From 547fdb49973dea24f805214cd21b0bc9e88a0bf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Fri, 15 Dec 2023 15:24:51 +0100
Subject: [PATCH] [mod] role:authelia

---
 ansible/roles/authelia/defaults/main.json     |  2 +
 ansible/roles/authelia/tasks/main.json        | 44 ++++++++++++++++++-
 .../roles/authelia/templates/systemd-unit.j2  | 11 +++++
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/authelia/templates/systemd-unit.j2

diff --git a/ansible/roles/authelia/defaults/main.json b/ansible/roles/authelia/defaults/main.json
index a287d47..7c00228 100644
--- a/ansible/roles/authelia/defaults/main.json
+++ b/ansible/roles/authelia/defaults/main.json
@@ -1,4 +1,6 @@
 {
+	"var_authelia_version": "4.37.5",
+	"var_authelia_variant": "amd64",
 	"var_authelia_listen_address": "0.0.0.0",
 	"var_authelia_jwt_secret": "authelia_jwt_secret",
 	"var_authelia_users_file_path": "/var/authelia/users.yml",
diff --git a/ansible/roles/authelia/tasks/main.json b/ansible/roles/authelia/tasks/main.json
index faecaf0..fe83c24 100644
--- a/ansible/roles/authelia/tasks/main.json
+++ b/ansible/roles/authelia/tasks/main.json
@@ -40,6 +40,47 @@
 			]
 		}
 	},
+	{
+		"name": "download",
+		"delegate_to": "localhost",
+		"ansible.builtin.get_url": {
+			"url": "https://github.com/authelia/authelia/releases/download/v{{var_authelia_version}}/authelia-v{{var_authelia_version}}-linux-{{var_authelia_variant}}.tar.gz",
+			"dest": "/tmp/authelia.tar.gz"
+		}
+	},
+	{
+		"name": "unpack | preparation",
+		"delegate_to": "localhost",
+		"ansible.builtin.file": {
+			"state": "directory",
+			"dest": "/tmp/authelia"
+		}
+	},
+	{
+		"name": "unpack | execution",
+		"delegate_to": "localhost",
+		"ansible.builtin.unarchive": {
+			"src": "/tmp/authelia.tar.gz",
+			"dest": "/tmp/authelia"
+		}
+	},
+	{
+		"name": "setup binary",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "/tmp/authelia/authelia-linux-{{var_authelia_variant}}",
+			"dest": "/usr/bin/authelia",
+			"mode": "0744"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd-unit.j2",
+			"dest": "/etc/systemd/system/authelia.service"
+		}
+	},
 	{
 		"name": "generate private key for signing OIDC JWTs",
 		"become": true,
@@ -80,13 +121,14 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "users.yml.j2",
-			"path": "{{var_authelia_users_file_path}}"
+			"dest": "{{var_authelia_users_file_path}}"
 		}
 	},
 	{
 		"name": "apply",
 		"become": true,
 		"ansible.builtin.systemd_service": {
+			"enabled": true,
 			"state": "restarted",
 			"name": "authelia"
 		}
diff --git a/ansible/roles/authelia/templates/systemd-unit.j2 b/ansible/roles/authelia/templates/systemd-unit.j2
new file mode 100644
index 0000000..48b2065
--- /dev/null
+++ b/ansible/roles/authelia/templates/systemd-unit.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=Authelia authentication and authorization server
+After=multi-user.target
+
+[Service]
+Environment=AUTHELIA_SERVER_DISABLE_HEALTHCHECK=true
+ExecStart=/usr/bin/authelia --config /etc/authelia/configuration.yml
+SyslogIdentifier=authelia
+
+[Install]
+WantedBy=multi-user.target