Compare commits
No commits in common. "docs" and "main" have entirely different histories.
161
.drone.jsonnet
Normal file
161
.drone.jsonnet
Normal file
|
@ -0,0 +1,161 @@
|
|||
local PipelineLinting = {
|
||||
kind: 'pipeline',
|
||||
name: 'linting',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-later',
|
||||
image: 'thegeeklab/ansible-later',
|
||||
commands: [
|
||||
'ansible-later',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-format',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq yapf',
|
||||
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-flake8',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq flake8',
|
||||
'flake8',
|
||||
],
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDeployment(scenario='centos7') = {
|
||||
kind: 'pipeline',
|
||||
name: 'testing-' + scenario,
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
concurrency: {
|
||||
limit: 1,
|
||||
},
|
||||
workspace: {
|
||||
base: '/drone/src',
|
||||
path: '${DRONE_REPO_NAME}',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-molecule',
|
||||
image: 'thegeeklab/molecule:4',
|
||||
environment: {
|
||||
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
||||
},
|
||||
commands: [
|
||||
'molecule test -s ' + scenario,
|
||||
],
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'linting',
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDocumentation = {
|
||||
kind: 'pipeline',
|
||||
name: 'documentation',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'generate',
|
||||
image: 'thegeeklab/ansible-doctor',
|
||||
environment: {
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
||||
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'publish',
|
||||
image: 'plugins/gh-pages',
|
||||
settings: {
|
||||
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
||||
netrc_machine: 'gitea.rknet.org',
|
||||
username: { from_secret: 'gitea_username' },
|
||||
password: { from_secret: 'gitea_token' },
|
||||
pages_directory: '_docs/',
|
||||
target_branch: 'docs',
|
||||
},
|
||||
when: {
|
||||
ref: ['refs/heads/main'],
|
||||
},
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
depends_on: [
|
||||
'testing-centos7',
|
||||
'testing-rocky8',
|
||||
],
|
||||
};
|
||||
|
||||
local PipelineNotification = {
|
||||
kind: 'pipeline',
|
||||
name: 'notification',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
clone: {
|
||||
disable: true,
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'matrix',
|
||||
image: 'thegeeklab/drone-matrix',
|
||||
settings: {
|
||||
homeserver: { from_secret: 'matrix_homeserver' },
|
||||
roomid: { from_secret: 'matrix_roomid' },
|
||||
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
||||
username: { from_secret: 'matrix_username' },
|
||||
password: { from_secret: 'matrix_password' },
|
||||
},
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'documentation',
|
||||
],
|
||||
trigger: {
|
||||
status: ['success', 'failure'],
|
||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||
},
|
||||
};
|
||||
|
||||
[
|
||||
PipelineLinting,
|
||||
PipelineDeployment(scenario='centos7'),
|
||||
PipelineDeployment(scenario='rocky8'),
|
||||
PipelineDocumentation,
|
||||
PipelineNotification,
|
||||
]
|
187
.drone.yml
Normal file
187
.drone.yml
Normal file
|
@ -0,0 +1,187 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: linting
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: ansible-later
|
||||
image: thegeeklab/ansible-later
|
||||
commands:
|
||||
- ansible-later
|
||||
|
||||
- name: python-format
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq yapf
|
||||
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
- name: python-flake8
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq flake8
|
||||
- flake8
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-centos7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s centos7
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-rocky8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s rocky8
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: documentation
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: generate
|
||||
image: thegeeklab/ansible-doctor
|
||||
environment:
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
||||
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
||||
|
||||
- name: publish
|
||||
image: plugins/gh-pages
|
||||
settings:
|
||||
netrc_machine: gitea.rknet.org
|
||||
pages_directory: _docs/
|
||||
password:
|
||||
from_secret: gitea_token
|
||||
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
||||
target_branch: docs
|
||||
username:
|
||||
from_secret: gitea_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- testing-centos7
|
||||
- testing-rocky8
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: notification
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
steps:
|
||||
- name: matrix
|
||||
image: thegeeklab/drone-matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
password:
|
||||
from_secret: matrix_password
|
||||
roomid:
|
||||
from_secret: matrix_roomid
|
||||
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
||||
username:
|
||||
from_secret: matrix_username
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- documentation
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 0e0e326dd5c8b7972666489ae6e7056f75a483c66198e449106ae5a27cb06556
|
||||
|
||||
...
|
13
.gitignore
vendored
Normal file
13
.gitignore
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
# ---> Ansible
|
||||
*.retry
|
||||
plugins
|
||||
library
|
||||
|
||||
# ---> Python
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
|
||||
# ---> Docs
|
||||
/_docs
|
19
.later.yml
Normal file
19
.later.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
ansible:
|
||||
custom_modules:
|
||||
- iptables_raw
|
||||
- openssl_pkcs12
|
||||
- proxmox_kvm
|
||||
- ucr
|
||||
- corenetworks_dns
|
||||
- corenetworks_token
|
||||
|
||||
rules:
|
||||
exclude_files:
|
||||
- molecule/
|
||||
- "LICENSE*"
|
||||
- "**/*.md"
|
||||
- "**/*.ini"
|
||||
|
||||
exclude_filter:
|
||||
- LINT0009
|
1
.prettierignore
Normal file
1
.prettierignore
Normal file
|
@ -0,0 +1 @@
|
|||
.drone*
|
21
LICENSE
Normal file
21
LICENSE
Normal file
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice (including the next
|
||||
paragraph) shall be included in all copies or substantial portions of the
|
||||
Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
10
README.md
Normal file
10
README.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
# xoxys.authelia
|
||||
|
||||
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia)
|
||||
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](LICENSE)
|
||||
|
||||
Setup Authelia authentication and authorization server. You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/authelia/).
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
126
defaults/main.yml
Normal file
126
defaults/main.yml
Normal file
|
@ -0,0 +1,126 @@
|
|||
---
|
||||
authelia_version: 4.33.1
|
||||
authelia_user: "authelia_adm"
|
||||
authelia_user_home: "/home/{{ authelia_user }}"
|
||||
authelia_group: "{{ authelia_user }}"
|
||||
authelia_extra_groups: []
|
||||
|
||||
authelia_packages:
|
||||
- tar
|
||||
|
||||
authelia_base_dir: "/opt/authelia"
|
||||
authelia_config_dir: "{{ authelia_base_dir }}/conf"
|
||||
authelia_data_dir: "{{ authelia_base_dir }}/data"
|
||||
authelia_read_only_dirs: []
|
||||
|
||||
authelia_bind_ip: 127.0.0.1
|
||||
authelia_bind_port: 61000
|
||||
authelia_portal_url: "http://localhost:61000/"
|
||||
|
||||
authelia_theme: light
|
||||
|
||||
authelia_log_level: error
|
||||
|
||||
# @var authelia_default_redirection_url:description: Specifies the default redirection URL Authelia will use in case a referer is missing.
|
||||
# @var authelia_default_redirection_url: $ "_unset_"
|
||||
# @var authelia_default_redirection_url:example: $ "https://github.com"
|
||||
|
||||
authelia_jwt_secret: a_very_important_secret
|
||||
|
||||
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
||||
authelia_totp_period: 30
|
||||
authelia_totp_skew: 1
|
||||
|
||||
authelia_auth_backend_disable_reset_password: False
|
||||
|
||||
# @var authelia_auth_backend:description: >
|
||||
# Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work
|
||||
# while the LDAP auth backend is enabled.
|
||||
# @end
|
||||
authelia_auth_backend: local
|
||||
authelia_auth_local_users: []
|
||||
|
||||
authelia_auth_ldap_url: ldap://127.0.0.1
|
||||
authelia_auth_ldap_start_tls: False
|
||||
authelia_auth_ldap_tls_skip_verify: False
|
||||
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
||||
authelia_auth_ldap_base_dn: dc=example,dc=com
|
||||
authelia_auth_ldap_username_attribute: uid
|
||||
authelia_auth_ldap_additional_users_dn: ou=users
|
||||
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
authelia_auth_ldap_group_name_attribute: cn
|
||||
authelia_auth_ldap_additional_groups_dn: ou=groups
|
||||
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
||||
authelia_auth_ldap_mail_attribute: mail
|
||||
authelia_auth_ldap_display_name_attribute: displayname
|
||||
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
||||
authelia_auth_ldap_bind_password: password
|
||||
|
||||
# @var authelia_storage_encryption_key:description: >
|
||||
# The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters,
|
||||
# however we generally recommend above 64 characters. For security reasons, it's highly recommended to create
|
||||
# a unique key.
|
||||
# @end
|
||||
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
||||
|
||||
# @var authelia_storage_backend:description: >
|
||||
# Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work
|
||||
# while the PostgreSQL backend is enabled.
|
||||
# @end
|
||||
authelia_storage_backend: local
|
||||
|
||||
authelia_storage_db_host: 127.0.0.1
|
||||
authelia_storage_db_port: 5432
|
||||
authelia_storage_db_name: authelia
|
||||
authelia_storage_db_username: authelia
|
||||
authelia_storage_db_password: mypassword
|
||||
authelia_storage_db_sslmode: disable
|
||||
|
||||
# @var authelia_session_backend:description: >
|
||||
# Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work
|
||||
# while the Redis backend is enabled.
|
||||
# @end
|
||||
authelia_session_backend: local
|
||||
|
||||
authelia_session_name: authelia_session
|
||||
authelia_session_domain: example.com
|
||||
authelia_session_same_site: lax
|
||||
authelia_session_secret: insecure_session_secret
|
||||
authelia_session_expiration: 1h
|
||||
authelia_session_inactivity: 5m
|
||||
authelia_session_remember_me_duration: 1M
|
||||
|
||||
authelia_session_redis_host: 127.0.0.1
|
||||
authelia_session_redis_port: 6379
|
||||
authelia_session_redis_database_index: 0
|
||||
authelia_session_redis_maximum_active_connections: 8
|
||||
authelia_session_redis_minimum_idle_connections: 0
|
||||
|
||||
authelia_regulation_max_retries: 3
|
||||
authelia_regulation_find_time: 2m
|
||||
authelia_regulation_ban_time: 5m
|
||||
|
||||
authelia_access_control_default_policy: one_factor
|
||||
authelia_access_control_networks: []
|
||||
authelia_access_control_rules: []
|
||||
|
||||
authelia_notifier_disable_startup_check: False
|
||||
|
||||
# @var authelia_notifier_backend:description: >
|
||||
# Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work
|
||||
# while the SMTP backend is enabled.
|
||||
# @end
|
||||
authelia_notifier_backend: local
|
||||
|
||||
authelia_notifier_smtp_username: test
|
||||
authelia_notifier_smtp_password: password
|
||||
authelia_notifier_smtp_host: 127.0.0.1
|
||||
authelia_notifier_smtp_port: 1025
|
||||
authelia_notifier_smtp_sender: admin@example.com
|
||||
authelia_notifier_smtp_identifier: localhost
|
||||
authelia_notifier_smtp_subject: "[Authelia] {title}"
|
||||
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
||||
authelia_notifier_smtp_disable_require_tls: False
|
||||
authelia_notifier_smtp_disable_html_emails: False
|
||||
authelia_notifier_smtp_tls_skip_verify: False
|
||||
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
10
handlers/main.yml
Normal file
10
handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Restart Authelia Service
|
||||
service:
|
||||
name: authelia
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
listen: __authelia_restart
|
||||
become: True
|
||||
become_user: root
|
753
index.md
753
index.md
|
@ -1,753 +0,0 @@
|
|||
---
|
||||
title: authelia
|
||||
type: docs
|
||||
---
|
||||
|
||||
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/main/LICENSE)
|
||||
|
||||
Setup Authelia authentication and authorization server.
|
||||
|
||||
<!--more-->
|
||||
|
||||
- [Default Variables](#default-variables)
|
||||
- [authelia_access_control_default_policy](#authelia_access_control_default_policy)
|
||||
- [authelia_access_control_networks](#authelia_access_control_networks)
|
||||
- [authelia_access_control_rules](#authelia_access_control_rules)
|
||||
- [authelia_auth_backend](#authelia_auth_backend)
|
||||
- [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password)
|
||||
- [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn)
|
||||
- [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn)
|
||||
- [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn)
|
||||
- [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password)
|
||||
- [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user)
|
||||
- [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute)
|
||||
- [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute)
|
||||
- [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter)
|
||||
- [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute)
|
||||
- [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls)
|
||||
- [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version)
|
||||
- [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify)
|
||||
- [authelia_auth_ldap_url](#authelia_auth_ldap_url)
|
||||
- [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute)
|
||||
- [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter)
|
||||
- [authelia_auth_local_users](#authelia_auth_local_users)
|
||||
- [authelia_base_dir](#authelia_base_dir)
|
||||
- [authelia_bind_ip](#authelia_bind_ip)
|
||||
- [authelia_bind_port](#authelia_bind_port)
|
||||
- [authelia_config_dir](#authelia_config_dir)
|
||||
- [authelia_data_dir](#authelia_data_dir)
|
||||
- [authelia_default_redirection_url](#authelia_default_redirection_url)
|
||||
- [authelia_extra_groups](#authelia_extra_groups)
|
||||
- [authelia_group](#authelia_group)
|
||||
- [authelia_jwt_secret](#authelia_jwt_secret)
|
||||
- [authelia_log_level](#authelia_log_level)
|
||||
- [authelia_notifier_backend](#authelia_notifier_backend)
|
||||
- [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check)
|
||||
- [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails)
|
||||
- [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls)
|
||||
- [authelia_notifier_smtp_host](#authelia_notifier_smtp_host)
|
||||
- [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier)
|
||||
- [authelia_notifier_smtp_password](#authelia_notifier_smtp_password)
|
||||
- [authelia_notifier_smtp_port](#authelia_notifier_smtp_port)
|
||||
- [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender)
|
||||
- [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address)
|
||||
- [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject)
|
||||
- [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version)
|
||||
- [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify)
|
||||
- [authelia_notifier_smtp_username](#authelia_notifier_smtp_username)
|
||||
- [authelia_packages](#authelia_packages)
|
||||
- [authelia_portal_url](#authelia_portal_url)
|
||||
- [authelia_read_only_dirs](#authelia_read_only_dirs)
|
||||
- [authelia_regulation_ban_time](#authelia_regulation_ban_time)
|
||||
- [authelia_regulation_find_time](#authelia_regulation_find_time)
|
||||
- [authelia_regulation_max_retries](#authelia_regulation_max_retries)
|
||||
- [authelia_session_backend](#authelia_session_backend)
|
||||
- [authelia_session_domain](#authelia_session_domain)
|
||||
- [authelia_session_expiration](#authelia_session_expiration)
|
||||
- [authelia_session_inactivity](#authelia_session_inactivity)
|
||||
- [authelia_session_name](#authelia_session_name)
|
||||
- [authelia_session_redis_database_index](#authelia_session_redis_database_index)
|
||||
- [authelia_session_redis_host](#authelia_session_redis_host)
|
||||
- [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections)
|
||||
- [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections)
|
||||
- [authelia_session_redis_port](#authelia_session_redis_port)
|
||||
- [authelia_session_remember_me_duration](#authelia_session_remember_me_duration)
|
||||
- [authelia_session_same_site](#authelia_session_same_site)
|
||||
- [authelia_session_secret](#authelia_session_secret)
|
||||
- [authelia_storage_backend](#authelia_storage_backend)
|
||||
- [authelia_storage_db_host](#authelia_storage_db_host)
|
||||
- [authelia_storage_db_name](#authelia_storage_db_name)
|
||||
- [authelia_storage_db_password](#authelia_storage_db_password)
|
||||
- [authelia_storage_db_port](#authelia_storage_db_port)
|
||||
- [authelia_storage_db_sslmode](#authelia_storage_db_sslmode)
|
||||
- [authelia_storage_db_username](#authelia_storage_db_username)
|
||||
- [authelia_storage_encryption_key](#authelia_storage_encryption_key)
|
||||
- [authelia_theme](#authelia_theme)
|
||||
- [authelia_totp_issuer](#authelia_totp_issuer)
|
||||
- [authelia_totp_period](#authelia_totp_period)
|
||||
- [authelia_totp_skew](#authelia_totp_skew)
|
||||
- [authelia_user](#authelia_user)
|
||||
- [authelia_user_home](#authelia_user_home)
|
||||
- [authelia_version](#authelia_version)
|
||||
- [Dependencies](#dependencies)
|
||||
|
||||
---
|
||||
|
||||
## Default Variables
|
||||
|
||||
### authelia_access_control_default_policy
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_default_policy: one_factor
|
||||
```
|
||||
|
||||
### authelia_access_control_networks
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_networks: []
|
||||
```
|
||||
|
||||
### authelia_access_control_rules
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_rules: []
|
||||
```
|
||||
|
||||
### authelia_auth_backend
|
||||
|
||||
Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_backend: local
|
||||
```
|
||||
|
||||
### authelia_auth_backend_disable_reset_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_backend_disable_reset_password: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_additional_groups_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_additional_groups_dn: ou=groups
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_additional_users_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_additional_users_dn: ou=users
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_base_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_base_dn: dc=example,dc=com
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_bind_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_bind_password: password
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_bind_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_display_name_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_display_name_attribute: displayname
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_group_name_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_group_name_attribute: cn
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_groups_filter
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_mail_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_mail_attribute: mail
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_start_tls
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_start_tls: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_tls_minimum_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_tls_skip_verify
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_tls_skip_verify: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_url
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_url: ldap://127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_username_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_username_attribute: uid
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_users_filter
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
```
|
||||
|
||||
### authelia_auth_local_users
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_local_users: []
|
||||
```
|
||||
|
||||
### authelia_base_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_base_dir: /opt/authelia
|
||||
```
|
||||
|
||||
### authelia_bind_ip
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_bind_ip: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_bind_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_bind_port: 61000
|
||||
```
|
||||
|
||||
### authelia_config_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_config_dir: '{{ authelia_base_dir }}/conf'
|
||||
```
|
||||
|
||||
### authelia_data_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_data_dir: '{{ authelia_base_dir }}/data'
|
||||
```
|
||||
|
||||
### authelia_default_redirection_url
|
||||
|
||||
Specifies the default redirection URL Authelia will use in case a referer is missing.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_default_redirection_url: _unset_
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
authelia_default_redirection_url: https://github.com
|
||||
```
|
||||
|
||||
### authelia_extra_groups
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_extra_groups: []
|
||||
```
|
||||
|
||||
### authelia_group
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_group: '{{ authelia_user }}'
|
||||
```
|
||||
|
||||
### authelia_jwt_secret
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_jwt_secret: a_very_important_secret
|
||||
```
|
||||
|
||||
### authelia_log_level
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_log_level: error
|
||||
```
|
||||
|
||||
### authelia_notifier_backend
|
||||
|
||||
Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_backend: local
|
||||
```
|
||||
|
||||
### authelia_notifier_disable_startup_check
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_disable_startup_check: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_disable_html_emails
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_disable_html_emails: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_disable_require_tls
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_disable_require_tls: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_identifier
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_identifier: localhost
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_password: password
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_port: 1025
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_sender
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_sender: admin@example.com
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_startup_check_address
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_subject
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_subject: '[Authelia] {title}'
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_tls_minimum_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_tls_skip_verify
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_tls_skip_verify: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_username
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_username: test
|
||||
```
|
||||
|
||||
### authelia_packages
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_packages:
|
||||
- tar
|
||||
```
|
||||
|
||||
### authelia_portal_url
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_portal_url: http://localhost:61000/
|
||||
```
|
||||
|
||||
### authelia_read_only_dirs
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_read_only_dirs: []
|
||||
```
|
||||
|
||||
### authelia_regulation_ban_time
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_ban_time: 5m
|
||||
```
|
||||
|
||||
### authelia_regulation_find_time
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_find_time: 2m
|
||||
```
|
||||
|
||||
### authelia_regulation_max_retries
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_max_retries: 3
|
||||
```
|
||||
|
||||
### authelia_session_backend
|
||||
|
||||
Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_backend: local
|
||||
```
|
||||
|
||||
### authelia_session_domain
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_domain: example.com
|
||||
```
|
||||
|
||||
### authelia_session_expiration
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_expiration: 1h
|
||||
```
|
||||
|
||||
### authelia_session_inactivity
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_inactivity: 5m
|
||||
```
|
||||
|
||||
### authelia_session_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_name: authelia_session
|
||||
```
|
||||
|
||||
### authelia_session_redis_database_index
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_database_index: 0
|
||||
```
|
||||
|
||||
### authelia_session_redis_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_session_redis_maximum_active_connections
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_maximum_active_connections: 8
|
||||
```
|
||||
|
||||
### authelia_session_redis_minimum_idle_connections
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_minimum_idle_connections: 0
|
||||
```
|
||||
|
||||
### authelia_session_redis_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_port: 6379
|
||||
```
|
||||
|
||||
### authelia_session_remember_me_duration
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_remember_me_duration: 1M
|
||||
```
|
||||
|
||||
### authelia_session_same_site
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_same_site: lax
|
||||
```
|
||||
|
||||
### authelia_session_secret
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_secret: insecure_session_secret
|
||||
```
|
||||
|
||||
### authelia_storage_backend
|
||||
|
||||
Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_backend: local
|
||||
```
|
||||
|
||||
### authelia_storage_db_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_storage_db_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_name: authelia
|
||||
```
|
||||
|
||||
### authelia_storage_db_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_password: mypassword
|
||||
```
|
||||
|
||||
### authelia_storage_db_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_port: 5432
|
||||
```
|
||||
|
||||
### authelia_storage_db_sslmode
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_sslmode: disable
|
||||
```
|
||||
|
||||
### authelia_storage_db_username
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_username: authelia
|
||||
```
|
||||
|
||||
### authelia_storage_encryption_key
|
||||
|
||||
The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it's highly recommended to create a unique key.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
||||
```
|
||||
|
||||
### authelia_theme
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_theme: light
|
||||
```
|
||||
|
||||
### authelia_totp_issuer
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
||||
```
|
||||
|
||||
### authelia_totp_period
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_period: 30
|
||||
```
|
||||
|
||||
### authelia_totp_skew
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_skew: 1
|
||||
```
|
||||
|
||||
### authelia_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_user: authelia_adm
|
||||
```
|
||||
|
||||
### authelia_user_home
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_user_home: /home/{{ authelia_user }}
|
||||
```
|
||||
|
||||
### authelia_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_version: 4.33.1
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
23
meta/main.yml
Normal file
23
meta/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
# Standards: 0.2
|
||||
---
|
||||
galaxy_info:
|
||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||
author: "Robert Kaussow <mail@thegeeklab.de>"
|
||||
namespace: xoxys
|
||||
role_name: authelia
|
||||
# @meta description: >
|
||||
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia)
|
||||
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia)
|
||||
# [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/main/LICENSE)
|
||||
#
|
||||
# Setup Authelia authentication and authorization server.
|
||||
# @end
|
||||
description: Setup Authelia authentication and authorization server
|
||||
license: MIT
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags: []
|
||||
dependencies: []
|
16
molecule/centos7/converge.yml
Normal file
16
molecule/centos7/converge.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
authelia_default_redirection_url: https://github.com
|
||||
authelia_local_users:
|
||||
- name: john
|
||||
config:
|
||||
displayname: "John Doe"
|
||||
# password: secure
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=8$SlBqNXJJRStlbHVMOVZLTQ$lMMqeHsREAoJWHFvzIYMopkdJlrQgfGEIqXI5GiZYng"
|
||||
email: john.doe@example.com
|
||||
groups:
|
||||
- admins
|
||||
roles:
|
||||
- role: xoxys.authelia
|
120
molecule/centos7/create.yml
Normal file
120
molecule/centos7/create.yml
Normal file
|
@ -0,0 +1,120 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
78
molecule/centos7/destroy.yml
Normal file
78
molecule/centos7/destroy.yml
Normal file
|
@ -0,0 +1,78 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
24
molecule/centos7/molecule.yml
Normal file
24
molecule/centos7/molecule.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: centos7-authelia
|
||||
image: centos-7
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
15
molecule/centos7/prepare.yml
Normal file
15
molecule/centos7/prepare.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
18
molecule/centos7/tests/test_default.py
Normal file
18
molecule/centos7/tests/test_default.py
Normal file
|
@ -0,0 +1,18 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_authelia_running_and_enabled(host):
|
||||
authelia = host.service("authelia")
|
||||
assert authelia.is_running
|
||||
assert authelia.is_enabled
|
||||
|
||||
|
||||
def test_authelia_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:61000").is_listening
|
1
molecule/default
Symbolic link
1
molecule/default
Symbolic link
|
@ -0,0 +1 @@
|
|||
rocky8
|
3
molecule/pytest.ini
Normal file
3
molecule/pytest.ini
Normal file
|
@ -0,0 +1,3 @@
|
|||
[pytest]
|
||||
filterwarnings =
|
||||
ignore::DeprecationWarning
|
6
molecule/requirements.yml
Normal file
6
molecule/requirements.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
collections:
|
||||
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
||||
- name: community.general
|
||||
|
||||
roles: []
|
16
molecule/rocky8/converge.yml
Normal file
16
molecule/rocky8/converge.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
authelia_default_redirection_url: https://github.com
|
||||
authelia_local_users:
|
||||
- name: john
|
||||
config:
|
||||
displayname: "John Doe"
|
||||
# password: secure
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=8$SlBqNXJJRStlbHVMOVZLTQ$lMMqeHsREAoJWHFvzIYMopkdJlrQgfGEIqXI5GiZYng"
|
||||
email: john.doe@example.com
|
||||
groups:
|
||||
- admins
|
||||
roles:
|
||||
- role: xoxys.authelia
|
120
molecule/rocky8/create.yml
Normal file
120
molecule/rocky8/create.yml
Normal file
|
@ -0,0 +1,120 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
78
molecule/rocky8/destroy.yml
Normal file
78
molecule/rocky8/destroy.yml
Normal file
|
@ -0,0 +1,78 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
24
molecule/rocky8/molecule.yml
Normal file
24
molecule/rocky8/molecule.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: rocky8-authelia
|
||||
image: rocky-8
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
15
molecule/rocky8/prepare.yml
Normal file
15
molecule/rocky8/prepare.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
18
molecule/rocky8/tests/test_default.py
Normal file
18
molecule/rocky8/tests/test_default.py
Normal file
|
@ -0,0 +1,18 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_authelia_running_and_enabled(host):
|
||||
authelia = host.service("authelia")
|
||||
assert authelia.is_running
|
||||
assert authelia.is_enabled
|
||||
|
||||
|
||||
def test_authelia_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:61000").is_listening
|
12
setup.cfg
Normal file
12
setup.cfg
Normal file
|
@ -0,0 +1,12 @@
|
|||
[flake8]
|
||||
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
||||
max-line-length = 99
|
||||
inline-quotes = double
|
||||
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
||||
|
||||
[yapf]
|
||||
based_on_style = google
|
||||
column_limit = 99
|
||||
dedent_closing_brackets = true
|
||||
coalesce_brackets = true
|
||||
split_before_logical_operator = true
|
3
tasks/main.yml
Normal file
3
tasks/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- include_tasks: prepare.yml
|
||||
- include_tasks: setup.yml
|
36
tasks/prepare.yml
Normal file
36
tasks/prepare.yml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- name: Set current authelia version
|
||||
set_fact:
|
||||
authelia_current_version: "{{ (ansible_local.authelia | default (dict(version='0.0.0')))['version'] }}"
|
||||
|
||||
- debug:
|
||||
msg: Current version is '{{ authelia_current_version }}'
|
||||
|
||||
- block:
|
||||
- name: Create group '{{ authelia_group }}'
|
||||
group:
|
||||
name: "{{ authelia_group }}"
|
||||
state: present
|
||||
|
||||
- name: Create user '{{ authelia_user }}'
|
||||
user:
|
||||
comment: authelia
|
||||
name: "{{ authelia_user }}"
|
||||
home: "{{ authelia_user_home }}"
|
||||
group: "{{ authelia_group }}"
|
||||
groups: "{{ authelia_extra_groups | join(',') }}"
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- "{{ authelia_packages }}"
|
||||
|
||||
- name: Setup local facts
|
||||
file:
|
||||
path: /etc/ansible/facts.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: True
|
||||
become_user: root
|
85
tasks/setup.yml
Normal file
85
tasks/setup.yml
Normal file
|
@ -0,0 +1,85 @@
|
|||
---
|
||||
- name: Prepare base folder
|
||||
file:
|
||||
path: "{{ authelia_base_dir }}"
|
||||
state: directory
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0750
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Prepare folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
loop:
|
||||
- "{{ authelia_config_dir }}"
|
||||
- "{{ authelia_data_dir }}"
|
||||
|
||||
- name: Download and extract authelia tarball
|
||||
unarchive:
|
||||
src: "https://github.com/authelia/authelia/releases/download/v{{ authelia_version }}/authelia-v{{ authelia_version }}-linux-amd64.tar.gz"
|
||||
dest: "{{ authelia_base_dir }}"
|
||||
remote_src: yes
|
||||
exclude:
|
||||
- authelia.service
|
||||
- config.template.yml
|
||||
notify: __authelia_restart
|
||||
when: authelia_version is version(authelia_current_version, ">") or authelia_current_version is version('0.0.0', "=")
|
||||
|
||||
- name: Create binary symlink
|
||||
file:
|
||||
src: "{{ authelia_base_dir }}/authelia-linux-amd64"
|
||||
dest: "{{ authelia_base_dir }}/authelia"
|
||||
state: link
|
||||
notify: __authelia_restart
|
||||
become: True
|
||||
become_user: "{{ authelia_user }}"
|
||||
|
||||
- block:
|
||||
- name: Copy Authelia config file
|
||||
template:
|
||||
src: "conf/authelia.yml.j2"
|
||||
dest: "{{ authelia_config_dir }}/authelia.yml"
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0600
|
||||
notify: __authelia_restart
|
||||
|
||||
- name: Copy local users database
|
||||
template:
|
||||
src: "conf/users_database.yml.j2"
|
||||
dest: "{{ authelia_config_dir }}/users_database.yml"
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0600
|
||||
notify: __authelia_restart
|
||||
when: authelia_auth_local_users | length > 0
|
||||
|
||||
- name: Copy systemd unit file
|
||||
template:
|
||||
src: "etc/systemd/system/authelia.service.j2"
|
||||
dest: "/etc/systemd/system/authelia.service"
|
||||
mode: 0640
|
||||
notify: __authelia_restart
|
||||
|
||||
- name: Ensure Authelia service is up and running
|
||||
service:
|
||||
name: authelia
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Set current version to custom fact
|
||||
template:
|
||||
src: etc/ansible/facts.d/authelia.fact.j2
|
||||
dest: /etc/ansible/facts.d/authelia.fact
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
when: authelia_version is version(authelia_current_version, ">") or authelia_current_version is version('0.0.0', "=")
|
||||
become: True
|
||||
become_user: root
|
144
templates/conf/authelia.yml.j2
Normal file
144
templates/conf/authelia.yml.j2
Normal file
|
@ -0,0 +1,144 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
theme: {{ authelia_theme }}
|
||||
|
||||
server:
|
||||
host: {{ authelia_bind_ip }}
|
||||
port: {{ authelia_bind_port }}
|
||||
read_buffer_size: 4096
|
||||
write_buffer_size: 4096
|
||||
path: ""
|
||||
|
||||
log:
|
||||
level: {{ authelia_log_level }}
|
||||
|
||||
jwt_secret: {{ authelia_jwt_secret }}
|
||||
{% if authelia_default_redirection_url is defined %}
|
||||
|
||||
default_redirection_url: {{ authelia_default_redirection_url }}
|
||||
{% endif %}
|
||||
|
||||
totp:
|
||||
issuer: {{ authelia_totp_issuer }}
|
||||
period: {{ authelia_totp_period }}
|
||||
skew: {{ authelia_totp_skew }}
|
||||
|
||||
authentication_backend:
|
||||
disable_reset_password: {{ authelia_auth_backend_disable_reset_password | bool | lower }}
|
||||
refresh_interval: 5m
|
||||
{% if authelia_auth_backend == "ldap" %}
|
||||
|
||||
ldap:
|
||||
implementation: custom
|
||||
url: {{authelia_auth_ldap_url }}
|
||||
start_tls: {{ authelia_auth_ldap_start_tls | bool | lower }}
|
||||
|
||||
tls:
|
||||
skip_verify: {{ authelia_auth_ldap_tls_skip_verify | bool | lower }}
|
||||
minimum_version: {{ authelia_auth_ldap_tls_minimum_version }}
|
||||
|
||||
base_dn: {{ authelia_auth_ldap_base_dn }}
|
||||
|
||||
username_attribute: {{ authelia_auth_ldap_username_attribute }}
|
||||
additional_users_dn: {{ authelia_auth_ldap_additional_users_dn }}
|
||||
users_filter: {{ authelia_auth_ldap_users_filter }}
|
||||
|
||||
group_name_attribute: {{ authelia_auth_ldap_group_name_attribute }}
|
||||
additional_groups_dn: {{ authelia_auth_ldap_additional_groups_dn }}
|
||||
groups_filter: {{ authelia_auth_ldap_groups_filter }}
|
||||
|
||||
mail_attribute: {{ authelia_auth_ldap_mail_attribute }}
|
||||
display_name_attribute: {{ authelia_auth_ldap_display_name_attribute }}
|
||||
|
||||
user: {{ authelia_auth_ldap_bind_user }}
|
||||
password: '{{ authelia_auth_ldap_bind_password }}'
|
||||
{% else %}
|
||||
|
||||
file:
|
||||
path: {{ authelia_config_dir }}/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
key_length: 32
|
||||
salt_length: 16
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
{% endif %}
|
||||
|
||||
access_control:
|
||||
default_policy: {{ authelia_access_control_default_policy }}
|
||||
{% if authelia_access_control_networks | length > 0 %}
|
||||
|
||||
networks:
|
||||
{{ authelia_access_control_networks | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif %}
|
||||
{% if authelia_access_control_rules | length > 0 %}
|
||||
|
||||
rules:
|
||||
{{ authelia_access_control_rules | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif %}
|
||||
|
||||
session:
|
||||
name: {{ authelia_session_name }}
|
||||
domain: {{ authelia_session_domain }}
|
||||
same_site: {{ authelia_session_same_site }}
|
||||
secret: {{ authelia_session_secret }}
|
||||
expiration: {{ authelia_session_expiration }}
|
||||
inactivity: {{ authelia_session_inactivity }}
|
||||
remember_me_duration: {{ authelia_session_remember_me_duration }}
|
||||
{% if authelia_session_backend == "redis" %}
|
||||
|
||||
redis:
|
||||
host: {{ authelia_session_redis_host }}
|
||||
port: {{ authelia_session_redis_port }}
|
||||
|
||||
database_index: {{ authelia_session_redis_database_index }}
|
||||
maximum_active_connections: {{ authelia_session_redis_maximum_active_connections }}
|
||||
minimum_idle_connections: {{ authelia_session_redis_minimum_idle_connections }}
|
||||
{% endif %}
|
||||
|
||||
regulation:
|
||||
max_retries: {{ authelia_regulation_max_retries }}
|
||||
find_time: {{ authelia_regulation_find_time }}
|
||||
ban_time: {{ authelia_regulation_ban_time }}
|
||||
|
||||
storage:
|
||||
encryption_key: {{ authelia_storage_encryption_key }}
|
||||
{% if authelia_storage_backend == "postgres" %}
|
||||
postgres:
|
||||
host: {{ authelia_storage_db_host }}
|
||||
port: {{ authelia_storage_db_port }}
|
||||
database: {{ authelia_storage_db_name }}
|
||||
username: {{ authelia_storage_db_username }}
|
||||
password: '{{ authelia_storage_db_password }}'
|
||||
sslmode: {{ authelia_storage_db_sslmode }}
|
||||
{% else %}
|
||||
local:
|
||||
path: {{ authelia_data_dir }}/db.sqlite3
|
||||
{% endif %}
|
||||
|
||||
notifier:
|
||||
disable_startup_check: {{ authelia_notifier_disable_startup_check | bool | lower }}
|
||||
{% if authelia_notifier_backend == "smtp" %}
|
||||
|
||||
smtp:
|
||||
username: {{ authelia_notifier_smtp_username }}
|
||||
password: '{{ authelia_notifier_smtp_password }}'
|
||||
host: {{ authelia_notifier_smtp_host }}
|
||||
port: {{ authelia_notifier_smtp_port }}
|
||||
sender: {{ authelia_notifier_smtp_sender }}
|
||||
identifier: {{ authelia_notifier_smtp_identifier }}
|
||||
subject: "{{ authelia_notifier_smtp_subject }}"
|
||||
startup_check_address: {{ authelia_notifier_smtp_startup_check_address }}
|
||||
disable_require_tls: {{ authelia_notifier_smtp_disable_require_tls | bool | lower }}
|
||||
disable_html_emails: {{ authelia_notifier_smtp_disable_html_emails | bool | lower }}
|
||||
|
||||
tls:
|
||||
skip_verify: {{ authelia_notifier_smtp_tls_skip_verify | bool | lower }}
|
||||
minimum_version: {{ authelia_notifier_smtp_tls_minimum_version }}
|
||||
{% else %}
|
||||
|
||||
filesystem:
|
||||
filename: {{ authelia_data_dir }}/notification.txt
|
||||
{% endif %}
|
8
templates/conf/users_database.yml.j2
Normal file
8
templates/conf/users_database.yml.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
users:
|
||||
{% for user in authelia_auth_local_users %}
|
||||
{{ user.name }}:
|
||||
{{ user.config | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endfor %}
|
4
templates/etc/ansible/facts.d/authelia.fact.j2
Normal file
4
templates/etc/ansible/facts.d/authelia.fact.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"comment" : "{{ ansible_managed }}",
|
||||
"version" : "{{ authelia_version }}"
|
||||
}
|
29
templates/etc/systemd/system/authelia.service.j2
Normal file
29
templates/etc/systemd/system/authelia.service.j2
Normal file
|
@ -0,0 +1,29 @@
|
|||
{{ ansible_managed | comment }}
|
||||
[Unit]
|
||||
Description=Authelia auth server
|
||||
After=network-online.target
|
||||
After=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ authelia_user }}
|
||||
Group={{ authelia_group }}
|
||||
WorkingDirectory={{ authelia_base_dir }}
|
||||
ExecStart={{ authelia_base_dir }}/authelia --config={{ authelia_config_dir }}/authelia.yml
|
||||
|
||||
LimitNOFILE=65000
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
|
||||
{% for path in authelia_read_only_dirs %}
|
||||
ReadOnlyDirectories={{ path }}
|
||||
{% endfor %}
|
||||
|
||||
SyslogIdentifier=authelia
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user