tobias
/
infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

YouTrack

This commit is contained in:
Tobias Manske 2024-03-11 05:33:29 +01:00
parent 004ae6c399
commit 2cac213380
Signed by: tobias
GPG Key ID: 9164B527694A0709
6 changed files with 83 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/plays/services/youtrack/.env
View File

@ -1,2 +1,2 @@
COMPOSE_PROJECT_NAME=youtrack COMPOSE_PROJECT_NAME=youtrack
VERSION=2022.2.59587 VERSION=2024.1.25893

8
ansible/plays/services/youtrack/docker-compose.yaml
View File

@ -12,16 +12,10 @@ services:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.youtrack.rule=Host(`youtrack.tobiasmanske.de`)" - "traefik.http.routers.youtrack.rule=Host(`todo.unruhig.eu`)"
- "traefik.http.routers.youtrack.entryPoints=websecure" - "traefik.http.routers.youtrack.entryPoints=websecure"
- "traefik.http.services.youtrack.loadbalancer.server.port=8080" - "traefik.http.services.youtrack.loadbalancer.server.port=8080"
restart: always restart: always
networks:
- gateway
networks:
gateway:
external: true
volumes: volumes:
data: data:

29
ansible/plays/vps.yaml
View File

@ -4,22 +4,23 @@
vars: vars:
state: running state: running
base_domain: "tobiasmanske.de" base_domain: "tobiasmanske.de"
pre_tasks: # pre_tasks:
- name: Gather facts from all hosts # - name: Gather facts from all hosts
ansible.builtin.setup: {} # ansible.builtin.setup: {}
delegate_to: "{{ item }}" # delegate_to: "{{ item }}"
delegate_facts: true # delegate_facts: true
when: hostvars[item]['ansible_default_ipv4'] is not defined # when: hostvars[item]['ansible_default_ipv4'] is not defined
tags: # tags:
- always # - always
loop: "{{ groups['all'] }}" # loop: "{{ groups['all'] }}"
- name: Assert a default ipv4 is known # - name: Assert a default ipv4 is known
ansible.builtin.assert: # ansible.builtin.assert:
that: hostvars[item]['ansible_default_ipv4'] is defined # that: hostvars[item]['ansible_default_ipv4'] is defined
quiet: true # quiet: true
loop: "{{ groups['all'] }}" # loop: "{{ groups['all'] }}"
roles: roles:
- {role: compose_project, service: traefik, with_fa: true} - {role: compose_project, service: traefik, with_fa: true}
- {role: compose_project, service: youtrack}
- {role: compose_project, service: registry} - {role: compose_project, service: registry}
- {role: compose_project, service: pantalaimon} - {role: compose_project, service: pantalaimon}
- {role: compose_project, service: mimir} - {role: compose_project, service: mimir}

2
tf-stage-1/dns-unruhig-eu.tf
View File

@ -34,6 +34,8 @@ module "dns-unruhig-eu" {
# Vaultwarden # Vaultwarden
{ type = "CNAME", name = "vault", value = "infra.unruhig.eu" }, { type = "CNAME", name = "vault", value = "infra.unruhig.eu" },
# YouTrack
{ type = "CNAME", name = "todo", value = "web.tobiasmanske.de" },
# Mail settings # Mail settings
{ type = "A", name = "mail", value = "202.61.232.207" }, { type = "A", name = "mail", value = "202.61.232.207" },

62
tf-stage-1/service_youtrack.tf Normal file
View File

@ -0,0 +1,62 @@
module "youtrackclient" {
source = "./modules/kc-client"
realm = var.realm
client_id = "youtrack"
client_name = "YouTrack"
description = "todo.unruhig.eu"
root_url = "https://todo.unruhig.eu"
admin_url = ""
base_url = ""
valid_redirect_uris = ["/hub/api/rest/oauth2/interactive/login/fb07847a-788d-49cc-82d5-0a80075130a3/land"]
web_origins = []
}
resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-id-mapper" {
realm_id = module.youtrackclient.realm.id
client_id = module.youtrackclient.client.id
name = "id"
claim_name = "clientId"
claim_value_type = "String"
session_note = "clientId"
add_to_access_token = true
add_to_id_token = true
}
resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-host-mapper" {
realm_id = module.youtrackclient.realm.id
client_id = module.youtrackclient.client.id
name = "host"
claim_name = "clientHost"
claim_value_type = "String"
session_note = "clientHost"
add_to_access_token = true
add_to_id_token = true
}
resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-ip-mapper" {
realm_id = module.youtrackclient.realm.id
client_id = module.youtrackclient.client.id
name = "ip"
claim_name = "clientAddress"
claim_value_type = "String"
session_note = "clientAddress"
add_to_access_token = true
add_to_id_token = true
}
resource "keycloak_openid_user_client_role_protocol_mapper" "youtrack-role-mapper" {
realm_id = module.youtrackclient.realm.id
client_id = module.youtrackclient.client.id
multivalued = true
name = "user-client-role-mapper"
claim_name = "youtrack_roles"
client_id_for_role_mappings = "youtrack"
add_to_userinfo = true
add_to_access_token = true
add_to_id_token = true
}

2
tf-stage-1/user_rad4day.tf
View File

@ -17,6 +17,8 @@ resource "keycloak_user_groups" "rad4day_groups" {
module.minifluxclient.access_group.id, module.minifluxclient.access_group.id,
module.synapseclient.access_group.id, module.synapseclient.access_group.id,
module.seafileclient.access_group.id, module.seafileclient.access_group.id,
module.youtrackclient.access_group.id,
module.youtrackclient.admin_group.id,
module.gotosocialclient.access_group.id, module.gotosocialclient.access_group.id,
module.gotosocialclient.admin_group.id, module.gotosocialclient.admin_group.id,
data.keycloak_group.proxypass.id, data.keycloak_group.proxypass.id,