--- - name: Add required utilities ansible.builtin.apt: name: - gpg - wget - openssl update_cache: yes state: present become: true tags: [ hydra-only ] - name: Add LetsEncrypt missing intermediate certificates command: "bash -c 'wget -O- --no-check-certificate https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash'" args: creates: /etc/ssl/certs/lets-encrypt-e1.pem.pem become: true tags: [ hydra-only ] - name: Add cadoles-pod debian repository key ansible.builtin.apt_key: url: "{{ cadoles_pod_debian_repository_key_url }}" state: present become: true tags: [ hydra-only ] - name: Configure cadoles-pod debian repository ansible.builtin.apt_repository: repo: "deb {{ cadoles_pod_debian_repository_url }} {{ cadoles_pod_debian_repository }} main" state: present become: true tags: [ hydra-only ] - name: Ensure sysctl configuration ansible.posix.sysctl: name: "{{ item.name }}" value: "{{ item.value }}" sysctl_set: yes with_items: - name: fs.inotify.max_user_instances value: 128 - name: fs.inotify.max_user_watches value: 204800 become: true tags: [ hydra-only ] - name: Install HAProxy ansible.builtin.apt: name: - haproxy={{ haproxy_package_version }} update_cache: yes state: present become: true tags: [ hydra-only ] - name: Install Hydra include_tasks: file: ./install-hydra.yml apply: tags: [ hydra-only ] tags: [ hydra-only ] - name: Install hydra-dispatcher ansible.builtin.apt: name: - cadoles-pod-hydra-dispatcher-v1={{ cadoles_pod_hydra_dispatcher_v1_package_version }} update_cache: yes state: present become: true - name: Configure cadoles-pod-hydra-dispatcher-v1 template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - src: cadoles-pod-hydra-dispatcher-v1.conf.j2 dest: /etc/cadoles-pod-hydra-dispatcher-v1.conf mode: u=rw,g=r - src: hydra-dispatcher-apps.yml.j2 dest: /etc/hydra-dispatcher/conf.d/apps.yml mode: u=rw,g=r,o=r notify: - Restart cadoles-pod-hydra-dispatcher-v1 become: true - name: Configure cadoles-pod-hydra-dispatcher-v1 (2) ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: www.conf.gotmpl dest: /etc/hydra-dispatcher/www.conf.gotmpl notify: - Restart cadoles-pod-hydra-dispatcher-v1 become: true - name: Configure passwordless authentification if enabled ansible.builtin.include_tasks: hydra-passwordless.yml when: enable_hydra_passwordless - name: Configure SAML authentification if enabled ansible.builtin.include_tasks: hydra-saml.yml when: enable_hydra_saml - name: Configure OIDC authentification if enabled ansible.builtin.include_tasks: hydra-oidc.yml when: enable_hydra_oidc - name: Configure LDAP authentification if enabled ansible.builtin.include_tasks: hydra-ldap.yml when: enable_hydra_ldap - name: Start OIDC Test app if enabled ansible.builtin.include_tasks: start-oidc-test.yml when: enable_oidc_test_app and not install_only - name: Stop OIDC Test app if disabled ansible.builtin.include_tasks: stop-oidc-test.yml when: not enable_oidc_test_app and not install_only - name: Configure HAProxy template: src: haproxy.cfg.j2 dest: /etc/haproxy/haproxy.cfg validate: "haproxy -c -f %s" notify: - Restart HAProxy become: true tags: [ hydra-only ]