diff --git a/deployment/roles/hydra_database/tasks/main.yml b/deployment/roles/hydra_database/tasks/main.yml index c5bc6d3..7e3a86b 100644 --- a/deployment/roles/hydra_database/tasks/main.yml +++ b/deployment/roles/hydra_database/tasks/main.yml @@ -22,8 +22,16 @@ - name: Grant permissions on Hydra database to Hydra database user community.postgresql.postgresql_privs: database: "{{ hydra_db_name }}" - state: present - privs: CREATE,CONNECT + privs: CONNECT type: database role: "{{ hydra_db_user }}" become_user: postgres + +- name: Grant permissions on public schema of Hydra database to Hydra database user + community.postgresql.postgresql_privs: + database: "{{ hydra_db_name }}" + objs: public + privs: CREATE,USAGE + type: schema + role: "{{ hydra_db_user }}" + become_user: postgres diff --git a/deployment/roles/hydra_server/defaults/main.yml b/deployment/roles/hydra_server/defaults/main.yml index a1c1c9f..8cae35e 100644 --- a/deployment/roles/hydra_server/defaults/main.yml +++ b/deployment/roles/hydra_server/defaults/main.yml @@ -5,7 +5,7 @@ hydra_os_group: hydra hydra_os_user: hydra hydra_home: /srv/hydra -hydra_version: "1.11.9" -hydra_checksum: "0e38096a45ae411f70b95beaad69a5335a16cf34c4963724beef3ebce37c283c" +hydra_version: "2.1.2" +hydra_checksum: "acab44b1f5324e001fcfecaa7115a5c3a07156e3e0d3840d8ed12deca4db6490" -use_mkcert: false +use_mkcert: true diff --git a/deployment/roles/hydra_server/tasks/main.yml b/deployment/roles/hydra_server/tasks/main.yml index ad1d1df..a6b2945 100644 --- a/deployment/roles/hydra_server/tasks/main.yml +++ b/deployment/roles/hydra_server/tasks/main.yml @@ -13,7 +13,6 @@ state: present system: true - - name: Create Hydra directories ansible.builtin.file: path: "{{hydra_home }}/{{ item.path }}" @@ -26,7 +25,6 @@ - { path: bin, mode: '0750' } - { path: download, mode: '0750' } - - name: Download Hydra binary ansible.builtin.get_url: url: "https://github.com/ory/hydra/releases/download/v{{ hydra_version }}/hydra_{{ hydra_version }}-linux_64bit.tar.gz" diff --git a/deployment/roles/hydra_server/templates/hydra.yml.j2 b/deployment/roles/hydra_server/templates/hydra.yml.j2 index 98c6dbc..f5ea8d4 100644 --- a/deployment/roles/hydra_server/templates/hydra.yml.j2 +++ b/deployment/roles/hydra_server/templates/hydra.yml.j2 @@ -3,14 +3,22 @@ serve: admin: host: {{ oidc_urls.hydra_admin.address | default("localhost") }} port: {{ oidc_urls.hydra_admin.port | default("4445") }} + tls: + enabled: true + cert: + path: {{ hydra_tls.cert }} + key: + path: {{ hydra_tls.key }} public: host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }} port: {{ oidc_urls.hydra_public.port | default("4444") }} - tls: - cert: - path: {{ hydra_tls.cert }} - key: - path: {{ hydra_tls.key }} + tls: + enabled: true + cert: + path: {{ hydra_tls.cert }} + key: + path: {{ hydra_tls.key }} + dsn: 'postgres://{{ hydra_db_user }}:{{ hydra_db_password }}@{{ hydra_db_host }}:{{ hydra_db_port }}/{{ hydra_db_name }}' webfinger: @@ -18,14 +26,7 @@ webfinger: supported_claims: - email - email_verified - - given_name - - family_name - - middle_name - name - - birthdate - - zoneinfo - - locale - - https://auth.cacert.org/groups supported_scope: - profile - email diff --git a/hydra_config b/hydra_config index 4d3f908..6aa5d1d 160000 --- a/hydra_config +++ b/hydra_config @@ -1 +1 @@ -Subproject commit 4d3f908958b100eb901ce9f849a6fdd613aece06 +Subproject commit 6aa5d1de0411ce93deb67d91ed841ec1ef658bc3