Set also the group for directories.

Create directories via become.
Better molecule support.
2022-09-22 14:33:46 +02:00 · 2022-09-22 11:41:02 +02:00 · 2022-09-22 11:22:57 +02:00 · 2022-09-20 23:17:05 +02:00 · 2022-09-19 17:08:23 +02:00
11 changed files with 59 additions and 57 deletions
--- a/README.md
+++ b/README.md
@@ -80,7 +80,9 @@ authentik_db_password: "changeme"
 authentik_db_port: "5432"
 ```

-Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.
+You can expose PostgreSQL to the outside world (e.g. for backup) by defining `authentik_db_container_public_port` to a valid port number.
+
+**Note**:Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.

 ### SMTP configuration

--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,6 +15,7 @@ authentik_db: "authentik"
 authentik_db_user: "authentik"
 authentik_db_password: "changeme"
 authentik_db_port: "5432"
+authentik_db_container_public_port: 

 # SMTP configuration
 #
--- a/molecule/default/cleanup.yml
+++ b/molecule/default/cleanup.yml
@@ -1,19 +1,23 @@
 ---
 - name: Clean up
  hosts: all
+  gather_facts: true
  tasks:
    - name: Check if the docker-compose file exists.
      ansible.builtin.stat:
        path: "~/authentik/docker-compose.yml"
      register: docker_compose_file
    - name: Remove authentik docker-compose.
+
      community.docker.docker_compose:
        project_src: ~/authentik/
        build: false
        state: absent
      when: docker_compose_file.stat.exists
      become: false
+      
    - name: Remove the docker-compose file
      ansible.builtin.file:
        path: "~/authentik/docker-compose.yml"
        state: absent
+      when: docker_compose_file.stat.exists
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -3,20 +3,10 @@
  hosts: all
  # gather_facts: false
  pre_tasks:
-    - name: Update apt cache.
-      apt: update_cache=yes cache_valid_time=600
-      when: ansible_os_family == 'Debian'
-    - name: Install python requests
-      pip:
-        name: 
-          - requests
-          - docker
-          - docker-compose
-    - name: Install docker
-      vars:
-        docker_service_manage: false
-      include_role:
-        name: geerlingguy.docker
+    - name: "Include necessary variables"
+      ansible.builtin.include_vars:
+        file: "../../.env.yml"
      
  roles:
    - role: laurivan.authentik
+
--- a/molecule/default/create-old.yml
+++ b/molecule/default/create-old.yml
@@ -1,35 +0,0 @@
---
- name: Create
-  hosts: localhost
-  connection: local
-  # gather_facts: false
-  no_log: "{{ molecule_no_log }}"
-  tasks:
-
-    # TODO: Developer must implement and populate 'server' variable
-
-    - when: server.changed | default(false) | bool
-      block:
-        - name: Populate instance config dict
-          ansible.builtin.set_fact:
-            instance_conf_dict: {
-              'instance': "{{ }}",
-              'address': "{{ }}",
-              'user': "{{ }}",
-              'port': "{{ }}",
-              'identity_file': "{{ }}", }
-          with_items: "{{ server.results }}"
-          register: instance_config_dict
-
-        - name: Convert instance config dict to a list
-          ansible.builtin.set_fact:
-            instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
-
-        - name: Dump instance config
-          ansible.builtin.copy:
-            content: |
-              # Molecule managed
-
-              {{ instance_conf | to_json | from_json | to_yaml }}
-            dest: "{{ molecule_instance_config }}"
-            mode: 0600
--- a/molecule/default/destroy.yml
+++ b/molecule/default/destroy.yml
@@ -6,6 +6,10 @@
  no_log: "{{ molecule_no_log }}"
  tasks:
    # Developer must implement.
+    - name: Remove the docker image
+      community.docker.docker_container:
+        name: instance-authentik
+        state: absent

    # Mandatory configuration for Molecule to function.

--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -1,12 +1,30 @@
 ---
 - name: Setup the test machine
-  hosts: all
+  hosts: instance-authentik
  tasks:
-    - name: create docker.sock
+    - name: Create docker.sock
      raw: touch /var/run/docker.sock
      become: true
      changed_when: false
-    - name: move docker.sock from tmp
+
+    - name: Move docker.sock from tmp
      raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock
      become: true
      changed_when: false
+
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Install python requests
+      pip:
+        name: 
+          - requests
+          - docker
+          - docker-compose
+
+    - name: Install docker
+      vars:
+        docker_service_manage: false
+      include_role:
+        name: geerlingguy.docker
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -8,3 +8,4 @@
  - name: Example assertion
    ansible.builtin.assert:
      that: true
+ 
--- a/molecule/requirements.yml
+++ b/molecule/requirements.yml
@@ -1,5 +1,4 @@
 ---
 roles:
  - geerlingguy.docker
-collections:
-  - community.docker
+collections: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,7 +5,9 @@
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
-    mode: 0755
+    mode: '0755'
+    owner: "{{ ansible_effective_user_id }}"
+    group: "{{ ansible_effective_group_id }}"
  with_items:
    - "{{ authentik_volume_media }}"
    - "{{ authentik_volume_certs }}"
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@@ -11,6 +11,12 @@ services:
      interval: 30s
      retries: 5
      timeout: 5s
+{% if authentik_db_container_public_port %}
+    ports:
+      - "{{ authentik_db_container_public_port }}:5432"
+{% endif %}
+    networks:
+      - authentik
    volumes:
      - {{ authentik_volume_db }}:/var/lib/postgresql/data
      - /etc/timezone:/etc/timezone:ro
@@ -31,6 +37,8 @@ services:
      interval: 30s
      retries: 5
      timeout: 3s
+    networks:
+      - authentik
    volumes:
      - {{ authentik_volume_redis }}:/data
      - /etc/timezone:/etc/timezone:ro
@@ -47,6 +55,8 @@ services:
      AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}"
      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
      # WORKERS: 2
+    networks:
+      - authentik
    volumes:
      - {{ authentik_volume_media }}:/media
      - {{ authentik_volume_templates }}:/templates
@@ -73,6 +83,8 @@ services:
    # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
    # - The docker socket can't be accessed anymore
    user: root
+    networks:
+      - authentik
    volumes:
      - {{ authentik_volume_media }}:/media
      - {{ authentik_volume_certs }}:/certs
@@ -92,4 +104,8 @@ services:
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - {{ authentik_volume_config }}/env.authentik.conf
-{% endif %}
+{% endif %}
+# Custom network
+networks:
+  authentik:
+    name: authentik
Author	SHA1	Message	Date
Laur Ivan	92a51785cb	Set also the group for directories.	2022-09-22 14:33:46 +02:00
Laur Ivan	adf56827ad	Create directories via become.	2022-09-22 11:41:02 +02:00
Laur Ivan	6f34af57d4	Better molecule support.	2022-09-22 11:22:57 +02:00
Laur Ivan	3707a3bdd9	Remove unnecessary requirements.	2022-09-20 23:17:05 +02:00
Laur Ivan	35dcd22825	Clean up molecule configuration. Allow PostgreSQL to be exposed for backup. Create network.	2022-09-19 17:08:23 +02:00