diff --git a/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml index 318ac10..728238b 100644 --- a/roles/authentik/tasks/main.yml +++ b/roles/authentik/tasks/main.yml @@ -35,7 +35,7 @@ - name: Run authentik server container become: true community.docker.docker_container: - name: authentik + name: authentik-{{ item }} image: "{{ image }}:{{ tag }}" command: ["server"] networks: @@ -51,6 +51,7 @@ - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro env_file: /etc/authentik/.env + loop: ["1", "2"] - name: Run authentik worker container become: true community.docker.docker_container: @@ -69,17 +70,16 @@ - name: Run authentik LDAP outpost become: true community.docker.docker_container: - name: authentik-ldap + name: authentik-ldap-{{ item }} image: ghcr.io/goauthentik/ldap:{{ tag }} networks: - name: authentik - name: haproxy - ports: - - 389:3389 volumes: - authentik-certs:/certs - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro env: - AUTHENTIK_HOST: http://authentik:9000 + AUTHENTIK_HOST: http://authentik-{{ item }}:9000 AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}" + loop: ["1", "2"] diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg index 8133e37..684e95e 100644 --- a/roles/haproxy/files/haproxy.cfg +++ b/roles/haproxy/files/haproxy.cfg @@ -78,6 +78,11 @@ frontend matrix-federation default_backend matrix +frontend authentik_ldap + mode tcp + bind *:389 + default_backend authentik_ldap + backend comfycamp mode http server green comfycamp:4000 check @@ -134,4 +139,10 @@ backend peertube backend authentik mode http option forwardfor - server s1 authentik:9000 + server s1 authentik-1:9000 check + server s2 authentik-2:9000 check + +backend authentik_ldap + mode tcp + server s1 authentik-ldap-1:3389 check + server s2 authentik-ldap-2:3389 check diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 5c40ca4..c1a32b9 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -61,6 +61,7 @@ net.ipv4.ip_unprivileged_port_start: 0 ports: - 80:80 + - 389:389 - 443:443 restart_policy: unless-stopped - name: Reload haproxy