From d25f1c53042ea827c889e7380d576d81ff9c1e2a Mon Sep 17 00:00:00 2001 From: Bert-Jan Fikse Date: Fri, 10 Apr 2026 11:20:31 +0200 Subject: [PATCH] chore: add authentik outpost deployment Signed-off-by: Bert-Jan Fikse --- .../authentik_outpost_ldap/defaults/main.yml | 23 +++++++++++++++ roles/authentik_outpost_ldap/tasks/main.yml | 29 +++++++++++++++++++ .../templates/docker-compose.yml.j2 | 27 +++++++++++++++++ 3 files changed, 79 insertions(+) create mode 100644 roles/authentik_outpost_ldap/templates/docker-compose.yml.j2 diff --git a/roles/authentik_outpost_ldap/defaults/main.yml b/roles/authentik_outpost_ldap/defaults/main.yml index 0222b44..8942bf2 100644 --- a/roles/authentik_outpost_ldap/defaults/main.yml +++ b/roles/authentik_outpost_ldap/defaults/main.yml @@ -1,3 +1,26 @@ #SPDX-License-Identifier: MIT-0 --- # defaults file for authentik_outpost_ldap + +# Base directory configuration (inherited from base role or defined here) +docker_compose_base_dir: /etc/docker/compose +docker_volume_base_dir: /srv/data + +# Service configuration +authentik_outpost_ldap_service_name: authentik-outpost-ldap +authentik_outpost_ldap_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ authentik_outpost_ldap_service_name }}" + +# Container image (must match authentik server version) +authentik_outpost_ldap_image: "ghcr.io/goauthentik/ldap:2026.2.2" + +# Connection to authentik server +authentik_outpost_ldap_host: "https://authentik.local.test" +authentik_outpost_ldap_token: "changeme" +authentik_outpost_ldap_insecure: "true" + +# Dedicated network for LDAP clients (nextcloud, opencloud, etc.) +authentik_outpost_ldap_network: "ldap" + +# Extra hosts for DNS resolution within the container +authentik_outpost_ldap_extra_hosts: [] +# - "authentik.local.test:192.168.56.11" diff --git a/roles/authentik_outpost_ldap/tasks/main.yml b/roles/authentik_outpost_ldap/tasks/main.yml index 36d90a4..7d58beb 100644 --- a/roles/authentik_outpost_ldap/tasks/main.yml +++ b/roles/authentik_outpost_ldap/tasks/main.yml @@ -1,3 +1,32 @@ #SPDX-License-Identifier: MIT-0 --- # tasks file for authentik_outpost_ldap + +- name: Create LDAP network + community.docker.docker_network: + name: "{{ authentik_outpost_ldap_network }}" + state: present + +- name: Create docker compose directory + file: + path: "{{ authentik_outpost_ldap_docker_compose_dir }}" + state: directory + mode: '0755' + +- name: Create docker-compose file for authentik LDAP outpost + template: + src: docker-compose.yml.j2 + dest: "{{ authentik_outpost_ldap_docker_compose_dir }}/docker-compose.yml" + mode: '0644' + +- name: Start authentik LDAP outpost container + community.docker.docker_compose_v2: + project_src: "{{ authentik_outpost_ldap_docker_compose_dir }}" + state: present + recreate: always + wait: true + wait_timeout: 120 + retries: 3 + delay: 15 + register: result + until: result is not failed diff --git a/roles/authentik_outpost_ldap/templates/docker-compose.yml.j2 b/roles/authentik_outpost_ldap/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..fcff9fc --- /dev/null +++ b/roles/authentik_outpost_ldap/templates/docker-compose.yml.j2 @@ -0,0 +1,27 @@ +services: + ldap: + image: {{ authentik_outpost_ldap_image }} + restart: unless-stopped + environment: + AUTHENTIK_HOST: {{ authentik_outpost_ldap_host }} + AUTHENTIK_TOKEN: {{ authentik_outpost_ldap_token }} + AUTHENTIK_INSECURE: "{{ authentik_outpost_ldap_insecure }}" +{% if authentik_outpost_ldap_extra_hosts | length > 0 %} + extra_hosts: +{% for host in authentik_outpost_ldap_extra_hosts %} + - "{{ host }}" +{% endfor %} +{% endif %} + networks: + - {{ authentik_outpost_ldap_network }} +{% if authentik_outpost_ldap_authentik_network is defined %} + - {{ authentik_outpost_ldap_authentik_network }} +{% endif %} + +networks: + {{ authentik_outpost_ldap_network }}: + external: true +{% if authentik_outpost_ldap_authentik_network is defined %} + {{ authentik_outpost_ldap_authentik_network }}: + external: true +{% endif %}