diff --git a/.gitignore b/.gitignore index fb88c3a..bcb54e9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,6 @@ */__pycache__ *.pyc .cache -.venv \ No newline at end of file +.venv +.env.yml +docker-compose.yml \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml index 5d7786d..cc9732e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,9 +11,11 @@ authentik_error_reporting: "false" # Because of a PostgreSQL limitation, only passwords up to 99 chars are supported # See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com +authentik_db_host: "postgresql" authentik_db: "authentik" authentik_db_user: "authentik" authentik_db_password: "changeme" +authentik_db_port: "5432" # SMTP configuration # @@ -56,4 +58,10 @@ authentik_volume_templates: "{{ authentik_volume_base }}/templates" # db authentik_volume_db: "{{ authentik_volume_base }}/db" # redis -authentik_volume_redis: "{{ authentik_volume_base }}/redis" \ No newline at end of file +authentik_volume_redis: "{{ authentik_volume_base }}/redis" + +# geoip credentials +geoip_account_id: +geoip_license_key: +geoip_update_edition_ids: "GeoLite2-City GeoLite2-Country" +geoip_update_frequency: "8" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b48a918..f6e740f 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,11 +3,6 @@ hosts: all # gather_facts: false pre_tasks: - - name: Install docker - vars: - docker_service_manage: false - include_role: - name: geerlingguy.docker - name: Update apt cache. apt: update_cache=yes cache_valid_time=600 when: ansible_os_family == 'Debian' @@ -17,6 +12,11 @@ - requests - docker - docker-compose + - name: Install docker + vars: + docker_service_manage: false + include_role: + name: geerlingguy.docker roles: - role: laurivan.authentik diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 2e74ab0..e1c4919 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -5,8 +5,8 @@ dependency: options: ignore-certs: true ignore-errors: true - role-file: molecule/default/requirements.yml - requirements-file: molecule/default/requirements.yml + role-file: molecule/requirements.yml + requirements-file: molecule/requirements.yml driver: name: docker platforms: @@ -15,7 +15,7 @@ platforms: command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - /var/run/docker.sock:/tmp/docker.sock + - /var/run/docker.sock:/tmp/docker_mounted.sock privileged: true pre_build_image: true provisioner: diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 8d23523..3394f1d 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,5 +1,5 @@ --- -- name: Setup the intragate machine +- name: Setup the test machine hosts: instance-authentik tasks: - name: create docker.sock @@ -7,6 +7,6 @@ become: true changed_when: false - name: move docker.sock from tmp - raw: mount --move /tmp/docker.sock /var/run/docker.sock + raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock become: true changed_when: false diff --git a/molecule/default/requirements.yml b/molecule/requirements.yml similarity index 73% rename from molecule/default/requirements.yml rename to molecule/requirements.yml index 626d077..56caaf8 100644 --- a/molecule/default/requirements.yml +++ b/molecule/requirements.yml @@ -2,5 +2,4 @@ roles: - geerlingguy.docker collections: - # - community.general - community.docker \ No newline at end of file diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 index ab8a421..f723aa8 100644 --- a/templates/docker-compose.yml.j2 +++ b/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ version: '3.4' services: - postgresql-authentik: + postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: @@ -19,9 +19,7 @@ services: - POSTGRES_DB={{ authentik_db }} env_file: - {{ authentik_volume_config }}/env.authentik.conf - networks: - - authentik - redis-authentik: + redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped @@ -33,15 +31,18 @@ services: timeout: 3s volumes: - {{ authentik_volume_redis }}:/data - networks: - - authentik + adminer: + image: adminer + restart: always + ports: + - 8080:8080 server: image: ghcr.io/goauthentik/server:{{ authentik_image_version }} restart: unless-stopped command: server environment: - AUTHENTIK_REDIS__HOST: redis-authentik - AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: "{{ authentik_db }}" AUTHENTIK_POSTGRESQL__USER: "{{ authentik_db_user }}" AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}" @@ -56,15 +57,13 @@ services: ports: - "0.0.0.0:{{ authentik_port_http }}:9000" - "0.0.0.0:{{ authentik_port_https }}:9443" - networks: - - authentik worker: image: ghcr.io/goauthentik/server:{{ authentik_image_version }} restart: unless-stopped command: worker environment: - AUTHENTIK_REDIS__HOST: redis-authentik - AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: "{{ authentik_db }}" AUTHENTIK_POSTGRESQL__USER: "{{ authentik_db_user }}" AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}" @@ -85,13 +84,5 @@ services: image: "maxmindinc/geoipupdate:latest" volumes: - "{{ authentik_volume_geoip }}:/usr/share/GeoIP" - environment: - GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" - GEOIPUPDATE_FREQUENCY: "8" env_file: - {{ authentik_volume_config }}/env.authentik.conf - networks: - - authentik - -networks: - authentik: {} diff --git a/templates/env.authentik.conf.j2 b/templates/env.authentik.conf.j2 index bcff2f2..d96f515 100644 --- a/templates/env.authentik.conf.j2 +++ b/templates/env.authentik.conf.j2 @@ -24,15 +24,15 @@ AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting }} # REDIS # -AUTHENTIK_REDIS__HOST=redis-authentik +AUTHENTIK_REDIS__HOST=redis # DB # -AUTHENTIK_POSTGRESQL__HOST=db-authentik +AUTHENTIK_POSTGRESQL__HOST={{ authentik_db_host }} AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }} AUTHENTIK_POSTGRESQL__NAME=authentik AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }} - +AUTHENTIK_POSTGRESQL__PORT={{ authentik_db_port }} # AUTHENTIK_LOG_LEVEL=debug # Air-gapped environment @@ -44,3 +44,9 @@ AUTHENTIK_AVATARS=none # First-time password AK_ADMIN_PASS=akadmin +# GEOIP +GEOIPUPDATE_ACCOUNT_ID={{geoip_account_id}} +GEOIPUPDATE_LICENSE_KEY={{geoip_license_key}} +GEOIPUPDATE_EDITION_IDS={{geoip_update_edition_ids}} +GEOIPUPDATE_FREQUENCY={{geoip_update_frequency}} +