[add] role:authelia-for-gitlab

ansible/roles/authelia-for-gitlab/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_authelia_for_gitlab_gitlab_url_base": "https://gitlab.example.org",
+	"var_authelia_for_gitlab_client_id": "gitlab",
+	"var_authelia_for_gitlab_client_secret": "REPLACE_ME"
+}

ansible/roles/authelia-for-gitlab/info.md

@@ -0,0 +1,10 @@
+## Beschreibung
+
+Um [GitLab](../gitlab) gegen [Authelia](../authelia) authentifizieren zu lassen
+
+
+## Verweise
+
+- [Authelia-Dokumentation | GitLab Integration](https://www.authelia.com/integration/openid-connect/gitlab/)
+- [GitLab-Dokumentation | Use OpenID Connect as an OAuth 2.0 authentication provider](https://docs.gitlab.com/ee/administration/auth/oidc.html)
+

ansible/roles/authelia-for-gitlab/tasks/main.json

@@ -0,0 +1,25 @@
+[
+	{
+		"name": "configuration | emplace",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "authelia-client-conf.json.j2",
+			"dest": "/etc/authelia/conf.d/clients/gitlab.json"
+		}
+	},
+	{
+		"name": "configuration | apply",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "/usr/bin/authelia-conf-compose"
+		}
+	},
+	{
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "authelia"
+		}
+	}
+]

ansible/roles/authelia-for-gitlab/templates/authelia-client-conf.json.j2

@@ -0,0 +1,17 @@
+{
+	"id": "{{var_authelia_for_gitlab_client_id}}",
+	"description": "GitLab",
+	"secret": "{{var_authelia_for_gitlab_client_secret}}",
+	"public": false,
+	"authorization_policy": "one_factor",
+	"redirect_uris": [
+		"{{var_authelia_for_gitlab_gitlab_url_base}}/users/auth/openid_connect/callback
+	],
+	"scopes": [
+		"openid",
+		"profile"
+		"groups",
+		"email"
+	],
+	"userinfo_signing_algorithm": "none"
+}