-
Notifications
You must be signed in to change notification settings - Fork 5
/
authelia.yml
168 lines (151 loc) · 7.25 KB
/
authelia.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
---
- hosts: homelab
vars:
application: authelia
authelia_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
36336235323638666236356162346132313036666131623237386439306461366663643337396239
6363616665623465353234326335613936353236356537630a356362336338353533613539626563
63316439346665383538303531626137393333616435366339366266363938663636363764366334
3734633763343066620a623138303637626364656437633330666264623733656261383433383330
35626334303366623862316362623262376562393737383462646432613336633666
authelia_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
66396262326366303736353531333235613932333130326233333863303735323361366335633239
3966663366333833666465656138383366326439643432610a623463656533663237336630306566
31653332633737663736653762663962333233636133613233616335313231356430303262363563
3933666339666530340a346663356334333066643163663130353965646630356231396166626563
64393435356563393034363763383961643933626139663166646433623631393862613565376132
37326465653335373432666362306464363636633334353463376338363030336533616632666463
61393138343739303763666237323065313964333931653231336164646239363330376264393039
62636435363239373535
authelia_session_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
64383263376261633637386336623362666431343539313565623361383639303136326535653862
3134666265633532653335633333636236346537336431300a626261656432306634663837356435
66643832343239363063323261646231393339366433656561373338393333336566363139363963
3837346163333761330a663461393861633639333031333561303066666137303861346439383134
65326133336538653335313233633033623062653165373237333765666264636635333737343733
38633038316230333431373261616361333031323063333834396534333139313334643162333736
39366232376564356432353165303631303161646235353636343433396138643539306431376630
61386161323538383264
authelia_storage_encryption_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31346636653936313466353264373132373138623062376132303739396661373039313262326463
3730323463356262306135383734323635646165326165640a666337373730613263303862336133
35646432313135306435366332333061613466393434396463306432386135633864343633343734
6336643330353639340a623130663166616665653262313732373838626135386134356633303235
35366166623235306466373766303030343035396534656162323036656330336437386537613862
31316135383936633638653861653566636538643761633965313663326164373562636262333736
32316161393737333233616331333837363261303835343638346135383661366565323635623865
34393337383838346135
docker_network: "{{ networks.pub }}"
handlers:
- name: Restart
community.docker.docker_container:
name: "{{ application }}"
restart: true
comparisons:
'*': ignore
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ config_directory }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
- name: Create redis container
ansible.builtin.include_role:
name: redis
vars:
redis_version: 7
redis_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30306365373164346565373038643030313035363630306431663036323335663335316665323064
3862363762396432306164636136323037333138333237650a363336653265656634393833643338
64353239313235356138356339633363646234353862343361306165666337386332656437303165
3461316439616566390a353664363061383631623335366237386538323731376261373761343065
34353333613036653836663634383936323063636630616362353063316333343566356536656463
37656163313130623037393165396262633565323562353330316339663932613135353931613336
31306638373464626635633961656461633537363562626561396439643138393833643233666263
66376261656237373431
- name: Create postgres container
ansible.builtin.import_role:
name: postgres
vars:
postgres_version: 17
postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
33343066663538356436376464353631623537343964353361313366636231633537313136383363
3132663437323563626666663032333338663635386333610a326266653331313238346661353763
31363932656662396232303333396363316230663937383133366133383131333362646264353032
3434656465363436320a633131333230373539656531613032373535613130353962373165356238
63613835303936373164303465326537333433636264366434306534636136383665343263643731
33656364643466386133306239306665633030353532613764363933306333656561613730303566
61333835396264303136326464623766663464313535613364343335616436396535646236383963
63303336633366386562
- name: Create keys folder
ansible.builtin.file:
path: "{{ config_directory }}/keys"
state: directory
owner: "root"
group: "root"
mode: "0771"
- name: Generate a private key
community.crypto.openssl_privatekey:
path: "{{ config_directory }}/keys/private.pem"
type: RSA
size: 4096
return_content: true
register: _authelia_private_key
- name: Create authelia folder
ansible.builtin.file:
path: "{{ config_directory }}/authelia"
state: directory
owner: "root"
group: "root"
mode: "0771"
- name: Template config
ansible.builtin.template:
src: "{{ files_directory }}/configuration.yml.j2"
dest: "{{ config_directory }}/authelia/configuration.yml"
owner: "{{ common_root_id }}"
group: "{{ common_root_group }}"
mode: "0444"
validate: "docker run --rm --name {{ application }}_config_check -v %s:/tmp/config.yml --entrypoint authelia ghcr.io/authelia/authelia:latest validate-config --config /tmp/config.yml"
notify: Restart
- name: Template users
ansible.builtin.template:
src: "{{ files_directory }}/users.yml.j2"
dest: "{{ config_directory }}/authelia/users.yml"
owner: "{{ common_root_id }}"
group: "{{ common_root_group }}"
mode: "0444"
notify: Restart
- name: Create container
ansible.builtin.include_role:
name: docker_container
vars:
image: ghcr.io/authelia/authelia:4.38.18
ipv4_address: "{{ docker_network.prefix }}.254"
env:
TZ: "{{ common_timezone }}"
volumes:
- "{{ config_directory }}/authelia:/config"
- "{{ config_directory }}/logs:/var/log/authelia"
traefik:
- port: 9091
homepage:
group: Management
weight: 400
description: "Authentication and authorization"
blackbox:
path: /api/health
labels:
'{
"com.centurylinklabs.watchtower.enable": "false",
"traefik.http.middlewares.{{ application }}.forwardauth.address": "http://{{ application }}.{{ common_local_tld }}:9091/api/verify?rd=https://{{ application }}.{{ common_tld }}",
"traefik.http.middlewares.{{ application }}.forwardauth.trustForwardHeader": "true",
"traefik.http.middlewares.{{ application }}.forwardauth.authResponseHeaders": "Remote-User,Remote-Groups,Remote-Name,Remote-Email"
}'