diff --git a/ansible/main.yml b/ansible/main.yml index 5532986..8e1dacb 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -67,7 +67,7 @@ - mastodon - forgejo - vikunja - - authentik + - pocket_id - minio - ntfy - baby_buddy diff --git a/ansible/roles/authentik/files/docker-compose.yml b/ansible/roles/authentik/files/docker-compose.yml deleted file mode 100644 index 2e2dd3c..0000000 --- a/ansible/roles/authentik/files/docker-compose.yml +++ /dev/null @@ -1,76 +0,0 @@ -x-env: &env - - TIMEZONE={{ timezone }} - - AUTHENTIK_REDIS__HOST=redis - - AUTHENTIK_POSTGRESQL__HOST=db - - AUTHENTIK_POSTGRESQL__USER=authentik - - AUTHENTIK_POSTGRESQL__NAME=authentik - - AUTHENTIK_POSTGRESQL__PASSWORD={{ vault_authentik_db_password }} - - AUTHENTIK_SECRET_KEY={{ vault_authentik_secret_key }} - - AUTHENTIK_WEB__WORKERS=1 - - AUTHENTIK_DISABLE_UPDATE_CHECK=true - - AUTHENTIK_ERROR_REPORTING__ENABLED=false - - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true - - AUTHENTIK_EMAIL__HOST=smtp.eu.mailgun.org - - AUTHENTIK_EMAIL__PORT=465 - - AUTHENTIK_EMAIL__USERNAME={{ vault_authentik_email_username }} - - AUTHENTIK_EMAIL__PASSWORD={{ vault_authentik_email_password }} - - AUTHENTIK_EMAIL__USE_TLS=true - - AUTHENTIK_EMAIL__FROM={{ vault_authentik_email_from }} - -services: - server: - image: ghcr.io/goauthentik/server:2025.2 - restart: unless-stopped - command: server - user: "{{ docker_user.id }}" - environment: *env - volumes: - - "{{ app_data_dir }}/authentik/media:/media" - - "{{ app_data_dir }}/authentik/custom-templates:/templates" - labels: - - traefik.enable=true - - traefik.http.routers.authentik.rule=Host(`auth.jakehoward.tech`) - - traefik.http.services.authentik-authentik.loadbalancer.server.port=9000 - - traefik.http.middlewares.authentik-ratelimit.ratelimit.average=5 - - traefik.http.middlewares.authentik-ratelimit.ratelimit.burst=1000 - - traefik.http.routers.authentik.middlewares=authentik-ratelimit - depends_on: - - db - - redis - networks: - - default - - traefik - - worker: - image: ghcr.io/goauthentik/server:2025.2 - restart: unless-stopped - command: worker - user: "{{ docker_user.id }}" - environment: *env - volumes: - - "{{ app_data_dir }}/authentik/media:/media" - - "{{ app_data_dir }}/authentik/certs:/certs" - - "{{ app_data_dir }}/authentik/custom-templates:/templates" - depends_on: - - db - - redis - - server - - db: - image: postgres:15-alpine - restart: unless-stopped - volumes: - - /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data - environment: - - POSTGRES_PASSWORD={{ vault_authentik_db_password }} - - POSTGRES_USER=authentik - - redis: - image: redis:7-alpine - restart: unless-stopped - volumes: - - /mnt/speed/dbs/redis/authentik:/data - -networks: - traefik: - external: true diff --git a/ansible/roles/authentik/handlers/main.yml b/ansible/roles/authentik/handlers/main.yml deleted file mode 100644 index 3aa4d8d..0000000 --- a/ansible/roles/authentik/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart authentik - shell: - chdir: /opt/authentik - cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/authentik/vars/vault.yml b/ansible/roles/authentik/vars/vault.yml deleted file mode 100644 index f75ef88..0000000 --- a/ansible/roles/authentik/vars/vault.yml +++ /dev/null @@ -1,22 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31633966386539623139356136333664326633646537366433626432363437336331333639636634 -6563646365666534393834636539376337666336376666300a313338336365383338633165646531 -35656231613762393636666332653434393966343039313863333566646434643630343438623362 -6466383362396539610a366438306332303331656237343466313135336431363335306636643363 -32383066353331383461613532323265353861663835663463383235303863306438386364303235 -31323264323732326231336162393438313262323263316564336266663565666361316564373332 -61616637306636353362633338616461646232616165323638346164346565353139666238323033 -36366537393530613464613033383438666362636166613062653930326663626337346636346434 -66396362656231613930653866386334393438336332383637356663323936623863313161323039 -34316639633235313132336238636162343936336163356135303034383434346561356365633636 -32633930313335343961653835656363333365656438393334303333373337353566666532373964 -38316362306362363464313237383130343239326238663062616533396230316438316536333139 -66353835333066346634366638323930616365386364643165666133666565383137303062636263 -64646639666235356264623663313762333666306565303237656434323365316165633866373964 -38326631656463373161356562303031643231623332653861616535333834336630363239363632 -31643862626639353132373232393966323461653361343331653261356431363933326130363433 -38323633343433346535633937373466666639353530653164313532623535653135613766336138 -64626631656431613937366563373934616364656536373437353563346165626535326464353439 -37353136376636633231393733613663633864616163373736386332316162333166303863663538 -63376461643263326362373434666138303635636165616564316432626564356138623032653737 -37323633353165623661343736363933323631646438383430303234326665613566 diff --git a/ansible/roles/pocket_id/files/docker-compose.yml b/ansible/roles/pocket_id/files/docker-compose.yml new file mode 100644 index 0000000..f53f07e --- /dev/null +++ b/ansible/roles/pocket_id/files/docker-compose.yml @@ -0,0 +1,47 @@ +services: + pocket-id: + image: ghcr.io/pocket-id/pocket-id + restart: unless-stopped + user: "{{ docker_user.id }}" + environment: + - PUBLIC_APP_URL=https://auth.jakehoward.tech + - TRUST_PROXY=true + - DB_PROVIDER=postgres + - DB_CONNECTION_STRING=postgres://pocketid:{{ vault_pocket_id_db_password }}@db/pocketid + - UPDATE_CHECK_DISABLED=true + - PUBLIC_UI_CONFIG_DISABLED=true + - APP_NAME=Orange ID + - SESSION_DURATION=30 + - SMTP_HOST=smtp.eu.mailgun.org + - SMTP_PORT=465 + - SMTP_FROM={{ vault_pocket_id_from_address }} + - SMTP_USER={{ vault_pocket_id_smtp_user }} + - SMTP_PASSWORD={{ vault_pocket_id_smtp_password }} + - SMTP_TLS=tls + - EMAIL_LOGIN_NOTIFICATION_ENABLED=true + volumes: + - "{{ app_data_dir }}/pocket-id:/app/backend/data" + labels: + - traefik.enable=true + - traefik.http.routers.pocket-id.rule=Host(`auth.jakehoward.tech`) + - traefik.http.middlewares.pocket-id-ratelimit.ratelimit.average=5 + - traefik.http.middlewares.pocket-id-ratelimit.ratelimit.burst=200 + - traefik.http.routers.pocket-id.middlewares=pocket-id-ratelimit + depends_on: + - db + networks: + - default + - traefik + + db: + image: postgres:15-alpine + restart: unless-stopped + volumes: + - /mnt/speed/dbs/postgres/pocket-id:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD={{ vault_pocket_id_db_password }} + - POSTGRES_USER=pocketid + +networks: + traefik: + external: true diff --git a/ansible/roles/pocket_id/handlers/main.yml b/ansible/roles/pocket_id/handlers/main.yml new file mode 100644 index 0000000..3063c22 --- /dev/null +++ b/ansible/roles/pocket_id/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart pocket-id + shell: + chdir: /opt/pocket-id + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/pocket_id/tasks/main.yml similarity index 80% rename from ansible/roles/authentik/tasks/main.yml rename to ansible/roles/pocket_id/tasks/main.yml index e5c51a0..3526556 100644 --- a/ansible/roles/authentik/tasks/main.yml +++ b/ansible/roles/pocket_id/tasks/main.yml @@ -3,7 +3,7 @@ - name: Create install directory file: - path: /opt/authentik + path: /opt/pocket-id state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" @@ -11,8 +11,8 @@ - name: Install compose file template: src: files/docker-compose.yml - dest: /opt/authentik/docker-compose.yml + dest: /opt/pocket-id/docker-compose.yml mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" validate: docker-compose -f %s config - notify: restart authentik + notify: restart pocket-id diff --git a/ansible/roles/pocket_id/vars/vault.yml b/ansible/roles/pocket_id/vars/vault.yml new file mode 100644 index 0000000..b849ce5 --- /dev/null +++ b/ansible/roles/pocket_id/vars/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +61613231353938346635326165303531326232393334313261366561326633323836366334663634 +3563306334306632383964643634653166373964666335360a363338323236323461316634333161 +38303037373861326263353366653034646162653331616265313865613964666133326334666666 +3038633037313437370a353865346537323135313632303439373535303366383437633135386333 +65393434633037393535373331366265386663313334333664636565313331353332393530393231 +64646135356265653662333637643461636539306138386263383062396666363264386535653438 +30653634393337366363646364613032666631346662333435313931356639643962316666343939 +36383563373733353437386262326638666533653232636363363636376131313661396136663261 +30373732616665353137623561346666616361376563323764346536623734633737643736653238 +62633663373863653663383635373537653337376338656433626163393666396139363038666461 +37316537383566373239393831353632393135303831353866373339323831663038333733356333 +30663137653539363162386362303266396365623936386335303536386239323739383436373462 +34336566316332396166633735396532363238386531396361656666323233393763663335333038 +65333939343066376365633138383364376136303431343333353835656332626563646530343766 +64366466303038373661616136636530383366373365323062383836336530373035323466306135 +34366438613438323133356138383566663165323837666435353435333539333862366630306132 +66386265636139653739386630656566326131613231373639656264643232373134 diff --git a/ansible/roles/pve_docker/files/nextcloud/config.php b/ansible/roles/pve_docker/files/nextcloud/config.php index 8476431..6ad67f3 100644 --- a/ansible/roles/pve_docker/files/nextcloud/config.php +++ b/ansible/roles/pve_docker/files/nextcloud/config.php @@ -54,7 +54,7 @@ $CONFIG = array ( 'mail_smtppassword' => '{{ nextcloud.email_password }}', 'mail_smtpport' => '465', 'upgrade.disable-web' => true, - # Allow Nextcloud to talk to Authentik + # Allow Nextcloud to talk to other services 'allow_local_remote_servers' => true, 'maintenance_window_start' => 18, );