docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
2026-03-03 12:49:06 +00:00
parent c7be03a743
commit b4d60f2f38
219 changed files with 34586 additions and 2 deletions
--- a/ansible/oauth2_proxy/deploy.yml
+++ b/ansible/oauth2_proxy/deploy.yml
@@ -0,0 +1,75 @@
+---
+# OAuth2-Proxy Deployment for SearXNG Authentication
+# Provides OIDC authentication layer using Casdoor as identity provider
+# Red Panda Approved
+
+- name: Deploy OAuth2-Proxy for SearXNG
+  hosts: ubuntu
+  become: true
+  tasks:
+    - name: Check if host has oauth2_proxy service
+      ansible.builtin.set_fact:
+        has_oauth2_proxy_service: "{{'oauth2_proxy' in services}}"
+
+    - name: Skip hosts without oauth2_proxy service
+      ansible.builtin.meta: end_host
+      when: not has_oauth2_proxy_service
+
+    - name: Create oauth2-proxy group
+      ansible.builtin.group:
+        name: "{{ oauth2_proxy_group }}"
+        gid: "{{ oauth2_proxy_gid }}"
+        system: true
+
+    - name: Create oauth2-proxy user
+      ansible.builtin.user:
+        name: "{{ oauth2_proxy_user }}"
+        uid: "{{ oauth2_proxy_uid }}"
+        comment: "OAuth2 Proxy Service"
+        group: "{{ oauth2_proxy_group }}"
+        system: true
+        create_home: false
+        shell: /usr/sbin/nologin
+
+    - name: Add oauth2-proxy group to ansible user
+      ansible.builtin.user:
+        name: "{{ ansible_user }}"
+        groups: "{{ oauth2_proxy_group }}"
+        append: true
+
+    - name: Create oauth2-proxy directory
+      ansible.builtin.file:
+        path: "{{ oauth2_proxy_directory }}"
+        owner: "{{ oauth2_proxy_user }}"
+        group: "{{ oauth2_proxy_group }}"
+        state: directory
+        mode: '0750'
+
+    - name: Template configuration files
+      ansible.builtin.template:
+        src: "{{ item.src }}"
+        dest: "{{ oauth2_proxy_directory }}/{{ item.dest }}"
+        owner: "{{ oauth2_proxy_user }}"
+        group: "{{ oauth2_proxy_group }}"
+        mode: "{{ item.mode | default('0640') }}"
+      loop:
+        - src: "docker-compose.yml.j2"
+          dest: "docker-compose.yml"
+        - src: "oauth2-proxy.cfg.j2"
+          dest: "oauth2-proxy.cfg"
+          mode: "0600"
+      notify: Restart oauth2-proxy
+
+    - name: Reset SSH connection to apply group changes
+      meta: reset_connection
+
+    - name: Start OAuth2-Proxy service
+      community.docker.docker_compose_v2:
+        project_src: "{{ oauth2_proxy_directory }}"
+        state: present
+
+  handlers:
+    - name: Restart oauth2-proxy
+      community.docker.docker_compose_v2:
+        project_src: "{{ oauth2_proxy_directory }}"
+        state: restarted