diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-12-28 13:32:11 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-12-28 13:32:11 +0100 |
| commit | 626027250e3f1724be7018bdb7f78b13fd5d1eb5 (patch) | |
| tree | 7674397b1fb214541f34c08b2be4fe822412ffbd /roles/apps/node-red | |
| parent | fix node-red combined with whawty-sso nginx/auth (diff) | |
finialize node-red role for now
Diffstat (limited to 'roles/apps/node-red')
| -rw-r--r-- | roles/apps/node-red/defaults/main.yml | 64 | ||||
| -rw-r--r-- | roles/apps/node-red/instance/tasks/main.yml | 43 |
2 files changed, 93 insertions, 14 deletions
diff --git a/roles/apps/node-red/defaults/main.yml b/roles/apps/node-red/defaults/main.yml new file mode 100644 index 00000000..7117882b --- /dev/null +++ b/roles/apps/node-red/defaults/main.yml @@ -0,0 +1,64 @@ +--- +# node_red_instances: +# test: +# version: 3.1.3 +# port: 1880 +# credential_secret: "do-not-tell-anyone" +# mqtt_tls: +# certificate_provider: managed-ca +# certificate_config: +# ca: +# host: iot +# name: mqtt +# cert: +# common_name: test +# extended_key_usage: +# - clientAuth +# extended_key_usage_critical: yes +# create_subject_key_identifier: yes +# not_after: +100w +# publish: +# zone: "{{ apps_publish_zone__foo }}" +# hostnames: +# - node-red.example.com +# tls: +# certificate_provider: ... +# vhost_extra_directives: | +# include snippets/whawty-sso-foo.conf; + +# location = /healthz { +# auth_request off; +# return 200; +# } +# location_extra_directives: | +# auth_request_set $username $upstream_http_x_username; +# proxy_set_header X-Username $username; +# custom_image: +# dockerfile: | +# RUN npm install passport-trusted-header +# extra_settings: | +# adminAuth: { +# type: "strategy", +# strategy: { +# name: "trusted-header", +# label: "SSO login", +# autoLogin: true, +# strategy: require("passport-trusted-header").Strategy, +# options: { +# headers: ['x-username'], +# verify: function(requestHeaders, done) { +# var username = requestHeaders['x-username'] +# if(username === '') { +# done("x-username HTTP-Header is empty", null) +# } +# done(null, { username: username }); +# } +# }, +# }, +# users: [ +# { username: "equinox", permissions: ["*"] } +# ], +# default: { +# permissions: "read" +# } +# } diff --git a/roles/apps/node-red/instance/tasks/main.yml b/roles/apps/node-red/instance/tasks/main.yml index 3533ab09..38547f58 100644 --- a/roles/apps/node-red/instance/tasks/main.yml +++ b/roles/apps/node-red/instance/tasks/main.yml @@ -109,20 +109,10 @@ network: host pull: yes -## TODO: settings.js: -# -# module.exports = { -# credentialSecret: "geheim", -# https: { -# key: require("fs").readFileSync('/tls/publish-key.pem'), -# cert: require("fs").readFileSync('/tls/publish-crt.pem'), -# ca: require("fs").readFileSync('/tls/publish-ca-crt.pem'), -# requestCert: true, -# minVersion: 'TLSv1.3' -# }, -# {{ node_red_instances[node_red_instance].extra_settings }} -# } -# +- name: test if settings.js already exists + stat: + path: "{{ node_red_instance_basepath }}/data/settings.js" + register: node_red_settings_js - name: install pod manifest vars: @@ -176,3 +166,28 @@ name: nginx/vhost apply: delegate_to: "{{ node_red_instances[node_red_instance].publish.zone.publisher }}" + + +- name: print info for new instance + when: not node_red_settings_js.stat.exists + pause: + seconds: 5 + prompt: | + ************* {{ node_red_instance }} is a new instance + ** + ** Wait for default settings.js to be populated and then add the following options: + + credentialSecret: "{{ node_red_instances[node_red_instance].credential_secret }}", + + https: { + key: require("fs").readFileSync('/tls/publish-key.pem'), + cert: require("fs").readFileSync('/tls/publish-crt.pem'), + ca: require("fs").readFileSync('/tls/publish-ca-crt.pem'), + requestCert: true, + minVersion: 'TLSv1.3' + }, + + {{ node_red_instances[node_red_instance].extra_settings | indent(4) }} + + ** + **************************************** |