homelab/roles/authentik/tasks/main.yml

---
- name: Create authentik networks
  become: true
  community.docker.docker_network:
    name: "{{ item }}"
  loop: ["authentik", "authentik-redis"]
- name: Create authnetik docker volumes
  become: true
  community.docker.docker_volume:
    name: "{{ item }}"
  loop: ["authentik-redis", "authentik-media", "authentik-templates", "authentik-certs"]
- name: Run redis container
  become: true
  community.docker.docker_container:
    name: authentik-redis
    image: redis:7.4-bookworm
    command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
    networks:
      - name: authentik-redis
    volumes:
      - authentik-redis:/data
    restart_policy: unless-stopped
- name: Create authentik config dir
  become: true
  ansible.builtin.file:
    path: /etc/authentik
    state: directory
    mode: "1700"
    owner: root
- name: Copy authentik config
  become: true
  ansible.builtin.template:
    src: authentik.env.j2
    dest: /etc/authentik/.env
- name: Run authentik server container
  become: true
  community.docker.docker_container:
    name: authentik-{{ item }}
    image: "{{ image }}:{{ tag }}"
    command: ["server"]
    networks:
      - name: authentik
      - name: authentik-redis
      - name: postgresql
      - name: haproxy
    user: root
    volumes:
      - authentik-media:/media
      - authentik-templates:/templates
      - authentik-certs:/certs
      - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
      - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
    env_file: /etc/authentik/.env
    restart_policy: unless-stopped
    healthcheck:
      test: ["CMD", "ak", "healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    # TODO: enable after ansible update
    # state: healthy
  loop: ["1", "2"]
- name: Run authentik worker container
  become: true
  community.docker.docker_container:
    name: authentik-worker
    image: "{{ image }}:{{ tag }}"
    command: ["worker"]
    networks:
      - name: authentik
      - name: authentik-redis
      - name: postgresql
    volumes:
      - authentik-media:/media
      - authentik-templates:/templates
      - authentik-certs:/certs
    env_file: /etc/authentik/.env
    restart_policy: unless-stopped
    healthcheck:
      test: ["CMD", "ak", "healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    # TODO: enable after ansible update
    # state: healthy
- name: Run authentik LDAP outpost
  become: true
  community.docker.docker_container:
    name: authentik-ldap-{{ item }}
    image: ghcr.io/goauthentik/ldap:{{ tag }}
    networks:
      - name: authentik
      - name: haproxy
    volumes:
      - authentik-certs:/certs
      - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
      - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
    env:
      AUTHENTIK_HOST: http://authentik-{{ item }}:9000
      AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}"
    restart_policy: unless-stopped
    healthcheck:
      test: ["CMD", "/ldap", "healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s
    # TODO: enable after ansible update
    # state: healthy
  loop: ["1", "2"]