implememt oauth support

l-with · Jul 5, 2022 · 8898a64 · 8898a64
1 parent 6380e6b
commit 8898a64
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 0 deletions.
diff --git a/.talismanrc b/.talismanrc
@@ -57,3 +57,8 @@ fileignoreconfig:
 
 - filename: templates/mailcow_backup.sh.j2
   ignore_detectors: [filename]
+
+allowed_patterns:
+  - >
+    [-_a-zA-Z0-9]+: +"{{ [-_a-zA-Z0-9]+ }}"
+
diff --git a/README.md b/README.md
@@ -38,6 +38,10 @@ Note that this also requires installation of the python libraries `docker` and `
 | configuration | `mailcow_submission_port` | `587` | the SUBMISSION_PORT in mailcow.conf |
 | configuration | `mailcow_greylisting` | `true` | if greylisting should be active |
 | configuration | `mailcow_mynetworks` | `` | list of subnetwork masks to add to `mynetworks` in postfix <br /> if subnetwork masks are provided at the beginning `127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10` is added (local) |
+| oauth2 | `mailcow_oauth2_client_id` | | the client id for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_secret` | | the client secret for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_redirect_uri` | | the redirect uri for the mailcow oauth2 app |
+| oauth2 | `mailcow_oauth2_client_scope` | `profile` | the scope for the mailcow oauth2 app |
 | backup | `mailcow_configure_backup` | `false` | if backup of the mailcow should be configured for unattended backup |
 | backup | `mailcow_path` | `/opt/mailcow` | the mailcow path for the backup artifacts (scripts) |
 | backup | `mailcow_backup_path` | `/var/backups/mailcow` | the path for the mailcow backup |

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 
+# mailcow_hostname:
+
 mailcow_install_path: /opt/mailcow-dockerized
 mailcow_timezone: Europe/Berlin
 mailcow_version: master
@@ -39,6 +41,11 @@ mailcow_dns_dkim: true
 mailcow_dns_do: true
 mailcow_dns_debug: false
 
+# mailcow_oauth2_client_id:
+# mailcow_oauth2_client_secret:
+# mailcow_oauth2_client_redirect_uri:
+mailcow_oauth2_client_scope: profile
+
 mailcow_configure_backup: false
 mailcow_path: /opt/mailcow
 mailcow_backup_path: /var/backups/mailcow

diff --git a/tasks/mailcow_oauth2.yml b/tasks/mailcow_oauth2.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Ensure oauth2-client in mailcow
+  ansible.builtin.uri:
+    url: "{{ mailcow_api_url }}/add/oauth2-client"
+    body_format: json
+    headers:
+      X-API-Key: "{{ mailcow_api_key }}"
+    method: post
+    body:
+      client_id:     "{{ mailcow_oauth2_client_id }}"
+      client_secret: "{{ mailcow_oauth2_client_secret }}"
+      redirect_uri:  "{{ mailcow_oauth2_client_redirect_uri }}" # "https://authentik.with.de/source/oauth/callback/mailcow"
+      scope:         "{{ mailcow_oauth2_client_scope }}"
+  register: _response
+
+...
diff --git a/vars/main.yml b/vars/main.yml
@@ -0,0 +1,5 @@
+---
+
+mailcow_api_url: "https://{{ mailcow_hostname }}/api/v1"
+
+...