feat(authelia): add ansible role for authelia

2022-04-10 11:05:40 +02:00
parent ddebf0618c
commit 884a71ed23
5 changed files with 609 additions and 0 deletions
--- a/roles/authelia/tasks/main.yml
+++ b/roles/authelia/tasks/main.yml
@@ -0,0 +1,88 @@
+---
+
+- name: Ensure user {{ authelia_user }} exists
+  user:
+    name: "{{ authelia_user }}"
+    state: present
+    system: true
+  register: authelia_user_info
+
+- name: Ensure host directories are created with correct permissions
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(authelia_user) }}"
+    group: "{{ item.group | default(authelia_user) }}"
+    mode: "{{ item.mode | default('0750') }}"
+  loop:
+    - path: "{{ authelia_base_dir }}"
+      mode: "0755"
+    - path: "{{ authelia_config_dir }}"
+      mode: "0750"
+    - path: "{{ authelia_data_dir }}"
+      mode: "0750"
+
+- name: Ensure config file is generated
+  copy:
+    content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}"
+    dest: "{{ authelia_config_file }}"
+    owner: "{{ authelia_run_user }}"
+    group: "{{ authelia_run_group }}"
+    mode: "0640"
+  notify: restart-authelia
+
+- name: Ensure sqlite database file exists before mounting it
+  file:
+    path: "{{ authelia_sqlite_storage_file }}"
+    state: touch
+    owner: "{{ authelia_run_user }}"
+    group: "{{ authelia_run_group }}"
+    mode: "0640"
+    access_time: preserve
+    modification_time: preserve
+  when: authelia_config_storage_local_path | default(false, true)
+
+- name: Ensure user database exists before mounting it
+  file:
+    path: "{{ authelia_user_storage_file }}"
+    state: touch
+    owner: "{{ authelia_run_user }}"
+    group: "{{ authelia_run_group }}"
+    mode: "0640"
+    access_time: preserve
+    modification_time: preserve
+  when: authelia_config_authentication_backend_file_path | default(false, true)
+
+- name: Ensure notification reports file exists before mounting it
+  file:
+    path: "{{ authelia_notification_storage_file }}"
+    state: touch
+    owner: "{{ authelia_run_user }}"
+    group: "{{ authelia_run_group }}"
+    mode: "0640"
+    access_time: preserve
+    modification_time: preserve
+  when: authelia_config_notifier_filesystem_filename | default(false, true)
+
+- name: Ensure authelia container image is present
+  community.docker.docker_image:
+    name: "{{ authelia_container_image_ref }}"
+    state: present
+    source: pull
+    force_source: "{{ authelia_container_image_force_pull }}"
+  register: authelia_container_image_info
+
+- name: Ensure authelia container is running
+  docker_container:
+    name: "{{ authelia_container_name }}"
+    image: "{{ authelia_container_image_ref }}"
+    env: "{{ authelia_container_env }}"
+    user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
+    ports: "{{ authelia_container_ports | default(omit, true) }}"
+    labels: "{{ authelia_container_labels }}"
+    volumes: "{{ authelia_container_volumes }}"
+    networks: "{{ authelia_container_networks | default(omit, true) }}"
+    purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
+    restart_policy: "{{ authelia_container_restart_policy }}"
+    state: "{{ authelia_container_state }}"
+  register: authelia_container_info