feat(keycloak|docker): improved templating

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-04-25 23:36:44 +02:00
parent 42196a32dc
commit a2a58f6343
5 changed files with 157 additions and 131 deletions
--- a/roles/docker_host/templates/compose.yaml.j2
+++ b/roles/docker_host/templates/compose.yaml.j2
@@ -1,10 +1,11 @@
 services:
 {% for service in services %}
 {% if inventory_hostname in service.vm %}
+
  {{ service.name }}:
    container_name: {{ service.container_name }}
    image: {{ service.image }}
-    restart: {{ service.restart }}
+    restart: unless-stopped
 {% if service.network_mode is not defined %}
    hostname: {{ service.name }}
    networks:
@@ -62,34 +63,37 @@ services:
      - {{ command }}
 {% endfor %}
 {% endif %}
-{% if service.name == 'paperless' %}
-
-  {{ service.name }}-broker:
-    container_name: {{ service.name }}-broker
-    image: docker.io/library/redis:7
-    restart: unless-stopped
-    networks:
-      - net
-    volumes:
-      - /opt/local/paperless/redis/data:/data
-
+{% if service.sub_service is defined and service.sub_service is iterable %}
+{% for sub in service.sub_service %}
+{% if sub.name is defined and sub.name == "postgres" %}
  {{ service.name }}-postgres:
    container_name: {{ service.name }}-postgres
-    image: docker.io/library/postgres:15
+    image: docker.io/library/postgres:{{ sub.version }}
    restart: unless-stopped
+    hostname: {{ service.name }}-postgres
    networks:
      - net
    volumes:
-      - /opt/local/paperless/db/data:/var/lib/postgresql/data
+      - /opt/local/{{ service.name }}/postgres/data:/var/lib/postgresql/data
    environment:
-      POSTGRES_DB: paperless
-      POSTGRES_USER: paperless
-      POSTGRES_PASSWORD: {{ vault.docker.paperless.dbpass }}
+      POSTGRES_DB: {{ service.name }}
+      POSTGRES_USER: {{ sub.username }}
+      POSTGRES_PASSWORD: {{ sub.password }}
 {% endif %}
-{% if service.name == 'karakeep' %}
-
+{% if sub.name is defined and sub.name == "redis" %}
+  {{ service.name }}-redis:
+    container_name: {{ service.name }}-redis
+    image: docker.io/library/redis:{{ sub.version }}
+    restart: unless-stopped
+    hostname: {{ service.name }}-redis
+    networks:
+      - net
+    volumes:
+      - /opt/local/{{ service.name }}/redis/data:/data
+{% endif %}
+{% if sub.name is defined and sub.name == "chrome" %}
  {{ service.name }}-chrome:
-    image: gcr.io/zenika-hub/alpine-chrome:123
+    image: gcr.io/zenika-hub/alpine-chrome:{{ sub.version }}
    container_name: {{ service.name }}-chrome
    restart: unless-stopped
    networks:
@@ -101,22 +105,25 @@ services:
      - --remote-debugging-address=0.0.0.0
      - --remote-debugging-port=9222
      - --hide-scrollbars
-
+{% endif %}
+{% if sub.name is defined and sub.name == "meilisearch" %}
  {{ service.name }}-meilisearch:
-    image: getmeili/meilisearch:v1.11.1
    container_name: {{ service.name }}-meilisearch
+    image: getmeili/meilisearch:{{ sub.version }}
    restart: unless-stopped
+    hostname: {{ service.name }}-meilisearch
    networks:
      - net
+    volumes:
+      - /opt/local/{{ service.name }}/mailisearch/data:/meili_data
    environment:
      - MEILI_NO_ANALYTICS=true
-      - NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
-      - MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
-      - OPENAI_API_KEY="{{ vault.docker.karakeep.openai_key }}"
-    volumes:
-      - /opt/local/karakeep/meili/data:/meili_data
+      - NEXTAUTH_SECRET={{ sub.nextauth_secret }}
+      - MEILI_MASTER_KEY={{ sub.meili_master_key }}
+      - OPENAI_API_KEY="{{ sub.openai_key }}"
+{% endif %}
+{% endfor %}
 {% endif %}
-
 {% endif %}
 {% endfor %}
 networks:
@@ -126,6 +133,3 @@ networks:
      driver: default
      config:
        - subnet: 172.16.69.0/24
-
-volumes:
-  prometheus_data: {}
--- a/roles/docker_host/templates/keycloak/realm.json.j2
+++ b/roles/docker_host/templates/keycloak/realm.json.j2
@@ -5,7 +5,8 @@
  "displayNameHtml": "<div class=\"kc-logo-text\">{{keycloak.display_name}}</div>",
  "bruteForceProtected": true,
  "users": [
-  {%- for user in keycloak.users %}
+{% if keycloak.users is defined and keycloak.users is iterable %}
+{% for user in keycloak.users %}
    {
      "username": "{{ user.username }}",
      "enabled": true,
@@ -17,19 +18,20 @@
        }
      ],
      "realmRoles": [
-    {%- for realm_role in user.realm_roles %}
-        "{{ realm_role }}"{%- if not loop.last %},{%- endif %}
-    {% endfor %}
+{% for realm_role in user.realm_roles %}
+        "{{ realm_role }}"{%- if not loop.last %},{% endif %}{{''}}
+{% endfor %}
      ],
      "clientRoles": {
        "account": [
-    {%- for account in user.client_roles.account %}
-        "{{ account }}"{%- if not loop.last %},{%- endif %}
-    {% endfor %}
+{% for account in user.client_roles.account %}
+          "{{ account }}"{%- if not loop.last %},{% endif %}{{''}}
+{% endfor %}
        ]
      }
-    },
-  {% endfor %}
+    },{% if not loop.last %}{% endif %}
+{% endfor %}
+{% endif %}
    {
      "username": "{{ keycloak.admin.username }}",
      "enabled": true,
@@ -41,37 +43,37 @@
        }
      ],
      "realmRoles": [
-    {%- for realm_role in keycloak.admin.realm_roles %}
-        "{{ realm_role }}"{% if not loop.last %},{% endif %}
-    {% endfor %}
+{% for realm_role in keycloak.admin.realm_roles %}
+        "{{ realm_role }}"{% if not loop.last %},{% endif %}{{''}}
+{% endfor %}
      ],
      "clientRoles": {
        "realm-management": [
-    {%- for realm_management in keycloak.admin.client_roles.realm_management %}
-        "{{ realm_management }}"{%- if not loop.last %},{%- endif %}
-    {% endfor %}
+{% for realm_management in keycloak.admin.client_roles.realm_management %}
+          "{{ realm_management }}"{%- if not loop.last %},{% endif %}{{''}}
+{% endfor %}
        ],
        "account": [
-    {%- for account in keycloak.admin.client_roles.account %}
-        "{{ account }}"{%- if not loop.last %},{%- endif %}
-    {% endfor %}
+{% for account in keycloak.admin.client_roles.account %}
+          "{{ account }}"{%- if not loop.last %},{% endif %}{{''}}
+{% endfor %}
        ]
      }
    }
  ],
  "roles": {
    "realm": [
-    {%- for role in keycloak.roles.realm %}
+{% for role in keycloak.roles.realm %}
      {
        "name": "{{ role.name }}",
        "description": "{{ role.name }}"
      }{% if not loop.last %},{% endif %}
-    {% endfor %}
+{% endfor %}
    ]
  },
  "defaultRoles": [
-    {%- for role in keycloak.roles.default_roles %}
-        "{{ role }}"{% if not loop.last %},{% endif %}
-    {% endfor %}
+{% for role in keycloak.roles.default_roles %}
+      "{{ role }}"{% if not loop.last %},{% endif %}{{''}}
+{% endfor %}
  ]
 }