From 0d77884c7d0b7eddad84fae417d92abaea28d888 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= <kropikuba@gmail.com>
Date: Thu, 25 Jul 2024 17:45:18 +0200
Subject: [PATCH] added keycloak
---
.pre-commit-config.yaml | 2 +-
inventory.py | 2 +-
services/keycloak/.env.template | 22 +++++++++++
services/keycloak/docker-compose.yml | 57 ++++++++++++++++++++++++++++
4 files changed, 81 insertions(+), 2 deletions(-)
create mode 100644 services/keycloak/.env.template
create mode 100644 services/keycloak/docker-compose.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8353f25..e2766bc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -21,7 +21,7 @@ repos:
hooks:
- id: reorder-python-imports
- repo: https://github.com/astral-sh/ruff-pre-commit
- rev: v0.4.7
+ rev: v0.5.4
hooks:
- id: ruff
args: [--fix, --exit-non-zero-on-fix]
diff --git a/inventory.py b/inventory.py
index 0dd7604..09a4eb0 100644
--- a/inventory.py
+++ b/inventory.py
@@ -15,7 +15,7 @@ servers = [
"ssh_user": "root",
"web_server": True,
"services": [
- "nginx", "immich", "nodered",
+ "nginx", "immich", "nodered", "keycloak",
],
},
),
diff --git a/services/keycloak/.env.template b/services/keycloak/.env.template
new file mode 100644
index 0000000..b374c80
--- /dev/null
+++ b/services/keycloak/.env.template
@@ -0,0 +1,22 @@
+HOST=auth.katuwoss.dev
+
+POSTGRES_USER={{ username['38493af8-18b7-409a-b3ba-84b1b2070873'] }}
+POSTGRES_PASSWORD={{ password['38493af8-18b7-409a-b3ba-84b1b2070873'] }}
+POSTGRES_DATABASE=keycloak
+
+KEYCLOAK_ADMIN={{ username['fc557059-7c93-4851-8eae-888a664e5594'] }}
+KEYCLOAK_ADMIN_PASSWORD={{ password['fc557059-7c93-4851-8eae-888a664e5594'] }}
+
+KC_HTTP_ENABLED=true
+KC_HOSTNAME=https://auth.katuwoss.dev
+KC_HOSTNAME_ADMIN=https://auth.katuwoss.dev
+KC_PROXY_HEADERS=xforwarded
+
+KC_DB=postgres
+KC_DB_URL_HOST=db
+KC_DB_URL_DATABASE=keycloak
+KC_DB_USERNAME={{ username['38493af8-18b7-409a-b3ba-84b1b2070873'] }}
+KC_DB_PASSWORD={{ password['38493af8-18b7-409a-b3ba-84b1b2070873'] }}
+
+# DEBUG
+KC_LOG_LEVEL=DEBUG
diff --git a/services/keycloak/docker-compose.yml b/services/keycloak/docker-compose.yml
new file mode 100644
index 0000000..992d788
--- /dev/null
+++ b/services/keycloak/docker-compose.yml
@@ -0,0 +1,57 @@
+networks:
+ traefik-net:
+ name: traefik-net
+ external: true
+
+volumes:
+ keycloak-pg-data:
+ name: keycloak-pg-data
+ keycloak-pg-backup:
+ name: keycloak-pg-backup
+
+services:
+ backup:
+ image: prodrigestivill/postgres-backup-local:15
+ depends_on:
+ - db
+ volumes:
+ - keycloak-pg-backup:/backups
+ environment:
+ - POSTGRES_EXTRA_OPTS=-Z 6 -F c
+ - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+ - POSTGRES_USER=${POSTGRES_USER}
+ - POSTGRES_DB=${POSTGRES_DATABASE}
+ - POSTGRES_HOST=db
+
+ db:
+ image: postgres:15
+ volumes:
+ - keycloak-pg-data:/var/lib/postgresql/data
+ restart: unless-stopped
+ networks:
+ - default
+ environment:
+ - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+ - POSTGRES_USER=${POSTGRES_USER}
+ - POSTGRES_DB=${POSTGRES_DATABASE}
+
+ keycloak:
+ image: quay.io/keycloak/keycloak:25.0.2
+ depends_on:
+ - db
+ restart: unless-stopped
+ command:
+ - start
+ networks:
+ - traefik-net
+ - default
+ env_file:
+ - .env
+ deploy:
+ labels:
+ - traefik.enable=true
+ - traefik.docker.network=traefik-net
+ - traefik.http.routers.keycloak.rule=Host(`${HOST}`)
+ - traefik.http.routers.keycloak.entrypoints=websecure
+ - traefik.http.routers.keycloak.tls.certresolver=le
+ - traefik.http.services.keycloak.loadbalancer.server.port=8080