finialize node-red role for now

author: Christian Pointner <equinox@spreadspace.org> 2023-12-28 13:32:11 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2023-12-28 13:32:11 +0100
commit: 626027250e3f1724be7018bdb7f78b13fd5d1eb5 (patch)
tree: 7674397b1fb214541f34c08b2be4fe822412ffbd /roles/apps/node-red/defaults/main.yml
parent: fix node-red combined with whawty-sso nginx/auth (diff)
1 files changed, 64 insertions, 0 deletions
diff --git a/roles/apps/node-red/defaults/main.yml b/roles/apps/node-red/defaults/main.yml
new file mode 100644
index 00000000..7117882b
--- /dev/null
+++ b/roles/apps/node-red/defaults/main.yml
@@ -0,0 +1,64 @@
+---
+# node_red_instances:
+#   test:
+#     version: 3.1.3
+#     port: 1880
+#     credential_secret: "do-not-tell-anyone"
+#     mqtt_tls:
+#       certificate_provider: managed-ca
+#       certificate_config:
+#         ca:
+#           host: iot
+#           name: mqtt
+#         cert:
+#           common_name: test
+#           extended_key_usage:
+#           - clientAuth
+#           extended_key_usage_critical: yes
+#           create_subject_key_identifier: yes
+#           not_after: +100w
+#     publish:
+#       zone: "{{ apps_publish_zone__foo }}"
+#       hostnames:
+#       - node-red.example.com
+#       tls:
+#         certificate_provider: ...
+#       vhost_extra_directives: |
+#         include snippets/whawty-sso-foo.conf;
+
+#         location = /healthz {
+#            auth_request off;
+#            return 200;
+#         }
+#       location_extra_directives: |
+#         auth_request_set $username $upstream_http_x_username;
+#         proxy_set_header X-Username $username;
+#     custom_image:
+#       dockerfile: |
+#         RUN npm install passport-trusted-header
+#     extra_settings: |
+#       adminAuth: {
+#           type: "strategy",
+#           strategy: {
+#               name: "trusted-header",
+#               label: "SSO login",
+#               autoLogin: true,
+#               strategy: require("passport-trusted-header").Strategy,
+#               options: {
+#                   headers: ['x-username'],
+#                   verify: function(requestHeaders, done) {
+#                       var username = requestHeaders['x-username']
+#                       if(username === '') {
+#                           done("x-username HTTP-Header is empty", null)
+#                       }
+#                       done(null, { username: username });
+#                   }
+#               },
+#           },
+#           users: [
+#               { username: "equinox", permissions: ["*"] }
+#           ],
+#           default: {
+#               permissions: "read"
+#           }
+#       }
author	Christian Pointner <equinox@spreadspace.org>	2023-12-28 13:32:11 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2023-12-28 13:32:11 +0100
commit	626027250e3f1724be7018bdb7f78b13fd5d1eb5 (patch)
tree	7674397b1fb214541f34c08b2be4fe822412ffbd /roles/apps/node-red/defaults/main.yml
parent	fix node-red combined with whawty-sso nginx/auth (diff)