From de566c03957fb80be7ac36f494cfb2659fe540fe Mon Sep 17 00:00:00 2001 From: Iurii Tatishchev Date: Sat, 25 Mar 2023 04:28:41 -0700 Subject: [PATCH] add authentik with basic configuration --- roles/authentik/templates/.env.authentik.j2 | 21 +++++++ roles/authentik/templates/.env.db.j2 | 3 + roles/authentik/templates/.env.j2 | 1 + .../authentik/templates/docker-compose.yml.j2 | 59 +++++++++++++++++++ roles/authentik/vars/app_config.yml | 18 ++++++ 5 files changed, 102 insertions(+) create mode 100644 roles/authentik/templates/.env.authentik.j2 create mode 100644 roles/authentik/templates/.env.db.j2 create mode 100644 roles/authentik/templates/.env.j2 create mode 100644 roles/authentik/templates/docker-compose.yml.j2 create mode 100644 roles/authentik/vars/app_config.yml diff --git a/roles/authentik/templates/.env.authentik.j2 b/roles/authentik/templates/.env.authentik.j2 new file mode 100644 index 0000000..a0446de --- /dev/null +++ b/roles/authentik/templates/.env.authentik.j2 @@ -0,0 +1,21 @@ +AUTHENTIK_ERROR_REPORTING__ENABLED=true + +AUTHENTIK_REDIS__HOST=redis +AUTHENTIK_POSTGRESQL__HOST=postgres +AUTHENTIK_POSTGRESQL__USER=authentik +AUTHENTIK_POSTGRESQL__NAME=authentik +AUTHENTIK_POSTGRESQL__PASSWORD={{ db_password }} + +AUTHENTIK_SECRET_KEY={{ authentik_secret_key }} + +AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net +AUTHENTIK_EMAIL__PORT=587 +AUTHENTIK_EMAIL__USERNAME=apikey +AUTHENTIK_EMAIL__PASSWORD={{ sengrid_api_key }} + +AUTHENTIK_EMAIL__USE_TLS=true +AUTHENTIK_EMAIL__TIMEOUT=10 +AUTHENTIK_EMAIL__FROM=auth@cazzzer.com + +AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL=false +AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false diff --git a/roles/authentik/templates/.env.db.j2 b/roles/authentik/templates/.env.db.j2 new file mode 100644 index 0000000..ab2eb10 --- /dev/null +++ b/roles/authentik/templates/.env.db.j2 @@ -0,0 +1,3 @@ +POSTGRES_USER=authentik +POSTGRES_DB=authentik +POSTGRES_PASSWORD={{ db_password }} diff --git a/roles/authentik/templates/.env.j2 b/roles/authentik/templates/.env.j2 new file mode 100644 index 0000000..32676c3 --- /dev/null +++ b/roles/authentik/templates/.env.j2 @@ -0,0 +1 @@ +AUTHENTIK_VERSION=2023.3 \ No newline at end of file diff --git a/roles/authentik/templates/docker-compose.yml.j2 b/roles/authentik/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..aff445c --- /dev/null +++ b/roles/authentik/templates/docker-compose.yml.j2 @@ -0,0 +1,59 @@ +{% from "contrib/compose_helpers.j2" import traefik_labels with context %} +{##} +version: "3.7" + +networks: + default: + traefik_traefik: + external: true + +services: + server: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + container_name: authentik_server + labels: + - {{ traefik_labels("auth", port="9000") | indent(6) }} + restart: unless-stopped + command: server + env_file: + - .env.authentik + networks: + - default + - traefik_traefik + + worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + container_name: authentik_worker + restart: unless-stopped + command: worker + env_file: + - .env.authentik + volumes: + - {{ base_volume_path }}/authentik/certs:/certs + + postgres: + image: postgres:12-alpine + container_name: authentik_postgres + restart: unless-stopped + env_file: + - .env.db + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - {{ base_volume_path }}/authentik/postgres:/var/lib/postgresql/data + + redis: + image: redis:alpine + container_name: authentik_redis + restart: unless-stopped + command: --save 60 1 --loglevel warning + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s diff --git a/roles/authentik/vars/app_config.yml b/roles/authentik/vars/app_config.yml new file mode 100644 index 0000000..69ad34a --- /dev/null +++ b/roles/authentik/vars/app_config.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.2;AES256;alpina +38336166363764396232386330336236356663376532323666326237336636626661343963653838 +6362363439383865393864363535613664656565653138360a373066343138633337653536386138 +63373232616430626464303832313966353162626333393032656237313939366538643930613365 +6637373666616538370a353635393731356237316462326437326463636438306134323839323637 +31653333326531663236333862316533346533623761306135393233333730386131666235356663 +62313030323736373837633938646237303966373865353037656339613364386165646534373461 +64343164663533613931613461616166646632353362386638336162303935336466393133356265 +31643366623036356632646338616431663737636637656462316165363231383631353961383663 +35613565316638353361316632376263633866353562303832623562393832326439386230343237 +39386536376530336365336234363134643334303836326130396330626566366663303764313262 +33333333353738623230633139343135613730636161306662636136646361613863363461333462 +64633434323361643034333834643766336466333636616136616563643930636339663462633865 +34343133663737356633633264396433373334393065366130313563393231633932663231616137 +65643739333137393034623362303735643166326132343133643435613936373333333464356638 +32646436373264636161613630366661383265373537646239643562303237636663616638383030 +62363664633332663638396630366134613464363137323562646236383961373239333133323964 +3065