134 lines
4.1 KiB
YAML
134 lines
4.1 KiB
YAML
---
|
|
- name: Installer et configurer Keycloak
|
|
hosts: servers
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
|
|
git_dest: "/opt/Neah-Enkun"
|
|
git_branch: "master"
|
|
nextcloud_container: "neah-nextcloud"
|
|
trusted_domains:
|
|
- "cloud.neah.local"
|
|
- "localhost"
|
|
keycloak_client_id: "nextcloud"
|
|
keycloak_client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429"
|
|
#TODO: Remplacer le nom de domaine
|
|
keycloak_url: "http://connect.neah.local"
|
|
keycloak_realm: "master"
|
|
|
|
pre_tasks:
|
|
- name: Cloner le dépôt Git
|
|
git:
|
|
repo: "{{ git_repo }}"
|
|
dest: "{{ git_dest }}"
|
|
version: "{{ git_branch }}"
|
|
update: true
|
|
force: true
|
|
register: git_status
|
|
until: git_status is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
tasks:
|
|
- name: Lancer le service Nextcloud
|
|
command: "docker compose up -d --build --remove-orphans nextcloud"
|
|
args:
|
|
chdir: "{{ git_dest }}"
|
|
register: nextcloud_launch
|
|
until: nextcloud_launch is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
#TODO: Supprimer en prod
|
|
- name: Ajouter une entrée dans /etc/hosts du conteneur Nextcloud
|
|
shell: >
|
|
docker exec {{ nextcloud_container }} sh -c 'echo "172.16.32.141 connect.neah.local" >> /etc/hosts'
|
|
register: add_hosts_entry
|
|
until: add_hosts_entry is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Configurer les domaines de confiance
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ config:system:set trusted_domains {{ item.0 }} --value={{ item.1 }}
|
|
with_indexed_items: "{{ trusted_domains }}"
|
|
register: trusted_domains_config
|
|
until: trusted_domains_config is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Installer l'application SSO & SAML
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ app:install user_oidc
|
|
register: install_sso
|
|
until: install_sso is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Activer l'application SSO
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ app:enable user_oidc
|
|
register: enable_sso
|
|
until: enable_sso is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Configurer le provider Keycloak
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ user_oidc:provider keycloak
|
|
-c {{ keycloak_client_id }}
|
|
-s {{ keycloak_client_secret }}
|
|
-d {{ keycloak_url }}/realms/{{ keycloak_realm }}/.well-known/openid-configuration
|
|
--mapping-uid preferred_username
|
|
--mapping-display-name name
|
|
--mapping-email email
|
|
--mapping-groups realm_roles
|
|
--mapping-quota quota
|
|
--unique-uid preferred_username
|
|
--group-provisioning true
|
|
register: config_keycloak
|
|
until: config_keycloak is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
#TODO: Supprimer le mode debug en prod
|
|
- name: Activer le mode debug de Nextcloud
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ config:system:set debug --value=true
|
|
register: enable_debug
|
|
until: enable_debug is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Autoriser les serveurs distants locaux
|
|
shell: >
|
|
docker exec -u 33 {{ nextcloud_container }} php occ config:system:set allow_local_remote_servers --value=true
|
|
register: allow_local_remote_servers
|
|
until: allow_local_remote_servers is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Copier le script de synchronisation des droits admin
|
|
copy:
|
|
src: "{{ git_dest }}/nextcloud/sync_admin_rights.sh"
|
|
dest: "/etc/cron.hourly/sync_admin_rights"
|
|
mode: "0755"
|
|
remote_src: yes
|
|
register: copy_script
|
|
until: copy_script is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Configurer les permissions du script
|
|
file:
|
|
path: "/etc/cron.hourly/sync_admin_rights"
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
register: set_permissions
|
|
until: set_permissions is success
|
|
retries: 3
|
|
delay: 5
|