--- # OAuth2-Proxy Deployment for SearXNG Authentication # Provides OIDC authentication layer using Casdoor as identity provider # Red Panda Approved - name: Deploy OAuth2-Proxy for SearXNG hosts: ubuntu become: true tasks: - name: Check if host has oauth2_proxy service ansible.builtin.set_fact: has_oauth2_proxy_service: "{{'oauth2_proxy' in services}}" - name: Skip hosts without oauth2_proxy service ansible.builtin.meta: end_host when: not has_oauth2_proxy_service - name: Create oauth2-proxy group ansible.builtin.group: name: "{{ oauth2_proxy_group }}" gid: "{{ oauth2_proxy_gid }}" system: true - name: Create oauth2-proxy user ansible.builtin.user: name: "{{ oauth2_proxy_user }}" uid: "{{ oauth2_proxy_uid }}" comment: "OAuth2 Proxy Service" group: "{{ oauth2_proxy_group }}" system: true create_home: false shell: /usr/sbin/nologin - name: Add oauth2-proxy group to ansible user ansible.builtin.user: name: "{{ ansible_user }}" groups: "{{ oauth2_proxy_group }}" append: true - name: Create oauth2-proxy directory ansible.builtin.file: path: "{{ oauth2_proxy_directory }}" owner: "{{ oauth2_proxy_user }}" group: "{{ oauth2_proxy_group }}" state: directory mode: '0750' - name: Template configuration files ansible.builtin.template: src: "{{ item.src }}" dest: "{{ oauth2_proxy_directory }}/{{ item.dest }}" owner: "{{ oauth2_proxy_user }}" group: "{{ oauth2_proxy_group }}" mode: "{{ item.mode | default('0640') }}" loop: - src: "docker-compose.yml.j2" dest: "docker-compose.yml" - src: "oauth2-proxy.cfg.j2" dest: "oauth2-proxy.cfg" mode: "0600" notify: Restart oauth2-proxy - name: Reset SSH connection to apply group changes meta: reset_connection - name: Start OAuth2-Proxy service community.docker.docker_compose_v2: project_src: "{{ oauth2_proxy_directory }}" state: present handlers: - name: Restart oauth2-proxy community.docker.docker_compose_v2: project_src: "{{ oauth2_proxy_directory }}" state: restarted