diff --git a/roles/authelia/defaults/main.yml b/roles/authelia/defaults/main.yml index 03f7d6e..70488fd 100644 --- a/roles/authelia/defaults/main.yml +++ b/roles/authelia/defaults/main.yml @@ -3,6 +3,8 @@ authelia_version: "4.38.19" authelia_user: authelia authelia_base_dir: /opt/authelia authelia_domain: authelia.example.org +authelia_state: present +authelia_deployment_method: docker authelia_config_dir: "{{ authelia_base_dir }}/config" authelia_config_file: "{{ authelia_config_dir }}/config.yaml" diff --git a/roles/authelia/tasks/deploy-docker.yml b/roles/authelia/tasks/deploy-docker.yml new file mode 100644 index 0000000..a4318cc --- /dev/null +++ b/roles/authelia/tasks/deploy-docker.yml @@ -0,0 +1,61 @@ +--- +- name: Ensure container mounts are present + when: authelia_state == 'present' + block: + - name: Ensure sqlite database file exists before mounting it + ansible.builtin.file: + path: "{{ authelia_sqlite_storage_file }}" + state: touch + owner: "{{ authelia_run_user }}" + group: "{{ authelia_run_group }}" + mode: "0640" + access_time: preserve + modification_time: preserve + when: authelia_config_storage_local_path | default(false, true) + + - name: Ensure user database exists before mounting it + ansible.builtin.file: + path: "{{ authelia_user_storage_file }}" + state: touch + owner: "{{ authelia_run_user }}" + group: "{{ authelia_run_group }}" + mode: "0640" + access_time: preserve + modification_time: preserve + when: authelia_config_authentication_backend_file_path | default(false, true) + + - name: Ensure notification reports file exists before mounting it + ansible.builtin.file: + path: "{{ authelia_notification_storage_file }}" + state: touch + owner: "{{ authelia_run_user }}" + group: "{{ authelia_run_group }}" + mode: "0640" + access_time: preserve + modification_time: preserve + when: authelia_config_notifier_filesystem_filename | default(false, true) + +- name: Ensure authelia container image is {{ authelia_state }} + community.docker.docker_image: + name: "{{ authelia_container_image_ref }}" + state: "{{ authelia_state }}" + source: pull + force_source: "{{ authelia_container_image_force_pull }}" + register: authelia_container_image_info + +- name: Ensure authelia container is {{ authelia_container_state }} + community.docker.docker_container: + name: "{{ authelia_container_name }}" + image: "{{ authelia_container_image_ref }}" + env: "{{ authelia_container_env }}" + user: "{{ authelia_run_user }}:{{ authelia_run_group }}" + ports: "{{ authelia_container_ports | default(omit, true) }}" + labels: "{{ authelia_container_labels }}" + volumes: "{{ authelia_container_volumes }}" + networks: "{{ authelia_container_networks | default(omit, true) }}" + etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}" + purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}" + restart_policy: "{{ authelia_container_restart_policy }}" + recreate: "{{ authelia_container_recreate | default(omit, true) }}" + state: "{{ authelia_container_state }}" + register: authelia_container_info diff --git a/roles/authelia/tasks/main.yml b/roles/authelia/tasks/main.yml index 9163dcf..6c13b70 100644 --- a/roles/authelia/tasks/main.yml +++ b/roles/authelia/tasks/main.yml @@ -1,16 +1,30 @@ --- +- name: Check for valid state + ansible.builtin.fail: + msg: >-2 + Unsupported state '{{ authelia_state }}'. + Supported states are {{ authelia_states | join(', ') }}. + when: authelia_state not in authelia_states -- name: Ensure user {{ authelia_user }} exists +- name: Check for valid authelia deployment method + ansible.builtin.fail: + msg: >-2 + Unsupported deployment method '{{ authelia_deployment_method }}'. + Supported states are {{ authelia_deployment_methods | join(', ') }}. + when: authelia_deployment_method not in authelia_deployment_methods + +- name: Ensure user {{ authelia_user }} is {{ authelia_state }} ansible.builtin.user: name: "{{ authelia_user }}" - state: present + state: "{{ authelia_state }}" system: true + create_home: false register: authelia_user_info -- name: Ensure host directories are created with correct permissions +- name: Ensure host directories are {{ authelia_state }} ansible.builtin.file: path: "{{ item.path }}" - state: directory + state: "{{ (authelia_state == 'present') | ternary('directory', 'absent') }}" owner: "{{ item.owner | default(authelia_user) }}" group: "{{ item.group | default(authelia_user) }}" mode: "{{ item.mode | default('0750') }}" @@ -25,7 +39,7 @@ - path: "{{ authelia_asset_dir }}" mode: "0750" -- name: Ensure config file is generated +- name: Ensure config file is {{ authelia_state }} ansible.builtin.copy: content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}" dest: "{{ authelia_config_file }}" @@ -33,61 +47,8 @@ group: "{{ authelia_run_group }}" mode: "0640" notify: restart-authelia + when: authelia_state == 'present' -- name: Ensure sqlite database file exists before mounting it - ansible.builtin.file: - path: "{{ authelia_sqlite_storage_file }}" - state: touch - owner: "{{ authelia_run_user }}" - group: "{{ authelia_run_group }}" - mode: "0640" - access_time: preserve - modification_time: preserve - when: authelia_config_storage_local_path | default(false, true) - -- name: Ensure user database exists before mounting it - ansible.builtin.file: - path: "{{ authelia_user_storage_file }}" - state: touch - owner: "{{ authelia_run_user }}" - group: "{{ authelia_run_group }}" - mode: "0640" - access_time: preserve - modification_time: preserve - when: authelia_config_authentication_backend_file_path | default(false, true) - -- name: Ensure notification reports file exists before mounting it - ansible.builtin.file: - path: "{{ authelia_notification_storage_file }}" - state: touch - owner: "{{ authelia_run_user }}" - group: "{{ authelia_run_group }}" - mode: "0640" - access_time: preserve - modification_time: preserve - when: authelia_config_notifier_filesystem_filename | default(false, true) - -- name: Ensure authelia container image is present - community.docker.docker_image: - name: "{{ authelia_container_image_ref }}" - state: present - source: pull - force_source: "{{ authelia_container_image_force_pull }}" - register: authelia_container_image_info - -- name: Ensure authelia container is running - community.docker.docker_container: - name: "{{ authelia_container_name }}" - image: "{{ authelia_container_image_ref }}" - env: "{{ authelia_container_env }}" - user: "{{ authelia_run_user }}:{{ authelia_run_group }}" - ports: "{{ authelia_container_ports | default(omit, true) }}" - labels: "{{ authelia_container_labels }}" - volumes: "{{ authelia_container_volumes }}" - networks: "{{ authelia_container_networks | default(omit, true) }}" - etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}" - purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}" - restart_policy: "{{ authelia_container_restart_policy }}" - recreate: "{{ authelia_container_recreate | default(omit, true) }}" - state: "{{ authelia_container_state }}" - register: authelia_container_info +- name: Deploy authelia using {{ authelia_deployment_method }} + ansible.builtin.include_tasks: + file: "deploy-{{ authelia_deployment_method }}.yml" diff --git a/roles/authelia/vars/main.yml b/roles/authelia/vars/main.yml index b5791de..d88d124 100644 --- a/roles/authelia/vars/main.yml +++ b/roles/authelia/vars/main.yml @@ -1,4 +1,9 @@ --- +authelia_states: + - "present" + - "absent" +authelia_deployment_methods: + - "docker" authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}" authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}"