cleanup: remove obsolete docker/keycloak role and update zitadel playbook

2025-12-01 20:11:15 +08:00 · 2025-12-01 20:11:15 +08:00 · d1c6bd4b2b
commit d1c6bd4b2b
parent 66390ddc89
5 changed files with 3 additions and 147 deletions
--- a/playbooks/deploy_zitadel_docker.yaml
+++ b/playbooks/deploy_zitadel_docker.yaml
@ -7,6 +7,6 @@
    zitadel_masterkey: MasterkeyNeedsToHave32Characters
    zitadel_workspace: /opt/zitadel
  roles:
-    - roles/vhosts/common/
-    - roles/vhosts/docker/
-    - roles/docker/zitadel/
+    - vhosts/common/
+    - vhosts/docker/
+    - docker/zitadel/
--- a/playbooks/playbooks/roles/docker/keycloak/defaults/main.yml
+++ b/playbooks/playbooks/roles/docker/keycloak/defaults/main.yml
@ -1,14 +0,0 @@
---
-postgres_db: keycloak
-postgres_user: keycloak_user
-postgres_password: keycloak_password
-
-keycloak_admin: admin
-keycloak_admin_password: admin_password
-
-keycloak_key_store_password: ''
-keycloak_trust_store_password: ''
-
-ssl_certificate_path: /etc/ssl/onwalk.net.pem
-ssl_certificate_key_path: /etc/ssl/onwalk.net.key
-dhparam_path: /etc/ssl/dhparam.pem
--- a/playbooks/playbooks/roles/docker/keycloak/files/nginx.conf
+++ b/playbooks/playbooks/roles/docker/keycloak/files/nginx.conf
@ -1,37 +0,0 @@
-server {
-    listen 80;
-    server_name keycloak.onwalk.net;
-
-    # 强制 HTTP 请求重定向到 HTTPS
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    server_name keycloak.onwalk.net;
-
-    # SSL 配置
-    ssl_certificate /etc/ssl/certs/onwalk.net.pem;
-    ssl_certificate_key /etc/ssl/certs/onwalk.net.key;
-
-    # 日志设置
-    access_log /dev/stdout;
-    error_log /dev/stderr;
-
-    # 配置反向代理
-    location / {
-        proxy_pass https://127.0.0.1:8443;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header Cookie $http_cookie;
-        proxy_redirect off;
-    }
-
-    # SSL 强化
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256';
-    ssl_prefer_server_ciphers off;
-}
--- a/playbooks/playbooks/roles/docker/keycloak/tasks/main.yml
+++ b/playbooks/playbooks/roles/docker/keycloak/tasks/main.yml
@ -1,29 +0,0 @@
- name: 执行 pre-setup 操作
-  include_tasks: "{{ playbook_dir }}/roles/docker/keycloak/tasks/pre-setup.yml"
-
- name: 渲染 .env 配置文件
-  template:
-    src: "{{ playbook_dir }}/roles/docker/keycloak/templates/.env.j2"
-    dest: "{{ playbook_dir }}/roles/docker/keycloak/files/.env"
-
- name: 执行 create_keystore.sh 脚本
-  script: "{{ playbook_dir }}/roles/docker/keycloak/files/create_keystore.sh"
-  args:
-    chdir: "/home/ubuntu"
-
- name: 渲染 Docker Compose 配置文件
-  template:
-    src: "{{ playbook_dir }}/roles/docker/keycloak/templates/docker-compose.yml.j2"
-    dest: "{{ playbook_dir }}/roles/docker/keycloak/files/docker-compose.yml"
-
- name: 启动 Docker Compose 服务
-  become: true
-  docker_compose:
-    project_src: "{{ playbook_dir }}/roles/docker/keycloak"
-    files:
-      - "{{ playbook_dir }}/roles/docker/keycloak/files/docker-compose.yml"
-    restarted: true
-    state: present
-
- name: 执行 post-setup 操作
-  include_tasks: "{{ playbook_dir }}/roles/docker/keycloak/tasks/post-setup.yml"
--- a/playbooks/playbooks/roles/docker/keycloak/templates/docker-compose.yml.j2
+++ b/playbooks/playbooks/roles/docker/keycloak/templates/docker-compose.yml.j2
@ -1,64 +0,0 @@
-version: '3.7'
-
-services:
-  postgres:
-    image: postgres:16.0-bookworm
-    environment:
-      POSTGRES_DB: {{ postgres_db }}
-      POSTGRES_USER: {{ postgres_user }}
-      POSTGRES_PASSWORD: {{ postgres_password }}
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-    networks:
-      - keycloak_network
-
-  keycloak:
-    image: bitnami/keycloak:latest
-    environment:
-      KEYCLOAK_ADMIN: {{ keycloak_admin }}
-      KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}
-      KEYCLOAK_DATABASE_VENDOR: postgresql
-      KEYCLOAK_DATABASE_HOST: postgres
-      KEYCLOAK_DATABASE_PORT: 5432
-      KEYCLOAK_DATABASE_USER: {{ postgres_user }}
-      KEYCLOAK_DATABASE_NAME: {{ postgres_db }}
-      KEYCLOAK_DATABASE_PASSWORD: {{ postgres_password }}
-      KEYCLOAK_ENABLE_HTTPS: true
-      KEYCLOAK_HTTPS_KEY_STORE_FILE: /etc/ssl/keystore.jks
-      KEYCLOAK_HTTPS_KEY_STORE_PASSWORD: {{ keycloak_key_store_password }}
-      KEYCLOAK_HTTPS_TRUST_STORE_FILE: /etc/ssl/truststore.jks
-      KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD: {{ keycloak_trust_store_password }}
-    ports:
-      - 8080:8080
-    volumes:
-      - /etc/ssl/keystore.jks:/etc/ssl/keystore.jks
-      - /etc/ssl/truststore.jks:/etc/ssl/truststore.jks
-    restart: always
-    depends_on:
-      - postgres
-    networks:
-      - keycloak_network
-
-  nginx:
-    image: nginx:latest
-    depends_on:
-      - keycloak
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - /etc/ssl/onwalk.net.pem:/etc/ssl/certs/onwalk.net.pem
-      - /etc/ssl/onwalk.net.key:/etc/ssl/certs/onwalk.net.key
-      - /etc/ssl/dhparam.pem:/etc/nginx/ssl/dhparam.pem
-      - ./nginx.conf:/etc/nginx/nginx.conf
-    restart: unless-stopped
-    networks:
-      - keycloak_network
-
-volumes:
-  postgres_data:
-    driver: local
-
-networks:
-  keycloak_network:
-    driver: bridge