Compare commits
No commits in common. "main" and "docs" have entirely different histories.
161
.drone.jsonnet
161
.drone.jsonnet
|
@ -1,161 +0,0 @@
|
|||
local PipelineLinting = {
|
||||
kind: 'pipeline',
|
||||
name: 'linting',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-later',
|
||||
image: 'thegeeklab/ansible-later',
|
||||
commands: [
|
||||
'ansible-later',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-format',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq yapf',
|
||||
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-flake8',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq flake8',
|
||||
'flake8',
|
||||
],
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDeployment(scenario='centos7') = {
|
||||
kind: 'pipeline',
|
||||
name: 'testing-' + scenario,
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
concurrency: {
|
||||
limit: 1,
|
||||
},
|
||||
workspace: {
|
||||
base: '/drone/src',
|
||||
path: '${DRONE_REPO_NAME}',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-molecule',
|
||||
image: 'thegeeklab/molecule:4',
|
||||
environment: {
|
||||
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
||||
},
|
||||
commands: [
|
||||
'molecule test -s ' + scenario,
|
||||
],
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'linting',
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDocumentation = {
|
||||
kind: 'pipeline',
|
||||
name: 'documentation',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'generate',
|
||||
image: 'thegeeklab/ansible-doctor',
|
||||
environment: {
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
||||
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'publish',
|
||||
image: 'plugins/gh-pages',
|
||||
settings: {
|
||||
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
||||
netrc_machine: 'gitea.rknet.org',
|
||||
username: { from_secret: 'gitea_username' },
|
||||
password: { from_secret: 'gitea_token' },
|
||||
pages_directory: '_docs/',
|
||||
target_branch: 'docs',
|
||||
},
|
||||
when: {
|
||||
ref: ['refs/heads/main'],
|
||||
},
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
depends_on: [
|
||||
'testing-centos7',
|
||||
'testing-rocky8',
|
||||
],
|
||||
};
|
||||
|
||||
local PipelineNotification = {
|
||||
kind: 'pipeline',
|
||||
name: 'notification',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
clone: {
|
||||
disable: true,
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'matrix',
|
||||
image: 'thegeeklab/drone-matrix',
|
||||
settings: {
|
||||
homeserver: { from_secret: 'matrix_homeserver' },
|
||||
roomid: { from_secret: 'matrix_roomid' },
|
||||
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
||||
username: { from_secret: 'matrix_username' },
|
||||
password: { from_secret: 'matrix_password' },
|
||||
},
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'documentation',
|
||||
],
|
||||
trigger: {
|
||||
status: ['success', 'failure'],
|
||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||
},
|
||||
};
|
||||
|
||||
[
|
||||
PipelineLinting,
|
||||
PipelineDeployment(scenario='centos7'),
|
||||
PipelineDeployment(scenario='rocky8'),
|
||||
PipelineDocumentation,
|
||||
PipelineNotification,
|
||||
]
|
187
.drone.yml
187
.drone.yml
|
@ -1,187 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: linting
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: ansible-later
|
||||
image: thegeeklab/ansible-later
|
||||
commands:
|
||||
- ansible-later
|
||||
|
||||
- name: python-format
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq yapf
|
||||
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
- name: python-flake8
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq flake8
|
||||
- flake8
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-centos7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s centos7
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-rocky8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s rocky8
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: documentation
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: generate
|
||||
image: thegeeklab/ansible-doctor
|
||||
environment:
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
||||
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
||||
|
||||
- name: publish
|
||||
image: plugins/gh-pages
|
||||
settings:
|
||||
netrc_machine: gitea.rknet.org
|
||||
pages_directory: _docs/
|
||||
password:
|
||||
from_secret: gitea_token
|
||||
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
||||
target_branch: docs
|
||||
username:
|
||||
from_secret: gitea_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- testing-centos7
|
||||
- testing-rocky8
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: notification
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
steps:
|
||||
- name: matrix
|
||||
image: thegeeklab/drone-matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
password:
|
||||
from_secret: matrix_password
|
||||
roomid:
|
||||
from_secret: matrix_roomid
|
||||
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
||||
username:
|
||||
from_secret: matrix_username
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- documentation
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 0e0e326dd5c8b7972666489ae6e7056f75a483c66198e449106ae5a27cb06556
|
||||
|
||||
...
|
13
.gitignore
vendored
13
.gitignore
vendored
|
@ -1,13 +0,0 @@
|
|||
# ---> Ansible
|
||||
*.retry
|
||||
plugins
|
||||
library
|
||||
|
||||
# ---> Python
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
|
||||
# ---> Docs
|
||||
/_docs
|
19
.later.yml
19
.later.yml
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
ansible:
|
||||
custom_modules:
|
||||
- iptables_raw
|
||||
- openssl_pkcs12
|
||||
- proxmox_kvm
|
||||
- ucr
|
||||
- corenetworks_dns
|
||||
- corenetworks_token
|
||||
|
||||
rules:
|
||||
exclude_files:
|
||||
- molecule/
|
||||
- "LICENSE*"
|
||||
- "**/*.md"
|
||||
- "**/*.ini"
|
||||
|
||||
exclude_filter:
|
||||
- LINT0009
|
|
@ -1 +0,0 @@
|
|||
.drone*
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice (including the next
|
||||
paragraph) shall be included in all copies or substantial portions of the
|
||||
Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
10
README.md
10
README.md
|
@ -1,10 +0,0 @@
|
|||
# xoxys.authelia
|
||||
|
||||
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia)
|
||||
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](LICENSE)
|
||||
|
||||
Setup Authelia authentication and authorization server. You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/authelia/).
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
|
@ -1,126 +0,0 @@
|
|||
---
|
||||
authelia_version: 4.33.1
|
||||
authelia_user: "authelia_adm"
|
||||
authelia_user_home: "/home/{{ authelia_user }}"
|
||||
authelia_group: "{{ authelia_user }}"
|
||||
authelia_extra_groups: []
|
||||
|
||||
authelia_packages:
|
||||
- tar
|
||||
|
||||
authelia_base_dir: "/opt/authelia"
|
||||
authelia_config_dir: "{{ authelia_base_dir }}/conf"
|
||||
authelia_data_dir: "{{ authelia_base_dir }}/data"
|
||||
authelia_read_only_dirs: []
|
||||
|
||||
authelia_bind_ip: 127.0.0.1
|
||||
authelia_bind_port: 61000
|
||||
authelia_portal_url: "http://localhost:61000/"
|
||||
|
||||
authelia_theme: light
|
||||
|
||||
authelia_log_level: error
|
||||
|
||||
# @var authelia_default_redirection_url:description: Specifies the default redirection URL Authelia will use in case a referer is missing.
|
||||
# @var authelia_default_redirection_url: $ "_unset_"
|
||||
# @var authelia_default_redirection_url:example: $ "https://github.com"
|
||||
|
||||
authelia_jwt_secret: a_very_important_secret
|
||||
|
||||
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
||||
authelia_totp_period: 30
|
||||
authelia_totp_skew: 1
|
||||
|
||||
authelia_auth_backend_disable_reset_password: False
|
||||
|
||||
# @var authelia_auth_backend:description: >
|
||||
# Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work
|
||||
# while the LDAP auth backend is enabled.
|
||||
# @end
|
||||
authelia_auth_backend: local
|
||||
authelia_auth_local_users: []
|
||||
|
||||
authelia_auth_ldap_url: ldap://127.0.0.1
|
||||
authelia_auth_ldap_start_tls: False
|
||||
authelia_auth_ldap_tls_skip_verify: False
|
||||
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
||||
authelia_auth_ldap_base_dn: dc=example,dc=com
|
||||
authelia_auth_ldap_username_attribute: uid
|
||||
authelia_auth_ldap_additional_users_dn: ou=users
|
||||
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
authelia_auth_ldap_group_name_attribute: cn
|
||||
authelia_auth_ldap_additional_groups_dn: ou=groups
|
||||
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
||||
authelia_auth_ldap_mail_attribute: mail
|
||||
authelia_auth_ldap_display_name_attribute: displayname
|
||||
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
||||
authelia_auth_ldap_bind_password: password
|
||||
|
||||
# @var authelia_storage_encryption_key:description: >
|
||||
# The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters,
|
||||
# however we generally recommend above 64 characters. For security reasons, it's highly recommended to create
|
||||
# a unique key.
|
||||
# @end
|
||||
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
||||
|
||||
# @var authelia_storage_backend:description: >
|
||||
# Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work
|
||||
# while the PostgreSQL backend is enabled.
|
||||
# @end
|
||||
authelia_storage_backend: local
|
||||
|
||||
authelia_storage_db_host: 127.0.0.1
|
||||
authelia_storage_db_port: 5432
|
||||
authelia_storage_db_name: authelia
|
||||
authelia_storage_db_username: authelia
|
||||
authelia_storage_db_password: mypassword
|
||||
authelia_storage_db_sslmode: disable
|
||||
|
||||
# @var authelia_session_backend:description: >
|
||||
# Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work
|
||||
# while the Redis backend is enabled.
|
||||
# @end
|
||||
authelia_session_backend: local
|
||||
|
||||
authelia_session_name: authelia_session
|
||||
authelia_session_domain: example.com
|
||||
authelia_session_same_site: lax
|
||||
authelia_session_secret: insecure_session_secret
|
||||
authelia_session_expiration: 1h
|
||||
authelia_session_inactivity: 5m
|
||||
authelia_session_remember_me_duration: 1M
|
||||
|
||||
authelia_session_redis_host: 127.0.0.1
|
||||
authelia_session_redis_port: 6379
|
||||
authelia_session_redis_database_index: 0
|
||||
authelia_session_redis_maximum_active_connections: 8
|
||||
authelia_session_redis_minimum_idle_connections: 0
|
||||
|
||||
authelia_regulation_max_retries: 3
|
||||
authelia_regulation_find_time: 2m
|
||||
authelia_regulation_ban_time: 5m
|
||||
|
||||
authelia_access_control_default_policy: one_factor
|
||||
authelia_access_control_networks: []
|
||||
authelia_access_control_rules: []
|
||||
|
||||
authelia_notifier_disable_startup_check: False
|
||||
|
||||
# @var authelia_notifier_backend:description: >
|
||||
# Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work
|
||||
# while the SMTP backend is enabled.
|
||||
# @end
|
||||
authelia_notifier_backend: local
|
||||
|
||||
authelia_notifier_smtp_username: test
|
||||
authelia_notifier_smtp_password: password
|
||||
authelia_notifier_smtp_host: 127.0.0.1
|
||||
authelia_notifier_smtp_port: 1025
|
||||
authelia_notifier_smtp_sender: admin@example.com
|
||||
authelia_notifier_smtp_identifier: localhost
|
||||
authelia_notifier_smtp_subject: "[Authelia] {title}"
|
||||
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
||||
authelia_notifier_smtp_disable_require_tls: False
|
||||
authelia_notifier_smtp_disable_html_emails: False
|
||||
authelia_notifier_smtp_tls_skip_verify: False
|
||||
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: Restart Authelia Service
|
||||
service:
|
||||
name: authelia
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
listen: __authelia_restart
|
||||
become: True
|
||||
become_user: root
|
753
index.md
Normal file
753
index.md
Normal file
|
@ -0,0 +1,753 @@
|
|||
---
|
||||
title: authelia
|
||||
type: docs
|
||||
---
|
||||
|
||||
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/main/LICENSE)
|
||||
|
||||
Setup Authelia authentication and authorization server.
|
||||
|
||||
<!--more-->
|
||||
|
||||
- [Default Variables](#default-variables)
|
||||
- [authelia_access_control_default_policy](#authelia_access_control_default_policy)
|
||||
- [authelia_access_control_networks](#authelia_access_control_networks)
|
||||
- [authelia_access_control_rules](#authelia_access_control_rules)
|
||||
- [authelia_auth_backend](#authelia_auth_backend)
|
||||
- [authelia_auth_backend_disable_reset_password](#authelia_auth_backend_disable_reset_password)
|
||||
- [authelia_auth_ldap_additional_groups_dn](#authelia_auth_ldap_additional_groups_dn)
|
||||
- [authelia_auth_ldap_additional_users_dn](#authelia_auth_ldap_additional_users_dn)
|
||||
- [authelia_auth_ldap_base_dn](#authelia_auth_ldap_base_dn)
|
||||
- [authelia_auth_ldap_bind_password](#authelia_auth_ldap_bind_password)
|
||||
- [authelia_auth_ldap_bind_user](#authelia_auth_ldap_bind_user)
|
||||
- [authelia_auth_ldap_display_name_attribute](#authelia_auth_ldap_display_name_attribute)
|
||||
- [authelia_auth_ldap_group_name_attribute](#authelia_auth_ldap_group_name_attribute)
|
||||
- [authelia_auth_ldap_groups_filter](#authelia_auth_ldap_groups_filter)
|
||||
- [authelia_auth_ldap_mail_attribute](#authelia_auth_ldap_mail_attribute)
|
||||
- [authelia_auth_ldap_start_tls](#authelia_auth_ldap_start_tls)
|
||||
- [authelia_auth_ldap_tls_minimum_version](#authelia_auth_ldap_tls_minimum_version)
|
||||
- [authelia_auth_ldap_tls_skip_verify](#authelia_auth_ldap_tls_skip_verify)
|
||||
- [authelia_auth_ldap_url](#authelia_auth_ldap_url)
|
||||
- [authelia_auth_ldap_username_attribute](#authelia_auth_ldap_username_attribute)
|
||||
- [authelia_auth_ldap_users_filter](#authelia_auth_ldap_users_filter)
|
||||
- [authelia_auth_local_users](#authelia_auth_local_users)
|
||||
- [authelia_base_dir](#authelia_base_dir)
|
||||
- [authelia_bind_ip](#authelia_bind_ip)
|
||||
- [authelia_bind_port](#authelia_bind_port)
|
||||
- [authelia_config_dir](#authelia_config_dir)
|
||||
- [authelia_data_dir](#authelia_data_dir)
|
||||
- [authelia_default_redirection_url](#authelia_default_redirection_url)
|
||||
- [authelia_extra_groups](#authelia_extra_groups)
|
||||
- [authelia_group](#authelia_group)
|
||||
- [authelia_jwt_secret](#authelia_jwt_secret)
|
||||
- [authelia_log_level](#authelia_log_level)
|
||||
- [authelia_notifier_backend](#authelia_notifier_backend)
|
||||
- [authelia_notifier_disable_startup_check](#authelia_notifier_disable_startup_check)
|
||||
- [authelia_notifier_smtp_disable_html_emails](#authelia_notifier_smtp_disable_html_emails)
|
||||
- [authelia_notifier_smtp_disable_require_tls](#authelia_notifier_smtp_disable_require_tls)
|
||||
- [authelia_notifier_smtp_host](#authelia_notifier_smtp_host)
|
||||
- [authelia_notifier_smtp_identifier](#authelia_notifier_smtp_identifier)
|
||||
- [authelia_notifier_smtp_password](#authelia_notifier_smtp_password)
|
||||
- [authelia_notifier_smtp_port](#authelia_notifier_smtp_port)
|
||||
- [authelia_notifier_smtp_sender](#authelia_notifier_smtp_sender)
|
||||
- [authelia_notifier_smtp_startup_check_address](#authelia_notifier_smtp_startup_check_address)
|
||||
- [authelia_notifier_smtp_subject](#authelia_notifier_smtp_subject)
|
||||
- [authelia_notifier_smtp_tls_minimum_version](#authelia_notifier_smtp_tls_minimum_version)
|
||||
- [authelia_notifier_smtp_tls_skip_verify](#authelia_notifier_smtp_tls_skip_verify)
|
||||
- [authelia_notifier_smtp_username](#authelia_notifier_smtp_username)
|
||||
- [authelia_packages](#authelia_packages)
|
||||
- [authelia_portal_url](#authelia_portal_url)
|
||||
- [authelia_read_only_dirs](#authelia_read_only_dirs)
|
||||
- [authelia_regulation_ban_time](#authelia_regulation_ban_time)
|
||||
- [authelia_regulation_find_time](#authelia_regulation_find_time)
|
||||
- [authelia_regulation_max_retries](#authelia_regulation_max_retries)
|
||||
- [authelia_session_backend](#authelia_session_backend)
|
||||
- [authelia_session_domain](#authelia_session_domain)
|
||||
- [authelia_session_expiration](#authelia_session_expiration)
|
||||
- [authelia_session_inactivity](#authelia_session_inactivity)
|
||||
- [authelia_session_name](#authelia_session_name)
|
||||
- [authelia_session_redis_database_index](#authelia_session_redis_database_index)
|
||||
- [authelia_session_redis_host](#authelia_session_redis_host)
|
||||
- [authelia_session_redis_maximum_active_connections](#authelia_session_redis_maximum_active_connections)
|
||||
- [authelia_session_redis_minimum_idle_connections](#authelia_session_redis_minimum_idle_connections)
|
||||
- [authelia_session_redis_port](#authelia_session_redis_port)
|
||||
- [authelia_session_remember_me_duration](#authelia_session_remember_me_duration)
|
||||
- [authelia_session_same_site](#authelia_session_same_site)
|
||||
- [authelia_session_secret](#authelia_session_secret)
|
||||
- [authelia_storage_backend](#authelia_storage_backend)
|
||||
- [authelia_storage_db_host](#authelia_storage_db_host)
|
||||
- [authelia_storage_db_name](#authelia_storage_db_name)
|
||||
- [authelia_storage_db_password](#authelia_storage_db_password)
|
||||
- [authelia_storage_db_port](#authelia_storage_db_port)
|
||||
- [authelia_storage_db_sslmode](#authelia_storage_db_sslmode)
|
||||
- [authelia_storage_db_username](#authelia_storage_db_username)
|
||||
- [authelia_storage_encryption_key](#authelia_storage_encryption_key)
|
||||
- [authelia_theme](#authelia_theme)
|
||||
- [authelia_totp_issuer](#authelia_totp_issuer)
|
||||
- [authelia_totp_period](#authelia_totp_period)
|
||||
- [authelia_totp_skew](#authelia_totp_skew)
|
||||
- [authelia_user](#authelia_user)
|
||||
- [authelia_user_home](#authelia_user_home)
|
||||
- [authelia_version](#authelia_version)
|
||||
- [Dependencies](#dependencies)
|
||||
|
||||
---
|
||||
|
||||
## Default Variables
|
||||
|
||||
### authelia_access_control_default_policy
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_default_policy: one_factor
|
||||
```
|
||||
|
||||
### authelia_access_control_networks
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_networks: []
|
||||
```
|
||||
|
||||
### authelia_access_control_rules
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_access_control_rules: []
|
||||
```
|
||||
|
||||
### authelia_auth_backend
|
||||
|
||||
Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work while the LDAP auth backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_backend: local
|
||||
```
|
||||
|
||||
### authelia_auth_backend_disable_reset_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_backend_disable_reset_password: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_additional_groups_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_additional_groups_dn: ou=groups
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_additional_users_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_additional_users_dn: ou=users
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_base_dn
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_base_dn: dc=example,dc=com
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_bind_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_bind_password: password
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_bind_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_display_name_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_display_name_attribute: displayname
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_group_name_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_group_name_attribute: cn
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_groups_filter
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_mail_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_mail_attribute: mail
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_start_tls
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_start_tls: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_tls_minimum_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_tls_skip_verify
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_tls_skip_verify: false
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_url
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_url: ldap://127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_username_attribute
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_username_attribute: uid
|
||||
```
|
||||
|
||||
### authelia_auth_ldap_users_filter
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
```
|
||||
|
||||
### authelia_auth_local_users
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_auth_local_users: []
|
||||
```
|
||||
|
||||
### authelia_base_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_base_dir: /opt/authelia
|
||||
```
|
||||
|
||||
### authelia_bind_ip
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_bind_ip: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_bind_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_bind_port: 61000
|
||||
```
|
||||
|
||||
### authelia_config_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_config_dir: '{{ authelia_base_dir }}/conf'
|
||||
```
|
||||
|
||||
### authelia_data_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_data_dir: '{{ authelia_base_dir }}/data'
|
||||
```
|
||||
|
||||
### authelia_default_redirection_url
|
||||
|
||||
Specifies the default redirection URL Authelia will use in case a referer is missing.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_default_redirection_url: _unset_
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
authelia_default_redirection_url: https://github.com
|
||||
```
|
||||
|
||||
### authelia_extra_groups
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_extra_groups: []
|
||||
```
|
||||
|
||||
### authelia_group
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_group: '{{ authelia_user }}'
|
||||
```
|
||||
|
||||
### authelia_jwt_secret
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_jwt_secret: a_very_important_secret
|
||||
```
|
||||
|
||||
### authelia_log_level
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_log_level: error
|
||||
```
|
||||
|
||||
### authelia_notifier_backend
|
||||
|
||||
Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work while the SMTP backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_backend: local
|
||||
```
|
||||
|
||||
### authelia_notifier_disable_startup_check
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_disable_startup_check: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_disable_html_emails
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_disable_html_emails: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_disable_require_tls
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_disable_require_tls: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_identifier
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_identifier: localhost
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_password: password
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_port: 1025
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_sender
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_sender: admin@example.com
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_startup_check_address
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_subject
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_subject: '[Authelia] {title}'
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_tls_minimum_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_tls_skip_verify
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_tls_skip_verify: false
|
||||
```
|
||||
|
||||
### authelia_notifier_smtp_username
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_notifier_smtp_username: test
|
||||
```
|
||||
|
||||
### authelia_packages
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_packages:
|
||||
- tar
|
||||
```
|
||||
|
||||
### authelia_portal_url
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_portal_url: http://localhost:61000/
|
||||
```
|
||||
|
||||
### authelia_read_only_dirs
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_read_only_dirs: []
|
||||
```
|
||||
|
||||
### authelia_regulation_ban_time
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_ban_time: 5m
|
||||
```
|
||||
|
||||
### authelia_regulation_find_time
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_find_time: 2m
|
||||
```
|
||||
|
||||
### authelia_regulation_max_retries
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_regulation_max_retries: 3
|
||||
```
|
||||
|
||||
### authelia_session_backend
|
||||
|
||||
Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work while the Redis backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_backend: local
|
||||
```
|
||||
|
||||
### authelia_session_domain
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_domain: example.com
|
||||
```
|
||||
|
||||
### authelia_session_expiration
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_expiration: 1h
|
||||
```
|
||||
|
||||
### authelia_session_inactivity
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_inactivity: 5m
|
||||
```
|
||||
|
||||
### authelia_session_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_name: authelia_session
|
||||
```
|
||||
|
||||
### authelia_session_redis_database_index
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_database_index: 0
|
||||
```
|
||||
|
||||
### authelia_session_redis_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_session_redis_maximum_active_connections
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_maximum_active_connections: 8
|
||||
```
|
||||
|
||||
### authelia_session_redis_minimum_idle_connections
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_minimum_idle_connections: 0
|
||||
```
|
||||
|
||||
### authelia_session_redis_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_redis_port: 6379
|
||||
```
|
||||
|
||||
### authelia_session_remember_me_duration
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_remember_me_duration: 1M
|
||||
```
|
||||
|
||||
### authelia_session_same_site
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_same_site: lax
|
||||
```
|
||||
|
||||
### authelia_session_secret
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_session_secret: insecure_session_secret
|
||||
```
|
||||
|
||||
### authelia_storage_backend
|
||||
|
||||
Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work while the PostgreSQL backend is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_backend: local
|
||||
```
|
||||
|
||||
### authelia_storage_db_host
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_host: 127.0.0.1
|
||||
```
|
||||
|
||||
### authelia_storage_db_name
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_name: authelia
|
||||
```
|
||||
|
||||
### authelia_storage_db_password
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_password: mypassword
|
||||
```
|
||||
|
||||
### authelia_storage_db_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_port: 5432
|
||||
```
|
||||
|
||||
### authelia_storage_db_sslmode
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_sslmode: disable
|
||||
```
|
||||
|
||||
### authelia_storage_db_username
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_db_username: authelia
|
||||
```
|
||||
|
||||
### authelia_storage_encryption_key
|
||||
|
||||
The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters, however we generally recommend above 64 characters. For security reasons, it's highly recommended to create a unique key.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
||||
```
|
||||
|
||||
### authelia_theme
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_theme: light
|
||||
```
|
||||
|
||||
### authelia_totp_issuer
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
||||
```
|
||||
|
||||
### authelia_totp_period
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_period: 30
|
||||
```
|
||||
|
||||
### authelia_totp_skew
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_totp_skew: 1
|
||||
```
|
||||
|
||||
### authelia_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_user: authelia_adm
|
||||
```
|
||||
|
||||
### authelia_user_home
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_user_home: /home/{{ authelia_user }}
|
||||
```
|
||||
|
||||
### authelia_version
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
authelia_version: 4.33.1
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
|
@ -1,23 +0,0 @@
|
|||
# Standards: 0.2
|
||||
---
|
||||
galaxy_info:
|
||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||
author: "Robert Kaussow <mail@thegeeklab.de>"
|
||||
namespace: xoxys
|
||||
role_name: authelia
|
||||
# @meta description: >
|
||||
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.authelia)
|
||||
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.authelia?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.authelia)
|
||||
# [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.authelia/src/branch/main/LICENSE)
|
||||
#
|
||||
# Setup Authelia authentication and authorization server.
|
||||
# @end
|
||||
description: Setup Authelia authentication and authorization server
|
||||
license: MIT
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags: []
|
||||
dependencies: []
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
authelia_default_redirection_url: https://github.com
|
||||
authelia_local_users:
|
||||
- name: john
|
||||
config:
|
||||
displayname: "John Doe"
|
||||
# password: secure
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=8$SlBqNXJJRStlbHVMOVZLTQ$lMMqeHsREAoJWHFvzIYMopkdJlrQgfGEIqXI5GiZYng"
|
||||
email: john.doe@example.com
|
||||
groups:
|
||||
- admins
|
||||
roles:
|
||||
- role: xoxys.authelia
|
|
@ -1,120 +0,0 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
|
@ -1,78 +0,0 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: centos7-authelia
|
||||
image: centos-7
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
|
@ -1,18 +0,0 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_authelia_running_and_enabled(host):
|
||||
authelia = host.service("authelia")
|
||||
assert authelia.is_running
|
||||
assert authelia.is_enabled
|
||||
|
||||
|
||||
def test_authelia_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:61000").is_listening
|
|
@ -1 +0,0 @@
|
|||
rocky8
|
|
@ -1,3 +0,0 @@
|
|||
[pytest]
|
||||
filterwarnings =
|
||||
ignore::DeprecationWarning
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
collections:
|
||||
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
||||
- name: community.general
|
||||
|
||||
roles: []
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
authelia_default_redirection_url: https://github.com
|
||||
authelia_local_users:
|
||||
- name: john
|
||||
config:
|
||||
displayname: "John Doe"
|
||||
# password: secure
|
||||
password: "$argon2id$v=19$m=65536,t=1,p=8$SlBqNXJJRStlbHVMOVZLTQ$lMMqeHsREAoJWHFvzIYMopkdJlrQgfGEIqXI5GiZYng"
|
||||
email: john.doe@example.com
|
||||
groups:
|
||||
- admins
|
||||
roles:
|
||||
- role: xoxys.authelia
|
|
@ -1,120 +0,0 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
|
@ -1,78 +0,0 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: rocky8-authelia
|
||||
image: rocky-8
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
|
@ -1,18 +0,0 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_authelia_running_and_enabled(host):
|
||||
authelia = host.service("authelia")
|
||||
assert authelia.is_running
|
||||
assert authelia.is_enabled
|
||||
|
||||
|
||||
def test_authelia_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:61000").is_listening
|
12
setup.cfg
12
setup.cfg
|
@ -1,12 +0,0 @@
|
|||
[flake8]
|
||||
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
||||
max-line-length = 99
|
||||
inline-quotes = double
|
||||
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
||||
|
||||
[yapf]
|
||||
based_on_style = google
|
||||
column_limit = 99
|
||||
dedent_closing_brackets = true
|
||||
coalesce_brackets = true
|
||||
split_before_logical_operator = true
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
- include_tasks: prepare.yml
|
||||
- include_tasks: setup.yml
|
|
@ -1,36 +0,0 @@
|
|||
---
|
||||
- name: Set current authelia version
|
||||
set_fact:
|
||||
authelia_current_version: "{{ (ansible_local.authelia | default (dict(version='0.0.0')))['version'] }}"
|
||||
|
||||
- debug:
|
||||
msg: Current version is '{{ authelia_current_version }}'
|
||||
|
||||
- block:
|
||||
- name: Create group '{{ authelia_group }}'
|
||||
group:
|
||||
name: "{{ authelia_group }}"
|
||||
state: present
|
||||
|
||||
- name: Create user '{{ authelia_user }}'
|
||||
user:
|
||||
comment: authelia
|
||||
name: "{{ authelia_user }}"
|
||||
home: "{{ authelia_user_home }}"
|
||||
group: "{{ authelia_group }}"
|
||||
groups: "{{ authelia_extra_groups | join(',') }}"
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- "{{ authelia_packages }}"
|
||||
|
||||
- name: Setup local facts
|
||||
file:
|
||||
path: /etc/ansible/facts.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,85 +0,0 @@
|
|||
---
|
||||
- name: Prepare base folder
|
||||
file:
|
||||
path: "{{ authelia_base_dir }}"
|
||||
state: directory
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0750
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Prepare folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
loop:
|
||||
- "{{ authelia_config_dir }}"
|
||||
- "{{ authelia_data_dir }}"
|
||||
|
||||
- name: Download and extract authelia tarball
|
||||
unarchive:
|
||||
src: "https://github.com/authelia/authelia/releases/download/v{{ authelia_version }}/authelia-v{{ authelia_version }}-linux-amd64.tar.gz"
|
||||
dest: "{{ authelia_base_dir }}"
|
||||
remote_src: yes
|
||||
exclude:
|
||||
- authelia.service
|
||||
- config.template.yml
|
||||
notify: __authelia_restart
|
||||
when: authelia_version is version(authelia_current_version, ">") or authelia_current_version is version('0.0.0', "=")
|
||||
|
||||
- name: Create binary symlink
|
||||
file:
|
||||
src: "{{ authelia_base_dir }}/authelia-linux-amd64"
|
||||
dest: "{{ authelia_base_dir }}/authelia"
|
||||
state: link
|
||||
notify: __authelia_restart
|
||||
become: True
|
||||
become_user: "{{ authelia_user }}"
|
||||
|
||||
- block:
|
||||
- name: Copy Authelia config file
|
||||
template:
|
||||
src: "conf/authelia.yml.j2"
|
||||
dest: "{{ authelia_config_dir }}/authelia.yml"
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0600
|
||||
notify: __authelia_restart
|
||||
|
||||
- name: Copy local users database
|
||||
template:
|
||||
src: "conf/users_database.yml.j2"
|
||||
dest: "{{ authelia_config_dir }}/users_database.yml"
|
||||
owner: "{{ authelia_user }}"
|
||||
group: "{{ authelia_user }}"
|
||||
mode: 0600
|
||||
notify: __authelia_restart
|
||||
when: authelia_auth_local_users | length > 0
|
||||
|
||||
- name: Copy systemd unit file
|
||||
template:
|
||||
src: "etc/systemd/system/authelia.service.j2"
|
||||
dest: "/etc/systemd/system/authelia.service"
|
||||
mode: 0640
|
||||
notify: __authelia_restart
|
||||
|
||||
- name: Ensure Authelia service is up and running
|
||||
service:
|
||||
name: authelia
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Set current version to custom fact
|
||||
template:
|
||||
src: etc/ansible/facts.d/authelia.fact.j2
|
||||
dest: /etc/ansible/facts.d/authelia.fact
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
when: authelia_version is version(authelia_current_version, ">") or authelia_current_version is version('0.0.0', "=")
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,144 +0,0 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
theme: {{ authelia_theme }}
|
||||
|
||||
server:
|
||||
host: {{ authelia_bind_ip }}
|
||||
port: {{ authelia_bind_port }}
|
||||
read_buffer_size: 4096
|
||||
write_buffer_size: 4096
|
||||
path: ""
|
||||
|
||||
log:
|
||||
level: {{ authelia_log_level }}
|
||||
|
||||
jwt_secret: {{ authelia_jwt_secret }}
|
||||
{% if authelia_default_redirection_url is defined %}
|
||||
|
||||
default_redirection_url: {{ authelia_default_redirection_url }}
|
||||
{% endif %}
|
||||
|
||||
totp:
|
||||
issuer: {{ authelia_totp_issuer }}
|
||||
period: {{ authelia_totp_period }}
|
||||
skew: {{ authelia_totp_skew }}
|
||||
|
||||
authentication_backend:
|
||||
disable_reset_password: {{ authelia_auth_backend_disable_reset_password | bool | lower }}
|
||||
refresh_interval: 5m
|
||||
{% if authelia_auth_backend == "ldap" %}
|
||||
|
||||
ldap:
|
||||
implementation: custom
|
||||
url: {{authelia_auth_ldap_url }}
|
||||
start_tls: {{ authelia_auth_ldap_start_tls | bool | lower }}
|
||||
|
||||
tls:
|
||||
skip_verify: {{ authelia_auth_ldap_tls_skip_verify | bool | lower }}
|
||||
minimum_version: {{ authelia_auth_ldap_tls_minimum_version }}
|
||||
|
||||
base_dn: {{ authelia_auth_ldap_base_dn }}
|
||||
|
||||
username_attribute: {{ authelia_auth_ldap_username_attribute }}
|
||||
additional_users_dn: {{ authelia_auth_ldap_additional_users_dn }}
|
||||
users_filter: {{ authelia_auth_ldap_users_filter }}
|
||||
|
||||
group_name_attribute: {{ authelia_auth_ldap_group_name_attribute }}
|
||||
additional_groups_dn: {{ authelia_auth_ldap_additional_groups_dn }}
|
||||
groups_filter: {{ authelia_auth_ldap_groups_filter }}
|
||||
|
||||
mail_attribute: {{ authelia_auth_ldap_mail_attribute }}
|
||||
display_name_attribute: {{ authelia_auth_ldap_display_name_attribute }}
|
||||
|
||||
user: {{ authelia_auth_ldap_bind_user }}
|
||||
password: '{{ authelia_auth_ldap_bind_password }}'
|
||||
{% else %}
|
||||
|
||||
file:
|
||||
path: {{ authelia_config_dir }}/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
key_length: 32
|
||||
salt_length: 16
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
{% endif %}
|
||||
|
||||
access_control:
|
||||
default_policy: {{ authelia_access_control_default_policy }}
|
||||
{% if authelia_access_control_networks | length > 0 %}
|
||||
|
||||
networks:
|
||||
{{ authelia_access_control_networks | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif %}
|
||||
{% if authelia_access_control_rules | length > 0 %}
|
||||
|
||||
rules:
|
||||
{{ authelia_access_control_rules | to_nice_yaml(indent=2) | indent(2, False) }}
|
||||
{% endif %}
|
||||
|
||||
session:
|
||||
name: {{ authelia_session_name }}
|
||||
domain: {{ authelia_session_domain }}
|
||||
same_site: {{ authelia_session_same_site }}
|
||||
secret: {{ authelia_session_secret }}
|
||||
expiration: {{ authelia_session_expiration }}
|
||||
inactivity: {{ authelia_session_inactivity }}
|
||||
remember_me_duration: {{ authelia_session_remember_me_duration }}
|
||||
{% if authelia_session_backend == "redis" %}
|
||||
|
||||
redis:
|
||||
host: {{ authelia_session_redis_host }}
|
||||
port: {{ authelia_session_redis_port }}
|
||||
|
||||
database_index: {{ authelia_session_redis_database_index }}
|
||||
maximum_active_connections: {{ authelia_session_redis_maximum_active_connections }}
|
||||
minimum_idle_connections: {{ authelia_session_redis_minimum_idle_connections }}
|
||||
{% endif %}
|
||||
|
||||
regulation:
|
||||
max_retries: {{ authelia_regulation_max_retries }}
|
||||
find_time: {{ authelia_regulation_find_time }}
|
||||
ban_time: {{ authelia_regulation_ban_time }}
|
||||
|
||||
storage:
|
||||
encryption_key: {{ authelia_storage_encryption_key }}
|
||||
{% if authelia_storage_backend == "postgres" %}
|
||||
postgres:
|
||||
host: {{ authelia_storage_db_host }}
|
||||
port: {{ authelia_storage_db_port }}
|
||||
database: {{ authelia_storage_db_name }}
|
||||
username: {{ authelia_storage_db_username }}
|
||||
password: '{{ authelia_storage_db_password }}'
|
||||
sslmode: {{ authelia_storage_db_sslmode }}
|
||||
{% else %}
|
||||
local:
|
||||
path: {{ authelia_data_dir }}/db.sqlite3
|
||||
{% endif %}
|
||||
|
||||
notifier:
|
||||
disable_startup_check: {{ authelia_notifier_disable_startup_check | bool | lower }}
|
||||
{% if authelia_notifier_backend == "smtp" %}
|
||||
|
||||
smtp:
|
||||
username: {{ authelia_notifier_smtp_username }}
|
||||
password: '{{ authelia_notifier_smtp_password }}'
|
||||
host: {{ authelia_notifier_smtp_host }}
|
||||
port: {{ authelia_notifier_smtp_port }}
|
||||
sender: {{ authelia_notifier_smtp_sender }}
|
||||
identifier: {{ authelia_notifier_smtp_identifier }}
|
||||
subject: "{{ authelia_notifier_smtp_subject }}"
|
||||
startup_check_address: {{ authelia_notifier_smtp_startup_check_address }}
|
||||
disable_require_tls: {{ authelia_notifier_smtp_disable_require_tls | bool | lower }}
|
||||
disable_html_emails: {{ authelia_notifier_smtp_disable_html_emails | bool | lower }}
|
||||
|
||||
tls:
|
||||
skip_verify: {{ authelia_notifier_smtp_tls_skip_verify | bool | lower }}
|
||||
minimum_version: {{ authelia_notifier_smtp_tls_minimum_version }}
|
||||
{% else %}
|
||||
|
||||
filesystem:
|
||||
filename: {{ authelia_data_dir }}/notification.txt
|
||||
{% endif %}
|
|
@ -1,8 +0,0 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
users:
|
||||
{% for user in authelia_auth_local_users %}
|
||||
{{ user.name }}:
|
||||
{{ user.config | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endfor %}
|
|
@ -1,4 +0,0 @@
|
|||
{
|
||||
"comment" : "{{ ansible_managed }}",
|
||||
"version" : "{{ authelia_version }}"
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
[Unit]
|
||||
Description=Authelia auth server
|
||||
After=network-online.target
|
||||
After=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ authelia_user }}
|
||||
Group={{ authelia_group }}
|
||||
WorkingDirectory={{ authelia_base_dir }}
|
||||
ExecStart={{ authelia_base_dir }}/authelia --config={{ authelia_config_dir }}/authelia.yml
|
||||
|
||||
LimitNOFILE=65000
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
|
||||
{% for path in authelia_read_only_dirs %}
|
||||
ReadOnlyDirectories={{ path }}
|
||||
{% endfor %}
|
||||
|
||||
SyslogIdentifier=authelia
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user