86 lines
2.2 KiB
YAML
86 lines
2.2 KiB
YAML
---
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
### UPSTREAM BEGIN ⇒ ###
|
|
- name: pull prerequisites from upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|
vars:
|
|
msg: SSOwat
|
|
### ⇐ UPSTREAM BEGIN ###
|
|
|
|
- name: install software
|
|
package:
|
|
name: "{{item}}"
|
|
state: present
|
|
with_items:
|
|
- lua51-filesystem
|
|
|
|
- name: install AUR software
|
|
include_role:
|
|
name: aur.inc
|
|
allow_duplicates: true
|
|
vars:
|
|
packages:
|
|
- lua51-lualdap-git
|
|
- ssowat-git
|
|
aur_user: git
|
|
# USUALLY NOT UP-TO-DATE… :-(
|
|
# - nginx-mainline-mod-ndk
|
|
# - nginx-mainline-mod-lua
|
|
|
|
### UPSTREAM END ⇒ ###
|
|
- name: merge upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|
vars:
|
|
msg: SSOwat
|
|
### ⇐ UPSTREAM END ###
|
|
|
|
- name: send the custom SSOwat configuration
|
|
template:
|
|
src: templates/conf.json.j2
|
|
dest: /etc/ssowat/conf.json
|
|
group: http
|
|
mode: 0640
|
|
|
|
- name: add the LUA language to Nginx
|
|
copy:
|
|
content: |
|
|
load_module /usr/lib/nginx/modules/ndk_http_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
|
dest: /etc/nginx/main.inc.d/ndk+lua.inc
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx.service
|
|
|
|
- name: init the SSO code in Nginx
|
|
copy:
|
|
content: |
|
|
lua_shared_dict cache 10m;
|
|
init_by_lua_file /etc/ssowat/init.lua;
|
|
dest: /etc/nginx/conf.d/00_ssowat.conf
|
|
group: http
|
|
mode: 0640
|
|
notify:
|
|
- restart nginx.service
|
|
|
|
- name: enforce SSO checking for each request
|
|
copy:
|
|
content: |
|
|
access_by_lua_file /etc/ssowat/access.lua;
|
|
header_filter_by_lua_file /etc/ssowat/headers.lua;
|
|
dest: /etc/nginx/inc.d/00_ssowat.https.inc
|
|
group: http
|
|
mode: 0640
|
|
notify:
|
|
- restart nginx.service
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
- name: commit local changes
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
vars:
|
|
msg: SSOwat
|
|
### ⇐ LOCAL COMMIT ###
|
|
- meta: flush_handlers
|