parent
073ead5852
commit
0bdd9c40b2
@ -0,0 +1,48 @@
|
|||||||
|
- name: Set up Authelia
|
||||||
|
hosts: lotus-land-story
|
||||||
|
vars_files:
|
||||||
|
- vars.yml
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: Create directories for volume mounting
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /mnt/lotus-land-story/authelia/{{ item }}
|
||||||
|
state: directory
|
||||||
|
mode: "0700"
|
||||||
|
loop:
|
||||||
|
- config
|
||||||
|
- secrets
|
||||||
|
|
||||||
|
- name: Copy configuration
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/authelia_{{ item }}.yml
|
||||||
|
dest: /mnt/lotus-land-story/authelia/config/{{ item }}.yml
|
||||||
|
mode: "0644"
|
||||||
|
loop:
|
||||||
|
- configuration
|
||||||
|
- users_database
|
||||||
|
|
||||||
|
- name: Get docker network
|
||||||
|
community.docker.docker_network:
|
||||||
|
name: lotus_land_story
|
||||||
|
register: docker_network
|
||||||
|
|
||||||
|
- name: Run Authelia
|
||||||
|
community.docker.docker_container:
|
||||||
|
restart: true
|
||||||
|
name: authelia
|
||||||
|
image: docker.io/authelia/authelia:4.37.5
|
||||||
|
env:
|
||||||
|
AUTHENTICATION_GUARD: remote_user_guard
|
||||||
|
volumes:
|
||||||
|
- /mnt/lotus-land-story/authelia/config:/config
|
||||||
|
- /mnt/lotus-land-story/authelia/secrets:/secrets
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: lotus_land_story
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Import restarts
|
||||||
|
ansible.builtin.import_tasks: restarts.yml
|
||||||
|
|
||||||
|
# vim: ft=yaml.ansible
|
@ -0,0 +1,32 @@
|
|||||||
|
- name: Set up hledger
|
||||||
|
hosts: lotus-land-story
|
||||||
|
vars_files:
|
||||||
|
- vars.yml
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: Create directory for volume mounting
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /mnt/lotus-land-story/hledger
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Run hledger
|
||||||
|
community.docker.docker_container:
|
||||||
|
restart: true
|
||||||
|
name: hledger
|
||||||
|
image: dastapov/hledger:1.31
|
||||||
|
env:
|
||||||
|
HLEDGER_JOURNAL_FILE: /data/all.journal
|
||||||
|
HLEDGER_BASE_URL: https://{{ hledger.subdomain }}.{{ domain }}
|
||||||
|
HLEDGER_ARGS: --capabilities=view,add,manage
|
||||||
|
volumes:
|
||||||
|
- /mnt/lotus-land-story/hledger:/data
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: lotus_land_story
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Import restarts
|
||||||
|
ansible.builtin.import_tasks: restarts.yml
|
||||||
|
|
||||||
|
# vim: ft=yaml.ansible
|
@ -0,0 +1,66 @@
|
|||||||
|
theme: auto
|
||||||
|
jwt_secret: {{ authelia.jwt_secret }}
|
||||||
|
default_redirection_url: https://auth.{{ domain }}/
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: debug
|
||||||
|
format: json
|
||||||
|
|
||||||
|
telemetry:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
file:
|
||||||
|
path: /config/users_database.yml
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
- domain: "*.{{ domain }}"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
session:
|
||||||
|
secret: {{ authelia.session_secret }}
|
||||||
|
domain: {{ domain }}
|
||||||
|
|
||||||
|
storage:
|
||||||
|
encryption_key: {{ authelia.storage_encryption_key }}
|
||||||
|
local:
|
||||||
|
path: /config/db.sqlite3
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
smtp:
|
||||||
|
username: apikey
|
||||||
|
password: {{ authelia.smtp_password }}
|
||||||
|
host: smtp.sendgrid.net
|
||||||
|
port: 25
|
||||||
|
sender: authelia@kejadlen.dev
|
||||||
|
|
||||||
|
identity_providers:
|
||||||
|
oidc:
|
||||||
|
issuer_private_key: |
|
||||||
|
{{ authelia.oidc_private_key | indent(6) }}
|
||||||
|
clients:
|
||||||
|
- id: grafana
|
||||||
|
description: Grafana
|
||||||
|
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
|
||||||
|
public: false
|
||||||
|
authorization_policy: two_factor
|
||||||
|
redirect_uris:
|
||||||
|
- https://grafana.{{ domain }}/login/generic_oauth
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- groups
|
||||||
|
- email
|
||||||
|
userinfo_signing_algorithm: none
|
||||||
|
- id: tailscale
|
||||||
|
description: Tailscale
|
||||||
|
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
|
||||||
|
redirect_uris:
|
||||||
|
- https://login.tailscale.com/a/oauth_response
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- email
|
||||||
|
- profile
|
@ -0,0 +1,8 @@
|
|||||||
|
users:
|
||||||
|
alpha:
|
||||||
|
disabled: false
|
||||||
|
displayname: "Alpha"
|
||||||
|
password: "$argon2id$v=19$m=65536,t=3,p=4$JHtyy/vVD+37neJUjy5Shw$6GODmDOXW/v7cfhqwuEp30bVSCWLT5R3OEe/Gi5FGX0" # yamllint disable-line rule:line-length
|
||||||
|
email: alpha@kejadlen.dev
|
||||||
|
groups:
|
||||||
|
- admins
|
Loading…
Reference in new issue