From 839d65c2e2f0accdc4599cad4f8cc9315d9d5a2d Mon Sep 17 00:00:00 2001
From: Fenris Wolf <fenris@folksprak.org>
Date: Fri, 25 Oct 2024 00:37:02 +0200
Subject: [PATCH] role:authelia-for-zeitbild_backend

---
 .../defaults/main.json                        |  5 ++++
 roles/authelia-for-zeitbild_backend/info.md   |  4 +++
 .../tasks/main.json                           | 25 +++++++++++++++++++
 .../templates/authelia-client-conf.json.j2    | 17 +++++++++++++
 4 files changed, 51 insertions(+)
 create mode 100644 roles/authelia-for-zeitbild_backend/defaults/main.json
 create mode 100644 roles/authelia-for-zeitbild_backend/info.md
 create mode 100644 roles/authelia-for-zeitbild_backend/tasks/main.json
 create mode 100644 roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2

diff --git a/roles/authelia-for-zeitbild_backend/defaults/main.json b/roles/authelia-for-zeitbild_backend/defaults/main.json
new file mode 100644
index 0000000..f54881a
--- /dev/null
+++ b/roles/authelia-for-zeitbild_backend/defaults/main.json
@@ -0,0 +1,5 @@
+{
+	"var_authelia_for_zeitbild_backend_zeitbild_backend_url_base": "https://zeitbild_backend.example.org",
+	"var_authelia_for_zeitbild_backend_client_id": "zeitbild_backend",
+	"var_authelia_for_zeitbild_backend_client_secret": "REPLACE_ME"
+}
diff --git a/roles/authelia-for-zeitbild_backend/info.md b/roles/authelia-for-zeitbild_backend/info.md
new file mode 100644
index 0000000..72e35a9
--- /dev/null
+++ b/roles/authelia-for-zeitbild_backend/info.md
@@ -0,0 +1,4 @@
+## Beschreibung
+
+Um [zeitbild](../zeitbild_backend) gegen [Authelia](../authelia) authentifizieren zu lassen
+
diff --git a/roles/authelia-for-zeitbild_backend/tasks/main.json b/roles/authelia-for-zeitbild_backend/tasks/main.json
new file mode 100644
index 0000000..e7fb6e0
--- /dev/null
+++ b/roles/authelia-for-zeitbild_backend/tasks/main.json
@@ -0,0 +1,25 @@
+[
+	{
+		"name": "configuration | emplace",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "authelia-client-conf.json.j2",
+			"dest": "/etc/authelia/conf.d/clients/zeitbild_backend.json"
+		}
+	},
+	{
+		"name": "configuration | apply",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "/usr/bin/authelia-conf-compose"
+		}
+	},
+	{
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "authelia"
+		}
+	}
+]
diff --git a/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2 b/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2
new file mode 100644
index 0000000..a7b13b8
--- /dev/null
+++ b/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2
@@ -0,0 +1,17 @@
+{
+	"client_id": "{{var_authelia_for_zeitbild_backend_client_id}}",
+	"client_secret": "{{var_authelia_for_zeitbild_backend_client_secret}}",
+	"client_name": "Forgejo",
+	"public": false,
+	"authorization_policy": "one_factor",
+	"redirect_uris": [
+		"{{var_authelia_for_zeitbild_backend_zeitbild_backend_url_base}}/user/oauth2/authelia/callback"
+	],
+	"scopes": [
+		"openid",
+		"email",
+		"profile"
+	],
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "client_secret_basic"
+}