M group_vars/all/vars.yml => group_vars/all/vars.yml +0 -3
@@ 6,9 6,6 @@ ejabberd_xenrox_password: "{{ vault_ejabberd_xenrox_password }}"
email_noreply_mail: "{{ vault_email_noreply_mail }}"
email_noreply_password: "{{ vault_email_noreply_password }}"
faceit_bearer: "{{ vault_faceit_bearer }}"
-keycloak_admin_password: "{{ vault_keycloak_admin_password }}"
-keycloak_admin_username: "{{ vault_keycloak_admin_username }}"
-keycloak_psql_password: "{{ vault_keycloak_psql_password }}"
minio_access_key: "{{ vault_minio_access_key }}"
minio_secret_key: "{{ vault_minio_secret_key }}"
nextcloud_instanceid: "{{ vault_nextcloud_instanceid }}"
D group_vars/all/vault_keycloak.yml => group_vars/all/vault_keycloak.yml +0 -15
@@ 1,15 0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38313064616364626636393963633236306364396163323934333664326661363830633431353766
-3138613238666232303130363564366333313661623834330a663530633037333035653463343861
-61336431636364653966346439313830633732666436356238366433313034343531303566366531
-3934396432333963320a616539666666326164363634306334323262663533646233646635346133
-36623333363766373562383834366133363634393563343438353735643932653663633837333564
-37366364633766616138393661656433643837626230323332356264343935356139366333623230
-65343264383266343032393163643761306238653135353962633663323239396162623262353366
-66646534333834373166613561633166323163323435663263616565623134306430393931643163
-38303231383966663231306461653965636435326163393732663861623134303734353434623864
-36616333613862636264626337343537643739666231356365616337376162363131383734616233
-38646537663763616339626131353536613061643061636130356565633536313566653061353832
-64373333613536643366633362393335646366653435323761636466306364376364386365656364
-37656232383463393761373764303064646132646463323933323735346135356664626236666135
-3166633466313461326535646230656562343439373337636462
M roles/keycloak/tasks/main.yml => roles/keycloak/tasks/main.yml +6 -2
@@ 1,4 1,8 @@
---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ keycloak_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/keycloak') }}"
+
- name: Install
community.general.pacman:
name: keycloak
@@ 7,7 11,7 @@
- name: Create db user
community.general.postgresql_user:
name: keycloak
- password: "{{ keycloak_psql_password }}"
+ password: "{{ keycloak_secrets['psql_password'] }}"
become: true
become_user: postgres
no_log: true
@@ 30,7 34,7 @@
notify: Restart keycloak
- name: Create admin user
- ansible.builtin.command: /opt/keycloak/bin/add-user-keycloak.sh -r master -u {{ keycloak_admin_username }} -p {{ keycloak_admin_password }}
+ ansible.builtin.command: /opt/keycloak/bin/add-user-keycloak.sh -r master -u {{ keycloak_secrets['admin_username'] }} -p {{ keycloak_secrets['admin_password'] }}
no_log: true
when: keycloak_db.changed
M roles/keycloak/templates/standalone.xml.j2 => roles/keycloak/templates/standalone.xml.j2 +1 -1
@@ 134,7 134,7 @@
<driver>postgresql</driver>
<security>
<user-name>keycloak</user-name>
- <password>{{ keycloak_psql_password }}</password>
+ <password>{{ keycloak_secrets['psql_password'] }}</password>
</security>
</datasource>
<drivers>
M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +4 -5
@@ 4,9 4,8 @@ terraform {
}
}
-data "external" "vault_keycloak" {
- program = ["${path.module}/../misc/read-vault.py",
- "group_vars/all/vault_keycloak.yml"]
+data "vault_generic_secret" "keycloak" {
+ path = "ansible/keycloak"
}
data "vault_generic_secret" "nextcloud" {
@@ 28,8 27,8 @@ data "external" "vault_email" {
provider "keycloak" {
client_id = "admin-cli"
- username = data.external.vault_keycloak.result.vault_keycloak_admin_username
- password = data.external.vault_keycloak.result.vault_keycloak_admin_password
+ username = data.vault_generic_secret.keycloak.data["admin_username"]
+ password = data.vault_generic_secret.keycloak.data["admin_password"]
url = "https://keycloak.xenrox.net"
}
M terraform_vault/secrets.tf => terraform_vault/secrets.tf +1 -1
@@ 1,6 1,6 @@
locals {
users = toset(["xenrox", "seeguen", "test"])
- ansible_secrets = toset(["nextcloud", "peertube", "vault"])
+ ansible_secrets = toset(["keycloak", "nextcloud", "peertube", "vault"])
}
resource "vault_generic_secret" "ansible_secrets" {