2022-08-26 07:09:59 +00:00
7 changed files with 100 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -11,6 +11,10 @@ concise area of concern.
 - [`roles/authelia`](roles/authelia/README.md): Deploys an [authelia.com](https://www.authelia.com)
  instance, an authentication provider with beta OIDC provider support.
 - [`roles/elasticsearch`](roles/elasticsearch/README.md): Deploy [elasticsearch](https://www.docker.elastic.co/r/elasticsearch/elasticsearch-oss),
  a popular (distributed) search and analytics engine, mostly known by it's
  letter "E" in the ELK-stack.
 - [`roles/gitea`](roles/gitea/README.md): Deploy [gitea.io](https://gitea.io), a
  lightweight, self-hosted git service.
--- a/roles/authelia/defaults/main.yml
+++ b/roles/authelia/defaults/main.yml
@ -8,6 +8,7 @@ authelia_domain: authelia.example.org
 authelia_config_dir: "{{ authelia_base_dir }}/config"
 authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
 authelia_data_dir: "{{ authelia_base_dir }}/data"
 authelia_asset_dir: "{{ authelia_base_dir }}/assets"
 authelia_sqlite_storage_file: "{{ authelia_data_dir }}/authelia.sqlite3"
 authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
 authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
@ -42,6 +43,7 @@ authelia_config_default_redirection_url: ~
 authelia_config_server_host: 0.0.0.0
 authelia_config_server_port: "{{ authelia_container_listen_port }}"
 authelia_config_server_path: ""
 authelia_config_server_asset_path: "/config/assets/"
 authelia_config_server_read_buffer_size: 4096
 authelia_config_server_write_buffer_size: 4096
 authelia_config_server_enable_pprof: true
--- a/roles/authelia/tasks/main.yml
+++ b/roles/authelia/tasks/main.yml
@ -14,6 +14,7 @@
    owner: "{{ item.owner | default(authelia_user) }}"
    group: "{{ item.group | default(authelia_user) }}"
    mode: "{{ item.mode | default('0750') }}"
  when: item.path | default(false, true) | bool
  loop:
    - path: "{{ authelia_base_dir }}"
      mode: "0755"
@ -21,6 +22,8 @@
      mode: "0750"
    - path: "{{ authelia_data_dir }}"
      mode: "0750"
    - path: "{{ authelia_asset_dir }}"
      mode: "0750"
 - name: Ensure config file is generated
  copy:
--- a/roles/authelia/vars/main.yml
+++ b/roles/authelia/vars/main.yml
@ -5,6 +5,7 @@ authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defi
 authelia_container_base_volumes: >-2
  {{ [ authelia_config_file + ":/config/configuration.yml:ro"]
    + ([authelia_asset_dir + '/:' + authelia_config_server_asset_path + ':ro'] if authelia_asset_dir | default(false, true) else [])
    + ([ authelia_sqlite_storage_file + ":" + authelia_config_storage_local_path + ":z" ]
      if authelia_config_storage_local_path | default(false, true) else [])
    + ([ authelia_notification_storage_file + ":" + authelia_config_notifier_filesystem_filename + ":z" ]
@ -50,6 +51,7 @@ authelia_config_server: >-2
      "host": authelia_config_server_host,
      "port": authelia_config_server_port,
      "path": authelia_config_server_path,
      "asset_path": authelia_config_server_asset_path,
      "read_buffer_size": authelia_config_server_read_buffer_size,
      "write_buffer_size": authelia_config_server_write_buffer_size,
      "enable_pprof": authelia_config_server_enable_pprof,
--- a/roles/elasticsearch/README.md
+++ b/roles/elasticsearch/README.md
@ -0,0 +1,22 @@
 # `finallycoffee.services.elastiscsearch`
 A simple ansible role which deploys a single-node elastic container to provide
 an easy way to do some indexing.
 ## Usage
 Per default, `/opt/elasticsearch/data` is used to persist data, it is
 customizable by using either `elasticsearch_base_path` or `elasticsearch_data_path`.
 As elasticsearch be can be quite memory heavy, the maximum amount of allowed RAM
 can be configured using `elasticsearch_allocated_ram_mb`, defaulting to 512 (mb).
 The cluster name and discovery type can be overridden using
 `elasticsearch_config_cluster_name` (default: elastic) and
 `elasticsearch_config_discovery_type` (default: single-node), should one
 need a multi-node elasticsearch deployment.
 Per default, no ports or networks are mapped, and explizit mapping using
 either ports (`elasticsearch_container_ports`) or networks
 (`elasticsearch_container_networks`) is required in order for other services
 to use elastic.
--- a/roles/elasticsearch/defaults/main.yml
+++ b/roles/elasticsearch/defaults/main.yml
@ -0,0 +1,35 @@
 ---
 elasticsearch_version: 7.10.2
 elasticsearch_base_path: /opt/elasticsearch
 elasticsearch_data_path: "{{ elasticsearch_base_path }}/data"
 elasticsearch_config_cluster_name: elastic
 elasticsearch_config_discovery_type: single-node
 elasticsearch_config_boostrap_memory_lock: true
 elasticsearch_allocated_ram_mb: 512
 elasticsearch_container_image_name: docker.elastic.co/elasticsearch/elasticsearch-oss
 elasticsearch_container_image_tag: ~
 elasticsearch_container_image: >-
  {{ elasticsearch_container_image_name }}:{{ elasticsearch_container_image_tag | default(elasticsearch_version, true) }}
 elasticsearch_container_name: elasticsearch
 elasticsearch_container_env:
  "ES_JAVA_OPTS": "-Xms{{ elasticsearch_allocated_ram_mb }}m -Xmx{{ elasticsearch_allocated_ram_mb }}m"
  "cluster.name": "{{ elasticsearch_config_cluster_name }}"
  "discovery.type": "{{ elasticsearch_config_discovery_type }}"
  "bootstrap.memory_lock": "{{ 'true' if elasticsearch_config_boostrap_memory_lock else 'false' }}"
 elasticsearch_container_user: ~
 elasticsearch_container_ports: ~
 elasticsearch_container_labels:
  version: "{{ elasticsearch_version }}"
 elasticsearch_container_ulimits:
 #  - "memlock:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}"
  - "memlock:-1:-1"
 elasticsearch_container_volumes:
  - "{{ elasticsearch_data_path }}:/usr/share/elasticsearch/data:z"
 elasticsearch_container_networks: ~
 elasticsearch_container_purge_networks: ~
 elasticsearch_container_restart_policy: unless-stopped
--- a/roles/elasticsearch/tasks/main.yml
+++ b/roles/elasticsearch/tasks/main.yml
@ -0,0 +1,32 @@
 ---
 - name: Ensure host directories are present
  file:
    path: "{{ item }}"
    state: directory
    mode: "0777"
  loop:
    - "{{ elasticsearch_base_path }}"
    - "{{ elasticsearch_data_path }}"
 - name: Ensure elastic container image is present
  docker_image:
    name: "{{ elasticsearch_container_image }}"
    state: present
    source: pull
    force_source: "{{ elasticsearch_container_image_tag|default(false, true)|bool }}"
 - name: Ensure elastic container is running
  docker_container:
    name: "{{ elasticsearch_container_name }}"
    image: "{{ elasticsearch_container_image }}"
    env: "{{ elasticsearch_container_env | default(omit, True) }}"
    user: "{{ elasticsearch_container_user | default(omit, True) }}"
    ports: "{{ elasticsearch_container_ports | default(omit, True) }}"
    labels: "{{ elasticsearch_container_labels | default(omit, True) }}"
    volumes: "{{ elasticsearch_container_volumes }}"
    ulimits: "{{ elasticsearch_container_ulimits }}"
    networks: "{{ elasticsearch_container_networks | default(omit, True) }}"
    purge_networks: "{{ elasticsearch_container_purge_networks | default(omit, True) }}"
    restart_policy: "{{ elasticsearch_container_restart_policy }}"
    state: started