generated from coop-cloud/example
37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
# WARNING: Requires your own Keycloak and is a work-around for the server pro
|
|
# restrictions for SSO integration. This is experimental. Please speak
|
|
# to washnote.com folks if you need support, it is being used there.
|
|
|
|
services:
|
|
app:
|
|
configs:
|
|
- source: pam_exec_oauth2_yaml
|
|
target: /opt/pam-exec-oauth2/pam-exec-oauth2.yaml
|
|
mode: 0600
|
|
- source: pam_script_auth_sh
|
|
target: /usr/share/libpam-script/pam_script_auth
|
|
mode: 0555
|
|
environment:
|
|
- KEYCLOAK_ENABLED
|
|
- KEYCLOAK_CLIENT_ID
|
|
- KEYCLOAK_TOKEN_URL
|
|
secrets:
|
|
- keycloak_client_secret
|
|
|
|
configs:
|
|
pam_exec_oauth2_yaml:
|
|
name: ${STACK_NAME}_pam_exec_oauth2_yaml_${PAM_EXEC_OAUTH2_YAML_VERSION}
|
|
file: pam-exec-oauth2.yaml.tmpl
|
|
template_driver: golang
|
|
pam_script_auth_sh:
|
|
name: ${STACK_NAME}_pam_script_auth_sh_${PAM_SCRIPT_AUTH_VERSION}
|
|
file: pam_script_auth.sh
|
|
|
|
secrets:
|
|
keycloak_client_secret:
|
|
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|
|
external: true
|