Update Hydra setup
This commit is contained in:
parent
c737754d0e
commit
82954212c4
5 changed files with 27 additions and 20 deletions
|
@ -22,8 +22,16 @@
|
|||
- name: Grant permissions on Hydra database to Hydra database user
|
||||
community.postgresql.postgresql_privs:
|
||||
database: "{{ hydra_db_name }}"
|
||||
state: present
|
||||
privs: CREATE,CONNECT
|
||||
privs: CONNECT
|
||||
type: database
|
||||
role: "{{ hydra_db_user }}"
|
||||
become_user: postgres
|
||||
|
||||
- name: Grant permissions on public schema of Hydra database to Hydra database user
|
||||
community.postgresql.postgresql_privs:
|
||||
database: "{{ hydra_db_name }}"
|
||||
objs: public
|
||||
privs: CREATE,USAGE
|
||||
type: schema
|
||||
role: "{{ hydra_db_user }}"
|
||||
become_user: postgres
|
||||
|
|
|
@ -5,7 +5,7 @@ hydra_os_group: hydra
|
|||
hydra_os_user: hydra
|
||||
hydra_home: /srv/hydra
|
||||
|
||||
hydra_version: "1.11.9"
|
||||
hydra_checksum: "0e38096a45ae411f70b95beaad69a5335a16cf34c4963724beef3ebce37c283c"
|
||||
hydra_version: "2.1.2"
|
||||
hydra_checksum: "acab44b1f5324e001fcfecaa7115a5c3a07156e3e0d3840d8ed12deca4db6490"
|
||||
|
||||
use_mkcert: false
|
||||
use_mkcert: true
|
||||
|
|
|
@ -13,7 +13,6 @@
|
|||
state: present
|
||||
system: true
|
||||
|
||||
|
||||
- name: Create Hydra directories
|
||||
ansible.builtin.file:
|
||||
path: "{{hydra_home }}/{{ item.path }}"
|
||||
|
@ -26,7 +25,6 @@
|
|||
- { path: bin, mode: '0750' }
|
||||
- { path: download, mode: '0750' }
|
||||
|
||||
|
||||
- name: Download Hydra binary
|
||||
ansible.builtin.get_url:
|
||||
url: "https://github.com/ory/hydra/releases/download/v{{ hydra_version }}/hydra_{{ hydra_version }}-linux_64bit.tar.gz"
|
||||
|
|
|
@ -3,14 +3,22 @@ serve:
|
|||
admin:
|
||||
host: {{ oidc_urls.hydra_admin.address | default("localhost") }}
|
||||
port: {{ oidc_urls.hydra_admin.port | default("4445") }}
|
||||
public:
|
||||
host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }}
|
||||
port: {{ oidc_urls.hydra_public.port | default("4444") }}
|
||||
tls:
|
||||
enabled: true
|
||||
cert:
|
||||
path: {{ hydra_tls.cert }}
|
||||
key:
|
||||
path: {{ hydra_tls.key }}
|
||||
public:
|
||||
host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }}
|
||||
port: {{ oidc_urls.hydra_public.port | default("4444") }}
|
||||
tls:
|
||||
enabled: true
|
||||
cert:
|
||||
path: {{ hydra_tls.cert }}
|
||||
key:
|
||||
path: {{ hydra_tls.key }}
|
||||
|
||||
dsn: 'postgres://{{ hydra_db_user }}:{{ hydra_db_password }}@{{ hydra_db_host }}:{{ hydra_db_port }}/{{ hydra_db_name }}'
|
||||
|
||||
webfinger:
|
||||
|
@ -18,14 +26,7 @@ webfinger:
|
|||
supported_claims:
|
||||
- email
|
||||
- email_verified
|
||||
- given_name
|
||||
- family_name
|
||||
- middle_name
|
||||
- name
|
||||
- birthdate
|
||||
- zoneinfo
|
||||
- locale
|
||||
- https://auth.cacert.org/groups
|
||||
supported_scope:
|
||||
- profile
|
||||
- email
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 4d3f908958b100eb901ce9f849a6fdd613aece06
|
||||
Subproject commit 6aa5d1de0411ce93deb67d91ed841ec1ef658bc3
|
Loading…
Reference in a new issue