--- - name: Installer et configurer Keycloak hosts: servers become: true gather_facts: true vars: git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" git_dest: "/opt/Neah-Enkun" git_branch: "master" nextcloud_container: "neah-nextcloud" trusted_domains: - "cloud.neah.local" - "localhost" keycloak_client_id: "nextcloud" keycloak_client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429" #TODO: Remplacer le nom de domaine keycloak_url: "http://connect.neah.local" keycloak_realm: "master" pre_tasks: - name: Cloner le dépôt Git git: repo: "{{ git_repo }}" dest: "{{ git_dest }}" version: "{{ git_branch }}" update: true force: true register: git_status until: git_status is success retries: 3 delay: 5 tasks: - name: Lancer le service Nextcloud command: "docker compose up -d --build --remove-orphans nextcloud" args: chdir: "{{ git_dest }}" register: nextcloud_launch until: nextcloud_launch is success retries: 3 delay: 5 #TODO: Supprimer en prod - name: Ajouter une entrée dans /etc/hosts du conteneur Nextcloud shell: > docker exec {{ nextcloud_container }} sh -c 'echo "172.16.32.141 connect.neah.local" >> /etc/hosts' register: add_hosts_entry until: add_hosts_entry is success retries: 3 delay: 5 - name: Configurer les domaines de confiance shell: > docker exec -u 33 {{ nextcloud_container }} php occ config:system:set trusted_domains {{ item.0 }} --value={{ item.1 }} with_indexed_items: "{{ trusted_domains }}" register: trusted_domains_config until: trusted_domains_config is success retries: 3 delay: 5 - name: Installer l'application SSO & SAML shell: > docker exec -u 33 {{ nextcloud_container }} php occ app:install user_oidc register: install_sso until: install_sso is success retries: 3 delay: 5 - name: Activer l'application SSO shell: > docker exec -u 33 {{ nextcloud_container }} php occ app:enable user_oidc register: enable_sso until: enable_sso is success retries: 3 delay: 5 - name: Configurer le provider Keycloak shell: > docker exec -u 33 {{ nextcloud_container }} php occ user_oidc:provider keycloak -c {{ keycloak_client_id }} -s {{ keycloak_client_secret }} -d {{ keycloak_url }}/realms/{{ keycloak_realm }}/.well-known/openid-configuration --mapping-uid preferred_username --mapping-display-name name --mapping-email email --mapping-groups realm_roles --mapping-quota quota --unique-uid preferred_username --group-provisioning true register: config_keycloak until: config_keycloak is success retries: 3 delay: 5 #TODO: Supprimer le mode debug en prod - name: Activer le mode debug de Nextcloud shell: > docker exec -u 33 {{ nextcloud_container }} php occ config:system:set debug --value=true register: enable_debug until: enable_debug is success retries: 3 delay: 5 - name: Autoriser les serveurs distants locaux shell: > docker exec -u 33 {{ nextcloud_container }} php occ config:system:set allow_local_remote_servers --value=true register: allow_local_remote_servers until: allow_local_remote_servers is success retries: 3 delay: 5 - name: Copier le script de synchronisation des droits admin copy: src: "{{ git_dest }}/nextcloud/sync_admin_rights.sh" dest: "/etc/cron.hourly/sync_admin_rights" mode: "0755" remote_src: yes register: copy_script until: copy_script is success retries: 3 delay: 5 - name: Configurer les permissions du script file: path: "/etc/cron.hourly/sync_admin_rights" owner: root group: root mode: "0755" register: set_permissions until: set_permissions is success retries: 3 delay: 5