From 2cac213380155c12d481f143905d902703826780 Mon Sep 17 00:00:00 2001 From: Tobias Manske Date: Mon, 11 Mar 2024 05:33:29 +0100 Subject: [PATCH] YouTrack --- ansible/plays/services/youtrack/.env | 2 +- .../services/youtrack/docker-compose.yaml | 8 +-- ansible/plays/vps.yaml | 29 ++++----- tf-stage-1/dns-unruhig-eu.tf | 2 + tf-stage-1/service_youtrack.tf | 62 +++++++++++++++++++ tf-stage-1/user_rad4day.tf | 2 + 6 files changed, 83 insertions(+), 22 deletions(-) create mode 100644 tf-stage-1/service_youtrack.tf diff --git a/ansible/plays/services/youtrack/.env b/ansible/plays/services/youtrack/.env index 086143e..d34bec5 100644 --- a/ansible/plays/services/youtrack/.env +++ b/ansible/plays/services/youtrack/.env @@ -1,2 +1,2 @@ COMPOSE_PROJECT_NAME=youtrack -VERSION=2022.2.59587 +VERSION=2024.1.25893 diff --git a/ansible/plays/services/youtrack/docker-compose.yaml b/ansible/plays/services/youtrack/docker-compose.yaml index e320790..e2a09c9 100644 --- a/ansible/plays/services/youtrack/docker-compose.yaml +++ b/ansible/plays/services/youtrack/docker-compose.yaml @@ -12,16 +12,10 @@ services: labels: - "traefik.enable=true" - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - - "traefik.http.routers.youtrack.rule=Host(`youtrack.tobiasmanske.de`)" + - "traefik.http.routers.youtrack.rule=Host(`todo.unruhig.eu`)" - "traefik.http.routers.youtrack.entryPoints=websecure" - "traefik.http.services.youtrack.loadbalancer.server.port=8080" restart: always - networks: - - gateway - -networks: - gateway: - external: true volumes: data: diff --git a/ansible/plays/vps.yaml b/ansible/plays/vps.yaml index 36e91a3..cefb17f 100644 --- a/ansible/plays/vps.yaml +++ b/ansible/plays/vps.yaml @@ -4,22 +4,23 @@ vars: state: running base_domain: "tobiasmanske.de" - pre_tasks: - - name: Gather facts from all hosts - ansible.builtin.setup: {} - delegate_to: "{{ item }}" - delegate_facts: true - when: hostvars[item]['ansible_default_ipv4'] is not defined - tags: - - always - loop: "{{ groups['all'] }}" - - name: Assert a default ipv4 is known - ansible.builtin.assert: - that: hostvars[item]['ansible_default_ipv4'] is defined - quiet: true - loop: "{{ groups['all'] }}" + # pre_tasks: + # - name: Gather facts from all hosts + # ansible.builtin.setup: {} + # delegate_to: "{{ item }}" + # delegate_facts: true + # when: hostvars[item]['ansible_default_ipv4'] is not defined + # tags: + # - always + # loop: "{{ groups['all'] }}" + # - name: Assert a default ipv4 is known + # ansible.builtin.assert: + # that: hostvars[item]['ansible_default_ipv4'] is defined + # quiet: true + # loop: "{{ groups['all'] }}" roles: - {role: compose_project, service: traefik, with_fa: true} + - {role: compose_project, service: youtrack} - {role: compose_project, service: registry} - {role: compose_project, service: pantalaimon} - {role: compose_project, service: mimir} diff --git a/tf-stage-1/dns-unruhig-eu.tf b/tf-stage-1/dns-unruhig-eu.tf index 284c876..88809cf 100644 --- a/tf-stage-1/dns-unruhig-eu.tf +++ b/tf-stage-1/dns-unruhig-eu.tf @@ -34,6 +34,8 @@ module "dns-unruhig-eu" { # Vaultwarden { type = "CNAME", name = "vault", value = "infra.unruhig.eu" }, + # YouTrack + { type = "CNAME", name = "todo", value = "web.tobiasmanske.de" }, # Mail settings { type = "A", name = "mail", value = "202.61.232.207" }, diff --git a/tf-stage-1/service_youtrack.tf b/tf-stage-1/service_youtrack.tf new file mode 100644 index 0000000..eb16afe --- /dev/null +++ b/tf-stage-1/service_youtrack.tf @@ -0,0 +1,62 @@ +module "youtrackclient" { + source = "./modules/kc-client" + + realm = var.realm + client_id = "youtrack" + client_name = "YouTrack" + description = "todo.unruhig.eu" + root_url = "https://todo.unruhig.eu" + admin_url = "" + base_url = "" + valid_redirect_uris = ["/hub/api/rest/oauth2/interactive/login/fb07847a-788d-49cc-82d5-0a80075130a3/land"] + web_origins = [] +} + + +resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-id-mapper" { + realm_id = module.youtrackclient.realm.id + client_id = module.youtrackclient.client.id + name = "id" + + claim_name = "clientId" + claim_value_type = "String" + session_note = "clientId" + add_to_access_token = true + add_to_id_token = true +} + +resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-host-mapper" { + realm_id = module.youtrackclient.realm.id + client_id = module.youtrackclient.client.id + name = "host" + + claim_name = "clientHost" + claim_value_type = "String" + session_note = "clientHost" + add_to_access_token = true + add_to_id_token = true +} + +resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-ip-mapper" { + realm_id = module.youtrackclient.realm.id + client_id = module.youtrackclient.client.id + name = "ip" + + claim_name = "clientAddress" + claim_value_type = "String" + session_note = "clientAddress" + add_to_access_token = true + add_to_id_token = true +} + +resource "keycloak_openid_user_client_role_protocol_mapper" "youtrack-role-mapper" { + realm_id = module.youtrackclient.realm.id + client_id = module.youtrackclient.client.id + multivalued = true + name = "user-client-role-mapper" + claim_name = "youtrack_roles" + client_id_for_role_mappings = "youtrack" + add_to_userinfo = true + add_to_access_token = true + add_to_id_token = true +} diff --git a/tf-stage-1/user_rad4day.tf b/tf-stage-1/user_rad4day.tf index fe38e47..e96ab9f 100644 --- a/tf-stage-1/user_rad4day.tf +++ b/tf-stage-1/user_rad4day.tf @@ -17,6 +17,8 @@ resource "keycloak_user_groups" "rad4day_groups" { module.minifluxclient.access_group.id, module.synapseclient.access_group.id, module.seafileclient.access_group.id, + module.youtrackclient.access_group.id, + module.youtrackclient.admin_group.id, module.gotosocialclient.access_group.id, module.gotosocialclient.admin_group.id, data.keycloak_group.proxypass.id,