diff --git a/roles/mas/files/conf-compose.py b/roles/mas/files/conf-compose.py index 354e882..fc8fc60 100644 --- a/roles/mas/files/conf-compose.py +++ b/roles/mas/files/conf-compose.py @@ -95,9 +95,13 @@ def main(): data = {} ### base if True: + data_raw = _yaml.safe_load(file_read(_os.path.join(args.source_directory, "base.yaml"))) data = dict_merge( data, - _yaml.loads(file_read(_os.path.join(args.source_directory, "base.yaml"))) + { + "secrets": data_raw["secrets"], + "passwords": data_raw["passwords"], + } ) ### database if True: @@ -105,6 +109,12 @@ def main(): data, _json.loads(file_read(_os.path.join(args.source_directory, "database.json"))) ) + ### http + if True: + data = dict_merge( + data, + _json.loads(file_read(_os.path.join(args.source_directory, "http.json"))) + ) ### matrix if True: data = dict_merge( @@ -117,6 +127,12 @@ def main(): data, _json.loads(file_read(_os.path.join(args.source_directory, "upstream.json"))) ) + ### email + if True: + data = dict_merge( + data, + _json.loads(file_read(_os.path.join(args.source_directory, "email.json"))) + ) ### clients if True: data = dict_merge( diff --git a/roles/mas/tasks/main.json b/roles/mas/tasks/main.json index 0cac0ab..019ebe2 100644 --- a/roles/mas/tasks/main.json +++ b/roles/mas/tasks/main.json @@ -69,6 +69,15 @@ "dest": "{{var_mas_directory}}/conf.d/database.json" } }, + { + "name": "configuration | http", + "become": true, + "become_user": "{{var_mas_user}}", + "ansible.builtin.template": { + "src": "config-http.json.j2", + "dest": "{{var_mas_directory}}/conf.d/http.json" + } + }, { "name": "configuration | matrix", "become": true, diff --git a/roles/mas/templates/config-base.json.j2 b/roles/mas/templates/config-base.json.j2 deleted file mode 100644 index f70405b..0000000 --- a/roles/mas/templates/config-base.json.j2 +++ /dev/null @@ -1,114 +0,0 @@ -{ - "database": { - "host": "{{var_mas_database_host}}", - "port": {{var_mas_database_port | string}}, - "username": "{{var_mas_database_username}}", - "password": "{{var_mas_database_password}}", - "database": "{{var_mas_database_schema}}" - }, - "http": { - "listeners": [ - { - "name": "web", - "resources": [ - { - "name": "discovery" - }, - { - "name": "human" - }, - { - "name": "oauth" - }, - { - "name": "compat" - }, - { - "name": "graphql" - }, - { - "name": "assets" - } - ], - "binds": [ - { - "address": "[{{var_mas_server_address}}]:{{var_mas_server_port | string}}" - } - ], - "proxy_protocol": false - }, - { - "name": "internal", - "resources": [ - { - "name": "health" - } - ], - "binds": [ - { - "host": "localhost", - "port": 8081 - } - ], - "proxy_protocol": false - } - ], - "trusted_proxies": [ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/10", - "127.0.0.1/8", - "fd00::/8", - "::1/128" - ], - "public_base": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/", - "issuer": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/" - }, - "matrix": { - "homeserver": "{{var_mas_matrix_server}}", - "secret": "{{var_mas_matrix_secret}}", - "endpoint": "{{var_mas_matrix_endpoint}}" - }, - "secrets": { - "encryption": "{{var_mas_encryption_key}}", - "keys": [ - { - "kid": "x1", - "key_file": "{{var_mas_directory}}/secrets/private_key.pem" - } - ] - }, - "passwords": { - "enabled": true, - "schemas": [ - { - "version": 1, - "algorithm": "argon2id" - } - ], - "minimum_complexity": 3 - }, -{% if var_mas_authentication_upstream_kind == 'none' %} -{% endif %} -{% if var_mas_authentication_upstream_kind == 'authelia' %} - "upstream_oauth2": { - "providers": [ - { - "id": "{{var_mas_authentication_upstream_data_authelia_id}}", - "issuer": "{{var_mas_authentication_upstream_data_authelia_url_base}}", - "authorization_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/authorization", - "token_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/token", - "token_endpoint_auth_method": "{{var_mas_authentication_upstream_data_authelia_auth_method}}", - "scope": "{{var_mas_authentication_upstream_data_authelia_scope}}", - "client_id": "{{var_mas_authentication_upstream_data_authelia_client_id}}", - "client_secret": "{{var_mas_authentication_upstream_data_authelia_client_secret}}" - } - ] - }, -{% endif %} - "email": { - "from": "'\"Authentication Service\" '", - "reply_to": "'\"Authentication Service\" '", - "transport": "blackhole" - } -} diff --git a/roles/mas/templates/config-email.json.j2 b/roles/mas/templates/config-email.json.j2 new file mode 100644 index 0000000..39608c6 --- /dev/null +++ b/roles/mas/templates/config-email.json.j2 @@ -0,0 +1,7 @@ +{ + "email": { + "from": "Authentication Service ", + "reply_to": "Authentication Service ", + "transport": "blackhole" + } +} diff --git a/roles/mas/templates/config-http.json.j2 b/roles/mas/templates/config-http.json.j2 new file mode 100644 index 0000000..a05d45e --- /dev/null +++ b/roles/mas/templates/config-http.json.j2 @@ -0,0 +1,60 @@ +{ + "http": { + "listeners": [ + { + "name": "web", + "resources": [ + { + "name": "discovery" + }, + { + "name": "human" + }, + { + "name": "oauth" + }, + { + "name": "compat" + }, + { + "name": "graphql" + }, + { + "name": "assets" + } + ], + "binds": [ + { + "address": "[{{var_mas_server_address}}]:{{var_mas_server_port | string}}" + } + ], + "proxy_protocol": false + }, + { + "name": "internal", + "resources": [ + { + "name": "health" + } + ], + "binds": [ + { + "host": "localhost", + "port": 8081 + } + ], + "proxy_protocol": false + } + ], + "trusted_proxies": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/10", + "127.0.0.1/8", + "fd00::/8", + "::1/128" + ], + "public_base": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/", + "issuer": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/" + } +}