From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 25 Jun 2023 09:52:36 -0400 Subject: Initial Commit --- .../services/containers/authelia/handlers/main.yml | 4 + roles/services/containers/authelia/tasks/main.yml | 283 +++++++++++++++++++++ 2 files changed, 287 insertions(+) create mode 100644 roles/services/containers/authelia/handlers/main.yml create mode 100644 roles/services/containers/authelia/tasks/main.yml (limited to 'roles/services/containers/authelia') diff --git a/roles/services/containers/authelia/handlers/main.yml b/roles/services/containers/authelia/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/authelia/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/authelia/tasks/main.yml b/roles/services/containers/authelia/tasks/main.yml new file mode 100644 index 0000000..c6bb337 --- /dev/null +++ b/roles/services/containers/authelia/tasks/main.yml @@ -0,0 +1,283 @@ +- name: set image fact + set_fact: + image: authelia/authelia:master + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create authelia directory + file: + path: "{{ docker_home }}/authelia" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create authelia config directory + file: + path: "{{ docker_home }}/authelia/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create authelia secrets directory + file: + path: "{{ docker_home }}/authelia/secrets" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis data directory + file: + path: "{{ docker_home }}/authelia/redis_data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: place authelia config in proper location + copy: + src: "{{ authelia_config }}" + dest: "{{ docker_home }}/authelia/config/configuration.yml" + owner: root + group: docker + mode: '0644' + +# nginx snippets + +- name: copy proxy.conf snippet + copy: + src: "{{ authelia_proxy_snippet }}" + dest: "/etc/nginx/snippets/proxy.conf" + owner: root + group: root + mode: '0644' + +- name: copy authelia-location.conf snippet + copy: + src: "{{ authelia_location_snippet }}" + dest: "/etc/nginx/snippets/authelia-location.conf" + owner: root + group: root + mode: '0644' + +- name: copy authelia-authrequest.conf snippet + copy: + src: "{{ authelia_request_snippet }}" + dest: "/etc/nginx/snippets/authelia-authrequest.conf" + owner: root + group: root + mode: '0644' + + +# authelia secrets + +- name: create jwt_secret file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/jwt_secret" + insertbefore: BOF + line: "{{ authelia_jwt_secret }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create session_secret file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/session_secret" + insertbefore: BOF + line: "{{ authelia_session_secret }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create encryption_key file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/encryption_key" + insertbefore: BOF + line: "{{ authelia_encryption_key }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create oidc_hmac file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_hmac" + insertbefore: BOF + line: "{{ authelia_oidc_hmac }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: remove existing cert file + file: + path: "{{ docker_home }}/authelia/secrets/oidc_cert" + state: absent + +- name: create oidc_cert file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_cert" + insertbefore: BOF + line: "{{ authelia_oidc_cert }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: remove existing key file + file: + path: "{{ docker_home }}/authelia/secrets/oidc_key" + state: absent + +- name: create oidc_key file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/oidc_key" + insertbefore: BOF + line: "{{ authelia_oidc_key }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create smtp_password file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/smtp_password" + insertbefore: BOF + line: "{{ authelia_smtp_password }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: create ldap_password file + lineinfile: + path: "{{ docker_home }}/authelia/secrets/ldap_password" + insertbefore: BOF + line: "{{ authelia_ldap_password }}" + owner: root + group: root + mode: '0644' + create: yes + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: pull and push authelia image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + push: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + source: pull + force_source: yes + +- name: create authelia docker network + docker_network: + name: "{{ authelia_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ authelia_subnet }}" + gateway: "{{ authelia_gateway }}" + +- name: create and deploy authelia container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "authelia" + hostname: "authelia" + image: "{{ custom_registry }}/{{ repo_tag }}" + recreate: yes + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ authelia_network_name }}" + ipv4_address: "{{ authelia_ipv4 }}" + ports: + - "127.0.0.1:9091:9091" + - "127.0.0.1:9959:9959" + state: 'started' + comparisons: + '*': strict + restart_policy: unless-stopped + env: + "TZ": "{{ timezone }}" + "AUTHELIA_JWT_SECRET_FILE": "/secrets/jwt_secret" + "AUTHELIA_SESSION_SECRET_FILE": "/secrets/session_secret" + "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE": "/secrets/encryption_key" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE": "/secrets/oidc_hmac" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE": "/secrets/oidc_cert" + "AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE": "/secrets/oidc_key" + "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE": "/secrets/smtp_password" + "AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE": "/secrets/ldap_password" + volumes: + - "{{ docker_home }}/authelia/config:/config" + - "{{ docker_home }}/authelia/secrets:/secrets" + + +- name: create and deploy redis container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "redis_authelia" + hostname: "redis_authelia" + image: redis:alpine + state: 'started' + recreate: yes + pull: yes + restart_policy: unless-stopped + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ authelia_network_name }}" + ipv4_address: "{{ redis_authelia_ipv4 }}" + volumes: + - "{{ docker_home }}/authelia/redis_data:/data" + exposed_ports: + - '6379' + env: + "TZ": "{{ timezone }}" + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ authelia_nginx_config }}" + dest: /etc/nginx/sites-available/authelia.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/authelia.conf + dest: /etc/nginx/sites-enabled/authelia.conf + owner: root + group: root + state: link -- cgit v1.2.3