133 lines
4.4 KiB
YAML
133 lines
4.4 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for authentik
|
|
|
|
- name: Create docker compose directory
|
|
file:
|
|
path: "{{ authentik_docker_compose_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create authentik data directory
|
|
file:
|
|
path: "{{ authentik_docker_volume_dir }}/data"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create authentik certs directory
|
|
file:
|
|
path: "{{ authentik_docker_volume_dir }}/certs"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create authentik templates directory
|
|
file:
|
|
path: "{{ authentik_docker_volume_dir }}/templates"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create postgres data directory
|
|
file:
|
|
path: "{{ authentik_docker_volume_dir }}/postgresql"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create blueprints directory
|
|
file:
|
|
path: "{{ authentik_docker_volume_dir }}/blueprints"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Find existing blueprint files
|
|
find:
|
|
paths: "{{ authentik_docker_volume_dir }}/blueprints"
|
|
patterns: "*.yaml"
|
|
register: existing_blueprints
|
|
|
|
- name: Build list of expected blueprint files
|
|
set_fact:
|
|
expected_blueprints: >-
|
|
{{
|
|
(authentik_oidc_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '10-oidc-\1.yaml') | list) +
|
|
(authentik_proxy_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-proxy-\1.yaml') | list) +
|
|
(authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '30-outpost-\1.yaml') | list) +
|
|
(authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-source-entra-\1.yaml') | list) +
|
|
['21-login-sources.yaml'] +
|
|
((authentik_local_users | length > 0) | ternary(['05-local-users.yaml'], []))
|
|
}}
|
|
|
|
- name: Remove stale blueprint files
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
loop: "{{ existing_blueprints.files }}"
|
|
when: item.path | basename not in expected_blueprints
|
|
|
|
- name: Render OIDC blueprints
|
|
ansible.builtin.template:
|
|
src: blueprints/blueprint-oidc-app.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/10-oidc-{{ item.slug }}.yaml"
|
|
mode: "0644"
|
|
loop: "{{ authentik_oidc_apps }}"
|
|
register: oidc_templates
|
|
|
|
- name: Render Proxy blueprints
|
|
ansible.builtin.template:
|
|
src: blueprints/blueprint-proxy-app.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/20-proxy-{{ item.slug }}.yaml"
|
|
mode: "0644"
|
|
loop: "{{ authentik_proxy_apps }}"
|
|
register: proxy_templates
|
|
|
|
- name: Render outpost blueprints
|
|
template:
|
|
src: blueprints/outpost-proxy.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/30-outpost-{{ item.name }}.yaml"
|
|
mode: "0644"
|
|
loop: "{{ authentik_proxy_outposts }}"
|
|
register: outpost_bp
|
|
|
|
- name: Render Entra source blueprints
|
|
ansible.builtin.template:
|
|
src: blueprints/blueprint-source-entra.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/20-source-entra-{{ item.slug }}.yaml"
|
|
mode: "0644"
|
|
loop: "{{ authentik_entra_sources }}"
|
|
register: entra_bp
|
|
|
|
- name: Render login stage sources blueprint
|
|
ansible.builtin.template:
|
|
src: blueprints/blueprint-login-sources.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/21-login-sources.yaml"
|
|
mode: "0644"
|
|
register: login_bp
|
|
|
|
- name: Render local users blueprint
|
|
ansible.builtin.template:
|
|
src: blueprints/blueprint-local-users.yaml.j2
|
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/05-local-users.yaml"
|
|
mode: "0644"
|
|
when: authentik_local_users | length > 0
|
|
register: local_users_bp
|
|
|
|
- name: Create docker-compose file for authentik
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ authentik_docker_compose_dir }}/docker-compose.yml"
|
|
mode: '0644'
|
|
|
|
- name: Start authentik containers
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ authentik_docker_compose_dir }}"
|
|
state: present
|
|
recreate: >-
|
|
{{
|
|
(
|
|
(oidc_templates is defined and (oidc_templates.results | selectattr('changed') | list | length > 0))
|
|
or (proxy_templates is defined and (proxy_templates.results | selectattr('changed') | list | length > 0))
|
|
or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
|
|
or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
|
|
or (login_bp is defined and login_bp.changed)
|
|
or (local_users_bp.changed | default(false))
|
|
) | ternary('always','auto')
|
|
}}
|