-
Notifications
You must be signed in to change notification settings - Fork 21
/
pgshield.yml
83 lines (72 loc) · 2.42 KB
/
pgshield.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
#
# Title: PGBlitz (Reference Title File)
# Author(s): Admin9705
# URL: https://pgblitz.com - http://github.pgblitz.com
# GNU: General Public License v3.0
################################################################################
---
- hosts: localhost
gather_facts: false
tasks:
# FACTS #######################################################################
- name: 'Set Known Facts'
set_fact:
int1: '4181'
ext1: '4181'
image: 'thomseddon/traefik-forward-auth'
# CORE (MANDATORY) ############################################################
- name: CronJob Role
include_tasks: '/pg/apps/_core.yml'
- name: Register Auth Path
shell: 'cat /pg/var/shield.clientid'
register: clientid
- name: Register Client Secret
shell: 'cat /pg/var/shield.clientsecret'
register: clientsecret
- name: Register Secret
shell: 'openssl rand -hex 16'
register: secret
- name: Register WhiteListed E-Mails
shell: 'cat /pg/var/pgshield.compiled'
register: whitelisted
# LABELS ######################################################################
- name: 'Setting PG Labels'
set_fact:
pg_labels:
traefik.enable: 'true'
traefik.port: '{{int1}}'
traefik.backend: 'oauth'
traefik.frontend.rule: 'Host:oauth.{{domain}}'
traefik.frontend.auth.forward.address: 'http://oauth:4181'
- name: 'Setting PG Volumes'
set_fact:
pg_volumes:
- '/etc/localtime:/etc/localtime:ro'
- name: 'Setting PG ENV'
set_fact:
pg_env:
PUID: '1000'
PGID: '1000'
CLIENT_ID: '{{clientid.stdout}}'
CLIENT_SECRET: '{{clientsecret.stdout}}'
SECRET: '{{secret.stdout}}'
COOKIE_DOMAIN: '{{domain}}'
INSECURE_COOKIE: 'True'
LIFETIME: '2592000'
AUTH_HOST: 'oauth.{{domain}}'
WHITELIST: '{{whitelisted.stdout}}'
# MAIN DEPLOYMENT #############################################################
- name: 'Deploying Container - oauth'
docker_container:
name: 'oauth'
image: '{{image}}'
pull: 'yes'
env: '{{pg_env}}'
restart_policy: unless-stopped
networks:
- name: plexguide
aliases:
- 'plexguide'
state: started
labels: '{{pg_labels}}'