Dev/ansible-role-authentik
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up molecule configuration.

Browse Source 
Allow PostgreSQL to be exposed for backup.
Create network.
This commit is contained in:
Laur Ivan 2022-09-19 17:08:23 +02:00
parent 5932c1bf58
commit 35dcd22825
9 changed files with 28 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -80,7 +80,9 @@ authentik_db_password: "changeme"
authentik_db_port: "5432" authentik_db_port: "5432"
``` ```
Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details. You can expose PostgreSQL to the outside world (e.g. for backup) by defining `authentik_db_container_public_port` to a valid port number.
**Note**:Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.
### SMTP configuration ### SMTP configuration

1
defaults/main.yml
View File

@ -15,6 +15,7 @@ authentik_db: "authentik"
authentik_db_user: "authentik" authentik_db_user: "authentik"
authentik_db_password: "changeme" authentik_db_password: "changeme"
authentik_db_port: "5432" authentik_db_port: "5432"
authentik_db_container_public_port:
# SMTP configuration # SMTP configuration
# #

1
molecule/default/cleanup.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Clean up - name: Clean up
hosts: all hosts: all
gather_facts: true
tasks: tasks:
- name: Check if the docker-compose file exists. - name: Check if the docker-compose file exists.
ansible.builtin.stat: ansible.builtin.stat:

1
molecule/default/converge.yml
View File

@ -20,3 +20,4 @@
roles: roles:
- role: laurivan.authentik - role: laurivan.authentik

35
molecule/default/create-old.yml
View File

@ -1,35 +0,0 @@
---
- name: Create
hosts: localhost
connection: local
# gather_facts: false
no_log: "{{ molecule_no_log }}"
tasks:
# TODO: Developer must implement and populate 'server' variable
- when: server.changed | default(false) | bool
block:
- name: Populate instance config dict
ansible.builtin.set_fact:
instance_conf_dict: {
'instance': "{{ }}",
'address': "{{ }}",
'user': "{{ }}",
'port': "{{ }}",
'identity_file': "{{ }}", }
with_items: "{{ server.results }}"
register: instance_config_dict
- name: Convert instance config dict to a list
ansible.builtin.set_fact:
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
- name: Dump instance config
ansible.builtin.copy:
content: |
# Molecule managed
{{ instance_conf | to_json | from_json | to_yaml }}
dest: "{{ molecule_instance_config }}"
mode: 0600

2
molecule/default/molecule.yml
View File

@ -10,7 +10,7 @@ dependency:
driver: driver:
name: docker name: docker
platforms: platforms:
- name: instance-authentik - name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""} command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes: volumes:

6
molecule/default/prepare.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Setup the test machine - name: Setup the test machine
hosts: all hosts: instance
tasks: tasks:
- name: create docker.sock - name: Create docker.sock
raw: touch /var/run/docker.sock raw: touch /var/run/docker.sock
become: true become: true
changed_when: false changed_when: false
- name: move docker.sock from tmp - name: Move docker.sock from tmp
raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock
become: true become: true
changed_when: false changed_when: false

2
molecule/requirements.yml
View File

@ -2,4 +2,4 @@
roles: roles:
- geerlingguy.docker - geerlingguy.docker
collections: collections:
- community.docker # - community.docker

16
templates/docker-compose.yml.j2
View File

@ -11,6 +11,12 @@ services:
interval: 30s interval: 30s
retries: 5 retries: 5
timeout: 5s timeout: 5s
{% if authentik_db_container_public_port %}
ports:
- "{{ authentik_db_container_public_port }}:5432"
{% endif %}
networks:
- authentik
volumes: volumes:
- {{ authentik_volume_db }}:/var/lib/postgresql/data - {{ authentik_volume_db }}:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
@ -31,6 +37,8 @@ services:
interval: 30s interval: 30s
retries: 5 retries: 5
timeout: 3s timeout: 3s
networks:
- authentik
volumes: volumes:
- {{ authentik_volume_redis }}:/data - {{ authentik_volume_redis }}:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
@ -47,6 +55,8 @@ services:
AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}" AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}"
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true" # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# WORKERS: 2 # WORKERS: 2
networks:
- authentik
volumes: volumes:
- {{ authentik_volume_media }}:/media - {{ authentik_volume_media }}:/media
- {{ authentik_volume_templates }}:/templates - {{ authentik_volume_templates }}:/templates
@ -73,6 +83,8 @@ services:
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
# - The docker socket can't be accessed anymore # - The docker socket can't be accessed anymore
user: root user: root
networks:
- authentik
volumes: volumes:
- {{ authentik_volume_media }}:/media - {{ authentik_volume_media }}:/media
- {{ authentik_volume_certs }}:/certs - {{ authentik_volume_certs }}:/certs
@ -93,3 +105,7 @@ services:
env_file: env_file:
- {{ authentik_volume_config }}/env.authentik.conf - {{ authentik_volume_config }}/env.authentik.conf
{% endif %} {% endif %}
# Custom network
networks:
authentik:
name: authentik