Deploy authentik
_again_.
This commit is contained in:
parent
48dbaeed99
commit
dbbfe55975
GPG key ID:
57AFB45680EDD477
7 changed files with 138 additions and 0 deletions
|
|
@ -66,6 +66,7 @@
|
||||||
- mastodon
|
- mastodon
|
||||||
- gitea
|
- gitea
|
||||||
- vikunja
|
- vikunja
|
||||||
|
- authentik
|
||||||
|
|
||||||
- hosts: ingress
|
- hosts: ingress
|
||||||
roles:
|
roles:
|
||||||
|
|
|
||||||
78
ansible/roles/authentik/files/docker-compose.yml
Normal file
78
ansible/roles/authentik/files/docker-compose.yml
Normal file
|
|
@ -0,0 +1,78 @@
|
||||||
|
version: "3.4"
|
||||||
|
|
||||||
|
x-env: &env
|
||||||
|
- TIMEZONE={{ timezone }}
|
||||||
|
- AUTHENTIK_REDIS__HOST=redis
|
||||||
|
- AUTHENTIK_POSTGRESQL__HOST=db
|
||||||
|
- AUTHENTIK_POSTGRESQL__USER=authentik
|
||||||
|
- AUTHENTIK_POSTGRESQL__NAME=authentik
|
||||||
|
- AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
|
||||||
|
- AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
|
||||||
|
- AUTHENTIK_WEB__WORKERS=1
|
||||||
|
- AUTHENTIK_DISABLE_UPDATE_CHECK=true
|
||||||
|
- AUTHENTIK_ERROR_REPORTING__ENABLED=false
|
||||||
|
- AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
|
||||||
|
- AUTHENTIK_EMAIL__HOST=smtp.eu.mailgun.org
|
||||||
|
- AUTHENTIK_EMAIL__PORT=465
|
||||||
|
- AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }}
|
||||||
|
- AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }}
|
||||||
|
- AUTHENTIK_EMAIL__USE_TLS=true
|
||||||
|
- AUTHENTIK_EMAIL__FROM={{ authentik_email_from }}
|
||||||
|
|
||||||
|
services:
|
||||||
|
server:
|
||||||
|
image: ghcr.io/goauthentik/server:2023.10.2
|
||||||
|
restart: unless-stopped
|
||||||
|
command: server
|
||||||
|
user: "{{ docker_user.id }}"
|
||||||
|
environment: *env
|
||||||
|
volumes:
|
||||||
|
- "{{ app_data_dir }}/authentik/media:/media"
|
||||||
|
- "{{ app_data_dir }}/authentik/custom-templates:/templates"
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.http.routers.authentik.rule=Host(`auth.jakehoward.tech`)
|
||||||
|
- traefik.http.services.authentik-authentik.loadbalancer.server.port=9000
|
||||||
|
- traefik.http.middlewares.authentik-ratelimit.ratelimit.average=5
|
||||||
|
- traefik.http.middlewares.authentik-ratelimit.ratelimit.burst=1000
|
||||||
|
- traefik.http.routers.authentik.middlewares=authentik-ratelimit
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
|
||||||
|
worker:
|
||||||
|
image: ghcr.io/goauthentik/server:2023.10.2
|
||||||
|
restart: unless-stopped
|
||||||
|
command: worker
|
||||||
|
user: "{{ docker_user.id }}"
|
||||||
|
environment: *env
|
||||||
|
volumes:
|
||||||
|
- "{{ app_data_dir }}/authentik/media:/media"
|
||||||
|
- "{{ app_data_dir }}/authentik/certs:/certs"
|
||||||
|
- "{{ app_data_dir }}/authentik/custom-templates:/templates"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
- server
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:15-alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_PASSWORD={{ authentik_db_password }}
|
||||||
|
- POSTGRES_USER=authentik
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /mnt/speed/dbs/redis/authentik:/data
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
4
ansible/roles/authentik/handlers/main.yml
Normal file
4
ansible/roles/authentik/handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
- name: restart authentik
|
||||||
|
shell:
|
||||||
|
chdir: /opt/authentik
|
||||||
|
cmd: "{{ docker_update_command }}"
|
||||||
20
ansible/roles/authentik/tasks/main.yml
Normal file
20
ansible/roles/authentik/tasks/main.yml
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
- name: Include vault
|
||||||
|
include_vars: vault.yml
|
||||||
|
|
||||||
|
- name: Create install directory
|
||||||
|
file:
|
||||||
|
path: /opt/authentik
|
||||||
|
state: directory
|
||||||
|
owner: "{{ docker_user.name }}"
|
||||||
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Install compose file
|
||||||
|
template:
|
||||||
|
src: files/docker-compose.yml
|
||||||
|
dest: /opt/authentik/docker-compose.yml
|
||||||
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
|
owner: "{{ docker_user.name }}"
|
||||||
|
validate: docker-compose -f %s config
|
||||||
|
notify: restart authentik
|
||||||
|
become: true
|
||||||
5
ansible/roles/authentik/vars/main.yml
Normal file
5
ansible/roles/authentik/vars/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
authentik_db_password: "{{ vault_authentik_db_password }}"
|
||||||
|
authentik_secret_key: "{{ vault_authentik_secret_key }}"
|
||||||
|
authentik_email_username: "{{ vault_authentik_email_username }}"
|
||||||
|
authentik_email_password: "{{ vault_authentik_email_password }}"
|
||||||
|
authentik_email_from: "{{ vault_authentik_email_from }}"
|
||||||
22
ansible/roles/authentik/vars/vault.yml
generated
Normal file
22
ansible/roles/authentik/vars/vault.yml
generated
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31633966386539623139356136333664326633646537366433626432363437336331333639636634
|
||||||
|
6563646365666534393834636539376337666336376666300a313338336365383338633165646531
|
||||||
|
35656231613762393636666332653434393966343039313863333566646434643630343438623362
|
||||||
|
6466383362396539610a366438306332303331656237343466313135336431363335306636643363
|
||||||
|
32383066353331383461613532323265353861663835663463383235303863306438386364303235
|
||||||
|
31323264323732326231336162393438313262323263316564336266663565666361316564373332
|
||||||
|
61616637306636353362633338616461646232616165323638346164346565353139666238323033
|
||||||
|
36366537393530613464613033383438666362636166613062653930326663626337346636346434
|
||||||
|
66396362656231613930653866386334393438336332383637356663323936623863313161323039
|
||||||
|
34316639633235313132336238636162343936336163356135303034383434346561356365633636
|
||||||
|
32633930313335343961653835656363333365656438393334303333373337353566666532373964
|
||||||
|
38316362306362363464313237383130343239326238663062616533396230316438316536333139
|
||||||
|
66353835333066346634366638323930616365386364643165666133666565383137303062636263
|
||||||
|
64646639666235356264623663313762333666306565303237656434323365316165633866373964
|
||||||
|
38326631656463373161356562303031643231623332653861616535333834336630363239363632
|
||||||
|
31643862626639353132373232393966323461653361343331653261356431363933326130363433
|
||||||
|
38323633343433346535633937373466666639353530653164313532623535653135613766336138
|
||||||
|
64626631656431613937366563373934616364656536373437353563346165626535326464353439
|
||||||
|
37353136376636633231393733613663633864616163373736386332316162333166303863663538
|
||||||
|
63376461643263326362373434666138303635636165616564316432626564356138623032653737
|
||||||
|
37323633353165623661343736363933323631646438383430303234326665613566
|
||||||
|
|
@ -213,6 +213,14 @@ resource "cloudflare_record" "jakehowardtech_tasks" {
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "jakehowardtech_auth" {
|
||||||
|
zone_id = cloudflare_zone.jakehowardtech.id
|
||||||
|
name = "auth"
|
||||||
|
value = linode_instance.casey.ip_address
|
||||||
|
type = "A"
|
||||||
|
ttl = 1
|
||||||
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "jakehowardtech_caa" {
|
resource "cloudflare_record" "jakehowardtech_caa" {
|
||||||
zone_id = cloudflare_zone.jakehowardtech.id
|
zone_id = cloudflare_zone.jakehowardtech.id
|
||||||
name = "@"
|
name = "@"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue