homelab/roles/authentik/tasks/main.yml

112 lines
3.2 KiB
YAML
Raw Normal View History

2024-10-19 13:00:15 +05:00
---
2024-11-14 14:02:19 +05:00
- name: Create authentik network
2024-10-19 13:00:15 +05:00
become: true
community.docker.docker_network:
2024-11-14 14:02:19 +05:00
name: authentik
2024-10-19 13:00:15 +05:00
- name: Create authnetik docker volumes
become: true
community.docker.docker_volume:
name: "{{ item }}"
2024-10-20 15:03:25 +05:00
loop: ["authentik-redis", "authentik-media", "authentik-templates", "authentik-certs"]
2024-10-19 13:00:15 +05:00
- name: Run redis container
become: true
community.docker.docker_container:
name: authentik-redis
image: redis:7.4-bookworm
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
networks:
2024-11-14 14:02:19 +05:00
- name: authentik
2024-10-19 13:00:15 +05:00
volumes:
- authentik-redis:/data
restart_policy: unless-stopped
- name: Create authentik config dir
become: true
ansible.builtin.file:
path: /etc/authentik
state: directory
mode: "1700"
owner: root
- name: Copy authentik config
become: true
ansible.builtin.template:
src: authentik.env.j2
dest: /etc/authentik/.env
- name: Run authentik server container
become: true
community.docker.docker_container:
name: authentik-{{ item }}
2024-10-19 13:00:15 +05:00
image: "{{ image }}:{{ tag }}"
command: ["server"]
networks:
- name: authentik
- name: postgresql
- name: haproxy
2024-11-14 14:01:47 +05:00
- name: monitoring
2024-10-20 15:03:25 +05:00
user: root
volumes:
- authentik-media:/media
- authentik-templates:/templates
- authentik-certs:/certs
- /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
- /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
2024-10-19 13:00:15 +05:00
env_file: /etc/authentik/.env
2024-10-30 17:55:20 +05:00
restart_policy: unless-stopped
2024-11-14 13:41:21 +05:00
healthcheck:
test: ["CMD", "ak", "healthcheck"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# TODO: enable after ansible update
# state: healthy
loop: ["1", "2"]
2024-10-19 13:00:15 +05:00
- name: Run authentik worker container
become: true
community.docker.docker_container:
name: authentik-worker
image: "{{ image }}:{{ tag }}"
command: ["worker"]
networks:
- name: authentik
- name: postgresql
2024-10-20 15:03:25 +05:00
volumes:
- authentik-media:/media
- authentik-templates:/templates
- authentik-certs:/certs
2024-10-19 13:00:15 +05:00
env_file: /etc/authentik/.env
2024-10-30 17:55:20 +05:00
restart_policy: unless-stopped
2024-11-14 13:41:21 +05:00
healthcheck:
test: ["CMD", "ak", "healthcheck"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# TODO: enable after ansible update
# state: healthy
2024-10-20 15:03:25 +05:00
- name: Run authentik LDAP outpost
become: true
community.docker.docker_container:
name: authentik-ldap-{{ item }}
2024-10-20 15:03:25 +05:00
image: ghcr.io/goauthentik/ldap:{{ tag }}
networks:
- name: authentik
- name: haproxy
2024-11-14 14:01:47 +05:00
- name: monitoring
2024-10-20 15:03:25 +05:00
volumes:
- authentik-certs:/certs
- /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
- /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
env:
AUTHENTIK_HOST: http://authentik-{{ item }}:9000
2024-10-20 15:03:25 +05:00
AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}"
2024-10-30 17:55:20 +05:00
restart_policy: unless-stopped
2024-11-14 13:41:21 +05:00
healthcheck:
test: ["CMD", "/ldap", "healthcheck"]
interval: 30s
timeout: 10s
retries: 3
start_period: 5s
# TODO: enable after ansible update
# state: healthy
loop: ["1", "2"]