Dev/ansible-role-authentik
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added documentation.

Browse Source
This commit is contained in:
Laur Ivan 2022-09-18 09:05:00 +02:00
parent b4af47519d
commit 232ab9ec59
2 changed files with 153 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
README.md
View File

@ -1,38 +1,181 @@
Role Name
=========
A brief description of the role goes here.
This role installs [Authentik](https://goauthentik.io/) via a docker-compose file.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Your machine needs to have *docker* and *docker-compose* installed
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
This role uses the variables listed below, along with default values (see defaults/main.yml).
### Volumes
Authentik has various components (db, redis, geoIP); a **path-based** volume is defined for each:
```yml
# base path to be used by others as default
authentik_volume_base: "/mnt/authentik"
# media
authentik_volume_config: "{{ authentik_volume_base }}/config"
# media
authentik_volume_media: "{{ authentik_volume_base }}/media"
# certs for https
authentik_volume_certs: "{{ authentik_volume_base }}/certs"
# geoip db location
authentik_volume_geoip: "{{ authentik_volume_base }}/geoip"
# custom templates
authentik_volume_templates: "{{ authentik_volume_base }}/templates"
# db
authentik_volume_db: "{{ authentik_volume_base }}/db"
# redis
authentik_volume_redis: "{{ authentik_volume_base }}/redis"
```
You should define at least `authentik_volume_base` to point to your desired location. You may want specific volumes pointing to different places, in which case you need to override (some of) the above variables.
### Authentik
You can select the docker image version.
```yml
authentik_image_version: "2022.8.2"
```
Authentik uses a secret key, which you **must** set. You can also set the error reporting flag (see Authentik documentation)
```yml
authentik_secret_key: "changeme"
authentik_error_reporting: "false"
```
You should also define the exported authentik ports (ports mapped from docker):
```yml
authentik_port_http: 80
authentik_port_https: 443
```
You also can define a custom location for the GeoIP database:
```yml
# Allow the DB to be located somewhere else
#
authentik_authentik_geoip: "/geoip/GeoLite2-City.mmdb"
```
### PostgreSQL
Authentik depends on PostgreSQL. All parameters (host, port, database, credentials) are defined below and van be changed:
```yml
authentik_db_host: "postgresql"
authentik_db: "authentik"
authentik_db_user: "authentik"
authentik_db_password: "changeme"
authentik_db_port: "5432"
```
Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.
### SMTP configuration
Authentik needs a SMTP relay to send various emails. Please change the following parameters:
```yml
authentik_email_host: "localhost"
authentik_email_port: "25"
# Optionally authenticate (don't add quotation marks to you password)
authentik_email_username:
authentik_email_password:
# Use StartTLS
authentik_email_use_tls: "false"
# Use SSL
authentik_email_use_ssl: "false"
authentik_email_timeout: "10"
# Email address authentik will send from, should have a correct @domain
authentik_email_from: "authentik@localhost"
```
### GeoIP
By default, the role installs a GeoIP container, where you require credentials. You can disable this via `authentik_geoip_container`.
```yml
# geoip credentials
authentik_geoip_container: true
geoip_account_id:
geoip_license_key:
geoip_update_edition_ids: "GeoLite2-City GeoLite2-Country"
geoip_update_frequency: "8"
```
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
This role needs `community.docker.docker_compose`, which should be available by default.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
A minimal configuration should have the following variables defined:
1. `authentik_volume_base`.
2. `authentik_port_*`,
3. `authentik_db_password`,
4. `authentik_secret_key` and
5. `authentik_geoip_container` as *false*.
```yml
- hosts: servers
vars:
#############################
# Authentik configuration #
#############################
authentik_error_reporting: "false"
authentik_volume_base: "~/authentik"
authentik_port_http: "30001"
authentik_port_https: "30002"
# In secrets:
# authentik_db_password
# authentik_secret_key
#############################
# GeoIP configuration #
#############################
authentik_geoip_container: false
roles:
- 'laurivan.authentik'
```
# Helpers
Once you have installed Authentik, you will need to log in to the system. To do this, you can create a recovery key with the following steps:
1. Log in on the magine where you have Authentik running
2. go to `~/authentik` of the user who ran the ansible role
3. run `docker-compose run --rm server create_recovery_key 10 akadmin`
This will end up with a path along the lines:
> /recovery/use-token/*ReallyLongToken*/
Which you can append to your authentik's server address.
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
MIT
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
This role was created in 2022 by [Laur Ivan](https://www.laurivan.com)

1
defaults/main.yml
View File

@ -1,7 +1,6 @@
---
# defaults file for authentik
authentik_container_name: "authentik"
authentik_image_version: "2022.8.2"
# Don't forget to change the secret key!