refactor: consolidate all roles into ansible/roles/ and update ansible.cfg
- Move all roles from playbooks/roles/ to roles/ - Update roles_path in ansible.cfg - Add cast user to common role - Create standalone podman role - Add semaphore role with Podman + Quadlet support
This commit is contained in:
11
ansible/roles/authentik/defaults/main.yml
Normal file
11
ansible/roles/authentik/defaults/main.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
# ------------------------------------------------------------------------------
|
||||
# FILE: roles/authentik/defaults/main.yml
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
authentik_base_dir: /opt/docker/authentik
|
||||
|
||||
# All secrets MUST be set in vault
|
||||
authentik_secret_key: ""
|
||||
authentik_admin_password: ""
|
||||
authentik_database_password: ""
|
||||
8
ansible/roles/authentik/handlers/main.yml
Normal file
8
ansible/roles/authentik/handlers/main.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# FILE: roles/authentik/handlers/main.yml
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
- name: restart authentik
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ authentik_base_dir }}"
|
||||
state: restarted
|
||||
51
ansible/roles/authentik/tasks/main.yml
Normal file
51
ansible/roles/authentik/tasks/main.yml
Normal file
@@ -0,0 +1,51 @@
|
||||
---
|
||||
# ──────────────────────────────────────────────────────────────────────────────
|
||||
# FILE: roles/authentik/tasks/main.yml
|
||||
# DESCRIPTION: Deploys Authentik from boilerplate-generated files in the repo.
|
||||
# The compose.yaml lives in boilerplates/authentik/.
|
||||
# The .env file is templated to inject secrets from Ansible vault.
|
||||
# Custom blueprints are synced from boilerplates/authentik/blueprints/.
|
||||
# ──────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
- name: Create Authentik directory structure
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: '0775'
|
||||
loop:
|
||||
- "{{ authentik_base_dir }}"
|
||||
- "{{ authentik_base_dir }}/blueprints"
|
||||
|
||||
- name: Copy compose.yaml from boilerplate
|
||||
ansible.builtin.copy:
|
||||
src: "{{ playbook_dir }}/../../boilerplates/authentik/compose.yaml"
|
||||
dest: "{{ authentik_base_dir }}/compose.yaml"
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: '0644'
|
||||
notify: restart authentik
|
||||
|
||||
- name: Sync custom blueprints
|
||||
ansible.builtin.copy:
|
||||
src: "{{ playbook_dir }}/../../boilerplates/authentik/blueprints/"
|
||||
dest: "{{ authentik_base_dir }}/blueprints/"
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: '0644'
|
||||
notify: restart authentik
|
||||
|
||||
- name: Deploy .env with secrets from vault
|
||||
ansible.builtin.template:
|
||||
src: env.j2
|
||||
dest: "{{ authentik_base_dir }}/.env"
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: '0600'
|
||||
notify: restart authentik
|
||||
|
||||
- name: Start Authentik
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ authentik_base_dir }}"
|
||||
state: present
|
||||
13
ansible/roles/authentik/templates/env.j2
Normal file
13
ansible/roles/authentik/templates/env.j2
Normal file
@@ -0,0 +1,13 @@
|
||||
# Managed by Ansible — do not edit manually
|
||||
AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
|
||||
DATABASE_PASSWORD={{ authentik_database_password }}
|
||||
AUTHENTIK_ADMIN_PASSWORD={{ authentik_admin_password }}
|
||||
|
||||
# OIDC client credentials for blueprints
|
||||
# These are substituted into blueprint YAML via ${VAR} syntax
|
||||
PROXMOX_OIDC_CLIENT_ID={{ vault_proxmox_oidc_client_id }}
|
||||
PROXMOX_OIDC_CLIENT_SECRET={{ vault_proxmox_oidc_client_secret }}
|
||||
STEPCA_OIDC_CLIENT_ID={{ vault_stepca_oidc_client_id }}
|
||||
STEPCA_OIDC_CLIENT_SECRET={{ vault_stepca_oidc_client_secret }}
|
||||
GITEA_OIDC_CLIENT_ID={{ vault_gitea_oidc_client_id }}
|
||||
GITEA_OIDC_CLIENT_SECRET={{ vault_gitea_oidc_client_secret }}
|
||||
Reference in New Issue
Block a user