aboutsummaryrefslogtreecommitdiff
path: root/roles/services/containers/authelia/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/services/containers/authelia/tasks')
-rw-r--r--roles/services/containers/authelia/tasks/main.yml283
1 files changed, 283 insertions, 0 deletions
diff --git a/roles/services/containers/authelia/tasks/main.yml b/roles/services/containers/authelia/tasks/main.yml
new file mode 100644
index 0000000..c6bb337
--- /dev/null
+++ b/roles/services/containers/authelia/tasks/main.yml
@@ -0,0 +1,283 @@
1- name: set image fact
2 set_fact:
3 image: authelia/authelia:master
4
5- name: set other facts
6 vars:
7 array: "{{ image.split('/', 1) }}"
8 set_fact:
9 repo_tag: "{{ array.1 }}"
10 custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
11
12- name: create authelia directory
13 file:
14 path: "{{ docker_home }}/authelia"
15 state: directory
16 owner: "{{ docker_username }}"
17 group: "{{ docker_username }}"
18 mode: '0755'
19
20- name: create authelia config directory
21 file:
22 path: "{{ docker_home }}/authelia/config"
23 state: directory
24 owner: "{{ docker_username }}"
25 group: "{{ docker_username }}"
26 mode: '0755'
27
28- name: create authelia secrets directory
29 file:
30 path: "{{ docker_home }}/authelia/secrets"
31 state: directory
32 owner: "{{ docker_username }}"
33 group: "{{ docker_username }}"
34 mode: '0755'
35
36- name: create redis data directory
37 file:
38 path: "{{ docker_home }}/authelia/redis_data"
39 state: directory
40 owner: "{{ docker_username }}"
41 group: "{{ docker_username }}"
42 mode: '0755'
43
44- name: place authelia config in proper location
45 copy:
46 src: "{{ authelia_config }}"
47 dest: "{{ docker_home }}/authelia/config/configuration.yml"
48 owner: root
49 group: docker
50 mode: '0644'
51
52# nginx snippets
53
54- name: copy proxy.conf snippet
55 copy:
56 src: "{{ authelia_proxy_snippet }}"
57 dest: "/etc/nginx/snippets/proxy.conf"
58 owner: root
59 group: root
60 mode: '0644'
61
62- name: copy authelia-location.conf snippet
63 copy:
64 src: "{{ authelia_location_snippet }}"
65 dest: "/etc/nginx/snippets/authelia-location.conf"
66 owner: root
67 group: root
68 mode: '0644'
69
70- name: copy authelia-authrequest.conf snippet
71 copy:
72 src: "{{ authelia_request_snippet }}"
73 dest: "/etc/nginx/snippets/authelia-authrequest.conf"
74 owner: root
75 group: root
76 mode: '0644'
77
78
79# authelia secrets
80
81- name: create jwt_secret file
82 lineinfile:
83 path: "{{ docker_home }}/authelia/secrets/jwt_secret"
84 insertbefore: BOF
85 line: "{{ authelia_jwt_secret }}"
86 owner: root
87 group: root
88 mode: '0644'
89 create: yes
90
91- name: create session_secret file
92 lineinfile:
93 path: "{{ docker_home }}/authelia/secrets/session_secret"
94 insertbefore: BOF
95 line: "{{ authelia_session_secret }}"
96 owner: root
97 group: root
98 mode: '0644'
99 create: yes
100
101- name: create encryption_key file
102 lineinfile:
103 path: "{{ docker_home }}/authelia/secrets/encryption_key"
104 insertbefore: BOF
105 line: "{{ authelia_encryption_key }}"
106 owner: root
107 group: root
108 mode: '0644'
109 create: yes
110
111- name: create oidc_hmac file
112 lineinfile:
113 path: "{{ docker_home }}/authelia/secrets/oidc_hmac"
114 insertbefore: BOF
115 line: "{{ authelia_oidc_hmac }}"
116 owner: root
117 group: root
118 mode: '0644'
119 create: yes
120
121- name: remove existing cert file
122 file:
123 path: "{{ docker_home }}/authelia/secrets/oidc_cert"
124 state: absent
125
126- name: create oidc_cert file
127 lineinfile:
128 path: "{{ docker_home }}/authelia/secrets/oidc_cert"
129 insertbefore: BOF
130 line: "{{ authelia_oidc_cert }}"
131 owner: root
132 group: root
133 mode: '0644'
134 create: yes
135
136- name: remove existing key file
137 file:
138 path: "{{ docker_home }}/authelia/secrets/oidc_key"
139 state: absent
140
141- name: create oidc_key file
142 lineinfile:
143 path: "{{ docker_home }}/authelia/secrets/oidc_key"
144 insertbefore: BOF
145 line: "{{ authelia_oidc_key }}"
146 owner: root
147 group: root
148 mode: '0644'
149 create: yes
150
151- name: create smtp_password file
152 lineinfile:
153 path: "{{ docker_home }}/authelia/secrets/smtp_password"
154 insertbefore: BOF
155 line: "{{ authelia_smtp_password }}"
156 owner: root
157 group: root
158 mode: '0644'
159 create: yes
160
161- name: create ldap_password file
162 lineinfile:
163 path: "{{ docker_home }}/authelia/secrets/ldap_password"
164 insertbefore: BOF
165 line: "{{ authelia_ldap_password }}"
166 owner: root
167 group: root
168 mode: '0644'
169 create: yes
170
171- name: login to docker registry
172 become: yes
173 become_user: "{{ docker_username }}"
174 environment:
175 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
176 docker_login:
177 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
178 registry_url: "{{ docker_registry_url }}"
179 username: "{{ docker_registry_username }}"
180 password: "{{ docker_registry_password }}"
181
182- name: pull and push authelia image
183 become: yes
184 become_user: "{{ docker_username }}"
185 environment:
186 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
187 docker_image:
188 name: "{{ image }}"
189 repository: "{{ custom_registry }}/{{ repo_tag }}"
190 push: yes
191 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
192 source: pull
193 force_source: yes
194
195- name: create authelia docker network
196 docker_network:
197 name: "{{ authelia_network_name }}"
198 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
199 driver: bridge
200 ipam_config:
201 - subnet: "{{ authelia_subnet }}"
202 gateway: "{{ authelia_gateway }}"
203
204- name: create and deploy authelia container
205 become: yes
206 become_user: "{{ docker_username }}"
207 environment:
208 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
209 docker_container:
210 name: "authelia"
211 hostname: "authelia"
212 image: "{{ custom_registry }}/{{ repo_tag }}"
213 recreate: yes
214 pull: yes
215 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
216 purge_networks: yes
217 networks:
218 - name: "{{ authelia_network_name }}"
219 ipv4_address: "{{ authelia_ipv4 }}"
220 ports:
221 - "127.0.0.1:9091:9091"
222 - "127.0.0.1:9959:9959"
223 state: 'started'
224 comparisons:
225 '*': strict
226 restart_policy: unless-stopped
227 env:
228 "TZ": "{{ timezone }}"
229 "AUTHELIA_JWT_SECRET_FILE": "/secrets/jwt_secret"
230 "AUTHELIA_SESSION_SECRET_FILE": "/secrets/session_secret"
231 "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE": "/secrets/encryption_key"
232 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE": "/secrets/oidc_hmac"
233 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE": "/secrets/oidc_cert"
234 "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE": "/secrets/oidc_key"
235 "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE": "/secrets/smtp_password"
236 "AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE": "/secrets/ldap_password"
237 volumes:
238 - "{{ docker_home }}/authelia/config:/config"
239 - "{{ docker_home }}/authelia/secrets:/secrets"
240
241
242- name: create and deploy redis container
243 become: yes
244 become_user: "{{ docker_username }}"
245 environment:
246 XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
247 docker_container:
248 name: "redis_authelia"
249 hostname: "redis_authelia"
250 image: redis:alpine
251 state: 'started'
252 recreate: yes
253 pull: yes
254 restart_policy: unless-stopped
255 docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
256 purge_networks: yes
257 networks:
258 - name: "{{ authelia_network_name }}"
259 ipv4_address: "{{ redis_authelia_ipv4 }}"
260 volumes:
261 - "{{ docker_home }}/authelia/redis_data:/data"
262 exposed_ports:
263 - '6379'
264 env:
265 "TZ": "{{ timezone }}"
266
267- name: deploy nginx configuration
268 notify: restart nginx
269 register: nginx_config
270 copy:
271 src: "{{ authelia_nginx_config }}"
272 dest: /etc/nginx/sites-available/authelia.conf
273 owner: root
274 group: root
275 mode: '0644'
276
277- name: symlink site
278 file:
279 src: /etc/nginx/sites-available/authelia.conf
280 dest: /etc/nginx/sites-enabled/authelia.conf
281 owner: root
282 group: root
283 state: link