misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[fix] role:authelia

Browse source
This commit is contained in:
roydfalk 2024-03-20 00:09:41 +01:00
parent cb09bca26e
commit b36bcf9b83
6 changed files with 170 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ansible/roles/authelia/defaults/main.json
View file

@ -7,7 +7,7 @@
"var_authelia_log_file_path": "/var/authelia/log.jsonl", "var_authelia_log_file_path": "/var/authelia/log.jsonl",
"var_authelia_session_domain": "example.org", "var_authelia_session_domain": "example.org",
"var_authelia_session_secret": "REPLACE_ME", "var_authelia_session_secret": "REPLACE_ME",
"var_authelia_storage_encryption_key": "storage_encryption_key", "var_authelia_storage_encryption_key": "REPLACE_ME",
"var_authelia_storage_kind": "sqlite", "var_authelia_storage_kind": "sqlite",
"var_authelia_storage_data_sqlite_path": "/var/authelia/state.db", "var_authelia_storage_data_sqlite_path": "/var/authelia/state.db",
"var_authelia_storage_data_postgresql_host": "localhost", "var_authelia_storage_data_postgresql_host": "localhost",
@ -25,9 +25,9 @@
"var_authelia_notification_mode": "smtp", "var_authelia_notification_mode": "smtp",
"var_authelia_notification_file_path": "/var/authelia/notifications", "var_authelia_notification_file_path": "/var/authelia/notifications",
"var_authelia_notification_smtp_host": "smtp.example.org", "var_authelia_notification_smtp_host": "smtp.example.org",
"var_authelia_notification_smtp_port": "465", "var_authelia_notification_smtp_port": 465,
"var_authelia_notification_smtp_username": "authelia", "var_authelia_notification_smtp_username": "authelia",
"var_authelia_notification_smtp_password": "REPLACE_ME", "var_authelia_notification_smtp_password": "REPLACE_ME",
"var_authelia_notification_smtp_sender": "Authelia", "var_authelia_notification_smtp_sender": "authelia@example.org",
"var_authelia_oidc_hmac_secret": "REPLACE_ME" "var_authelia_oidc_hmac_secret": "REPLACE_ME"
} }

12
ansible/roles/authelia/files/user-manage.py
View file

@ -28,14 +28,18 @@ def file_write(path, content):
return content return content
def get_password_hash(binary_file_path, conf_file_path, name): def get_password_hash(binary_file_path, conf_file_path, password):
# /usr/bin/authelia --config=/etc/authelia/configuration.yml crypto hash generate bcrypt --password=alice
output = _subprocess.check_output([ output = _subprocess.check_output([
binary_file_path, binary_file_path,
"--config=%s" % conf_file_path, "--config=%s" % conf_file_path,
"hash-password", "crypto",
name "hash",
"generate",
"bcrypt",
"--password=%s" % password,
]) ])
return output.decode("utf-8").split("\n")[0][8:] return output.decode("utf-8").split("\n")[0].split(" ")[1]
def postprocess(binary_file_path, conf_file_path, data): def postprocess(binary_file_path, conf_file_path, data):

1
ansible/roles/authelia/tasks/main.json
View file

@ -3,6 +3,7 @@
"name": "packages | prerequisites", "name": "packages | prerequisites",
"become": true, "become": true,
"ansible.builtin.apt": { "ansible.builtin.apt": {
"update_cache": true,
"pkg": [ "pkg": [
"apt-transport-https", "apt-transport-https",
"gpg" "gpg"

21
ansible/roles/authelia/templates/conf-main.json.j2
View file

@ -1,13 +1,17 @@
{ {
"theme": "auto", "theme": "auto",
"jwt_secret": "{{var_authelia_jwt_secret}}", "identity_validation": {
"reset_password": {
"jwt_secret": "{{var_authelia_jwt_secret}}"
}
},
"default_2fa_method": "totp", "default_2fa_method": "totp",
"server": { "server": {
"host": "{{var_authelia_listen_address}}", "address": "{{var_authelia_listen_address}}:9091",
"port": 9091, "endpoints": {
"path": "",
"enable_pprof": false, "enable_pprof": false,
"enable_expvars": false, "enable_expvars": false
},
"disable_healthcheck": false "disable_healthcheck": false
}, },
"log": { "log": {
@ -121,7 +125,7 @@
"secret": "{{var_authelia_session_secret}}", "secret": "{{var_authelia_session_secret}}",
"expiration": "1h", "expiration": "1h",
"inactivity": "5m", "inactivity": "5m",
"remember_me_duration": "1M" "remember_me": "1M"
}, },
"regulation": { "regulation": {
"max_retries": 3, "max_retries": 3,
@ -137,8 +141,7 @@
{% endif %} {% endif %}
{% if var_authelia_storage_kind == "postgresql" %} {% if var_authelia_storage_kind == "postgresql" %}
"postgres": { "postgres": {
"host": "{{var_authelia_storage_data_postgresql_host}}", "address": "{{var_authelia_storage_data_postgresql_host}}:{{var_authelia_storage_data_postgresql_port | string}}",
"port": {{var_authelia_storage_data_postgresql_port | string}},
"schema": "public", "schema": "public",
"username": "{{var_authelia_storage_data_postgresql_username}}", "username": "{{var_authelia_storage_data_postgresql_username}}",
"password": "{{var_authelia_storage_data_postgresql_password}}", "password": "{{var_authelia_storage_data_postgresql_password}}",
@ -165,7 +168,7 @@
{% if var_authelia_notification_mode == "smtp" %} {% if var_authelia_notification_mode == "smtp" %}
"smtp": { "smtp": {
"host": "{{var_authelia_notification_smtp_host}}", "host": "{{var_authelia_notification_smtp_host}}",
"port": {{var_authelia_notification_smtp_port}}, "port": {{var_authelia_notification_smtp_port | string}},
"username": "{{var_authelia_notification_smtp_username}}", "username": "{{var_authelia_notification_smtp_username}}",
"password": "{{var_authelia_notification_smtp_password}}", "password": "{{var_authelia_notification_smtp_password}}",
"sender": "{{var_authelia_notification_smtp_sender}}", "sender": "{{var_authelia_notification_smtp_sender}}",

6
ansible/roles/authelia/templates/users.yml.j2
View file

@ -1 +1,5 @@
users: {} users:
_dummy:
displayname: dummy
password: "$2b$12$N5qptdk1VtpSlIlCxspLxeNeRIP6UEho4r1ZCoOlfpAtsIJQIjV/a"
email: dummy@example.org

130
ansible/roles/authelia/vardef.json Normal file
View file

@ -0,0 +1,130 @@
{
"version": {
"type": "string",
"mandatory": false
},
"architecture": {
"type": "string",
"mandatory": false
},
"listen_address": {
"type": "string",
"mandatory": false
},
"jwt_secret": {
"type": "string",
"mandatory": true
},
"users_file_path": {
"type": "string",
"mandatory": false
},
"log_file_path": {
"type": "string",
"mandatory": false
},
"session_domain": {
"type": "string",
"mandatory": false
},
"session_secret": {
"type": "string",
"mandatory": true
},
"storage_encryption_key": {
"type": "string",
"mandatory": true
},
"storage_kind": {
"type": "string",
"mandatory": false
},
"storage_data_sqlite_path": {
"type": "string",
"mandatory": false
},
"storage_data_postgresql_host": {
"type": "string",
"mandatory": false
},
"storage_data_postgresql_port": {
"type": "integer",
"mandatory": false
},
"storage_data_postgresql_username": {
"type": "string",
"mandatory": false
},
"storage_data_postgresql_password": {
"type": "string",
"mandatory": false
},
"storage_data_postgresql_schema": {
"type": "string",
"mandatory": false
},
"storage_data_mariadb_host": {
"type": "string",
"mandatory": false
},
"storage_data_mariadb_port": {
"type": "integer",
"mandatory": false
},
"storage_data_mariadb_username": {
"type": "string",
"mandatory": false
},
"storage_data_mariadb_password": {
"type": "string",
"mandatory": false
},
"storage_data_mariadb_schema": {
"type": "string",
"mandatory": false
},
"ntp_server": {
"type": "string",
"mandatory": false
},
"password_reset_enabled": {
"type": "boolean",
"mandatory": false
},
"notification_mode": {
"type": "string",
"mandatory": false,
"options": [
"file",
"smtp"
]
},
"notification_file_path": {
"type": "string",
"mandatory": false
},
"notification_smtp_host": {
"type": "string",
"mandatory": false
},
"notification_smtp_port": {
"type": "integer",
"mandatory": false
},
"notification_smtp_username": {
"type": "string",
"mandatory": false
},
"notification_smtp_password": {
"type": "string",
"mandatory": false
},
"notification_smtp_sender": {
"type": "string",
"mandatory": false
},
"oidc_hmac_secret": {
"type": "string",
"mandatory": true
}
}