yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/sso/tasks/main.yml

94 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: SSO
### ⇐ UPSTREAM BEGIN ###
- name: (SSOwat) uninstall software
package:
name: "{{item}}"
state: absent
with_items:
# 2023-05-20: removed
- ssowat-git
- nginx-mainline-mod-lua
- nginx-mainline-mod-ndk
- lua51-lualdap-git
- name: install AUR software
include_role:
name: aur.inc
allow_duplicates: true
vars:
packages:
- simple-sso-git
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: SSO
### ⇐ UPSTREAM END ###
# 2023-05-20: removed
- name: (SSOwat) remove SSOwat configuration
file:
path: /etc/ssowat
state: absent
notify:
- restart openresty.service
# 2023-05-20: removed
- name: (SSOwat) remove external LUA module from Nginx
file:
path: /etc/nginx/main.inc.d/ndk+lua.inc
state: absent
notify:
- restart openresty.service
- name: init the SSO code in Nginx
copy:
content: |
lua_shared_dict cache 10m;
init_by_lua_file /etc/nginx/ssso/do_init.lua;
dest: /etc/nginx/conf.d/00_sso.conf
group: http
mode: 0640
notify:
- restart openresty.service
- name: enforce SSO checking for each request
copy:
content: |
access_by_lua_file /etc/nginx/ssso/do_access.lua;
dest: /etc/nginx/inc.d/00_sso.https.inc
group: http
mode: 0640
notify:
- restart openresty.service
- name: send the custom SSO configuration
template:
src: templates/conf.json.j2
dest: /etc/nginx/ssso/global.json
group: http
mode: 0640
- name: register the fact that SSO is installed
set_fact:
is_sso_used: true
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: SSO
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers
Reference in New Issue View Git Blame Copy Permalink