refactor: consolidate all roles into ansible/roles/ and update ansible.cfg
- Move all roles from playbooks/roles/ to roles/ - Update roles_path in ansible.cfg - Add cast user to common role - Create standalone podman role - Add semaphore role with Podman + Quadlet support
This commit is contained in:
27
ansible/roles/gitea/tasks/configure_oidc.yml
Normal file
27
ansible/roles/gitea/tasks/configure_oidc.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
# ------------------------------------------------------------------------------
|
||||
# FILE: ansible/playbooks/roles/gitea/tasks/configure_oidc.yml
|
||||
# DESCRIPTION: Registers Authentik as an OAuth2 source in Gitea via the admin
|
||||
# API. Idempotent — skips creation if source already exists.
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
- name: Check if authentik auth source already exists
|
||||
ansible.builtin.command:
|
||||
cmd: docker exec -u git gitea-gitea-1 gitea admin auth list
|
||||
register: _auth_list
|
||||
changed_when: false
|
||||
|
||||
- name: Create Authentik OAuth2 auth source
|
||||
ansible.builtin.command:
|
||||
cmd: >
|
||||
docker exec -u git gitea-gitea-1 gitea admin auth add-oauth
|
||||
--name authentik
|
||||
--provider openidConnect
|
||||
--key {{ gitea_oidc_client_id }}
|
||||
--secret {{ gitea_oidc_client_secret }}
|
||||
--auto-discover-url {{ gitea_oidc_discovery_url }}
|
||||
--scopes "email profile"
|
||||
--group-claim-name groups
|
||||
--admin-group {{ gitea_oidc_admin_group }}
|
||||
--skip-local-2fa false
|
||||
when: "'authentik' not in _auth_list.stdout"
|
||||
Reference in New Issue
Block a user