diff --git a/roles/authentik/tasks/blueprints.yml b/roles/authentik/tasks/blueprints.yml index 58c8b19..e40b774 100644 --- a/roles/authentik/tasks/blueprints.yml +++ b/roles/authentik/tasks/blueprints.yml @@ -12,12 +12,12 @@ set_fact: expected_blueprints: >- {{ - (authentik_oidc_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '10-oidc-\1.yaml') | list) + - (authentik_proxy_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-proxy-\1.yaml') | list) + - (authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '30-outpost-\1.yaml') | list) + - (authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-source-entra-\1.yaml') | list) + - ['21-login-sources.yaml'] + - ((authentik_local_users | length > 0) | ternary(['05-local-users.yaml'], [])) + + (authentik_oidc_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '50-oidc-\1.yaml') | list) + + (authentik_proxy_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '60-proxy-\1.yaml') | list) + + (authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '70-outpost-\1.yaml') | list) + + (authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '40-source-entra-\1.yaml') | list) + + ['45-login-sources.yaml'] + + ((authentik_local_users | length > 0) | ternary(['10-local-users.yaml'], [])) + (((authentik_removed_oidc_apps | length > 0) or (authentik_removed_proxy_apps | length > 0) or (authentik_removed_local_users | length > 0)) | ternary(['00-cleanup.yaml'], [])) }} @@ -31,7 +31,7 @@ - name: Render OIDC blueprints ansible.builtin.template: src: blueprints/blueprint-oidc-app.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/10-oidc-{{ item.slug }}.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/50-oidc-{{ item.slug }}.yaml" mode: "0644" loop: "{{ authentik_oidc_apps }}" register: oidc_templates @@ -39,7 +39,7 @@ - name: Render Proxy blueprints ansible.builtin.template: src: blueprints/blueprint-proxy-app.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/20-proxy-{{ item.slug }}.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/60-proxy-{{ item.slug }}.yaml" mode: "0644" loop: "{{ authentik_proxy_apps }}" register: proxy_templates @@ -47,7 +47,7 @@ - name: Render outpost blueprints ansible.builtin.template: src: blueprints/outpost-proxy.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/30-outpost-{{ item.name }}.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/70-outpost-{{ item.name }}.yaml" mode: "0644" loop: "{{ authentik_proxy_outposts }}" register: outpost_bp @@ -55,7 +55,7 @@ - name: Render Entra source blueprints ansible.builtin.template: src: blueprints/blueprint-source-entra.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/20-source-entra-{{ item.slug }}.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/40-source-entra-{{ item.slug }}.yaml" mode: "0644" loop: "{{ authentik_entra_sources }}" register: entra_bp @@ -63,14 +63,14 @@ - name: Render login stage sources blueprint ansible.builtin.template: src: blueprints/blueprint-login-sources.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/21-login-sources.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/45-login-sources.yaml" mode: "0644" register: login_bp - name: Render local users blueprint ansible.builtin.template: src: blueprints/blueprint-local-users.yaml.j2 - dest: "{{ authentik_docker_volume_dir }}/blueprints/05-local-users.yaml" + dest: "{{ authentik_docker_volume_dir }}/blueprints/10-local-users.yaml" mode: "0644" when: authentik_local_users | length > 0 register: local_users_bp