uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add oauth2_proxy role

Browse Source
This commit is contained in:
uumas
2025-07-13 19:08:10 +03:00
parent 4e4f824958
commit 543a34f60d
4 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/oauth2_proxy/README.md Normal file
View File

@@ -0,0 +1 @@
Sets up a oauth2-proxy container

17
roles/oauth2_proxy/meta/argument_specs.yml Normal file
View File

@@ -0,0 +1,17 @@
---
argument_specs:
main:
description: "Sets up a oauth2-proxy container"
options:
oauth2_proxy_oidc_issuer_url:
description: the OpenID Connect issuer URL
type: str
required: true
oauth2_proxy_client_id:
description: the OAuth client ID
type: str
required: true
oauth2_proxy_client_secret:
description: the OAuth client secret
type: str
required: true

24
roles/oauth2_proxy/tasks/main.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: OAuth2 Proxy
ansible.builtin.import_role:
name: service
vars:
service_name: oauth2-proxy
service_container_image: "quay.io/oauth2-proxy/oauth2-proxy:latest-alpine"
service_container_http_port: 4180
service_container_command:
- --config
- /oauth2-proxy.cfg
- --client-secret-file
- /run/secrets/client_secret
service_container_mounts:
- type: template
source: oauth2-proxy.cfg.j2
destination: /oauth2-proxy.cfg
service_container_secrets:
- name: cookie_secret
length: 32
type: env
target: OAUTH2_PROXY_COOKIE_SECRET
- name: client_secret
value: "{{ oauth2_proxy_client_secret }}"

11
roles/oauth2_proxy/templates/oauth2-proxy.cfg.j2 Normal file
View File

@@ -0,0 +1,11 @@
# OAuth2 Proxy Configuration
http_address = "0.0.0.0:4180"
# OIDC Provider Configuration
provider = "oidc"
oidc_issuer_url = "{{ oauth2_proxy_oidc_issuer_url }}"
client_id = "{{ oauth2_proxy_client_id }}"
code_challenge_method = "S256"
skip_provider_button = "true"
email_domains = "*"