94 lines
2.2 KiB
YAML
94 lines
2.2 KiB
YAML
---
|
||
# The home-server project produces a multi-purpose setup using Ansible.
|
||
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||
|
||
### UPSTREAM BEGIN ⇒ ###
|
||
- name: pull prerequisites from upstream
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
||
vars:
|
||
msg: SSO
|
||
### ⇐ UPSTREAM BEGIN ###
|
||
|
||
- name: (SSOwat) uninstall software
|
||
package:
|
||
name: "{{item}}"
|
||
state: absent
|
||
with_items:
|
||
# 2023-05-20: removed
|
||
- ssowat-git
|
||
- nginx-mainline-mod-lua
|
||
- nginx-mainline-mod-ndk
|
||
- lua51-lualdap-git
|
||
|
||
- name: install AUR software
|
||
include_role:
|
||
name: aur.inc
|
||
allow_duplicates: true
|
||
vars:
|
||
packages:
|
||
- simple-sso-git
|
||
|
||
### UPSTREAM END ⇒ ###
|
||
- name: merge upstream
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
||
vars:
|
||
msg: SSO
|
||
### ⇐ UPSTREAM END ###
|
||
|
||
# 2023-05-20: removed
|
||
- name: (SSOwat) remove SSOwat configuration
|
||
file:
|
||
path: /etc/ssowat
|
||
state: absent
|
||
notify:
|
||
- restart openresty.service
|
||
|
||
# 2023-05-20: removed
|
||
- name: (SSOwat) remove external LUA module from Nginx
|
||
file:
|
||
path: /etc/nginx/main.inc.d/ndk+lua.inc
|
||
state: absent
|
||
notify:
|
||
- restart openresty.service
|
||
|
||
- name: init the SSO code in Nginx
|
||
copy:
|
||
content: |
|
||
lua_shared_dict cache 10m;
|
||
init_by_lua_file /etc/nginx/ssso/do_init.lua;
|
||
dest: /etc/nginx/conf.d/00_sso.conf
|
||
group: http
|
||
mode: 0640
|
||
notify:
|
||
- restart openresty.service
|
||
|
||
- name: enforce SSO checking for each request
|
||
copy:
|
||
content: |
|
||
access_by_lua_file /etc/nginx/ssso/do_access.lua;
|
||
dest: /etc/nginx/inc.d/00_sso.https.inc
|
||
group: http
|
||
mode: 0640
|
||
notify:
|
||
- restart openresty.service
|
||
|
||
- name: send the custom SSO configuration
|
||
template:
|
||
src: templates/conf.json.j2
|
||
dest: /etc/nginx/ssso/global.json
|
||
group: http
|
||
mode: 0640
|
||
|
||
- name: register the fact that SSO is installed
|
||
set_fact:
|
||
is_sso_used: true
|
||
|
||
### LOCAL COMMIT ⇒ ###
|
||
- name: commit local changes
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
||
vars:
|
||
msg: SSO
|
||
### ⇐ LOCAL COMMIT ###
|
||
- meta: flush_handlers
|