diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-11-13 21:56:24 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-11-13 21:56:24 +0100 |
| commit | a0c1aa799d94c3ce0c697bfd6777e0233dd77d92 (patch) | |
| tree | 0c2b858fc4526bc64edc1668da4580f8d54d6ef3 /roles/nginx/auth/whawty-sso/auth | |
| parent | add role nginx/auth/whawty-sso (diff) | |
finalize whawty.nginx-sso roles
Diffstat (limited to 'roles/nginx/auth/whawty-sso/auth')
| -rw-r--r-- | roles/nginx/auth/whawty-sso/auth/defaults/main.yml | 30 | ||||
| -rw-r--r-- | roles/nginx/auth/whawty-sso/auth/handlers/main.yml | 6 | ||||
| -rw-r--r-- | roles/nginx/auth/whawty-sso/auth/tasks/main.yml | 25 |
3 files changed, 61 insertions, 0 deletions
diff --git a/roles/nginx/auth/whawty-sso/auth/defaults/main.yml b/roles/nginx/auth/whawty-sso/auth/defaults/main.yml new file mode 100644 index 00000000..ca08addb --- /dev/null +++ b/roles/nginx/auth/whawty-sso/auth/defaults/main.yml @@ -0,0 +1,30 @@ +--- +# whawty_nginx_sso_auths: +# example: +# config: +# cookie: +# domain: ".example.com" +# name: __Secure-example-sso +# secure: yes +# expire: 168h +# keys: +# - name: 2023-11 +# ed25519: +# public-key: |- +# .... +# web: +# listen: 127.0.0.1:1234 +# foo: +# config: +# cookie: +# domain: ".foo.bar" +# name: __Secure-foobar-sso +# secure: yes +# expire: 24h +# keys: +# - name: 2023-11 +# ed25519: +# public-key: |- +# .... +# web: +# listen: 127.0.0.1:2345 diff --git a/roles/nginx/auth/whawty-sso/auth/handlers/main.yml b/roles/nginx/auth/whawty-sso/auth/handlers/main.yml new file mode 100644 index 00000000..fad676ce --- /dev/null +++ b/roles/nginx/auth/whawty-sso/auth/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart whawty-nginx-sso + loop: "{{ whawty_nginx_sso_auths | list }}" + service: + name: "whawty-nginx-sso@{{ item }}.service" + state: restarted diff --git a/roles/nginx/auth/whawty-sso/auth/tasks/main.yml b/roles/nginx/auth/whawty-sso/auth/tasks/main.yml new file mode 100644 index 00000000..fa6048dd --- /dev/null +++ b/roles/nginx/auth/whawty-sso/auth/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: create configuration directory + file: + path: /etc/nginx/auth/whawty-sso + state: directory + +- name: generate configuration file + loop: "{{ whawty_nginx_sso_auths | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: | + # ansible generated + {{ item.value.config | to_nice_yaml(indent=2) }} + dest: "/etc/nginx/auth/whawty-sso/{{ item.key }}.yml" + mode: 0400 + notify: restart whawty-nginx-sso + +- name: make sure nginx-sso services are enabled and started + loop: "{{ whawty_nginx_sso_auths | list }}" + systemd: + name: "whawty-nginx-sso@{{ item }}.service" + daemon_reload: yes + state: started + enabled: yes |