✨ Add Casdoor (#146)

* ✨ Add Casdoor * 🚨 Fix lint
anarion80 · May 26, 2024 · 34cb571 · 34cb571
1 parent 3a85fdd
commit 34cb571
Show file tree

Hide file tree

Showing 11 changed files with 222 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -32,6 +32,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Budibase](https://github.com/Budibase/budibase) - Low code platform for building business apps and workflows in minutes
 * [Calibre](https://calibre-ebook.com) - Calibre is a powerful and easy to use e-book manager.
 * [Calibre-web](https://github.com/janeczku/calibre-web) - Provides a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
+* [Casdoor](https://github.com/casdoor/casdoor) - An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform.
 * [Changedetection.io](https://github.com/dgtlmoon/changedetection.io) - Free open source website change detection, monitor and notification service
 * [Chatpad](https://chatpad.ai/) - Not just another ChatGPT user-interface!
 * [Chatwoot](https://github.com/chatwoot/chatwoot) - Open-source live-chat, email support, omni-channel desk

diff --git a/nas.yml b/nas.yml
@@ -118,6 +118,10 @@
       tags:
         - calibreweb
 
+    - role: casdoor
+      tags:
+        - casdoor
+
     - role: changedetection
       tags:
         - changedetection

diff --git a/roles/casdoor/defaults/main.yml b/roles/casdoor/defaults/main.yml
@@ -0,0 +1,50 @@
+---
+casdoor_enabled: false
+
+# Networking
+casdoor_available_externally: false
+casdoor_port: "8006"
+casdoor_hostname: "casdoor"
+casdoor_network_name: "casdoor"
+
+# Directories
+casdoor_data_directory: "{{ docker_home }}/casdoor"
+
+# Security
+casdoor_basic_auth_user: "casdoor_user"
+casdoor_basic_auth_password: "casdoor_change_me"
+
+# docker
+casdoor_container_name: "casdoor"
+casdoor_image_name: "casbin/casdoor"
+casdoor_image_version: "latest"
+casdoor_mysql_container_name: "casdoor-mysql"
+casdoor_mysql_image_name: mysql
+casdoor_mysql_image_version: "8.0.25"
+
+# specs
+casdoor_memory: 1g
+casdoor_mysql_memory: 1g
+casdoor_mysql_root_password: "supersecure"
+casdoor_mysql_database: casdoor
+casdoor_mysql_user: casdoor
+casdoor_mysql_password: casdoor
+casdoor_driver_name: "mysql"
+casdoor_data_source_name: "root:{{ casdoor_mysql_root_password }}@tcp({{ casdoor_mysql_container_name }}:3306)/"
+# casadoor_staticbaseurl: "https://{{ casdoor_hostname }}.{{ ansible_nas_domain }}"
+casdoor_runmode: "prod"
+
+
+casdoor_env:
+  RUNNING_IN_DOCKER: "true"
+  driverName: "{{ casdoor_driver_name }}"
+  dataSourceName: "{{ casdoor_data_source_name }}"
+  # staticBaseUrl: "{{ casadoor_staticbaseurl }}"
+  dbName: "{{ casdoor_mysql_database }}"
+  runmode: "{{ casdoor_runmode | default('prod') }}"
+
+casdoor_mysql_env:
+  MYSQL_ROOT_PASSWORD: "{{ casdoor_mysql_root_password }}"
+  MYSQL_DATABASE: "{{ casdoor_mysql_database }}"
+  MYSQL_USER: "{{ casdoor_mysql_user }}"
+  MYSQL_PASSWORD: "{{ casdoor_mysql_password }}"
diff --git a/roles/casdoor/molecule/default/molecule.yml b/roles/casdoor/molecule/default/molecule.yml
@@ -0,0 +1,17 @@
+---
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible:latest
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /tmp:/tmp:rw
+    privileged: true
+    pre_build_image: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        casdoor_enabled: true
+        casdoor_data_directory: "/tmp/casdoor"
diff --git a/roles/casdoor/molecule/default/side_effect.yml b/roles/casdoor/molecule/default/side_effect.yml
@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        casdoor_enabled: false
diff --git a/roles/casdoor/molecule/default/verify.yml b/roles/casdoor/molecule/default/verify.yml
@@ -0,0 +1,26 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get casdoor mysql container state
+      community.docker.docker_container:
+        name: "{{ casdoor_mysql_container_name }}"
+      register: result_mysql
+
+    - name: Get casdoor container state
+      community.docker.docker_container:
+        name: "{{ casdoor_container_name }}"
+      register: result
+
+    - name: Check if casdoor containers are running
+      ansible.builtin.assert:
+        that:
+          - result_mysql.container['State']['Status'] == "running"
+          - result_mysql.container['State']['Restarting'] == false
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false
diff --git a/roles/casdoor/molecule/default/verify_stopped.yml b/roles/casdoor/molecule/default/verify_stopped.yml
@@ -0,0 +1,26 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove casdoor
+      community.docker.docker_container:
+        name: "{{ casdoor_container_name }}"
+        state: absent
+      register: result
+
+    - name: Try and stop and remove casdoor mysql
+      community.docker.docker_container:
+        name: "{{ casdoor_mysql_container_name }}"
+        state: absent
+      register: result_mysql
+
+    - name: Check if casdoor is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed
+          - not result_mysql.changed
diff --git a/roles/casdoor/requirements.yml b/roles/casdoor/requirements.yml
@@ -0,0 +1 @@
+../../requirements.yml
diff --git a/roles/casdoor/tasks/main.yml b/roles/casdoor/tasks/main.yml
@@ -0,0 +1,72 @@
+---
+- name: Start Casdoor
+  block:
+    - name: Create Casdoor Directory
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        # owner: 1000
+        # group: 1000
+      with_items:
+        - "{{ casdoor_data_directory }}"
+
+    - name: Create Casdoor network
+      community.docker.docker_network:
+        name: "{{ casdoor_network_name }}"
+
+    - name: Create Casdoor Mysql Docker Container
+      community.docker.docker_container:
+        name: "{{ casdoor_mysql_container_name }}"
+        image: "{{ casdoor_mysql_image_name }}:{{ casdoor_mysql_image_version }}"
+        pull: true
+        volumes:
+          - "{{ casdoor_data_directory }}/mysql:/var/lib/mysql:rw"
+        networks:
+          - name: "{{ casdoor_network_name }}"
+        network_mode: "{{ casdoor_network_name }}"
+        restart_policy: unless-stopped
+        memory: "{{ casdoor_mysql_memory }}"
+        env: "{{ casdoor_mysql_env }}"
+        labels:
+          traefik.enable: "false"
+
+
+    - name: Pause for 70 seconds to wait for DB to get up
+      ansible.builtin.pause:
+        seconds: 70
+
+    - name: Create Casdoor Docker Container
+      community.docker.docker_container:
+        name: "{{ casdoor_container_name }}"
+        image: "{{ casdoor_image_name }}:{{ casdoor_image_version }}"
+        pull: true
+        ports:
+          - "{{ casdoor_port }}:8000"
+        # volumes:
+        #   - "{{ casdoor_data_directory }}/conf:/conf:rw"
+        networks:
+          - name: "{{ casdoor_network_name }}"
+        network_mode: "{{ casdoor_network_name }}"
+        restart_policy: unless-stopped
+        memory: "{{ casdoor_memory }}"
+        env: "{{ casdoor_env }}"
+        labels:
+          traefik.enable: "{{ casdoor_available_externally | string }}"
+          traefik.http.routers.casdoor.rule: "Host(`{{ casdoor_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.http.routers.casdoor.tls.certresolver: "letsencrypt"
+          traefik.http.routers.casdoor.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.casdoor.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.casdoor.loadbalancer.server.port: "8000"
+  when: casdoor_enabled is true
+
+- name: Stop Casdoor
+  block:
+    - name: Stop Casdoor
+      community.docker.docker_container:
+        name: "{{ casdoor_container_name }}"
+        state: absent
+    - name: Stop Casdoor Mysql
+      community.docker.docker_container:
+        name: "{{ casdoor_mysql_container_name }}"
+        state: absent
+  when: casdoor_enabled is false
diff --git a/roles/mantium/defaults/main.yml b/roles/mantium/defaults/main.yml
@@ -79,5 +79,5 @@ mantium_db_env:
 
 mantium_dashboard_env:
   TZ: "{{ ansible_nas_timezone }}"
-  DASHBOARD_PORT: "{{ mantium_dashboard_port}}"
+  DASHBOARD_PORT: "{{ mantium_dashboard_port }}"
   API_ADDRESS: "{{ mantium_api_address }}"
diff --git a/website/docs/applications/system-tools/casdoor.md b/website/docs/applications/system-tools/casdoor.md
@@ -0,0 +1,14 @@
+---
+title: "Casdoor"
+description: "An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform"
+---
+
+Homepage: [https://github.com/casdoor/casdoor](https://github.com/casdoor/casdoor)
+
+An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
+
+## Usage
+
+Set `casdoor_enabled: true` in your `inventories/<your_inventory>/group_vars/nas.yml`. Run the playbook.
+
+Casdoor web interface can be found at [http://ansible_nas_host_or_ip:8006](http://ansible_nas_host_or_ip:8006). Login with user `admin` and password `123`.