Sort-of-works.

.gitignore

@@ -2,4 +2,6 @@
 */__pycache__
 *.pyc
 .cache
-.venv
+.venv
+.env.yml
+docker-compose.yml

defaults/main.yml

@@ -11,9 +11,11 @@ authentik_error_reporting: "false"
 
 # Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
 # See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
+authentik_db_host: "postgresql"
 authentik_db: "authentik"
 authentik_db_user: "authentik"
 authentik_db_password: "changeme"
+authentik_db_port: "5432"
 
 # SMTP configuration
 #
@@ -56,4 +58,10 @@ authentik_volume_templates: "{{ authentik_volume_base }}/templates"
 # db
 authentik_volume_db: "{{ authentik_volume_base }}/db"
 # redis
-authentik_volume_redis: "{{ authentik_volume_base }}/redis"
+authentik_volume_redis: "{{ authentik_volume_base }}/redis"
+
+# geoip credentials
+geoip_account_id:
+geoip_license_key: 
+geoip_update_edition_ids: "GeoLite2-City GeoLite2-Country"
+geoip_update_frequency: "8"

molecule/default/converge.yml

@@ -3,11 +3,6 @@
   hosts: all
   # gather_facts: false
   pre_tasks:
-    - name: Install docker
-      vars:
-        docker_service_manage: false
-      include_role:
-        name: geerlingguy.docker
     - name: Update apt cache.
       apt: update_cache=yes cache_valid_time=600
       when: ansible_os_family == 'Debian'
@@ -17,6 +12,11 @@
           - requests
           - docker
           - docker-compose
+    - name: Install docker
+      vars:
+        docker_service_manage: false
+      include_role:
+        name: geerlingguy.docker
       
   roles:
     - role: laurivan.authentik

molecule/default/molecule.yml

@@ -5,8 +5,8 @@ dependency:
   options:
     ignore-certs: true
     ignore-errors: true
-    role-file: molecule/default/requirements.yml
+    role-file: molecule/requirements.yml
-    requirements-file: molecule/default/requirements.yml
+    requirements-file: molecule/requirements.yml
 driver:
   name: docker
 platforms:
@@ -15,7 +15,7 @@ platforms:
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
-      - /var/run/docker.sock:/tmp/docker.sock
+      - /var/run/docker.sock:/tmp/docker_mounted.sock
     privileged: true
     pre_build_image: true
 provisioner:

molecule/default/prepare.yml

@@ -1,5 +1,5 @@
 ---
-- name: Setup the intragate machine
+- name: Setup the test machine
   hosts: instance-authentik
   tasks:
     - name: create docker.sock
@@ -7,6 +7,6 @@
       become: true
       changed_when: false
     - name: move docker.sock from tmp
-      raw: mount --move /tmp/docker.sock /var/run/docker.sock
+      raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock
       become: true
       changed_when: false

molecule/requirements.yml

@@ -2,5 +2,4 @@
 roles:
   - geerlingguy.docker
 collections:
-  # - community.general
   - community.docker

templates/docker-compose.yml.j2

@@ -2,7 +2,7 @@
 version: '3.4'
 
 services:
-  postgresql-authentik:
+  postgresql:
     image: docker.io/library/postgres:12-alpine
     restart: unless-stopped
     healthcheck:
@@ -19,9 +19,7 @@ services:
       - POSTGRES_DB={{ authentik_db }}
     env_file:
       - {{ authentik_volume_config }}/env.authentik.conf
-    networks:
+  redis:
-      - authentik
-  redis-authentik:
     image: docker.io/library/redis:alpine
     command: --save 60 1 --loglevel warning
     restart: unless-stopped
@@ -33,15 +31,18 @@ services:
       timeout: 3s
     volumes:
       - {{ authentik_volume_redis }}:/data
-    networks:
+  adminer:
-      - authentik
+    image: adminer
+    restart: always
+    ports:
+      - 8080:8080
   server:
     image: ghcr.io/goauthentik/server:{{ authentik_image_version }}
     restart: unless-stopped
     command: server
     environment:
-      AUTHENTIK_REDIS__HOST: redis-authentik
+      AUTHENTIK_REDIS__HOST: redis
-      AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__NAME: "{{ authentik_db }}"
       AUTHENTIK_POSTGRESQL__USER: "{{ authentik_db_user }}"
       AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}"
@@ -56,15 +57,13 @@ services:
     ports:
       - "0.0.0.0:{{ authentik_port_http }}:9000"
       - "0.0.0.0:{{ authentik_port_https }}:9443"
-    networks:
-      - authentik
   worker:
     image: ghcr.io/goauthentik/server:{{ authentik_image_version }}
     restart: unless-stopped
     command: worker
     environment:
-      AUTHENTIK_REDIS__HOST: redis-authentik
+      AUTHENTIK_REDIS__HOST: redis
-      AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__NAME: "{{ authentik_db }}"
       AUTHENTIK_POSTGRESQL__USER: "{{ authentik_db_user }}"
       AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}"
@@ -85,13 +84,5 @@ services:
     image: "maxmindinc/geoipupdate:latest"
     volumes:
       - "{{ authentik_volume_geoip }}:/usr/share/GeoIP"
-    environment:
-      GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
-      GEOIPUPDATE_FREQUENCY: "8"
     env_file:
       - {{ authentik_volume_config }}/env.authentik.conf
-    networks:
-      - authentik
-
-networks:
-    authentik: {}

templates/env.authentik.conf.j2

@@ -24,15 +24,15 @@ AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting }}
 
 # REDIS
 #
-AUTHENTIK_REDIS__HOST=redis-authentik
+AUTHENTIK_REDIS__HOST=redis
 
 # DB
 #
-AUTHENTIK_POSTGRESQL__HOST=db-authentik
+AUTHENTIK_POSTGRESQL__HOST={{ authentik_db_host }}
 AUTHENTIK_POSTGRESQL__USER={{ authentik_db_user }}
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__PASSWORD={{ authentik_db_password }}
-
+AUTHENTIK_POSTGRESQL__PORT={{ authentik_db_port }}
 # AUTHENTIK_LOG_LEVEL=debug
 
 # Air-gapped environment
@@ -44,3 +44,9 @@ AUTHENTIK_AVATARS=none
 # First-time password
 AK_ADMIN_PASS=akadmin
 
+# GEOIP
+GEOIPUPDATE_ACCOUNT_ID={{geoip_account_id}}
+GEOIPUPDATE_LICENSE_KEY={{geoip_license_key}}
+GEOIPUPDATE_EDITION_IDS={{geoip_update_edition_ids}}
+GEOIPUPDATE_FREQUENCY={{geoip_update_frequency}}
+