infra-role-oauth-proxy/defaults/main.yml

---
oauth_service_name: 'oauth'
oauth_service_path: '/docker/{{ oauth_service_name }}'
oauth_compose_path: '{{ oauth_service_path }}/docker-compose.yml'

oauth_service_user: 'dockremap'
oauth_service_group: 'docker'

# Architectures
oauth_archs_map:
  x86_64:  'amd64'
  aarch64: 'arm64'

# Container
oauth_version: '7.6.0'
oauth_cont_name: '{{ oauth_service_name }}'
oauth_cont_tag: 'v{{ oauth_version }}-{{ oauth_archs_map[ansible_architecture] }}'
oauth_cont_image: 'quay.io/oauth2-proxy/oauth2-proxy:{{ oauth_cont_tag }}'
oauth_cont_volumes: []
oauth_local_port: 4180
oauth_local_addr: '0.0.0.0'

# Upstream address, port, or just full URL.
oauth_upstream_addr: 'upstream'
oauth_upstream_port: ~
oauth_upstream_url: 'http://{{ oauth_upstream_addr }}:{{ oauth_upstream_port | mandatory }}/'

# container setttings
oauth_cont_networks: []
oauth_cont_etc_hosts:
  upstream: 'host-gateway'

# domain under which the oauth will be available
oauth_domain: ~
oauth_callback: '/oauth2/callback'

# Skip auth for these paths.
oauth_skip_auth_routes: []
#  - 'POST=/ping'
#  - '/webhook'

# Providers
oauth_provider: 'github' # github, google, keycloak
# Github
oauth_github_org: 'status-im'
oauth_github_teams: []
# Google
oauth_google_domain: 'status.im'
# Keycloak
oauth_keycloak_url: 'https://auth.logos.co'
oauth_keycloak_realm: 'logos-co'
oauth_keycloak_domain: '*'
oauth_keycloak_groups: ['infra']
oauth_keycloak_roles: []
oauth_keycloak_login_url: '{{ oauth_keycloak_url }}/realms/{{ oauth_keycloak_realm }}/protocol/openid-connect/auth'
oauth_keycloak_redeem_url: '{{ oauth_keycloak_url }}/realms/{{ oauth_keycloak_realm }}/protocol/openid-connect/token'
oauth_keycloak_profile_url:  '{{ oauth_keycloak_url }}/realms/{{ oauth_keycloak_realm }}/protocol/openid-connect/userinfo'
oauth_keycloak_validate_url:  '{{ oauth_keycloak_url }}/realms/{{ oauth_keycloak_realm }}/protocol/openid-connect/userinfo'

# required auth options
oauth_cookie_secret: ~
oauth_id: ~
oauth_secret: ~

# Extra
oauth_logo_url: 'https://status.app/assets/favicon/default.png'
oauth_provider_scopes:
  github: 'user:email read:org'
  keycloak: 'openid'
oauth_scope: '{{ oauth_provider_scopes.get("oauth_provider", "") }}'

# Consul
oauth_consul_service_port: '{{ oauth_local_port }}'
oauth_consul_service_name: 'oauth-proxy'
oauth_consul_service_id: 'oauth-proxy:{{ oauth_domain }}'
oauth_consul_service_tags: ['oauth-proxy', 'ssl-proxy-backend', 'site']

# general container management
compose_pull: 'missing'
compose_recreate: 'auto'
compose_state: 'present'