Refactor and enhance Ansible configurations for dev-02 and nginx proxy setup
- Updated host_vars for dev-02 to include login history settings and modified code server authentication. - Adjusted opencode server configurations and reduced resource allocation. - Introduced a new playbook for configuring nginx reverse proxy with TLS and OAuth2. - Enhanced linux_dev_station role defaults and tasks, including package updates and service configurations. - Removed unnecessary credential assertions in linux_dev_station tasks. - Created nginx_proxy role with tasks for certbot, nginx installation, and oauth2-proxy setup. - Added templates for nginx and oauth2-proxy configurations. - Updated terraform configuration to reflect new DNS records for ide and agent services. - Documented changes and configurations in linux_dev_station.md for clarity and future reference.
This commit is contained in:
@@ -0,0 +1,26 @@
|
||||
provider = "{{ nginx_proxy_oauth2_proxy_provider }}"
|
||||
oidc_issuer_url = "{{ nginx_proxy_oauth2_proxy_provider_url }}"
|
||||
client_id = "{{ nginx_proxy_oauth2_proxy_client_id }}"
|
||||
client_secret = "{{ nginx_proxy_oauth2_proxy_client_secret }}"
|
||||
cookie_domains = [ "{{ nginx_proxy_oauth2_proxy_cookie_domain }}" ]
|
||||
cookie_name = "{{ nginx_proxy_oauth2_proxy_cookie_name }}"
|
||||
cookie_secret = "{{ nginx_proxy_oauth2_proxy_cookie_secret }}"
|
||||
cookie_expire = "{{ nginx_proxy_oauth2_proxy_cookie_expire }}"
|
||||
cookie_refresh = "{{ nginx_proxy_oauth2_proxy_cookie_refresh }}"
|
||||
redirect_url = "{{ nginx_proxy_oauth2_proxy_redirect_urls[0] }}"
|
||||
scope = "{{ nginx_proxy_oauth2_proxy_scopes }}"
|
||||
email_domains = {{ nginx_proxy_oauth2_proxy_email_domains | to_json }}
|
||||
upstreams = [ "static://200" ]
|
||||
skip_jwt_bearer_tokens = {{ nginx_proxy_oauth2_proxy_skip_jwt | lower }}
|
||||
set_basic_auth = {{ nginx_proxy_oauth2_proxy_set_basic_auth | lower }}
|
||||
set_xauthrequest = {{ nginx_proxy_oauth2_proxy_set_xauthrequest | lower }}
|
||||
ssl_insecure_skip_verify = {{ nginx_proxy_oauth2_proxy_ssl_insecure_skip_verify | lower }}
|
||||
proxy_prefix = "{{ nginx_proxy_oauth2_proxy_proxy_prefix }}"
|
||||
http_address = "{{ nginx_proxy_oauth2_proxy_bind }}:{{ nginx_proxy_oauth2_proxy_port }}"
|
||||
{% if nginx_proxy_oauth2_proxy_request_logging | default(true) %}
|
||||
logging_filename = "{{ nginx_proxy_oauth2_proxy_log_file | default('/var/log/oauth2-proxy.log') }}"
|
||||
{% endif %}
|
||||
cookie_secure = false
|
||||
reverse_proxy = true
|
||||
trusted_proxy_ips = [ "127.0.0.1" ]
|
||||
proxy_websockets = true
|
||||
Reference in New Issue
Block a user