From 02d6ef1411944cc415bb498a3e175c07c2797daa Mon Sep 17 00:00:00 2001 From: aleidk Date: Wed, 11 Dec 2024 13:29:26 -0300 Subject: [PATCH] feat: add bookmark to RSS stack --- files/docker/rss/docker-stack.yaml | 40 +++++++++++++++++++++++++++--- playbooks/docker/services.yaml | 26 ++++++++++++++++--- 2 files changed, 60 insertions(+), 6 deletions(-) diff --git a/files/docker/rss/docker-stack.yaml b/files/docker/rss/docker-stack.yaml index 65d8321..c7089d0 100644 --- a/files/docker/rss/docker-stack.yaml +++ b/files/docker/rss/docker-stack.yaml @@ -5,6 +5,7 @@ networks: volumes: fresh_rss_data: fresh_rss_extensions: + linkding_data: services: freshrss: @@ -27,9 +28,9 @@ services: OIDC_ENABLED: 1 OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration - OIDC_CLIENT_ID: ${OIDC_CLIENT_ID} - OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET} - OIDC_CLIENT_CRYPTO_KEY: ${OIDC_CLIENT_CRYPTO_KEY} + OIDC_CLIENT_ID: ${FR_OIDC_CLIENT_ID} + OIDC_CLIENT_SECRET: ${FR_OIDC_CLIENT_SECRET} + OIDC_CLIENT_CRYPTO_KEY: ${FR_OIDC_CLIENT_CRYPTO_KEY} OIDC_REMOTE_USER_CLAIM: preferred_username OIDC_SCOPES: openid groups email profile OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto @@ -48,3 +49,36 @@ services: - traefik.enable=true - traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`) - traefik.http.services.freshrss.loadbalancer.server.port=80 + linkding: + image: sissbruecker/linkding:latest + restart: unless-stopped + networks: + - reverse-proxy + volumes: + - linkding_data:/etc/linkding/data" + environment: + LD_ENABLE_OIDC: "True" + OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.alecodes.page/api/oidc/authorization + OIDC_OP_TOKEN_ENDPOINT: https://auth.alecodes.page/api/oidc/token + OIDC_OP_USER_ENDPOINT: https://auth.alecodes.page/api/oidc/userinfo + OIDC_OP_JWKS_ENDPOINT: https://auth.alecodes.page/jwks.json + + OIDC_RP_CLIENT_ID: ${LD_OIDC_CLIENT_ID} + OIDC_RP_CLIENT_SECRET: ${LD_OIDC_CLIENT_SECRET} + + LD_CSRF_TRUSTED_ORIGINS: https://bookmarks.alecodes.page + + deploy: + rollback_config: + failure_action: continue + update_config: + delay: 2s + failure_action: rollback + order: start-first + placement: + constraints: + - node.labels.services_kind==${SERVICE_KIND:-common} + labels: + - traefik.enable=true + - traefik.http.routers.linkding.rule=Host(`bookmarks.alecodes.page`) + - traefik.http.services.linkding.loadbalancer.server.port=9090 diff --git a/playbooks/docker/services.yaml b/playbooks/docker/services.yaml index d8a079c..8265459 100644 --- a/playbooks/docker/services.yaml +++ b/playbooks/docker/services.yaml @@ -24,7 +24,7 @@ - name: Deploy RSS Feed environment: SERVICE_KIND: common - OIDC_CLIENT_ID: !vault | + FR_OIDC_CLIENT_ID: !vault | $ANSIBLE_VAULT;1.1;AES256 64373465396361306338353037613339383136643235633433396436313265343565343335386439 6364653962636630393031326266626631353163656364620a366663306633623163306631323836 @@ -34,7 +34,7 @@ 63396636646663326637333563303734313336653038323334646164306336393562313030353063 61643537393062336438623762633331666562303335393434666437336636613935626435363631 33386337336365353733 - OIDC_CLIENT_SECRET: !vault | + FR_OIDC_CLIENT_SECRET: !vault | $ANSIBLE_VAULT;1.1;AES256 31666165626661336330303635343437313563343234383966383862653735643734633130626631 3335656237326535333132666432646563386131303636350a626534653338343236313636623234 @@ -44,7 +44,7 @@ 61386464313533643464323762333639316631393364393062666566666233623364376334376139 31366363376564353135646134396666373166386461376162656231323335396539323533643734 39306533333436363361 - OIDC_CLIENT_CRYPTO_KEY: !vault | + FR_OIDC_CLIENT_CRYPTO_KEY: !vault | $ANSIBLE_VAULT;1.1;AES256 65353837666236363262613131653664633166646236363133356335636263363361373934626166 3935346135393061346566326130643134383363323433370a316131376666626139373430393135 @@ -57,6 +57,26 @@ 37333837383538613866663564616334636330636431663936373238613862316239663566333737 65333264666234643765623636393832363763343339386266316365623331333132303361336566 613766343761383861323138623536366431 + LD_OIDC_CLIENT_ID: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32386332636132656536326132666138336230393965333637336234656663393531366266653037 + 6365386466343938303532353361626335346335353965660a313132623532343063393565393136 + 62363735373661333539396531663338343637363836666635626562363761613738303231636637 + 3431356534326662320a663130363739643538643031643534613835363737666662303138313737 + 32366361313137306334323965333066656164393830656334303038356461363530303731653161 + 33633832626335376263616430306565633664626163396430376239353838313364386364353037 + 64323765653835343263353739353938373133363464326566346162343536353437623261643139 + 36383363636464613138 + LD_OIDC_CLIENT_SECRET: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33343032383063343035316333613033646538643564386337396336623134656333393962386262 + 3936383566346433623766306666363165323562353561330a613333656264626337396666666136 + 35343638326334343539616462646338643066303138616162623964383363393361366563653737 + 6539333565313438300a653733613535643264386532333830343264626665363234653834343036 + 66393935653363633837363534383365303166313061306532613366656132663264306530666133 + 37306462336534393436373836656137663566623031646165376262633535383462373663363166 + 31366234373764373031373161653736383336613336646631333562333864663639653263333762 + 61343031656664636431 community.docker.docker_stack: state: present name: "{{ project_name }}"