Добавил Keycloak

app/keycloak/.env

@@ -0,0 +1,5 @@
+WEB_SERVER_PORT=9595
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
+USER_UID=1000
+USER_GID=1000

app/keycloak/.gitignore

@@ -0,0 +1 @@
+data/

app/keycloak/docker-compose.prod.yml

@@ -0,0 +1,24 @@
+version: "3"
+
+# Images: https://quay.io/repository/keycloak/keycloak?tab=tags&tag=latest
+# Configuration: https://www.keycloak.org/server/all-config
+
+# NB
+# - На проде были проблемы с правами к директории data, пришлось выдать 777
+# - Переменную KC_HOSTNAME_ADMIN_URL нужно указать вместе с KC_HOSTNAME_URL, иначе будут ошибки 403
+
+services:
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    command: ["start-dev"]
+    restart: unless-stopped
+    environment:
+      KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN}"
+      KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"
+      KC_HOSTNAME_URL: "https://kk.vakhrushev.me"
+      KC_HOSTNAME_ADMIN_URL: "https://kk.vakhrushev.me"
+    ports:
+      - "${WEB_SERVER_PORT}:8080"
+    volumes:
+      - "./data:/opt/keycloak/data"

app/keycloak/docker-compose.yml

@@ -0,0 +1,18 @@
+version: "3"
+
+# Images: https://quay.io/repository/keycloak/keycloak?tab=tags&tag=latest
+# Configuration: https://www.keycloak.org/server/all-config
+
+services:
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    command: ["start-dev"]
+    restart: unless-stopped
+    environment:
+      KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN}"
+      KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"
+    ports:
+      - "${WEB_SERVER_PORT}:8080"
+    volumes:
+      - "./data:/opt/keycloak/data"

app/tasks.py

@@ -1,51 +0,0 @@
-import os
-import shlex
-import fabric
-from invoke import task
-
-SERVER_HOST_FILE = "../ansible/hosts_prod"
-DOKER_REGISTRY = "cr.yandex/crplfk0168i4o8kd7ade"
-
-
-@task(name="deploy:gitea")
-def deploy_gitea(context):
-    deploy("gitea", dirs=["data"])
-
-
-@task(name="deploy:wiki")
-def deploy_wiki(context):
-    deploy("wiki")
-
-
-def read_host():
-    with open(SERVER_HOST_FILE) as f:
-        return f.read().strip()
-
-
-def ssh_host(app_name):
-    return f"{app_name}@{read_host()}"
-
-
-def deploy(app_name: str, dirs=None):
-    docker_compose = os.path.join(app_name, "docker-compose.yml")
-    assert os.path.exists(docker_compose)
-    conn_str = ssh_host(app_name)
-    dirs = dirs or []
-    print("Deploy app from", docker_compose)
-    print("Start setup remote host", conn_str)
-    with fabric.Connection(conn_str) as c:
-        print("Copy docker compose file to remote host")
-        c.put(
-            local=docker_compose,
-            remote=f"/home/{app_name}/docker-compose.yml",
-        )
-        print("Copy environment file")
-        c.run("cp .env .env.prod")
-        for d in dirs:
-            print("Create remote directory", d)
-            c.run(f"mkdir -p {d}")
-        print("Up services")
-        c.run(
-            f"docker-compose --project-name {shlex.quote(app_name)} --env-file=.env.prod up --detach --remove-orphans"
-        )
-    print("Done.")