44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
---
|
|
- name: Disable LDAP server in haproxy
|
|
become: true
|
|
community.general.haproxy:
|
|
socket: /run/haproxy/admin.sock
|
|
state: disabled
|
|
drain: true
|
|
wait: true
|
|
backend: authentik_ldap
|
|
host: s{{ server_idx }}
|
|
fail_on_not_found: true
|
|
- name: Run authentik LDAP outpost
|
|
become: true
|
|
community.docker.docker_container:
|
|
name: authentik-ldap-{{ server_idx }}
|
|
image: ghcr.io/goauthentik/ldap:{{ tag }}
|
|
networks:
|
|
- name: authentik
|
|
- name: haproxy
|
|
- name: monitoring
|
|
volumes:
|
|
- authentik-certs:/certs
|
|
- /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
|
|
- /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
|
|
env:
|
|
AUTHENTIK_HOST: https://auth.comfycamp.space
|
|
AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}"
|
|
restart_policy: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "/ldap", "healthcheck"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 5s
|
|
# TODO: enable after ansible update
|
|
# state: healthy
|
|
- name: Enable LDAP server in haproxy
|
|
become: true
|
|
community.general.haproxy:
|
|
socket: /run/haproxy/admin.sock
|
|
state: enabled
|
|
backend: authentik_ldap
|
|
host: s{{ server_idx }}
|
|
fail_on_not_found: true
|