[mod] role:authelia

2023-12-15 15:24:51 +01:00 · 2023-12-15 15:24:51 +01:00 · 547fdb4997
commit 547fdb4997
parent 15af3efdab
3 changed files with 56 additions and 1 deletions
--- a/ansible/roles/authelia/defaults/main.json
+++ b/ansible/roles/authelia/defaults/main.json
@ -1,4 +1,6 @@
 {
+	"var_authelia_version": "4.37.5",
+	"var_authelia_variant": "amd64",
 	"var_authelia_listen_address": "0.0.0.0",
 	"var_authelia_jwt_secret": "authelia_jwt_secret",
 	"var_authelia_users_file_path": "/var/authelia/users.yml",
--- a/ansible/roles/authelia/tasks/main.json
+++ b/ansible/roles/authelia/tasks/main.json
@ -40,6 +40,47 @@
 			]
 		}
 	},
+	{
+		"name": "download",
+		"delegate_to": "localhost",
+		"ansible.builtin.get_url": {
+			"url": "https://github.com/authelia/authelia/releases/download/v{{var_authelia_version}}/authelia-v{{var_authelia_version}}-linux-{{var_authelia_variant}}.tar.gz",
+			"dest": "/tmp/authelia.tar.gz"
+		}
+	},
+	{
+		"name": "unpack | preparation",
+		"delegate_to": "localhost",
+		"ansible.builtin.file": {
+			"state": "directory",
+			"dest": "/tmp/authelia"
+		}
+	},
+	{
+		"name": "unpack | execution",
+		"delegate_to": "localhost",
+		"ansible.builtin.unarchive": {
+			"src": "/tmp/authelia.tar.gz",
+			"dest": "/tmp/authelia"
+		}
+	},
+	{
+		"name": "setup binary",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "/tmp/authelia/authelia-linux-{{var_authelia_variant}}",
+			"dest": "/usr/bin/authelia",
+			"mode": "0744"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd-unit.j2",
+			"dest": "/etc/systemd/system/authelia.service"
+		}
+	},
 	{
 		"name": "generate private key for signing OIDC JWTs",
 		"become": true,
@ -80,13 +121,14 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "users.yml.j2",
-			"path": "{{var_authelia_users_file_path}}"
+			"dest": "{{var_authelia_users_file_path}}"
 		}
 	},
 	{
 		"name": "apply",
 		"become": true,
 		"ansible.builtin.systemd_service": {
+			"enabled": true,
 			"state": "restarted",
 			"name": "authelia"
 		}
--- a/ansible/roles/authelia/templates/systemd-unit.j2
+++ b/ansible/roles/authelia/templates/systemd-unit.j2
@ -0,0 +1,11 @@
+[Unit]
+Description=Authelia authentication and authorization server
+After=multi-user.target
+
+[Service]
+Environment=AUTHELIA_SERVER_DISABLE_HEALTHCHECK=true
+ExecStart=/usr/bin/authelia --config /etc/authelia/configuration.yml
+SyslogIdentifier=authelia
+
+[Install]
+WantedBy=multi-user.target