diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index 86414ee..c82bcd1 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -71,10 +71,10 @@ group: ipsilon setype: _default -- name: Copy OIDC static config - ansible.builtin.copy: +- name: Create OIDC static config + ansible.builtin.template: dest: /etc/ipsilon/openidc-static.conf - src: "{{ ansible_private }}/files/ipsilon/openidc-static.conf" + src: openidc-static.conf.j2 mode: "0600" owner: "{{ subuid.stdout }}" group: "{{ subgid.stdout }}" diff --git a/roles/ipsilon/templates/openidc-static.conf.j2 b/roles/ipsilon/templates/openidc-static.conf.j2 new file mode 100644 index 0000000..a200a3a --- /dev/null +++ b/roles/ipsilon/templates/openidc-static.conf.j2 @@ -0,0 +1,26 @@ +[client] +{% for client in openidc_clients %} +{{ client["name"] }} application_type="web" +{{ client["name"] }} client_id=null +{{ client["name"] }} client_id_issued_at=0 +{{ client["name"] }} client_name="{{ client["name"] }}" +{{ client["name"] }} client_secret="{{ client["client_secret"] }}" +{{ client["name"] }} client_secret_expires_at=0 +{{ client["name"] }} client_uri="{{ client["client_uri"] }}" +{{ client["name"] }} contacts=["adm@foo.sh"] +{{ client["name"] }} grant_types=["authorization_code"] +{{ client["name"] }} id_token_signed_response_alg="RS256" +{{ client["name"] }} ipsilon_internal={"type": "static", "client_id": "{{ client["name"] }}", "trusted": true} +{{ client["name"] }} jwks=null +{{ client["name"] }} jwks_uri=null +{{ client["name"] }} logo_uri=null +{{ client["name"] }} policy_uri=null +{{ client["name"] }} redirect_uris=["{{ client["redirect_uri"] }}"] +{{ client["name"] }} request_uris=[] +{{ client["name"] }} require_auth_time=null +{{ client["name"] }} response_types=["code"] +{{ client["name"] }} subject_type="pairwise" +{{ client["name"] }} sector_identifier_uri=null +{{ client["name"] }} token_endpoint_auth_method="client_secret_post" +{{ client["name"] }} tos_uri=null +{% endfor %}