admin/authser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07164843603f4a266e3f83b65015c9fd7d76662b
authser/docker-compose.yml
Serreau Jovann 0716484360 Add fixed group set on ecosplay realm 
- Declare the 10 application groups (gp_asso, gp_contest, gp_mail,
  gp_mailling, gp_member, gp_ndd, gp_sign, gp_ticket, super_admin_asso,
  superadmin) in the realm import JSON for fresh installs.
- Extend keycloak-init to idempotently create them via kcadm on every
  boot, so existing installs (where the realm is already imported and
  --import-realm is a no-op) also get them in sync.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 11:36:40 +02:00

124 lines
4.0 KiB
YAML
Raw Blame History

services:
postgres:
image: postgres:16-alpine
container_name: ecosplay-auth-db
restart: unless-stopped
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- keycloak-net
healthcheck:
test: ["CMD-SHELL", "pg_isready -U keycloak"]
interval: 10s
timeout: 5s
retries: 5
keycloak:
image: quay.io/keycloak/keycloak:26.0
container_name: ecosplay-auth-keycloak
restart: unless-stopped
command: ["start", "--import-realm"]
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
KC_HOSTNAME: https://auth.e-cosplay.fr
KC_HTTP_ENABLED: "true"
KC_PROXY_HEADERS: xforwarded
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
ports:
- "127.0.0.1:9450:8080"
volumes:
- ./themes/ecosplay:/opt/keycloak/themes/ecosplay:ro
- ./realms:/opt/keycloak/data/import:ro
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000 && printf 'GET /health/ready HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && grep -q UP <&3"]
interval: 10s
timeout: 5s
retries: 30
start_period: 120s
depends_on:
postgres:
condition: service_healthy
networks:
- keycloak-net
keycloak-init:
image: quay.io/keycloak/keycloak:26.0
container_name: ecosplay-auth-init
depends_on:
keycloak:
condition: service_healthy
environment:
KC_SERVER: http://keycloak:8080
KC_ADMIN: admin
KC_ADMIN_PASSWORD: admin
SMTP_HOST: email-smtp.eu-west-3.amazonaws.com
SMTP_PORT: "587"
SMTP_FROM: auth@e-cosplay.fr
SMTP_FROM_DISPLAY_NAME: E-Cosplay
SMTP_USER: AKIAWTT2T22CWBRBBDYN
SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
LOGIN_THEME: ecosplay
ECOSPLAY_GROUPS: "gp_asso gp_contest gp_mail gp_mailling gp_member gp_ndd gp_sign gp_ticket super_admin_asso superadmin"
entrypoint: ["/bin/bash", "-c"]
command:
- |
set -e
until /opt/keycloak/bin/kcadm.sh config credentials \
--server "$$KC_SERVER" \
--realm master \
--user "$$KC_ADMIN" \
--password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do
echo "Waiting for Keycloak to be ready..."
sleep 5
done
echo "Keycloak ready, configuring master realm (SMTP + theme)..."
/opt/keycloak/bin/kcadm.sh update realms/master \
-s "smtpServer.host=$$SMTP_HOST" \
-s "smtpServer.port=$$SMTP_PORT" \
-s "smtpServer.from=$$SMTP_FROM" \
-s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \
-s "smtpServer.auth=true" \
-s "smtpServer.starttls=true" \
-s "smtpServer.ssl=false" \
-s "smtpServer.user=$$SMTP_USER" \
-s "smtpServer.password=$$SMTP_PASSWORD" \
-s "loginTheme=$$LOGIN_THEME" \
-s "internationalizationEnabled=true" \
-s 'supportedLocales=["fr"]' \
-s "defaultLocale=fr"
echo "Master realm configured."
echo "Ensuring groups exist on ecosplay realm..."
if /opt/keycloak/bin/kcadm.sh get realms/ecosplay >/dev/null 2>&1; then
for grp in $$ECOSPLAY_GROUPS; do
if /opt/keycloak/bin/kcadm.sh create groups -r ecosplay -s name="$$grp" >/dev/null 2>&1; then
echo " + created group $$grp"
else
echo " = group $$grp already exists"
fi
done
echo "Groups synced on ecosplay realm."
else
echo "ecosplay realm not found, skipping group sync (will be created from JSON import on next boot)."
fi
networks:
- keycloak-net
restart: "no"
volumes:
postgres_data:
networks:
keycloak-net:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink