', 'equalto', 'keycloak') | map(attribute='vm') | first) }}"
- name: Run Keycloak tasks
ansible.builtin.file:
path: "{{ docker.directories.local }}/keycloak/"
owner: "{{ user }}"
group: "{{ user }}"
state: directory
mode: "0755"
when: is_keycloak_host | bool
become: true
- name: Run Keycloak tasks
ansible.builtin.template:
src: "templates/keycloak/realm.json.j2"
dest: "{{ docker.directories.local }}/keycloak/{{ keycloak.realm }}-realm.json"
owner: "{{ user }}"
group: "{{ user }}"
mode: "644"
backup: true
when: is_keycloak_host | bool
loop: "{{ keycloak_config.realms }}"
loop_control:
loop_var: keycloak
notify:
- Restart docker
- Restart compose
become: true

26
roles/docker_host/templates/compose.yaml.j2
View File

@@ -56,10 +56,16 @@ services:
- {{ device.external }}:{{ device.internal }}
{% endfor %}
{% endif %}
{% if service.command is defined and service.command is iterable %}
command:
{% for command in service.command %}
- {{ command }}
{% endfor %}
{% endif %}
{% if service.name == 'paperless' %}
{{ service.name }}-broker:
container_name: paperless-broker
container_name: {{ service.name }}-broker
image: docker.io/library/redis:7
restart: unless-stopped
networks:
@@ -68,7 +74,7 @@ services:
- /opt/local/paperless/redis/data:/data
{{ service.name }}-postgres:
container_name: paperless-postgres
container_name: {{ service.name }}-postgres
image: docker.io/library/postgres:15
restart: unless-stopped
networks:
@@ -84,7 +90,10 @@ services:
{{ service.name }}-chrome:
image: gcr.io/zenika-hub/alpine-chrome:123
container_name: {{ service.name }}-chrome
restart: unless-stopped
networks:
- net
command:
- --no-sandbox
- --disable-gpu
@@ -95,14 +104,17 @@ services:
{{ service.name }}-meilisearch:
image: getmeili/meilisearch:v1.11.1
container_name: {{ service.name }}-meilisearch
restart: unless-stopped
networks:
- net
environment:
MEILI_NO_ANALYTICS: "true"
NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
NEXTAUTH_URL=http://localhost:3000
- MEILI_NO_ANALYTICS=true
- NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
- MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
- OPENAI_API_KEY="{{ vault.docker.karakeep.openai_key }}"
volumes:
- meilisearch:/meili_data
- /opt/local/karakeep/meili/data:/meili_data
{% endif %}
{% endif %}

77
roles/docker_host/templates/keycloak/realm.json.j2 Normal file
View File

@@ -0,0 +1,77 @@
{
"realm": "{{ keycloak.realm }}",
"enabled": true,
"displayName": "{{ keycloak.display_name }}",
"displayNameHtml": "<div class=\"kc-logo-text\">{{keycloak.display_name}}</div>",
"bruteForceProtected": true,
"users": [
{%- for user in keycloak.users %}
{
"username": "{{ user.username }}",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "{{ user.password }}",
"temporary": false
}
],
"realmRoles": [
{%- for realm_role in user.realm_roles %}
"{{ realm_role }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
],
"clientRoles": {
"account": [
{%- for account in user.client_roles.account %}
"{{ account }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
]
}
},
{% endfor %}
{
"username": "{{ keycloak.admin.username }}",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "{{ keycloak.admin.password }}",
"temporary": false
}
],
"realmRoles": [
{%- for realm_role in keycloak.admin.realm_roles %}
"{{ realm_role }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
"clientRoles": {
"realm-management": [
{%- for realm_management in keycloak.admin.client_roles.realm_management %}
"{{ realm_management }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
],
"account": [
{%- for account in keycloak.admin.client_roles.account %}
"{{ account }}"{%- if not loop.last %},{%- endif %}
{% endfor %}
]
}
}
],
"roles": {
"realm": [
{%- for role in keycloak.roles.realm %}
{
"name": "{{ role.name }}",
"description": "{{ role.name }}"
}{% if not loop.last %},{% endif %}
{% endfor %}
]
},
"defaultRoles": [
{%- for role in keycloak.roles.default_roles %}
"{{ role }}"{% if not loop.last %},{% endif %}
{% endfor %}
]
}