Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/ also fixed issues reported by ansible-lint
2024-10-14 18:30:24 +02:00 · 2024-10-14 18:30:24 +02:00 · 4104057771
commit 4104057771
parent dc398ddb6e
123 changed files with 91 additions and 39 deletions
--- a/playbooks/roles/authentik/tasks/main.yml
+++ b/playbooks/roles/authentik/tasks/main.yml
@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ authentik_svc }}"
+    env: "{{ authentik_env }}"
+    compose: "{{ authentik_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/playbooks/roles/authentik/vars/main.yml
+++ b/playbooks/roles/authentik/vars/main.yml
@ -0,0 +1,60 @@
+---
+authentik_svc:
+  domain: auth.serguzim.me
+  port: 9000
+  image_tag: 2024.8
+  db:
+    host: "{{ postgres.host }}"
+    user: "{{ opentofu.postgresql_data.authentik.user }}"
+    pass: "{{ opentofu.postgresql_data.authentik.pass }}"
+    database: "{{ opentofu.postgresql_data.authentik.database }}"
+
+authentik_env:
+  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
+
+  AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
+  AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
+  AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
+  AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
+  AUTHENTIK_EMAIL__USE_TLS: true
+  AUTHENTIK_EMAIL__USE_SSL: false
+  AUTHENTIK_EMAIL__TIMEOUT: 10
+  AUTHENTIK_EMAIL__FROM: auth@serguzim.me
+
+  AUTHENTIK_AVATARS: none
+
+  AUTHENTIK_REDIS__HOST: redis
+
+  AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
+  AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
+  AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
+  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"
+
+authentik_compose:
+  watchtower: false
+  image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
+  file:
+    services:
+      app:
+        command: server
+        depends_on:
+          - redis
+      worker:
+        image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
+        restart: always
+        command: worker
+        user: root
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+          - ./certs:/certs
+        env_file:
+          - service.env
+        depends_on:
+          - redis
+        networks:
+          default:
+      redis:
+        image: redis:alpine
+        restart: always
+        networks:
+          default: