Digitalboard/digitalboard.core
6
2
Fork 0
Code Pull requests 1 Releases Packages Activity Actions
No description
101 commits 4 branches 0 tags 980 KiB
Find a file
Simon Bärlocher c27584cd9c
feat(drawio,garage): optional Authentik ForwardAuth in front of UIs 
Add `*_authentik_forward_auth` + `*_authentik_forward_auth_url` knobs to
both roles. When enabled:

* drawio: traefik attaches a ForwardAuth middleware pointing at the
  authentik embedded outpost; unauthenticated requests get redirected
  to log in and downstream sees X-Authentik-* identity headers.

* garage WebUI: same ForwardAuth wiring, and `AUTH_USER_PASS` is dropped
  from the container env so authentik is the only gate. Tasks now key
  the htpasswd hash workflow off `_garage_webui_htpasswd_active`
  (`webui_enabled AND NOT authentik_forward_auth`); when authentik
  fronts the UI we skip hashing entirely. htpasswd hash is also now
  cached on disk and re-verified via `htpasswd -vbB` so unchanged
  passwords stop showing as `changed=true` on every run.

Both knobs default to `false`, preserving existing htpasswd/plain behaviour.
2026-05-26 14:03:38 +02:00
meta chore: add empty collection skeleton 2025-08-20 10:33:28 +02:00
plugins feat: add garage secret lookup plugin 2025-12-19 18:19:49 +01:00
roles feat(drawio,garage): optional Authentik ForwardAuth in front of UIs 2026-05-26 14:03:38 +02:00
.gitignore Merge remote-tracking branch 'origin/main' 2026-05-20 12:41:52 +02:00
galaxy.yml chore: add empty collection skeleton 2025-08-20 10:33:28 +02:00
README.md chore: add empty collection skeleton 2025-08-20 10:33:28 +02:00

README.md

Ansible Collection - digitalboard.core

Documentation for the collection.