77 lines
1.8 KiB
YAML
77 lines
1.8 KiB
YAML
|
- name: Install dependencies
|
||
|
apt:
|
||
|
name: [postgresql, redis, podman, python3-psycopg2]
|
||
|
|
||
|
- name: Install authentik-*.service
|
||
|
template:
|
||
|
src: authentik-{{ item }}.service
|
||
|
dest: /etc/systemd/system/authentik-{{ item }}.service
|
||
|
with_items: [server, worker]
|
||
|
notify:
|
||
|
- systemctl daemon-reload
|
||
|
- restart authentik-server
|
||
|
- restart authentik-worker
|
||
|
|
||
|
- name: Enable authentik-*.service
|
||
|
service:
|
||
|
name: "authentik-{{ item }}"
|
||
|
enabled: true
|
||
|
with_items: [server, worker]
|
||
|
|
||
|
- name: Configure Authentik environment variables
|
||
|
template:
|
||
|
src: authentik.env
|
||
|
dest: /etc/authentik.env
|
||
|
notify:
|
||
|
- restart authentik-server
|
||
|
- restart authentik-worker
|
||
|
|
||
|
- name: make some folders
|
||
|
file:
|
||
|
path: "{{ item }}"
|
||
|
state: directory
|
||
|
with_items:
|
||
|
- /var/lib/authentik/media
|
||
|
- /var/lib/authentik/templates
|
||
|
|
||
|
- name: configure postgres to listen for connections from containers
|
||
|
template:
|
||
|
src: postgres.conf
|
||
|
dest: /etc/postgresql/15/main/conf.d/listen.conf
|
||
|
notify:
|
||
|
- restart postgresql
|
||
|
|
||
|
- name: configure postgres container access
|
||
|
community.postgresql.postgresql_pg_hba:
|
||
|
address: 10.88.0.0/24
|
||
|
contype: host
|
||
|
databases: authentik
|
||
|
dest: /etc/postgresql/15/main/pg_hba.conf
|
||
|
notify:
|
||
|
- restart postgresql
|
||
|
|
||
|
- name: configure redis
|
||
|
template:
|
||
|
src: redis.conf
|
||
|
dest: /etc/redis/redis.conf
|
||
|
notify:
|
||
|
- restart redis
|
||
|
|
||
|
- include_tasks:
|
||
|
file: postgres.yml
|
||
|
apply:
|
||
|
become: true
|
||
|
become_user: postgres
|
||
|
|
||
|
- name: make override dirs
|
||
|
file:
|
||
|
name: "/etc/systemd/system/{{ item }}.service.d"
|
||
|
state: directory
|
||
|
with_items: [redis, postgresql@15-main]
|
||
|
|
||
|
- name: configure service overrides to make sure they bind to the podman network
|
||
|
template:
|
||
|
src: block-until-podman.conf
|
||
|
dest: "/etc/systemd/system/{{ item }}.service.d/block-until-podman.conf"
|
||
|
with_items: [redis, postgresql@15-main]
|