[mod] role:authelia

2023-12-11 02:43:58 +01:00 · 2023-12-11 02:43:58 +01:00 · a947c4900e
commit a947c4900e
parent 99f4bb1d98
5 changed files with 93 additions and 17 deletions
--- a/ansible/roles/authelia/defaults/main.json
+++ b/ansible/roles/authelia/defaults/main.json
@ -1,18 +1,20 @@
 {
 	"var_authelia_listen_address": "0.0.0.0",
 	"var_authelia_jwt_secret": "authelia_jwt_secret",
-	"var_authelia_users_file_path": "/var/authelia/users.json",
+	"var_authelia_users_file_path": "/var/authelia/users.yml",
+	"var_authelia_log_file_path": "/var/log/authelia.log",
 	"var_authelia_session_domain": "example.org",
 	"var_authelia_session_secret": "session_secret",
 	"var_authelia_storage_path": "/var/authelia/state.db",
 	"var_authelia_storage_encryption_key": "storage_encryption_key",
 	"var_authelia_ntp_server": "time.cloudflare.com:123",
-	"var_authelia_notification_mode": "email",
+	"var_authelia_notification_mode": "smtp",
+	"var_authelia_notification_file_path": "/var/authelia/notifications",
 	"var_authelia_notification_smtp_host": "smtp.example.org",
 	"var_authelia_notification_smtp_port": "465",
 	"var_authelia_notification_smtp_username": "authelia",
 	"var_authelia_notification_smtp_username": "smtp_password",
 	"var_authelia_notification_smtp_sender": "Authelia",
 	"var_authelia_notification_smtp_sender": "Authelia",
-	"var_authelia_oidc_hmac_secret": "oidc_hmac_secret",
+	"var_authelia_oidc_hmac_secret": "oidc_hmac_secret"
 }
--- a/ansible/roles/authelia/info.md
+++ b/ansible/roles/authelia/info.md
@ -4,3 +4,10 @@
 - [GitHub-Seite](https://github.com/authelia/authelia)
 - [Installations-Anleitung](https://www.authelia.com/integration/deployment/bare-metal/)
 - [Dokumentation | Konfiguration](https://www.authelia.com/configuration/)
+
+
+## ToDo
+
+- Dummy-Client los werden
+- Dummy-Nutzer los werden
+
--- a/ansible/roles/authelia/tasks/main.json
+++ b/ansible/roles/authelia/tasks/main.json
@ -1,36 +1,86 @@
 [
 	{
-		"name": "invoke package repository",
+"when": false,
+		"name": "prepare package installation 1",
+		"become": true,
+		"ansible.builtin.apt": {
+			"pkg": [
+				"apt-transport-https",
+				"gpg"
+			]
+		}
+	},
+	{
+"when": false,
+		"name": "prepare package installation 2",
+		"become": true,
+		"ansible.builtin.apt_key": {
+			"url": "https://apt.authelia.com/organization/signing.asc"
+		}
+	},
+	{
+"when": false,
+		"name": "prepare package installation 3",
 		"become": true,
 		"ansible.builtin.apt_repository": {
 			"repo": "deb https://apt.authelia.com/stable/debian/debian/ all main"
 		}
+
 	},
 	{
+"when": false,
 		"name": "install packages",
 		"become": true,
 		"ansible.builtin.apt": {
-			"pgk": [
+			"update_cache": true,
+			"pkg": [
+				"openssl",
+				"python3-cryptography",
 				"authelia"
 			]
 		}
 	},
 	{
 		"name": "generate private key for signing OIDC JWTs",
-		"beccome": true,
+		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"type": "RSA",
 			"size": 4096,
-			"path": "/dev/null",
+			"path": "/etc/ssl/private/authelia-key.pem",
 			"return_content": true
-		}
+		},
+		"register": "temp_tls_result"
 	},
 	{
 		"name": "emplace configuration",
 		"become": true,
 		"ansible.builtin.template": {
-			"src": "config.yml.j2",
-			"dest": "/etc/authelia/config.yml"
+			"src": "configuration.yml.j2",
+			"dest": "/etc/authelia/configuration.yml"
+		}
+	},
+	{
+		"name": "setup log directory",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_authelia_log_file_path | dirname}}"
+		}
+	},
+	{
+		"name": "setup users directory",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_authelia_users_file_path | dirname}}"
+		}
+	},
+	{
+		"name": "place dummy user file",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "users.yml.j2",
+			"path": "{{var_authelia_users_file_path}}"
 		}
 	},
 	{
@ -39,6 +89,6 @@
 		"ansible.builtin.systemd_service": {
 			"state": "restarted",
 			"name": "authelia"
-		}		
+		}
 	}
 ]
--- a/ansible/roles/authelia/templates/configuration.yml.j2
+++ b/ansible/roles/authelia/templates/configuration.yml.j2
@ -11,14 +11,14 @@ server:
 log:
  level: info
  format: json
-  file_path: /var/log/authelia.log
+  file_path: {{var_authelia_log_file_path}}
  keep_stdout: false
 telemetry:
  metrics:
    enabled: false
    address: tcp://0.0.0.0:9959
 totp:
-  disable: true
+  disable: false
  issuer: authelia.com
  algorithm: sha1
  digits: 6
@ -106,8 +106,11 @@ storage:
    path: "{{var_authelia_storage_path}}"
 notifier:
  disable_startup_check: true
-  # filesystem:
-    # filename: /config/notification.txt
+{% if var_authelia_notification_mode == "file" %}
+  filesystem:
+    filename: {{var_authelia_notification_file_path}}
+{% endif %}
+{% if var_authelia_notification_mode == "smtp" %}
  smtp:
    host: "{{var_authelia_notification_smtp_host}}"
    port: {{var_authelia_notification_smtp_port}}
@ -118,13 +121,21 @@ notifier:
    disable_html_emails: false
    tls:
      skip_verify: false
+{% endif %}
 identity_providers:
  oidc:
    hmac_secret: "{{var_authelia_oidc_hmac_secret}}"
    issuer_private_key: |
-      {{privatekey}}
+{% filter indent(width=6) %}
+      {{temp_tls_result.privatekey}}
+{% endfilter %}
    cors:
      allowed_origins_from_client_redirect_uris: true
-    clients: []
+    clients:
+      -
+        public: false
+        id: "dummy"
+        secret: "d1424b378e4fbbc153f330f33b74ab192525b98cc2dd58b2e8d01c2737be00c6"
+        redirect_uris: []

 ...
--- a/ansible/roles/authelia/templates/users.yml.j2
+++ b/ansible/roles/authelia/templates/users.yml.j2
@ -0,0 +1,6 @@
+users:
+  _dummy:
+    displayname: "(Dummy)"
+    password: "$argon2id$v=19$m=65536,t=3,p=4$sHIRjFaYRz2U3F8wHnqecQ$lwnQtHNeFqgLaLSW8It7KJSHNOJoSeF+RF7lwgM7WRA"
+    email: "dummy@nowhere.org"
+    groups: []