71 lines
1.9 KiB
YAML
71 lines
1.9 KiB
YAML
|
---
|
||
|
|
||
|
- name: "Install dependencies"
|
||
|
ansible.builtin.apt:
|
||
|
pkg:
|
||
|
- docker-compose
|
||
|
- apparmor # if not installed, Docker will complain
|
||
|
|
||
|
- name: "Create directories for authentik-docker"
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item }}"
|
||
|
state: directory
|
||
|
owner: authentik-docker
|
||
|
group: root
|
||
|
mode: '0755'
|
||
|
with_items:
|
||
|
- "{{ docker_compose_config_dir }}/authentik"
|
||
|
- "{{ docker_volumes_dir }}/authentik/database"
|
||
|
- "{{ docker_volumes_dir }}/authentik/redis"
|
||
|
- "{{ docker_volumes_dir }}/authentik/media"
|
||
|
- "{{ docker_volumes_dir }}/authentik/custom-templates"
|
||
|
- "{{ docker_volumes_dir }}/authentik/certs"
|
||
|
|
||
|
- name: "Template .env filexs for authentik-docker"
|
||
|
ansible.builtin.template:
|
||
|
src: "{{ item }}.j2"
|
||
|
dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
|
||
|
force: true
|
||
|
owner: authentik-docker
|
||
|
group: root
|
||
|
mode: '0600'
|
||
|
with_items:
|
||
|
- .env
|
||
|
notify: restart-authentik-docker
|
||
|
|
||
|
- name: "Template docker-compose.yml for authentik-docker"
|
||
|
ansible.builtin.template:
|
||
|
src: "{{ item }}.j2"
|
||
|
dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
|
||
|
force: true
|
||
|
owner: root
|
||
|
group: docker
|
||
|
mode: '0640'
|
||
|
with_items:
|
||
|
- docker-compose.yml
|
||
|
notify: restart-authentik-docker
|
||
|
|
||
|
- name: "Add a user that will run the container"
|
||
|
ansible.builtin.user:
|
||
|
name: authentik-docker
|
||
|
comment: Authentik Docker User
|
||
|
home: "{{ docker_volumes_dir }}/authentik"
|
||
|
group: docker
|
||
|
system: true
|
||
|
|
||
|
- name: "Template systemd unit file for authentik-docker"
|
||
|
ansible.builtin.template:
|
||
|
src: "authentik-docker.service.j2"
|
||
|
dest: "/etc/systemd/system/authentik-docker.service"
|
||
|
force: true
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
register: unit
|
||
|
notify: systemctl-daemon-reload
|
||
|
|
||
|
- name: "Enable systemctl service for authentik-docker"
|
||
|
ansible.builtin.service:
|
||
|
state: started
|
||
|
name: "authentik-docker.service"
|