From 5fa0f4032bdfbac1f41fbbc1fbe81a4c66579661 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Mon, 29 Dec 2025 16:00:10 +0100 Subject: [PATCH] feat(playbooks/authelia): add playbook --- README.md | 1 + playbooks/authelia.md | 7 +++ playbooks/authelia.yml | 114 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 playbooks/authelia.md create mode 100644 playbooks/authelia.yml diff --git a/README.md b/README.md index 77c3585..35ffb02 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ concise area of concern. ## Playbooks +- [`authelia`](playbooks/authelia.md) - [`hedgedoc`](playbooks/hedgedoc.md) - [`jellyfin`](playbooks/jellyfin.md) - [`keycloak`](playbooks/keycloak.md) diff --git a/playbooks/authelia.md b/playbooks/authelia.md new file mode 100644 index 0000000..6a1942a --- /dev/null +++ b/playbooks/authelia.md @@ -0,0 +1,7 @@ +# `finallycoffee.services.authelia` ansible playbook + +## Feature toggles + +- `authelia_configure_postgesql_client` (default `false`) +- `authelia_configure_lego_rfc2136` (default `false`) +- `authelia_configure_caddy_reverse_proxy` (default `false`) diff --git a/playbooks/authelia.yml b/playbooks/authelia.yml new file mode 100644 index 0000000..9ee4e37 --- /dev/null +++ b/playbooks/authelia.yml @@ -0,0 +1,114 @@ +--- +- import_playbook: finallycoffee.databases.postgresql_client + when: authelia_configure_postgresql_client | default(false) + vars: + postgresql_hosts: >-2 + {{ authelia_postgresql_hosts | default(authelia_hosts | default('authelia')) }} + postgresql_become: >-2 + {{ authelia_postgresql_become | default(authelia_become | default(false)) }} + postgresql_client_username: "{{ authelia_database_user }}" + postgresql_client_password: "{{ authelia_database_pass }}" + postgresql_client_database: "{{ authelia_database_name }}" + postgresql_client_database_lc_ctype: 'C' + postgresql_client_database_lc_collate: 'C' + tags: + - authelia + - authelia-postgresql-client + +- import_playbook: finallycoffee.base.lego_certificate + when: authelia_configure_lego_rfc2136 | default(false) + vars: + target_domains: + - "{{ authelia_domain }}" + target_acme_zone: "{{ acme_domain }}" + target_acme_account_email: "{{ authelia_lego_acme_account_email }}" + target_dns_server: "{{ dns_server }}" + target_dns_tsig_key: "{{ dns_tsig_keydata }}" + target_dns_additional_records: "{{ authelia_dns_records }}" + target_hosts: >-2 + {{ authelia_lego_hosts | default(authelia_hosts | default('authelia')) }} + target_become: >-2 + {{ authelia_lego_become | default(authelia_become | default(false)) }} + target_gather_facts: >-2 + {{ authelia_lego_gather_facts | default(false) }} + tags: + - authelia + - authelia-lego + +- name: Install and configure authelia + hosts: "{{ authelia_hosts | default('authelia') }}" + become: "{{ authelia_become | default(false) }}" + gather_facts: "{{ authelia_gather_facts | default(false) }}" + pre_tasks: + - name: Ensure valkey user exists + ansible.builtin.user: + name: "{{ valkey_user }}" + state: present + system: true + create_home: false + register: valkey_user_info + when: valkey_state == 'present' + tags: + - authelia + - authelia-valkey + - name: Create host folder for valkey unix socket + ansible.builtin.file: + path: "{{ authelia_redis_unix_socket }}" + state: directory + mode: "0755" + owner: "{{ valkey_user_info.uid | default(valkey_user) }}" + group: "{{ valkey_user_info.group | default(valkey_user) }}" + when: valkey_state == 'present' + tags: + - authelia + - authelia-valkey + roles: + - name: finallycoffee.databases.valkey + vars: + valkey_secret: "{{ authelia_redis_pass }}" + valkey_config_user: + - "default on +@all -DEBUG ~* >{{ valkey_secret }}" + valkey_config_unixsocketperm: 666 + valkey_container_networks: [] + valkey_container_purge_networks: true + valkey_container_volumes: + - "{{ authelia_redis_unix_socket }}:{{ authelia_redis_unix_socket }}" + valkey_container_image_registry: "{{ nexus_docker_hub_domain }}" + tags: + - authelia + - authelia-valkey + - name: finallycoffee.services.authelia + vars: + authelia_redis_host: "{{ valkey_config_unixsocket }}" + authelia_redis_port: ~ + authelia_container_extra_volumes: + - "{{ authelia_redis_unix_socket }}:{{ authelia_redis_unix_socket }}" + - "{{ authelia_postgres_unix_socket }}:{{ authelia_postgres_unix_socket }}" + authelia_container_ports: + - "{{ authelia_host_bind_ip }}:{{ authelia_container_listen_port }}" + tags: + - authelia + vars: + valkey_instance: >-2 + {{ authelia_instance_name | default('authelia') }} + authelia_redis_unix_socket: >-2 + {{ authelia_redis_unix_socket_path + | default('/var/run/redis-' + valkey_instance + '-socket', true) }} + valkey_config_unixsocket: >-2 + {{ authelia_valkey_config_unixsocket + | default(authelia_redis_unix_socket + '/redis.sock') }} + +- import_playbook: finallycoffee.base.caddy_reverse_proxy + when: authelia_configure_caddy_reverse_proxy | default(false) + vars: + caddy_site_name: "{{ authelia_domain }}" + caddy_reverse_proxy_backend_addr: "http://{{ authelia_host_bind_ip }}" + target_hosts: >-2 + {{ authelia_caddy_hosts | default(authelia_hosts | default('authelia')) }} + target_become: >-2 + {{ authelia_caddy_become | default(authelia_become | default(false)) }} + target_gather_facts: >-2 + {{ authelia_caddy_gather_facts | default(false) }} + tags: + - authelia + - authelia-caddy