From d4858c89f4ac1666c910d50e525dd7c399548db9 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Fri, 26 Aug 2022 08:48:36 +0200
Subject: [PATCH 1/2] feat(authelia): allow customizing authelia by mapping the
 asset folder from the host

---
 roles/authelia/defaults/main.yml | 2 ++
 roles/authelia/tasks/main.yml    | 3 +++
 roles/authelia/vars/main.yml     | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/roles/authelia/defaults/main.yml b/roles/authelia/defaults/main.yml
index bec94b5..658060d 100644
--- a/roles/authelia/defaults/main.yml
+++ b/roles/authelia/defaults/main.yml
@@ -8,6 +8,7 @@ authelia_domain: authelia.example.org
 authelia_config_dir: "{{ authelia_base_dir }}/config"
 authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
 authelia_data_dir: "{{ authelia_base_dir }}/data"
+authelia_asset_dir: "{{ authelia_base_dir }}/assets"
 authelia_sqlite_storage_file: "{{ authelia_data_dir }}/authelia.sqlite3"
 authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
 authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
@@ -42,6 +43,7 @@ authelia_config_default_redirection_url: ~
 authelia_config_server_host: 0.0.0.0
 authelia_config_server_port: "{{ authelia_container_listen_port }}"
 authelia_config_server_path: ""
+authelia_config_server_asset_path: "/config/assets/"
 authelia_config_server_read_buffer_size: 4096
 authelia_config_server_write_buffer_size: 4096
 authelia_config_server_enable_pprof: true
diff --git a/roles/authelia/tasks/main.yml b/roles/authelia/tasks/main.yml
index 52b4e32..0baf7a6 100644
--- a/roles/authelia/tasks/main.yml
+++ b/roles/authelia/tasks/main.yml
@@ -14,6 +14,7 @@
     owner: "{{ item.owner | default(authelia_user) }}"
     group: "{{ item.group | default(authelia_user) }}"
     mode: "{{ item.mode | default('0750') }}"
+  when: item.path | default(false, true) | bool
   loop:
     - path: "{{ authelia_base_dir }}"
       mode: "0755"
@@ -21,6 +22,8 @@
       mode: "0750"
     - path: "{{ authelia_data_dir }}"
       mode: "0750"
+    - path: "{{ authelia_asset_dir }}"
+      mode: "0750"
 
 - name: Ensure config file is generated
   copy:
diff --git a/roles/authelia/vars/main.yml b/roles/authelia/vars/main.yml
index 8d6b7c7..835f18e 100644
--- a/roles/authelia/vars/main.yml
+++ b/roles/authelia/vars/main.yml
@@ -5,6 +5,7 @@ authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defi
 
 authelia_container_base_volumes: >-2
   {{ [ authelia_config_file + ":/config/configuration.yml:ro"]
+    + ([authelia_asset_dir + '/:' + authelia_config_server_asset_path + ':ro'] if authelia_asset_dir | default(false, true) else [])
     + ([ authelia_sqlite_storage_file + ":" + authelia_config_storage_local_path + ":z" ]
       if authelia_config_storage_local_path | default(false, true) else [])
     + ([ authelia_notification_storage_file + ":" + authelia_config_notifier_filesystem_filename + ":z" ]
@@ -50,6 +51,7 @@ authelia_config_server: >-2
       "host": authelia_config_server_host,
       "port": authelia_config_server_port,
       "path": authelia_config_server_path,
+      "asset_path": authelia_config_server_asset_path,
       "read_buffer_size": authelia_config_server_read_buffer_size,
       "write_buffer_size": authelia_config_server_write_buffer_size,
       "enable_pprof": authelia_config_server_enable_pprof,
-- 
2.45.2


From 1fe626fad5190729c9e356c974a2382ee0f1b038 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Sun, 1 May 2022 11:46:47 +0200
Subject: [PATCH 2/2] feat(elasticsearch): add role for single-node deployment
 using docker containers

---
 README.md                             |  4 +++
 roles/elasticsearch/README.md         | 22 +++++++++++++++++
 roles/elasticsearch/defaults/main.yml | 35 +++++++++++++++++++++++++++
 roles/elasticsearch/tasks/main.yml    | 32 ++++++++++++++++++++++++
 4 files changed, 93 insertions(+)
 create mode 100644 roles/elasticsearch/README.md
 create mode 100644 roles/elasticsearch/defaults/main.yml
 create mode 100644 roles/elasticsearch/tasks/main.yml

diff --git a/README.md b/README.md
index 95f2f10..ccba494 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,10 @@ concise area of concern.
 - [`roles/authelia`](roles/authelia/README.md): Deploys an [authelia.com](https://www.authelia.com)
   instance, an authentication provider with beta OIDC provider support.
 
+- [`roles/elasticsearch`](roles/elasticsearch/README.md): Deploy [elasticsearch](https://www.docker.elastic.co/r/elasticsearch/elasticsearch-oss),
+  a popular (distributed) search and analytics engine, mostly known by it's
+  letter "E" in the ELK-stack.
+
 - [`roles/gitea`](roles/gitea/README.md): Deploy [gitea.io](https://gitea.io), a
   lightweight, self-hosted git service.
 
diff --git a/roles/elasticsearch/README.md b/roles/elasticsearch/README.md
new file mode 100644
index 0000000..83290ec
--- /dev/null
+++ b/roles/elasticsearch/README.md
@@ -0,0 +1,22 @@
+# `finallycoffee.services.elastiscsearch`
+
+A simple ansible role which deploys a single-node elastic container to provide
+an easy way to do some indexing.
+
+## Usage
+
+Per default, `/opt/elasticsearch/data` is used to persist data, it is
+customizable by using either `elasticsearch_base_path` or `elasticsearch_data_path`.
+
+As elasticsearch be can be quite memory heavy, the maximum amount of allowed RAM
+can be configured using `elasticsearch_allocated_ram_mb`, defaulting to 512 (mb).
+
+The cluster name and discovery type can be overridden using
+`elasticsearch_config_cluster_name` (default: elastic) and
+`elasticsearch_config_discovery_type` (default: single-node), should one
+need a multi-node elasticsearch deployment.
+
+Per default, no ports or networks are mapped, and explizit mapping using
+either ports (`elasticsearch_container_ports`) or networks
+(`elasticsearch_container_networks`) is required in order for other services
+to use elastic.
diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml
new file mode 100644
index 0000000..2cd112c
--- /dev/null
+++ b/roles/elasticsearch/defaults/main.yml
@@ -0,0 +1,35 @@
+---
+
+elasticsearch_version: 7.10.2
+
+elasticsearch_base_path: /opt/elasticsearch
+elasticsearch_data_path: "{{ elasticsearch_base_path }}/data"
+
+elasticsearch_config_cluster_name: elastic
+elasticsearch_config_discovery_type: single-node
+elasticsearch_config_boostrap_memory_lock: true
+elasticsearch_allocated_ram_mb: 512
+
+elasticsearch_container_image_name: docker.elastic.co/elasticsearch/elasticsearch-oss
+elasticsearch_container_image_tag: ~
+elasticsearch_container_image: >-
+  {{ elasticsearch_container_image_name }}:{{ elasticsearch_container_image_tag | default(elasticsearch_version, true) }}
+
+elasticsearch_container_name: elasticsearch
+elasticsearch_container_env:
+  "ES_JAVA_OPTS": "-Xms{{ elasticsearch_allocated_ram_mb }}m -Xmx{{ elasticsearch_allocated_ram_mb }}m"
+  "cluster.name": "{{ elasticsearch_config_cluster_name }}"
+  "discovery.type": "{{ elasticsearch_config_discovery_type }}"
+  "bootstrap.memory_lock": "{{ 'true' if elasticsearch_config_boostrap_memory_lock else 'false' }}"
+elasticsearch_container_user: ~
+elasticsearch_container_ports: ~
+elasticsearch_container_labels:
+  version: "{{ elasticsearch_version }}"
+elasticsearch_container_ulimits:
+#  - "memlock:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}"
+  - "memlock:-1:-1"
+elasticsearch_container_volumes:
+  - "{{ elasticsearch_data_path }}:/usr/share/elasticsearch/data:z"
+elasticsearch_container_networks: ~
+elasticsearch_container_purge_networks: ~
+elasticsearch_container_restart_policy: unless-stopped
diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml
new file mode 100644
index 0000000..76595bf
--- /dev/null
+++ b/roles/elasticsearch/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Ensure host directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0777"
+  loop:
+    - "{{ elasticsearch_base_path }}"
+    - "{{ elasticsearch_data_path }}"
+
+- name: Ensure elastic container image is present
+  docker_image:
+    name: "{{ elasticsearch_container_image }}"
+    state: present
+    source: pull
+    force_source: "{{ elasticsearch_container_image_tag|default(false, true)|bool }}"
+
+- name: Ensure elastic container is running
+  docker_container:
+    name: "{{ elasticsearch_container_name }}"
+    image: "{{ elasticsearch_container_image }}"
+    env: "{{ elasticsearch_container_env | default(omit, True) }}"
+    user: "{{ elasticsearch_container_user | default(omit, True) }}"
+    ports: "{{ elasticsearch_container_ports | default(omit, True) }}"
+    labels: "{{ elasticsearch_container_labels | default(omit, True) }}"
+    volumes: "{{ elasticsearch_container_volumes }}"
+    ulimits: "{{ elasticsearch_container_ulimits }}"
+    networks: "{{ elasticsearch_container_networks | default(omit, True) }}"
+    purge_networks: "{{ elasticsearch_container_purge_networks | default(omit, True) }}"
+    restart_policy: "{{ elasticsearch_container_restart_policy }}"
+    state: started
-- 
2.45.2