hetzner-ansible/roles/infrastructure_realm/defaults/main.yml

---

infrastructure_realm_name: "infrastructure"

argocd_server_url: "{{ http_s}}://{{ stage }}-argocd.{{ domain }}"
shared_service_url_keycloak: "{{ http_s}}://{{ stage }}-keycloak-01-keycloak.{{ domain }}"

current_realm_name: "{{ infrastructure_realm_name }}"
shared_service_mail_hostname: "not_available"
current_realm_password_policy: ""

argocd_admin_username: "argocd-admin"

current_realm_clients: [
  {
    name: "argocd",
    clientId: "argocd",
    base_url: "/applications",
    admin_url: "{{ argocd_server_url }}/",
    root_url: "{{ argocd_server_url }}/",
    redirect_uris: "{{ argocd_server_url }}/auth/callback",
    secret: "{{ argocd_keycloak_client_secret_vault }}",
    web_origins: "{{ argocd_server_url }}/",
    default_client_scopes: "{{ keycloak_default_client_scopes + ['groups'] }}"
  }
]

current_realm_users:
  - username: "{{ argocd_admin_username }}"
    password: "{{ argocd_admin_password_vault }}"
    email: "{{ argocd_admin_email }}"
    firstName: "Netgo"
    lastName: "Administrator"
    requiredActions: []

current_realm_admin_users:
  - username: "infrastructure-realm-admin"
    password: "{{ infrastructure_realm_admin_password_vault }}"
    email: "{{ argocd_admin_email }}"
    firstName: "Netgo"
    lastName: "Administrator"
    requiredActions: []

current_realm_groups:
  - name: "argocd-admins"

current_user_groupmembership:
  - username: "argocd-admin"
    destination_group: "argocd-admins"

current_realm_clientscopes:
  - name: "groups"
    realm_name: "{{ infrastructure_realm_name }}"
    protocol: "openid-connect"