ansible/roles/authentik_docker/tasks/main.yml

---

- name: "Install dependencies"
  ansible.builtin.apt:
    pkg:
      - docker-ce
      - apparmor

- name: "Create directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ docker_volumes_dir }}/authentik"

- name: "Create directories for Authentik Docker"
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: 1000
    group: 1000
    mode: '0750'
  with_items:
    - "{{ docker_volumes_dir }}/authentik/media"
    - "{{ docker_volumes_dir }}/authentik/custom-templates"
    - "{{ docker_volumes_dir }}/authentik/certs"

- name: "Create Redis directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ docker_volumes_dir }}/authentik/redis"
    state: directory
    owner: 999
    group: root
    mode: '0750'

- name: "Create Database directory for Authentik with Docker"
  ansible.builtin.file:
    path: "{{ docker_volumes_dir }}/authentik/database"
    state: directory
    owner: '70'
    group: root
    mode: '0700'

- name: "Template .env file for Authentik with Docker"
  ansible.builtin.template:
    src: "authentik.env.j2"
    dest: "{{ docker_volumes_dir }}/authentik/authentik.env"
    force: true
    owner: root
    group: root
    mode: '0660'
  notify: restart-authentik-docker

- name: "Create Docker network authentik_net"
  docker_network:
    name: authentik_net

- name: "Template systemd units for Authentik with Docker"
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
    force: true
    owner: root
    group: root
    mode: '0664'
  with_items:
    - authentik-server-docker.service
    - authentik-worker-docker.service
    - authentik-redis-docker.service
    - authentik-db-docker.service
  register: units
  notify: restart-authentik-docker

- name: "Reload systemd units"
  ansible.builtin.systemd:
    daemon_reload: yes
  when: units.changed

- name: "Enable systemd units for Authentik with Docker"
  ansible.builtin.systemd:
    state: started
    enabled: true
    name: "{{ item }}"
  with_items:
    - authentik-db-docker.service
    - authentik-redis-docker.service
    - authentik-server-docker.service
    - authentik-worker-docker.service
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00			`---`

			`- name: "Install dependencies"`
			`ansible.builtin.apt:`
			`pkg:`
rolled out modified roles for use with Traefik 2023-11-19 21:41:22 +01:00			`- docker-ce`
			`- apparmor`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00
			`- name: "Create directory for Authentik with Docker"`
			`ansible.builtin.file:`
			`path: "{{ item }}"`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '0750'`
			`with_items:`
			`- "{{ docker_volumes_dir }}/authentik"`

			`- name: "Create directories for Authentik Docker"`
			`ansible.builtin.file:`
			`path: "{{ item }}"`
			`state: directory`
			`owner: 1000`
			`group: 1000`
			`mode: '0750'`
			`with_items:`
			`- "{{ docker_volumes_dir }}/authentik/media"`
			`- "{{ docker_volumes_dir }}/authentik/custom-templates"`
			`- "{{ docker_volumes_dir }}/authentik/certs"`

Give database access to its directory 2023-09-14 09:11:26 +02:00			`- name: "Create Redis directory for Authentik with Docker"`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00			`ansible.builtin.file:`
Give database access to its directory 2023-09-14 09:11:26 +02:00			`path: "{{ docker_volumes_dir }}/authentik/redis"`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00			`state: directory`
			`owner: 999`
			`group: root`
			`mode: '0750'`
Give database access to its directory 2023-09-14 09:11:26 +02:00
			`- name: "Create Database directory for Authentik with Docker"`
			`ansible.builtin.file:`
			`path: "{{ docker_volumes_dir }}/authentik/database"`
			`state: directory`
Fix ensures rolling out a new instances of Authentik works as well (for example during disaster recovery) 2023-09-15 21:22:16 +02:00			`owner: '70'`
Give database access to its directory 2023-09-14 09:11:26 +02:00			`group: root`
Fix ensures rolling out a new instances of Authentik works as well (for example during disaster recovery) 2023-09-15 21:22:16 +02:00			`mode: '0700'`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00
Clean up: Remove commented parts from before the rewrite of the role 2023-09-14 09:16:01 +02:00			`- name: "Template .env file for Authentik with Docker"`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00			`ansible.builtin.template:`
			`src: "authentik.env.j2"`
			`dest: "{{ docker_volumes_dir }}/authentik/authentik.env"`
			`force: true`
Clean up: Remove commented parts from before the rewrite of the role 2023-09-14 09:16:01 +02:00			`owner: root`
			`group: root`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00			`mode: '0660'`
			`notify: restart-authentik-docker`

			`- name: "Create Docker network authentik_net"`
			`docker_network:`
			`name: authentik_net`

			`- name: "Template systemd units for Authentik with Docker"`
			`ansible.builtin.template:`
			`src: "{{ item }}.j2"`
			`dest: "/etc/systemd/system/{{ item }}"`
			`force: true`
			`owner: root`
			`group: root`
			`mode: '0664'`
			`with_items:`
			`- authentik-server-docker.service`
			`- authentik-worker-docker.service`
			`- authentik-redis-docker.service`
			`- authentik-db-docker.service`
			`register: units`
Ensure the units get restarted if changed 2023-09-15 21:34:30 +02:00			`notify: restart-authentik-docker`
Authentik-Rolle einmal ordentlich gemacht und gefixt 2023-09-13 18:03:24 +02:00
			`- name: "Reload systemd units"`
			`ansible.builtin.systemd:`
			`daemon_reload: yes`
			`when: units.changed`

			`- name: "Enable systemd units for Authentik with Docker"`
			`ansible.builtin.systemd:`
			`state: started`
			`enabled: true`
			`name: "{{ item }}"`
			`with_items:`
			`- authentik-db-docker.service`
			`- authentik-redis-docker.service`
			`- authentik-server-docker.service`
			`- authentik-worker-docker.service`