Use OIDC to log in to tt-rss

This commit is contained in:
Jake Howard 2023-11-08 19:46:16 +00:00
parent 935b099c4f
commit 66ddef96e2
Signed by: jake
GPG key ID: 57AFB45680EDD477
3 changed files with 40 additions and 2 deletions

View file

@ -12,6 +12,11 @@ x-app: &app
- TTRSS_CHECK_FOR_UPDATES=false - TTRSS_CHECK_FOR_UPDATES=false
- TTRSS_ENABLE_GZIP_OUTPUT=true - TTRSS_ENABLE_GZIP_OUTPUT=true
- TTRSS_NO_STARTUP_PLUGIN_UPDATES=true - TTRSS_NO_STARTUP_PLUGIN_UPDATES=true
- TTRSS_PLUGINS=auth_oidc
- TTRSS_AUTH_OIDC_NAME=Authentik
- TTRSS_AUTH_OIDC_URL=https://auth.jakehoward.tech/application/o/tt-rss/
- TTRSS_AUTH_OIDC_CLIENT_ID={{ tt_rss_oidc_client_id }}
- TTRSS_AUTH_OIDC_CLIENT_SECRET={{ tt_rss_oidc_client_secret }}
- OWNER_UID={{ docker_user.id }} - OWNER_UID={{ docker_user.id }}
- OWNER_GID={{ docker_user.id }} - OWNER_GID={{ docker_user.id }}
- PHP_WORKER_MAX_CHILDREN=50 - PHP_WORKER_MAX_CHILDREN=50

View file

@ -1,3 +1,6 @@
- name: Include tt-rss variables
include_vars: tt-rss.yml
- name: Create tt-rss directory - name: Create tt-rss directory
file: file:
path: /opt/tt-rss path: /opt/tt-rss
@ -34,6 +37,15 @@
become: true become: true
become_user: "{{ docker_user.name }}" become_user: "{{ docker_user.name }}"
- name: Install OIDC plugin
git:
repo: https://git.tt-rss.org/fox/ttrss-auth-oidc.git
dest: "{{ plugins_dir.path }}/auth_oidc"
depth: 1
register: oidc_plugin
become: true
become_user: "{{ docker_user.name }}"
- name: Ensure plugins are owned by {{ docker_user.name }} - name: Ensure plugins are owned by {{ docker_user.name }}
file: file:
path: "{{ plugins_dir.path }}" path: "{{ plugins_dir.path }}"
@ -42,10 +54,10 @@
mode: u=rwX,g=rwX,o=rX mode: u=rwX,g=rwX,o=rX
recurse: true recurse: true
become: true become: true
when: fever_plugin.changed when: fever_plugin.changed or oidc_plugin.changed
- name: restart tt-rss - name: restart tt-rss
shell: shell:
chdir: /opt/tt-rss chdir: /opt/tt-rss
cmd: "{{ docker_update_command }}" cmd: "{{ docker_update_command }}"
when: compose_file.changed or fever_plugin.changed when: compose_file.changed or fever_plugin.changed or oidc_plugin.changed

View file

@ -0,0 +1,21 @@
tt_rss_oidc_client_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
37303438653837653530633362613665653232373637363562386638313532626335393466383537
3764386332343131346466616162623566323535313030300a303934356665373438646234386262
30656135393734303265346465313237323935623161313739326165616263633962343364323737
3237646264636165310a633864636166666561393733623332663031396336363761313965363734
66343439613232323836346435353530373339343233306665363630303133393231363361343336
3962656630383363336433666539643030376232363438643961
tt_rss_oidc_client_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
31343432386662653236623164323139653266353338336237313735356266633731396238633863
3230303262386236333830343866373661353836613764320a343436633638626137636364316563
63346238306637643038663530313964646230313439353061313539303761393533313236393036
6136363837636462650a326130653761626334656235633864363734656462636638623237316635
31373262353937333035356262333032663837613038353935313636633333623465346431383539
35356130333439356339616665343935393962343066376234656431613565356238633932643966
31313536373833653938643536653062313335653161326430356533316262633937303632646536
61383534343232303533356135343237336462623738386232313863353866626136653534663236
61343130653336613561323266636137636130393465656434306163356231333231653261623765
35616336656639633464373762303164623631326436386637383661366662343331633232366432
316138653666643865303138633437653866