cacert/oidc-parent
9
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update Hydra setup

Browse source
This commit is contained in:
Jan Dittberner 2023-08-07 18:41:29 +02:00
parent c737754d0e
commit 82954212c4
5 changed files with 27 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
deployment/roles/hydra_database/tasks/main.yml
View file

@ -22,8 +22,16 @@
- name: Grant permissions on Hydra database to Hydra database user - name: Grant permissions on Hydra database to Hydra database user
community.postgresql.postgresql_privs: community.postgresql.postgresql_privs:
database: "{{ hydra_db_name }}" database: "{{ hydra_db_name }}"
state: present privs: CONNECT
privs: CREATE,CONNECT
type: database type: database
role: "{{ hydra_db_user }}" role: "{{ hydra_db_user }}"
become_user: postgres become_user: postgres
- name: Grant permissions on public schema of Hydra database to Hydra database user
community.postgresql.postgresql_privs:
database: "{{ hydra_db_name }}"
objs: public
privs: CREATE,USAGE
type: schema
role: "{{ hydra_db_user }}"
become_user: postgres

6
deployment/roles/hydra_server/defaults/main.yml
View file

@ -5,7 +5,7 @@ hydra_os_group: hydra
hydra_os_user: hydra hydra_os_user: hydra
hydra_home: /srv/hydra hydra_home: /srv/hydra
hydra_version: "1.11.9" hydra_version: "2.1.2"
hydra_checksum: "0e38096a45ae411f70b95beaad69a5335a16cf34c4963724beef3ebce37c283c" hydra_checksum: "acab44b1f5324e001fcfecaa7115a5c3a07156e3e0d3840d8ed12deca4db6490"
use_mkcert: false use_mkcert: true

2
deployment/roles/hydra_server/tasks/main.yml
View file

@ -13,7 +13,6 @@
state: present state: present
system: true system: true
- name: Create Hydra directories - name: Create Hydra directories
ansible.builtin.file: ansible.builtin.file:
path: "{{hydra_home }}/{{ item.path }}" path: "{{hydra_home }}/{{ item.path }}"
@ -26,7 +25,6 @@
- { path: bin, mode: '0750' } - { path: bin, mode: '0750' }
- { path: download, mode: '0750' } - { path: download, mode: '0750' }
- name: Download Hydra binary - name: Download Hydra binary
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://github.com/ory/hydra/releases/download/v{{ hydra_version }}/hydra_{{ hydra_version }}-linux_64bit.tar.gz" url: "https://github.com/ory/hydra/releases/download/v{{ hydra_version }}/hydra_{{ hydra_version }}-linux_64bit.tar.gz"

25
deployment/roles/hydra_server/templates/hydra.yml.j2
View file

@ -3,14 +3,22 @@ serve:
admin: admin:
host: {{ oidc_urls.hydra_admin.address | default("localhost") }} host: {{ oidc_urls.hydra_admin.address | default("localhost") }}
port: {{ oidc_urls.hydra_admin.port | default("4445") }} port: {{ oidc_urls.hydra_admin.port | default("4445") }}
tls:
enabled: true
cert:
path: {{ hydra_tls.cert }}
key:
path: {{ hydra_tls.key }}
public: public:
host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }} host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }}
port: {{ oidc_urls.hydra_public.port | default("4444") }} port: {{ oidc_urls.hydra_public.port | default("4444") }}
tls: tls:
cert: enabled: true
path: {{ hydra_tls.cert }} cert:
key: path: {{ hydra_tls.cert }}
path: {{ hydra_tls.key }} key:
path: {{ hydra_tls.key }}
dsn: 'postgres://{{ hydra_db_user }}:{{ hydra_db_password }}@{{ hydra_db_host }}:{{ hydra_db_port }}/{{ hydra_db_name }}' dsn: 'postgres://{{ hydra_db_user }}:{{ hydra_db_password }}@{{ hydra_db_host }}:{{ hydra_db_port }}/{{ hydra_db_name }}'
webfinger: webfinger:
@ -18,14 +26,7 @@ webfinger:
supported_claims: supported_claims:
- email - email
- email_verified - email_verified
- given_name
- family_name
- middle_name
- name - name
- birthdate
- zoneinfo
- locale
- https://auth.cacert.org/groups
supported_scope: supported_scope:
- profile - profile
- email - email

2
hydra_config

@ -1 +1 @@
Subproject commit 4d3f908958b100eb901ce9f849a6fdd613aece06 Subproject commit 6aa5d1de0411ce93deb67d91ed841ec1ef658bc3