initial config

Author: wgalanciak

compose/.gitignore

@@ -0,0 +1,6 @@
+data/
+nginx/log/
+nginx/ssl/*.key
+nginx/ssl/*.pem
+nginx/ssl/*.crt
+.env

compose/compose.keycloak.yaml

@@ -0,0 +1,69 @@
+# 👇 Rename `.env-template` to `.env` before running this file
+# Set the appropriate values once renamed
+services:
+  # Relational database for Keycloak (optional)
+  mysql-shared:
+    image: mysql:8.0
+    container_name: mysql-shared
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      MYSQL_ROOT_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+      MYSQL_DATABASE: keycloak
+      MYSQL_USER: keycloak
+      MYSQL_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+    volumes:
+      - mysql_data:/var/lib/mysql
+    networks:
+      - codetogethernet
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 10s
+      retries: 30
+
+  # Keycloak service (optional)
+  codetogether-keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    container_name: codetogether-keycloak
+    env_file:
+      - .env
+    depends_on:
+      mysql-shared:
+        condition: service_healthy
+    command:
+      - "start"
+    environment:
+      # Admin credentials
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+
+      # Database connectivity
+      KC_DB: mysql
+      KC_DB_USERNAME: ${KEYCLOAK_DB_USERNAME:-root}
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+      KC_DB_URL_HOST: mysql-shared
+
+      # Feature flags & observability
+      KC_FEATURES: token-exchange
+      KC_HEALTH_ENABLED: "true"
+      KC_METRICS_ENABLED: "true"
+
+      # Reverse‑proxy / HTTP
+      KC_HTTP_ENABLED: "true"
+      KC_PROXY_HEADERS: xforwarded
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_HTTPS: "false"
+    ports:
+      - "5999:8080"
+    networks:
+      - codetogethernet
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
+      interval: 10s
+      timeout: 10s
+      retries: 20
+
+volumes:
+  mysql_data:

compose/cthq.properties

@@ -6,19 +6,26 @@ hq.collab.secret=${INTEL_SECRET}
 # Fill in values specific to your deployment
 
 # If you want to run with multiple SSO providers, add their names separated with commas
-hq.sso.tenants=github
+# hq.sso.tenants=github
 
 # GitHub SSO
-hq.sso.github.provider=github
-hq.sso.github.label=GitHub
-hq.sso.github.client.id=<github_client_id>
-hq.sso.github.client.secret=<github_client_secret>
-hq.sso.github.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
-hq.sso.github.auth.uri=https://github.com/login/oauth/authorize
-hq.sso.github.token.uri=https://github.com/login/oauth/access_token
-hq.sso.github.info.uri=https://api.github.com/user
-hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
-hq.sso.github.logout.uri=https://github.com/logout
+# hq.sso.github.provider=github
+# hq.sso.github.label=GitHub
+# hq.sso.github.client.id=Iv1.45b9336a78ce2476
+# hq.sso.github.client.secret=c4446ad126ec65b3d926e37de3fe880246aff371
+# hq.sso.github.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+# hq.sso.github.auth.uri=https://github.com/login/oauth/authorize
+# hq.sso.github.token.uri=https://github.com/login/oauth/access_token
+# hq.sso.github.info.uri=https://api.github.com/user
+# hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks
+# hq.sso.github.logout.uri=https://github.com/logout
+
+hq.sso.provider=keycloak
+hq.sso.client.id=codetogether
+hq.sso.client.secret=eFl6XSKwMMsEW1yRTY9pHjBrCTHDEY64
+hq.sso.client.issuer.url=http://codetogether-keycloak:8080/realms/codetogether
+hq.sso.redirect.uri=https://${INTEL_FQDN}/api/v1/auth/sso/success/insights
+hq.sso.client.authentication.method=client_secret_post
 
 # These values do not need to be changed, though secrets can be updated
 hq.db.type=CASSANDRA