diff --git a/README.md b/README.md index 0ef44c3..00949c0 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,9 @@ authentik_db_password: "changeme" authentik_db_port: "5432" ``` -Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details. +You can expose PostgreSQL to the outside world (e.g. for backup) by defining `authentik_db_container_public_port` to a valid port number. + +**Note**:Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details. ### SMTP configuration diff --git a/defaults/main.yml b/defaults/main.yml index ea19f8a..7a92e41 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,6 +15,7 @@ authentik_db: "authentik" authentik_db_user: "authentik" authentik_db_password: "changeme" authentik_db_port: "5432" +authentik_db_container_public_port: # SMTP configuration # diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml index dedb0c7..c6ca727 100644 --- a/molecule/default/cleanup.yml +++ b/molecule/default/cleanup.yml @@ -1,6 +1,7 @@ --- - name: Clean up hosts: all + gather_facts: true tasks: - name: Check if the docker-compose file exists. ansible.builtin.stat: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f6e740f..1f656ca 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -20,3 +20,4 @@ roles: - role: laurivan.authentik + diff --git a/molecule/default/create-old.yml b/molecule/default/create-old.yml deleted file mode 100644 index 39c83d2..0000000 --- a/molecule/default/create-old.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - # gather_facts: false - no_log: "{{ molecule_no_log }}" - tasks: - - # TODO: Developer must implement and populate 'server' variable - - - when: server.changed | default(false) | bool - block: - - name: Populate instance config dict - ansible.builtin.set_fact: - instance_conf_dict: { - 'instance': "{{ }}", - 'address': "{{ }}", - 'user': "{{ }}", - 'port': "{{ }}", - 'identity_file': "{{ }}", } - with_items: "{{ server.results }}" - register: instance_config_dict - - - name: Convert instance config dict to a list - ansible.builtin.set_fact: - instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" - - - name: Dump instance config - ansible.builtin.copy: - content: | - # Molecule managed - - {{ instance_conf | to_json | from_json | to_yaml }} - dest: "{{ molecule_instance_config }}" - mode: 0600 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index e1c4919..e3697e9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,7 +10,7 @@ dependency: driver: name: docker platforms: - - name: instance-authentik + - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index a81b466..07ac131 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,12 +1,12 @@ --- - name: Setup the test machine - hosts: all + hosts: instance tasks: - - name: create docker.sock + - name: Create docker.sock raw: touch /var/run/docker.sock become: true changed_when: false - - name: move docker.sock from tmp + - name: Move docker.sock from tmp raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock become: true changed_when: false diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 56caaf8..b745bf6 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -2,4 +2,4 @@ roles: - geerlingguy.docker collections: - - community.docker \ No newline at end of file + # - community.docker \ No newline at end of file diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 index d8e04aa..0de0404 100644 --- a/templates/docker-compose.yml.j2 +++ b/templates/docker-compose.yml.j2 @@ -11,6 +11,12 @@ services: interval: 30s retries: 5 timeout: 5s +{% if authentik_db_container_public_port %} + ports: + - "{{ authentik_db_container_public_port }}:5432" +{% endif %} + networks: + - authentik volumes: - {{ authentik_volume_db }}:/var/lib/postgresql/data - /etc/timezone:/etc/timezone:ro @@ -31,6 +37,8 @@ services: interval: 30s retries: 5 timeout: 3s + networks: + - authentik volumes: - {{ authentik_volume_redis }}:/data - /etc/timezone:/etc/timezone:ro @@ -47,6 +55,8 @@ services: AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}" # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" # WORKERS: 2 + networks: + - authentik volumes: - {{ authentik_volume_media }}:/media - {{ authentik_volume_templates }}:/templates @@ -73,6 +83,8 @@ services: # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 # - The docker socket can't be accessed anymore user: root + networks: + - authentik volumes: - {{ authentik_volume_media }}:/media - {{ authentik_volume_certs }}:/certs @@ -92,4 +104,8 @@ services: - /etc/localtime:/etc/localtime:ro env_file: - {{ authentik_volume_config }}/env.authentik.conf -{% endif %} \ No newline at end of file +{% endif %} +# Custom network +networks: + authentik: + name: authentik