Move _ansible directory into main directory

2023-12-16 02:25:14 +01:00 · 2023-12-16 02:25:14 +01:00 · 40742e3214
commit 40742e3214
parent 519882db43
124 changed files with 246 additions and 141 deletions
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ authentik_svc }}"
+    env: "{{ authentik_env }}"
+    compose: "{{ authentik_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/roles/authentik/vars/main.yml
+++ b/roles/authentik/vars/main.yml
@ -0,0 +1,60 @@
+---
+authentik_svc:
+  domain: auth.serguzim.me
+  name: authentik
+  port: 9000
+  image_tag: 2023.8
+  db:
+    host: "{{ postgres.host }}"
+    database: authentik
+    user: "{{ vault_authentik.db.user }}"
+    pass: "{{ vault_authentik.db.pass }}"
+
+authentik_env:
+  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
+
+  AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
+  AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
+  AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
+  AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
+  AUTHENTIK_EMAIL__USE_TLS: true
+  AUTHENTIK_EMAIL__USE_SSL: false
+  AUTHENTIK_EMAIL__TIMEOUT: 10
+  AUTHENTIK_EMAIL__FROM: auth@serguzim.me
+
+  AUTHENTIK_AVATARS: none
+
+  AUTHENTIK_REDIS__HOST: redis
+
+  AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
+  AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
+  AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
+  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"
+
+authentik_compose:
+  watchtower: false
+  image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
+  file:
+    services:
+      app:
+        command: server
+        depends_on:
+          - redis
+      worker:
+        image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
+        restart: always
+        command: worker
+        user: root
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+        env_file:
+          - service.env
+        depends_on:
+          - redis
+        networks:
+          default:
+      redis:
+        image: redis:alpine
+        restart: always
+        networks:
+          default: