init

ansible/roles/authentik/tasks/deploy-authentik.yml

@@ -0,0 +1,92 @@
+---
+-
+    name: Ensure install directory exists
+    file:
+        path: "{{ install_dir }}"
+        state: directory
+        mode: "0755"
+
+-
+    name: Deploy environment file
+    template:
+        src: env.j2
+        dest: "{{ install_dir }}/.env"
+
+-
+    name: Ensure blueprints directory exists
+    file:
+        path: "{{ install_dir }}/blueprints"
+        state: directory
+        mode: "0755"
+
+-
+    name: Deploy OAuth2 blueprint
+    template:
+        src: blueprint-oauth2.yml.j2
+        dest: "{{ install_dir }}/blueprints/oauth2-applications.yaml"
+    when: oauth_applications is defined and oauth_applications | length > 0
+
+-
+    name: Deploy enrollment blueprint
+    template:
+        src: blueprint-enrollment.yml.j2
+        dest: "{{ install_dir }}/blueprints/enrollment.yaml"
+
+-
+    name: Deploy social login blueprint
+    template:
+        src: blueprint-social-logins.yml.j2
+        dest: "{{ install_dir }}/blueprints/social-logins.yaml"
+    when: social_login_sources is defined and social_login_sources | length > 0
+
+-
+    name: Ensure media directory exists
+    file:
+        path: "{{ install_dir }}/media/public"
+        state: directory
+        mode: "0755"
+
+-
+    name: Copy branding assets
+    copy:
+        src: branding/
+        dest: "{{ install_dir }}/media/public/"
+        mode: "0644"
+    when: branding_assets | default(false)
+
+-
+    name: Ensure custom-templates email directory exists
+    file:
+        path: "{{ install_dir }}/custom-templates/email"
+        state: directory
+        mode: "0755"
+
+-
+    name: Deploy custom email templates
+    template:
+        src: "email/{{ item }}.j2"
+        dest: "{{ install_dir }}/custom-templates/email/{{ item }}"
+    loop:
+        - account-confirmation.html
+        - password-reset.html
+
+-
+    name: Deploy docker-compose file
+    template:
+        src: docker-compose.yml.j2
+        dest: "{{ install_dir }}/docker-compose.yml"
+
+-
+    name: Start Authentik stack
+    include_role:
+        name: docker
+        tasks_from: start-compose
+    vars:
+        compose_project_dir: "{{ install_dir }}"
+
+-
+    name: Deploy Authentik backup script
+    template:
+        src: backup.sh.j2
+        dest: /etc/restic/pre-backup.d/authentik.sh
+        mode: "0755"

ansible/roles/authentik/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+-
+    name: Deploy Authentik
+    ansible.builtin.include_tasks: deploy-authentik.yml

ansible/roles/authentik/tasks/restore-authentik.yml

@@ -0,0 +1,46 @@
+---
+-
+    name: Set backup staging directory
+    set_fact:
+        _authentik_backup_dir: "{{ backup_staging_dir | default('/var/backups') }}/authentik"
+
+-
+    name: Stop Authentik stack
+    community.docker.docker_compose_v2:
+        project_src: "{{ install_dir }}"
+        state: absent
+
+-
+    name: Restore config files
+    copy:
+        src: "{{ _authentik_backup_dir }}/{{ item }}"
+        dest: "{{ install_dir }}/{{ item }}"
+        remote_src: yes
+        mode: "0600"
+    loop:
+        - .env
+        - docker-compose.yml
+
+-
+    name: Start Postgres only
+    command: >
+        docker compose -f {{ install_dir }}/docker-compose.yml
+        up -d postgres
+
+-
+    name: Wait for Postgres to be ready
+    pause:
+        seconds: 10
+
+-
+    name: Restore Postgres dump
+    shell: >
+        docker compose -f {{ install_dir }}/docker-compose.yml
+        exec -T postgres psql -U authentik authentik
+        < {{ _authentik_backup_dir }}/authentik.sql
+
+-
+    name: Start full Authentik stack
+    community.docker.docker_compose_v2:
+        project_src: "{{ install_dir }}"
+        state: present