From 30eff2fb90b93e30b51f98662fbc3bda5e9131d4 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 1 Oct 2023 20:28:56 +0200 Subject: add role for nginx-sso --- inventory/host_vars/sk-testvm.yml | 42 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'inventory/host_vars/sk-testvm.yml') diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 264e87f6..2650b85b 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -39,6 +39,7 @@ external_ip: "{{ network.primary.overlay }}" # spreadspace_apt_repo_components: + - main - container docker_storage: @@ -525,3 +526,44 @@ ownca_cert_config__test: extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w + + +nginx_sso_backends: + spreadspace: + auth_url: http://127.0.0.1:8082/auth + base_url: https://login.spreadspace.org + +nginx_sso_backend_configs: + spreadspace: + login: + title: "spreadspace - Login" + default_method: "simple" + hide_mfa_field: true + names: + simple: "Username / Password" + cookie: + domain: ".spreadspace.org" + authentication_key: "WXCBcOAiDrupSxJTqIEKsT5EXBfdXbydFCI7mXDTSTL6dF0KFJKhVgbVgc3nD7G2" + prefix: nginx-sso-spreadspace + listen: + addr: "127.0.0.1" + port: 8082 + audit_log: + targets: + - fd://stdout + events: ['access_denied', 'login_success', 'login_failure', 'logout', 'validate'] + headers: ['x-origin-uri'] + trusted_ip_headers: ["X-Forwarded-For", "RemoteAddr", "X-Real-IP"] + acl: + rule_sets: + - rules: + - field: "x-host" + regexp: ".*" + allow: ["@_authenticated"] + providers: + simple: + enable_basic_auth: false + users: + admin: "{{ 'admin' | password_hash('bcrypt', ('admin@spreadspace.com/nginx-sso' | bcrypt_salt)) }}" + groups: + admins: ["admin"] -- cgit v1.2.3