feat(elasticsearch): add role for single-node deployment using docker containers

feat(authelia): allow customizing authelia by mapping the asset folder from the host
fix(authelia): notifier.smtp.startup_check_address changed from bool to email address
2022-08-26 09:00:02 +02:00 · 2022-08-26 08:48:36 +02:00 · 2022-08-11 16:52:52 +02:00 · 2022-08-11 16:49:35 +02:00 · 2022-08-11 16:48:21 +02:00 · 2022-08-11 16:40:30 +02:00
9 changed files with 59 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -11,6 +11,10 @@ concise area of concern.
 - [`roles/authelia`](roles/authelia/README.md): Deploys an [authelia.com](https://www.authelia.com)
  instance, an authentication provider with beta OIDC provider support.

+- [`roles/elasticsearch`](roles/elasticsearch/README.md): Deploy [elasticsearch](https://www.docker.elastic.co/r/elasticsearch/elasticsearch-oss),
+  a popular (distributed) search and analytics engine, mostly known by it's
+  letter "E" in the ELK-stack.
+
 - [`roles/gitea`](roles/gitea/README.md): Deploy [gitea.io](https://gitea.io), a
  lightweight, self-hosted git service.

--- a/roles/authelia/defaults/main.yml
+++ b/roles/authelia/defaults/main.yml
@@ -1,6 +1,6 @@
 ---

-authelia_version: 4.34.6
+authelia_version: 4.36.4
 authelia_user: authelia
 authelia_base_dir: /opt/authelia
 authelia_domain: authelia.example.org
@@ -8,6 +8,7 @@ authelia_domain: authelia.example.org
 authelia_config_dir: "{{ authelia_base_dir }}/config"
 authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
 authelia_data_dir: "{{ authelia_base_dir }}/data"
+authelia_asset_dir: "{{ authelia_base_dir }}/assets"
 authelia_sqlite_storage_file: "{{ authelia_data_dir }}/authelia.sqlite3"
 authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
 authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
@@ -42,6 +43,7 @@ authelia_config_default_redirection_url: ~
 authelia_config_server_host: 0.0.0.0
 authelia_config_server_port: "{{ authelia_container_listen_port }}"
 authelia_config_server_path: ""
+authelia_config_server_asset_path: "/config/assets/"
 authelia_config_server_read_buffer_size: 4096
 authelia_config_server_write_buffer_size: 4096
 authelia_config_server_enable_pprof: true
@@ -55,6 +57,8 @@ authelia_config_log_level: info
 authelia_config_log_format: json
 authelia_config_log_file_path: ~
 authelia_config_log_keep_stdout: false
+authelia_config_telemetry_metrics_enabled: false
+authelia_config_telemetry_metrics_address: '0.0.0.0:9959'
 authelia_config_totp_disable: true
 authelia_config_totp_issuer: "{{ authelia_domain }}"
 authelia_config_totp_algorithm: sha1
@@ -76,8 +80,8 @@ authelia_config_ntp_version: 4
 authelia_config_ntp_max_desync: 3s
 authelia_config_ntp_disable_startup_check: false
 authelia_config_ntp_disable_failure: false
-authelia_config_authentication_backend_disable_reset_password: false
 authelia_config_authentication_backend_refresh_interval: 5m
+authelia_config_authentication_backend_password_reset_disable: false
 authelia_config_authentication_backend_password_reset_custom_url: ~
 authelia_config_authentication_backend_ldap_implementation: custom
 authelia_config_authentication_backend_ldap_url: ldap://127.0.0.1:389
@@ -153,7 +157,7 @@ authelia_config_notifier_smtp_timeout: 5s
 authelia_config_notifier_smtp_sender: "Authelia on {{ authelia_domain }} <admin@{{ authelia_domain }}>"
 authelia_config_notifier_smtp_identifier: "{{ authelia_domain }}"
 authelia_config_notifier_smtp_subject: "[Authelia @ {{ authelia_domain }}] {title}"
-authelia_config_notifier_smtp_startup_check_address: false
+authelia_config_notifier_smtp_startup_check_address: "authelia-test@{{ authelia_domain }}"
 authelia_config_notifier_smtp_disable_require_tls: false
 authelia_config_notifier_smtp_disable_html_emails: false
 authelia_config_notifier_smtp_tls_skip_verify: false
--- a/roles/authelia/tasks/main.yml
+++ b/roles/authelia/tasks/main.yml
@@ -14,6 +14,7 @@
    owner: "{{ item.owner | default(authelia_user) }}"
    group: "{{ item.group | default(authelia_user) }}"
    mode: "{{ item.mode | default('0750') }}"
+  when: item.path | default(false, true) | bool
  loop:
    - path: "{{ authelia_base_dir }}"
      mode: "0755"
@@ -21,6 +22,8 @@
      mode: "0750"
    - path: "{{ authelia_data_dir }}"
      mode: "0750"
+    - path: "{{ authelia_asset_dir }}"
+      mode: "0750"

 - name: Ensure config file is generated
  copy:
--- a/roles/authelia/vars/main.yml
+++ b/roles/authelia/vars/main.yml
@@ -5,6 +5,7 @@ authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defi

 authelia_container_base_volumes: >-2
  {{ [ authelia_config_file + ":/config/configuration.yml:ro"]
+    + ([authelia_asset_dir + '/:' + authelia_config_server_asset_path + ':ro'] if authelia_asset_dir | default(false, true) else [])
    + ([ authelia_sqlite_storage_file + ":" + authelia_config_storage_local_path + ":z" ]
      if authelia_config_storage_local_path | default(false, true) else [])
    + ([ authelia_notification_storage_file + ":" + authelia_config_notifier_filesystem_filename + ":z" ]
@@ -21,6 +22,7 @@ authelia_top_level_config:
  theme: "{{ authelia_config_theme }}"
  jwt_secret: "{{ authelia_config_jwt_secret }}"
  log: "{{ authelia_config_log }}"
+  telemetry: "{{ authelia_config_telemetry }}"
  totp: "{{ authelia_config_totp }}"
  webauthn: "{{ authelia_config_webauthn }}"
  duo_api: "{{ authelia_config_duo_api }}"
@@ -49,6 +51,7 @@ authelia_config_server: >-2
      "host": authelia_config_server_host,
      "port": authelia_config_server_port,
      "path": authelia_config_server_path,
+      "asset_path": authelia_config_server_asset_path,
      "read_buffer_size": authelia_config_server_read_buffer_size,
      "write_buffer_size": authelia_config_server_write_buffer_size,
      "enable_pprof": authelia_config_server_enable_pprof,
@@ -72,6 +75,10 @@ authelia_config_log: >-2
    | combine({"keep_stdout": authelia_config_log_keep_stdout}
      if authelia_config_log_file_path | default(false, true) else {})
  }}
+authelia_config_telemetry:
+  metrics:
+    enabled: "{{ authelia_config_telemetry_metrics_enabled }}"
+    address: "{{ authelia_config_telemetry_metrics_address }}"
 authelia_config_totp:
  disable: "{{ authelia_config_totp_disable }}"
  issuer: "{{ authelia_config_totp_issuer }}"
@@ -101,7 +108,6 @@ authelia_config_ntp:
 authelia_config_authentication_backend: >-2
  {{
    {
-      "disable_reset_password": authelia_config_authentication_backend_disable_reset_password,
      "refresh_interval": authelia_config_authentication_backend_refresh_interval,
    }
    | combine({"password_reset": authelia_config_authentication_backend_password_reset}
@@ -112,6 +118,7 @@ authelia_config_authentication_backend: >-2
  }}
 authelia_config_authentication_backend_password_reset:
  custom_url: "{{ authelia_config_authentication_backend_password_reset_custom_url }}"
+  disable: "{{ authelia_config_authentication_backend_password_reset_disable }}"
 authelia_config_authentication_backend_ldap:
  implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}"
  url: "{{ authelia_config_authentication_backend_ldap_url }}"
--- a/roles/elasticsearch/README.md
+++ b/roles/elasticsearch/README.md
@@ -0,0 +1,22 @@
+# `finallycoffee.services.elastiscsearch`
+
+A simple ansible role which deploys a single-node elastic container to provide
+an easy way to do some indexing.
+
+## Usage
+
+Per default, `/opt/elasticsearch/data` is used to persist data, it is
+customizable by using either `elasticsearch_base_path` or `elasticsearch_data_path`.
+
+As elasticsearch be can be quite memory heavy, the maximum amount of allowed RAM
+can be configured using `elasticsearch_allocated_ram_mb`, defaulting to 512 (mb).
+
+The cluster name and discovery type can be overridden using
+`elasticsearch_config_cluster_name` (default: elastic) and
+`elasticsearch_config_discovery_type` (default: single-node), should one
+need a multi-node elasticsearch deployment.
+
+Per default, no ports or networks are mapped, and explizit mapping using
+either ports (`elasticsearch_container_ports`) or networks
+(`elasticsearch_container_networks`) is required in order for other services
+to use elastic.
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,6 +1,6 @@
 ---

-gitea_version: "1.16.8"
+gitea_version: "1.17.0"
 gitea_user: git
 gitea_base_path: "/opt/gitea"
 gitea_data_path: "{{ gitea_base_path }}/data"
--- a/roles/jellyfin/defaults/main.yml
+++ b/roles/jellyfin/defaults/main.yml
@@ -1,6 +1,7 @@
 ---

 jellyfin_user: jellyfin
+jellyfin_version: 10.8.1

 jellyfin_base_path: /opt/jellyfin
 jellyfin_config_path: "{{ jellyfin_base_path }}/config"
@@ -10,11 +11,13 @@ jellyfin_media_volumes: []

 jellyfin_container_name: jellyfin
 jellyfin_container_image_name: "docker.io/jellyfin/jellyfin"
-jellyfin_container_image_tag: "latest"
-jellyfin_container_image_ref: "{{ jellyfin_container_image_name }}:{{ jellyfin_container_image_tag }}"
+jellyfin_container_image_tag: ~
+jellyfin_container_image_ref: "{{ jellyfin_container_image_name }}:{{ jellyfin_container_image_tag | default(jellyfin_version, true) }}"
 jellyfin_container_network_mode: host
 jellyfin_container_networks: ~
 jellyfin_container_volumes: "{{ jellyfin_container_base_volumes + jellyfin_media_volumes }}"
+jellyfin_container_labels: "{{ jellyfin_container_base_labels | combine(jellyfin_container_extra_labels) }}"
+jellyfin_container_extra_labels: {}
 jellyfin_container_restart_policy: "unless-stopped"

 jellyfin_host_directories:
--- a/roles/jellyfin/tasks/main.yml
+++ b/roles/jellyfin/tasks/main.yml
@@ -21,13 +21,18 @@
    name: "{{ jellyfin_container_image_ref }}"
    state: present
    source: pull
-    force_source: "{{ jellyfin_container_image_tag in ['stable', 'unstable'] }}"
+    force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
+  register: jellyfin_container_image_pull_result
+  until: jellyfin_container_image_pull_result is succeeded
+  retries: 5
+  delay: 3

 - name: Ensure container '{{ jellyfin_container_name }}' is running
  docker_container:
    name: "{{ jellyfin_container_name }}"
    image: "{{ jellyfin_container_image_ref }}"
    user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
+    labels: "{{ jellyfin_container_labels }}"
    volumes: "{{ jellyfin_container_volumes }}"
    networks: "{{ jellyfin_container_networks | default(omit, True) }}"
    network_mode: "{{ jellyfin_container_network_mode }}"
--- a/roles/jellyfin/vars/main.yml
+++ b/roles/jellyfin/vars/main.yml
@@ -3,3 +3,6 @@
 jellyfin_container_base_volumes:
  - "{{ jellyfin_config_path }}:/config:z"
  - "{{ jellyfin_cache_path }}:/cache:z"
+
+jellyfin_container_base_labels:
+  version: "{{ jellyfin_version }}"
Author	SHA1	Message	Date
Johanna Dorothea Reichmann	1fe626fad5	feat(elasticsearch): add role for single-node deployment using docker containers	2022-08-26 09:00:02 +02:00
Johanna Dorothea Reichmann	d4858c89f4	feat(authelia): allow customizing authelia by mapping the asset folder from the host	2022-08-26 08:48:36 +02:00
Johanna Dorothea Reichmann	6658d7226c	fix(authelia): notifier.smtp.startup_check_address changed from bool to email address	2022-08-11 16:52:52 +02:00
Johanna Dorothea Reichmann	36224d0531	fix(authelia): prometheus metrics config was wrongly scoped to toplevel telemetry key	2022-08-11 16:49:35 +02:00
Johanna Dorothea Reichmann	24be358a46	chore(authelia): authentication_backend.disable_password_reset was deprecated	2022-08-11 16:48:21 +02:00
Johanna Dorothea Reichmann	c38e4f34dd	update(authelia): bump version to 4.36.4	2022-08-11 16:40:30 +02:00
Johanna Dorothea Reichmann	10a9779996	update(gitea): bump version to 1.17.0	2022-08-06 16:32:11 +02:00
Johanna Dorothea Reichmann	b635a00a34	update(jellyfin): bump version to 10.8.1, switch to versioned role	2022-07-17 15:59:19 +02:00
Johanna Dorothea Reichmann	159c4fda30	update(gitea): bump version to 1.16.9	2022-07-17 15:52:51 +02:00
Johanna Dorothea Reichmann	1e104bf1fb	update(authelia): bump version to 4.36.2	2022-07-17 15:51:34 +02:00