diff --git a/roles/zeitbild_backend/defaults/main.json b/roles/zeitbild_backend/defaults/main.json index a20dc0b..81f59ee 100644 --- a/roles/zeitbild_backend/defaults/main.json +++ b/roles/zeitbild_backend/defaults/main.json @@ -11,5 +11,11 @@ "var_zeitbild_backend_database_data_postgresql_port": 5432, "var_zeitbild_backend_database_data_postgresql_username": "zeitbild_user", "var_zeitbild_backend_database_data_postgresql_password": "REPLACE_ME", - "var_zeitbild_backend_database_data_postgresql_schema": "zeitbild" + "var_zeitbild_backend_database_data_postgresql_schema": "zeitbild", + "var_zeitbild_backend_authentication_kind": "internal", + "var_zeitbild_backend_authentication_data_authelia_url_base": "https://authelia.example.org", + "var_zeitbild_backend_authentication_data_authelia_client_id": "zeitbild", + "var_zeitbild_backend_authentication_data_authelia_client_secret": "REPLACE_ME", + "var_zeitbild_backend_authentication_data_authelia_label": "Authelia", + "var_zeitbild_backend_authentication_data_authelia_backend_url_base": "https://zeitbild.example.org/" } diff --git a/roles/zeitbild_backend/templates/conf.json.j2 b/roles/zeitbild_backend/templates/conf.json.j2 index 0967ef4..2406fc0 100644 --- a/roles/zeitbild_backend/templates/conf.json.j2 +++ b/roles/zeitbild_backend/templates/conf.json.j2 @@ -1 +1,60 @@ -{} +{ + "version": 1, + "log": [ + { + "kind": "stdout", + "data": { + "threshold": "info" + } + } + ], + "server": { + "address": {{var_zeitbild_backend_address}}, + "port": {{var_zeitbild_backend_port | string}} + }, +{% if var_zeitbild_backend_database_kind == 'sqlite' %} + "database": { + "kind": "sqlite", + "data": { + "path": "data.sqlite" + } + }, +{% endif %} +{% if var_zeitbild_backend_database_kind == 'postgresql' %} + "database": { + "kind": "postgresql", + "data": { + "host": "{{var_zeitbild_backend_database_data_postgresql_host}}" + "port": "{{var_zeitbild_backend_database_data_postgresql_port | string}}", + "username": "{{var_zeitbild_backend_database_data_postgresql_username}}", + "password": "{{var_zeitbild_backend_database_data_postgresql_password}}" + "schema": "{{var_zeitbild_backend_database_data_postgresql_schema}}" + } + }, +{% endif %} +{% if var_zeitbild_backend_authentication_kind == 'internal' %} + "authentication": { + "kind": "internal", + "data": {} + }, +{% endif %} +{% if var_zeitbild_backend_authentication_kind == 'authelia' %} + "authentication": { + "kind": "oidc", + "data": { + "url_authorization": "{{var_zeitbild_backend_authentication_data_authelia_url_base}}/api/oidc/authorization", + "url_token": "{{var_zeitbild_backend_authentication_data_authelia_url_base}}/api/oidc/token", + "url_userinfo": "{{var_zeitbild_backend_authentication_data_authelia_url_base}}/api/oidc/userinfo", + "client_id": "{{var_zeitbild_backend_authentication_data_authelia_client_id}}", + "client_secret": "{{var_zeitbild_backend_authentication_data_authelia_client_secret}}", + "backend_url_base": "{{var_zeitbild_backend_authentication_data_authelia_backend_url_base}}", + "label": "{{var_zeitbild_backend_authentication_data_authelia_provider_name}}" + } + }, +{% endif %} + "session_management": { + "in_memory": false, + "lifetime": 3600, + "drop_all_at_start": false + } +} diff --git a/roles/zeitbild_backend/vardef.json b/roles/zeitbild_backend/vardef.json index 7742d7a..3bfb503 100644 --- a/roles/zeitbild_backend/vardef.json +++ b/roles/zeitbild_backend/vardef.json @@ -60,5 +60,29 @@ "database_data_postgresql_schema": { "type": "string", "mandatory": false - } + }, + "authentication_kind": { + "type": "string", + "options": [ + "internal", + "authelia" + ], + "mandatory": false + }, + "authentication_data_authelia_url_base": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_label": { + "type": "string", + "mandatory": false + }, }