[fix] role:mas:conf

2024-10-17 21:08:13 +02:00 · 2024-10-17 21:08:13 +02:00 · fe9a2caed2
commit fe9a2caed2
parent 34e01247e4
5 changed files with 93 additions and 115 deletions
--- a/roles/mas/files/conf-compose.py
+++ b/roles/mas/files/conf-compose.py
@ -95,9 +95,13 @@ def main():
 	data = {}
 	### base
 	if True:
+		data_raw = _yaml.safe_load(file_read(_os.path.join(args.source_directory, "base.yaml")))
 		data = dict_merge(
 			data,
-			_yaml.loads(file_read(_os.path.join(args.source_directory, "base.yaml")))
+			{
+				"secrets": data_raw["secrets"],
+				"passwords": data_raw["passwords"],
+			}
 		)
 	### database
 	if True:
@ -105,6 +109,12 @@ def main():
 			data,
 			_json.loads(file_read(_os.path.join(args.source_directory, "database.json")))
 		)
+	### http
+	if True:
+		data = dict_merge(
+			data,
+			_json.loads(file_read(_os.path.join(args.source_directory, "http.json")))
+		)
 	### matrix
 	if True:
 		data = dict_merge(
@ -117,6 +127,12 @@ def main():
 			data,
 			_json.loads(file_read(_os.path.join(args.source_directory, "upstream.json")))
 		)
+	### email
+	if True:
+		data = dict_merge(
+			data,
+			_json.loads(file_read(_os.path.join(args.source_directory, "email.json")))
+		)
 	### clients
 	if True:
 		data = dict_merge(
--- a/roles/mas/tasks/main.json
+++ b/roles/mas/tasks/main.json
@ -69,6 +69,15 @@
 			"dest": "{{var_mas_directory}}/conf.d/database.json"
 		}
 	},
+	{
+		"name": "configuration | http",
+		"become": true,
+		"become_user": "{{var_mas_user}}",
+		"ansible.builtin.template": {
+			"src": "config-http.json.j2",
+			"dest": "{{var_mas_directory}}/conf.d/http.json"
+		}
+	},
 	{
 		"name": "configuration | matrix",
 		"become": true,
--- a/roles/mas/templates/config-base.json.j2
+++ b/roles/mas/templates/config-base.json.j2
@ -1,114 +0,0 @@
-{
-	"database": {
-		"host": "{{var_mas_database_host}}",
-		"port": {{var_mas_database_port | string}},
-		"username": "{{var_mas_database_username}}",
-		"password": "{{var_mas_database_password}}",
-		"database": "{{var_mas_database_schema}}"
-	},
-	"http": {
-		"listeners": [
-			{
-				"name": "web",
-				"resources": [
-					{
-						"name": "discovery"
-					},
-					{
-						"name": "human"
-					},
-					{
-						"name": "oauth"
-					},
-					{
-						"name": "compat"
-					},
-					{
-						"name": "graphql"
-					},
-					{
-						"name": "assets"
-					}
-				],
-				"binds": [
-					{
-						"address": "[{{var_mas_server_address}}]:{{var_mas_server_port | string}}"
-					}
-				],
-				"proxy_protocol": false
-			},
-			{
-				"name": "internal",
-				"resources": [
-					{
-						"name": "health"
-					}
-				],
-				"binds": [
-					{
-						"host": "localhost",
-						"port": 8081
-					}
-				],
-				"proxy_protocol": false
-			}
-		],
-		"trusted_proxies": [
-			"192.168.0.0/16",
-			"172.16.0.0/12",
-			"10.0.0.0/10",
-			"127.0.0.1/8",
-			"fd00::/8",
-			"::1/128"
-		],
-		"public_base": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/",
-		"issuer": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/"
-	},
-	"matrix": {
-		"homeserver": "{{var_mas_matrix_server}}",
-		"secret": "{{var_mas_matrix_secret}}",
-		"endpoint": "{{var_mas_matrix_endpoint}}"
-	},
-	"secrets": {
-		"encryption": "{{var_mas_encryption_key}}",
-		"keys": [
-			{
-				"kid": "x1",
-				"key_file": "{{var_mas_directory}}/secrets/private_key.pem"
-			}
-		]
-	},
-	"passwords": {
-		"enabled": true,
-		"schemas": [
-			{
-				"version": 1,
-				"algorithm": "argon2id"
-			}
-		],
-		"minimum_complexity": 3
-	},
-{% if var_mas_authentication_upstream_kind == 'none' %}
-{% endif %}
-{% if var_mas_authentication_upstream_kind == 'authelia' %}
-	"upstream_oauth2": {
-		"providers": [
-			{
-				"id": "{{var_mas_authentication_upstream_data_authelia_id}}",
-				"issuer": "{{var_mas_authentication_upstream_data_authelia_url_base}}",
-				"authorization_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/authorization",
-				"token_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/token",
-				"token_endpoint_auth_method": "{{var_mas_authentication_upstream_data_authelia_auth_method}}",
-				"scope": "{{var_mas_authentication_upstream_data_authelia_scope}}",
-				"client_id": "{{var_mas_authentication_upstream_data_authelia_client_id}}",
-				"client_secret": "{{var_mas_authentication_upstream_data_authelia_client_secret}}"
-			}
-		]
-	},
-{% endif %}	
-	"email": {
-		"from": "'\"Authentication Service\" <root@localhost>'",
-		"reply_to": "'\"Authentication Service\" <root@localhost>'",
-		"transport": "blackhole"
-	}
-}
--- a/roles/mas/templates/config-email.json.j2
+++ b/roles/mas/templates/config-email.json.j2
@ -0,0 +1,7 @@
+{
+	"email": {
+		"from": "Authentication Service <root@localhost>",
+		"reply_to": "Authentication Service <root@localhost>",
+		"transport": "blackhole"
+	}
+}
--- a/roles/mas/templates/config-http.json.j2
+++ b/roles/mas/templates/config-http.json.j2
@ -0,0 +1,60 @@
+{
+	"http": {
+		"listeners": [
+			{
+				"name": "web",
+				"resources": [
+					{
+						"name": "discovery"
+					},
+					{
+						"name": "human"
+					},
+					{
+						"name": "oauth"
+					},
+					{
+						"name": "compat"
+					},
+					{
+						"name": "graphql"
+					},
+					{
+						"name": "assets"
+					}
+				],
+				"binds": [
+					{
+						"address": "[{{var_mas_server_address}}]:{{var_mas_server_port | string}}"
+					}
+				],
+				"proxy_protocol": false
+			},
+			{
+				"name": "internal",
+				"resources": [
+					{
+						"name": "health"
+					}
+				],
+				"binds": [
+					{
+						"host": "localhost",
+						"port": 8081
+					}
+				],
+				"proxy_protocol": false
+			}
+		],
+		"trusted_proxies": [
+			"192.168.0.0/16",
+			"172.16.0.0/12",
+			"10.0.0.0/10",
+			"127.0.0.1/8",
+			"fd00::/8",
+			"::1/128"
+		],
+		"public_base": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/",
+		"issuer": "http://{{var_mas_server_address}}:{{var_mas_server_port | string}}/"
+	}
+}