Set also the group for directories.

Allow PostgreSQL to be exposed for backup.
Create network.

README.md

@@ -80,7 +80,9 @@ authentik_db_password: "changeme"
 authentik_db_port: "5432"
 ```
 
-Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.
+You can expose PostgreSQL to the outside world (e.g. for backup) by defining `authentik_db_container_public_port` to a valid port number.
+
+**Note**:Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See [this link](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com) for details.
 
 ### SMTP configuration
 

defaults/main.yml

@@ -15,6 +15,7 @@ authentik_db: "authentik"
 authentik_db_user: "authentik"
 authentik_db_password: "changeme"
 authentik_db_port: "5432"
+authentik_db_container_public_port: 
 
 # SMTP configuration
 #

molecule/default/cleanup.yml

@@ -1,19 +1,23 @@
 ---
 - name: Clean up
   hosts: all
+  gather_facts: true
   tasks:
     - name: Check if the docker-compose file exists.
       ansible.builtin.stat:
         path: "~/authentik/docker-compose.yml"
       register: docker_compose_file
     - name: Remove authentik docker-compose.
+
       community.docker.docker_compose:
         project_src: ~/authentik/
         build: false
         state: absent
       when: docker_compose_file.stat.exists
       become: false
+      
     - name: Remove the docker-compose file
       ansible.builtin.file:
         path: "~/authentik/docker-compose.yml"
         state: absent
+      when: docker_compose_file.stat.exists

molecule/default/converge.yml

@@ -3,20 +3,10 @@
   hosts: all
   # gather_facts: false
   pre_tasks:
-    - name: Update apt cache.
+    - name: "Include necessary variables"
-      apt: update_cache=yes cache_valid_time=600
+      ansible.builtin.include_vars:
-      when: ansible_os_family == 'Debian'
+        file: "../../.env.yml"
-    - name: Install python requests
-      pip:
-        name: 
-          - requests
-          - docker
-          - docker-compose
-    - name: Install docker
-      vars:
-        docker_service_manage: false
-      include_role:
-        name: geerlingguy.docker
       
   roles:
     - role: laurivan.authentik
+

molecule/default/create-old.yml

@@ -1,35 +0,0 @@
----
-- name: Create
-  hosts: localhost
-  connection: local
-  # gather_facts: false
-  no_log: "{{ molecule_no_log }}"
-  tasks:
-
-    # TODO: Developer must implement and populate 'server' variable
-
-    - when: server.changed | default(false) | bool
-      block:
-        - name: Populate instance config dict
-          ansible.builtin.set_fact:
-            instance_conf_dict: {
-              'instance': "{{ }}",
-              'address': "{{ }}",
-              'user': "{{ }}",
-              'port': "{{ }}",
-              'identity_file': "{{ }}", }
-          with_items: "{{ server.results }}"
-          register: instance_config_dict
-
-        - name: Convert instance config dict to a list
-          ansible.builtin.set_fact:
-            instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
-
-        - name: Dump instance config
-          ansible.builtin.copy:
-            content: |
-              # Molecule managed
-
-              {{ instance_conf | to_json | from_json | to_yaml }}
-            dest: "{{ molecule_instance_config }}"
-            mode: 0600

molecule/default/destroy.yml

@@ -6,6 +6,10 @@
   no_log: "{{ molecule_no_log }}"
   tasks:
     # Developer must implement.
+    - name: Remove the docker image
+      community.docker.docker_container:
+        name: instance-authentik
+        state: absent
 
     # Mandatory configuration for Molecule to function.
 

molecule/default/prepare.yml

@@ -1,12 +1,30 @@
 ---
 - name: Setup the test machine
-  hosts: all
+  hosts: instance-authentik
   tasks:
-    - name: create docker.sock
+    - name: Create docker.sock
       raw: touch /var/run/docker.sock
       become: true
       changed_when: false
-    - name: move docker.sock from tmp
+
+    - name: Move docker.sock from tmp
       raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock
       become: true
       changed_when: false
+
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Install python requests
+      pip:
+        name: 
+          - requests
+          - docker
+          - docker-compose
+
+    - name: Install docker
+      vars:
+        docker_service_manage: false
+      include_role:
+        name: geerlingguy.docker

molecule/default/verify.yml

@@ -8,3 +8,4 @@
   - name: Example assertion
     ansible.builtin.assert:
       that: true
+ 

molecule/requirements.yml

@@ -1,5 +1,4 @@
 ---
 roles:
   - geerlingguy.docker
-collections:
+collections: []
-  - community.docker

tasks/main.yml

@@ -5,7 +5,9 @@
   ansible.builtin.file:
     state: directory
     path: "{{ item }}"
-    mode: 0755
+    mode: '0755'
+    owner: "{{ ansible_effective_user_id }}"
+    group: "{{ ansible_effective_group_id }}"
   with_items:
     - "{{ authentik_volume_media }}"
     - "{{ authentik_volume_certs }}"

templates/docker-compose.yml.j2

@@ -11,6 +11,12 @@ services:
       interval: 30s
       retries: 5
       timeout: 5s
+{% if authentik_db_container_public_port %}
+    ports:
+      - "{{ authentik_db_container_public_port }}:5432"
+{% endif %}
+    networks:
+      - authentik
     volumes:
       - {{ authentik_volume_db }}:/var/lib/postgresql/data
       - /etc/timezone:/etc/timezone:ro
@@ -31,6 +37,8 @@ services:
       interval: 30s
       retries: 5
       timeout: 3s
+    networks:
+      - authentik
     volumes:
       - {{ authentik_volume_redis }}:/data
       - /etc/timezone:/etc/timezone:ro
@@ -47,6 +55,8 @@ services:
       AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_db_password }}"
       # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
       # WORKERS: 2
+    networks:
+      - authentik
     volumes:
       - {{ authentik_volume_media }}:/media
       - {{ authentik_volume_templates }}:/templates
@@ -73,6 +83,8 @@ services:
     # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
     # - The docker socket can't be accessed anymore
     user: root
+    networks:
+      - authentik
     volumes:
       - {{ authentik_volume_media }}:/media
       - {{ authentik_volume_certs }}:/certs
@@ -92,4 +104,8 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - {{ authentik_volume_config }}/env.authentik.conf
-{% endif %}
+{% endif %}
+# Custom network
+networks:
+  authentik:
+    name: authentik