---
- name: OAuth2 Proxy
  ansible.builtin.import_role:
    name: service
  vars:
    service_name: oauth2-proxy
    service_container_image: "quay.io/oauth2-proxy/oauth2-proxy:latest-alpine"
    service_container_http_port: 4180
    service_container_command:
      - --config
      - /oauth2-proxy.cfg
      - --client-secret-file
      - /run/secrets/client_secret
    service_container_mounts:
      - type: template
        source: oauth2-proxy.cfg.j2
        destination: /oauth2-proxy.cfg
    service_container_secrets:
      - name: cookie_secret
        length: 32
        type: env
        target: OAUTH2_PROXY_COOKIE_SECRET
      - name: client_secret
        value: "{{ oauth2_proxy_client_secret }}"