chore: add authentik outpost deployment

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 11:20:31 +02:00 · 2026-04-10 11:20:31 +02:00 · d25f1c5304
commit d25f1c5304
parent dbcccc090b
3 changed files with 79 additions and 0 deletions
--- a/roles/authentik_outpost_ldap/defaults/main.yml
+++ b/roles/authentik_outpost_ldap/defaults/main.yml
@ -1,3 +1,26 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for authentik_outpost_ldap
+
+# Base directory configuration (inherited from base role or defined here)
+docker_compose_base_dir: /etc/docker/compose
+docker_volume_base_dir: /srv/data
+
+# Service configuration
+authentik_outpost_ldap_service_name: authentik-outpost-ldap
+authentik_outpost_ldap_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ authentik_outpost_ldap_service_name }}"
+
+# Container image (must match authentik server version)
+authentik_outpost_ldap_image: "ghcr.io/goauthentik/ldap:2026.2.2"
+
+# Connection to authentik server
+authentik_outpost_ldap_host: "https://authentik.local.test"
+authentik_outpost_ldap_token: "changeme"
+authentik_outpost_ldap_insecure: "true"
+
+# Dedicated network for LDAP clients (nextcloud, opencloud, etc.)
+authentik_outpost_ldap_network: "ldap"
+
+# Extra hosts for DNS resolution within the container
+authentik_outpost_ldap_extra_hosts: []
+# - "authentik.local.test:192.168.56.11"
--- a/roles/authentik_outpost_ldap/tasks/main.yml
+++ b/roles/authentik_outpost_ldap/tasks/main.yml
@ -1,3 +1,32 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for authentik_outpost_ldap
+
+- name: Create LDAP network
+  community.docker.docker_network:
+    name: "{{ authentik_outpost_ldap_network }}"
+    state: present
+
+- name: Create docker compose directory
+  file:
+    path: "{{ authentik_outpost_ldap_docker_compose_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Create docker-compose file for authentik LDAP outpost
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ authentik_outpost_ldap_docker_compose_dir }}/docker-compose.yml"
+    mode: '0644'
+
+- name: Start authentik LDAP outpost container
+  community.docker.docker_compose_v2:
+    project_src: "{{ authentik_outpost_ldap_docker_compose_dir }}"
+    state: present
+    recreate: always
+    wait: true
+    wait_timeout: 120
+  retries: 3
+  delay: 15
+  register: result
+  until: result is not failed
--- a/roles/authentik_outpost_ldap/templates/docker-compose.yml.j2
+++ b/roles/authentik_outpost_ldap/templates/docker-compose.yml.j2
@ -0,0 +1,27 @@
+services:
+  ldap:
+    image: {{ authentik_outpost_ldap_image }}
+    restart: unless-stopped
+    environment:
+      AUTHENTIK_HOST: {{ authentik_outpost_ldap_host }}
+      AUTHENTIK_TOKEN: {{ authentik_outpost_ldap_token }}
+      AUTHENTIK_INSECURE: "{{ authentik_outpost_ldap_insecure }}"
+{% if authentik_outpost_ldap_extra_hosts | length > 0 %}
+    extra_hosts:
+{%   for host in authentik_outpost_ldap_extra_hosts %}
+      - "{{ host }}"
+{%   endfor %}
+{% endif %}
+    networks:
+      - {{ authentik_outpost_ldap_network }}
+{% if authentik_outpost_ldap_authentik_network is defined %}
+      - {{ authentik_outpost_ldap_authentik_network }}
+{% endif %}
+
+networks:
+  {{ authentik_outpost_ldap_network }}:
+    external: true
+{% if authentik_outpost_ldap_authentik_network is defined %}
+  {{ authentik_outpost_ldap_authentik_network }}:
+    external: true
+{% endif %}