Fix ensures rolling out a new instances of Authentik works as well (for example during disaster recovery)
This commit is contained in:
parent
0e0228f686
commit
d57cde9a8c
6 changed files with 19 additions and 15 deletions
|
@ -39,9 +39,9 @@
|
|||
ansible.builtin.file:
|
||||
path: "{{ docker_volumes_dir }}/authentik/database"
|
||||
state: directory
|
||||
owner: root
|
||||
owner: '70'
|
||||
group: root
|
||||
mode: '0750'
|
||||
mode: '0700'
|
||||
|
||||
- name: "Template .env file for Authentik with Docker"
|
||||
ansible.builtin.template:
|
||||
|
|
|
@ -11,7 +11,8 @@ ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.db }} --n
|
|||
docker.io/library/postgres:{{ authentik_postgres_version }}
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.db }}
|
||||
Restart=always
|
||||
RestartSec=15s
|
||||
RestartSec=30s
|
||||
TimeoutStartSec=30s
|
||||
Type=exec
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -5,7 +5,8 @@ Requires=docker.service
|
|||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.redis }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.redis }} --network authentik_net \
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.redis }} \
|
||||
--network authentik_net --expose 6379 \
|
||||
-v {{ docker_volumes_dir }}/authentik/redis:/data \
|
||||
docker.io/library/redis:alpine --save 60 1 --loglevel warning
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.redis }}
|
||||
|
|
|
@ -5,8 +5,8 @@ Requires=docker.service
|
|||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} --network authentik_net \
|
||||
--expose 9000 --expose 9443 \
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
||||
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||
|
|
|
@ -5,13 +5,14 @@ Requires=docker.service
|
|||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.worker }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.worker }} --network authentik_net \
|
||||
--expose 9000 --expose 9443 \
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.worker }} --user root \
|
||||
--network authentik_net --expose 9000 --expose 9443 \
|
||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||
-v {{ docker_volumes_dir }}/authentik/certs:/certs \
|
||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||
ghcr.io/goauthentik/server:{{ version.authentik }} server worker
|
||||
ghcr.io/goauthentik/server:{{ version.authentik }} worker
|
||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.worker }}"
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.worker }}
|
||||
Restart=always
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
VIRTUAL_HOST={{ authentik_domain }}
|
||||
VIRTUAL_PORT={{ authentik_port_http }}
|
||||
LETSENCRYPT_HOST={{ authentik_domain }}
|
||||
LETSENCRYPT_EMAIL={{letsencrypt_email }}
|
||||
AUTHENTIK_REDIS__HOST="{{ container_names.authentik.redis }}"
|
||||
AUTHENTIK_POSTGRESQL__HOST="{{ container_names.authentik.db }}"
|
||||
AUTHENTIK_POSTGRESQL__USER={{ database_vars.postgres.authentik.user }}
|
||||
AUTHENTIK_POSTGRESQL__NAME={{ database_vars.postgres.authentik.db }}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD={{ database_vars.postgres.authentik.password }}
|
||||
VIRTUAL_HOST={{ authentik_domain }}
|
||||
VIRTUAL_PORT={{ authentik_port_http }}
|
||||
LETSENCRYPT_HOST={{ authentik_domain }}
|
||||
LETSENCRYPT_EMAIL={{letsencrypt_email }}
|
||||
#PG_PASS={{ database_vars.postgres.authentik.password }}
|
||||
AUTHENTIK_SECRET_KEY={{ authentik_secret }}
|
||||
AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting }}
|
||||
# SMTP Host Emails are sent to
|
||||
|
@ -28,4 +27,6 @@ AUTHENTIK_PORT_HTTPS={{ authentik_port_https }}
|
|||
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL={{ authentik_allow_users_to_change_email }}
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_NAME={{ authentik_allow_users_to_change_names }}
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME={{ authentik_allow_users_to_change_usernames }}
|
||||
AUTHENTIK_GEOIP=/dev/null #The docs say this is the way to disable GeoIP...
|
||||
POSTGRES_USER={{ database_vars.postgres.authentik.user }}
|
||||
POSTGRES_PASSWORD={{ database_vars.postgres.authentik.password }}
|
||||
POSTGRES_DB={{ database_vars.postgres.authentik.db }}
|
||||
|
|
Loading…
Reference in a new issue