150 lines
3.4 KiB
YAML
150 lines
3.4 KiB
YAML
---
|
|
|
|
- name: install certs
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt-certs
|
|
notify: reload nginx
|
|
vars:
|
|
prediff_cmd: echo
|
|
with_items:
|
|
- "{{ authelia_login_url }}"
|
|
- "{{ domain }}"
|
|
|
|
- name: make dirs
|
|
file:
|
|
path: "{{ systemuserlist.authelia.home }}/config"
|
|
state: directory
|
|
mode: 0750
|
|
owner: authelia
|
|
group: authelia
|
|
|
|
- name: make redis dir
|
|
file:
|
|
path: "{{ systemuserlist.authelia.home }}/redis"
|
|
state: directory
|
|
|
|
- name: copy jwt keys
|
|
copy:
|
|
src: "private/authelia/keys/"
|
|
dest: "{{ systemuserlist.authelia.home }}/config/keys/"
|
|
owner: authelia
|
|
group: authelia
|
|
mode: 0600
|
|
|
|
- name: template authelia config
|
|
template:
|
|
src: "private/authelia/config.yml.j2"
|
|
dest: "{{ systemuserlist.authelia.home }}/config/config.yml"
|
|
owner: authelia
|
|
group: authelia
|
|
mode: 0750
|
|
tags:
|
|
- authelia-config
|
|
notify: restart authelia container
|
|
|
|
- name: template robots.txt
|
|
template:
|
|
src: "robots.txt.j2"
|
|
dest: "{{ systemuserlist.authelia.home }}/robots.txt"
|
|
owner: authelia
|
|
group: authelia
|
|
mode: 0755
|
|
tags:
|
|
- authelia-nginx
|
|
- authelia-robots
|
|
notify: reload nginx
|
|
|
|
- name: template nginx vhost
|
|
template:
|
|
src: 01-authelia.conf.j2
|
|
dest: /etc/nginx/sites-enabled/01-authelia
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- nginx
|
|
- authelia-nginx
|
|
notify: reload nginx
|
|
|
|
- name: redis container for authelia
|
|
docker_container:
|
|
name: authelia-redis
|
|
image: "redis:latest"
|
|
restart_policy: "unless-stopped"
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
env:
|
|
REDIS_HOST: authelia-redis
|
|
networks_cli_compatible: no
|
|
network_mode: bridgewithdns
|
|
networks:
|
|
- name: bridgewithdns
|
|
healthcheck:
|
|
interval: 30s
|
|
timeout: 60s
|
|
start_period: 10s
|
|
test: "redis-cli --raw incr ping"
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ systemuserlist.authelia.home }}/redis"
|
|
target: /data
|
|
tags:
|
|
- authelia-container
|
|
- redis
|
|
- docker-containers
|
|
|
|
- name: start container
|
|
docker_container:
|
|
name: authelia
|
|
image: authelia/authelia:latest
|
|
restart_policy: "unless-stopped"
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
user: "{{ systemuserlist.authelia.uid }}:{{ systemuserlist.authelia.gid }}"
|
|
networks_cli_compatible: false
|
|
network_mode: bridgewithdns
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.authelia }}"
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ systemuserlist.authelia.home }}/config"
|
|
target: /config
|
|
read_only: no
|
|
env:
|
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /config/keys/key.pem
|
|
healthcheck:
|
|
interval: 30s
|
|
timeout: 3s
|
|
start_period: 1m
|
|
test: ["/app/healthcheck.sh"]
|
|
# bypass entrypoint file to handle uid/gid
|
|
entrypoint: ["authelia", "--config", "/config/config.yml"]
|
|
tags:
|
|
- authelia-container
|
|
- docker-containers
|
|
|
|
- name: template filebeat config
|
|
template:
|
|
src: filebeat-authelia.yml.j2
|
|
dest: "/etc/filebeat/inputs.d/authelia.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- filebeat
|
|
- filebeat-input
|
|
notify: restart filebeat
|