From c9a1def59e3e7f758a93b57edca1dec5e203e3c4 Mon Sep 17 00:00:00 2001
From: Ada <ada@gnous.eu>
Date: Sun, 24 Mar 2024 22:12:56 +0100
Subject: [PATCH 1/4] Add knot roles
---
ansible/deploy.yml | 2 +-
ansible/hosts.yml | 9 +++++++
ansible/roles/authentik/handlers/main.yml | 19 ++++++++++++++
ansible/roles/authentik/tasks/main.yml | 21 +++++++++++++++
.../roles/authentik/templates/kresd.conf.j2 | 26 +++++++++++++++++++
5 files changed, 76 insertions(+), 1 deletion(-)
create mode 100644 ansible/roles/authentik/handlers/main.yml
create mode 100644 ansible/roles/authentik/tasks/main.yml
create mode 100644 ansible/roles/authentik/templates/kresd.conf.j2
diff --git a/ansible/deploy.yml b/ansible/deploy.yml
index cc09b0b..c728576 100644
--- a/ansible/deploy.yml
+++ b/ansible/deploy.yml
@@ -12,7 +12,7 @@
- role: timesyncd
when: ansible_facts['os_family'] == "Debian"
- role: ufw
- when: ansible_facts['os_family'] == "Debian"
+ when: ansible_facts['os_family'] == "Ubuntu"
- name: Resolver
hosts: resolver
diff --git a/ansible/hosts.yml b/ansible/hosts.yml
index ca71b3a..bdab6a3 100644
--- a/ansible/hosts.yml
+++ b/ansible/hosts.yml
@@ -1,19 +1,28 @@
+<<<<<<< HEAD
---
+=======
+>>>>>>> 2410885 (Add knot roles)
all:
hosts:
resolver-1:
ansible_host: 10.20.0.42
+<<<<<<< HEAD
dhcp-1:
ansible_host: 10.20.0.43
authoritative-1:
ansible_host: 10.20.0.44
+=======
+>>>>>>> 2410885 (Add knot roles)
children:
resolver:
hosts:
resolver-1:
+<<<<<<< HEAD
kea-dhcp:
hosts:
dhcp-1:
dns-authoritative:
hosts:
authoritative-1:
+=======
+>>>>>>> 2410885 (Add knot roles)
diff --git a/ansible/roles/authentik/handlers/main.yml b/ansible/roles/authentik/handlers/main.yml
new file mode 100644
index 0000000..e40da42
--- /dev/null
+++ b/ansible/roles/authentik/handlers/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Package cache update
+ become: true
+ ansible.builtin.package:
+ update_cache: true
+
+- name: Restart knot resolver
+ become: true
+ ansible.builtin.service:
+ state: restarted
+ name: kresd@{{ item }}.service
+ with_sequence: count={{ ansible_processor_vcpus }}
+
+- name: Enable knot resolver
+ become: true
+ ansible.builtin.service:
+ enabled: true
+ name: kresd@{{ item }}.service
+ with_sequence: count={{ ansible_processor_vcpus }}
diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml
new file mode 100644
index 0000000..e798b06
--- /dev/null
+++ b/ansible/roles/authentik/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Install knot repository
+ ansible.builtin.apt:
+ deb: https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
+ notify:
+ - Package cache update
+
+- name: Install knot resolver
+ ansible.builtin.apt:
+ name: knot-resolver
+ notify:
+ - Enable knot resolver
+ - Restart knot resolver
+
+- name: Configure
+ ansible.builtin.template:
+ src: kresd.conf.j2
+ dest: /etc/knot-resolver/kresd.conf
+ mode: "0644"
+ notify:
+ - Restart knot resolver
diff --git a/ansible/roles/authentik/templates/kresd.conf.j2 b/ansible/roles/authentik/templates/kresd.conf.j2
new file mode 100644
index 0000000..8754040
--- /dev/null
+++ b/ansible/roles/authentik/templates/kresd.conf.j2
@@ -0,0 +1,26 @@
+net.listen('{{resolver_ip}}', 53, { kind = 'dns'})
+cache.size = 128 * MB
+modules = {
+ 'hints > iterate', -- Allow loading /etc/hosts or custom root hints
+ 'predict', -- Prefetch expiring/frequent records
+}
+
+modules.load('prefill')
+prefill.config({
+ ['.'] = {
+ url = 'https://www.internic.net/domain/root.zone',
+ interval = 86400, -- seconds
+ }
+})
+
+modules.load('view')
+view:addr('127.0.0.0/8', policy.all(policy.PASS))
+view:addr('::1/128', policy.all(policy.PASS))
+{% for prefix in kresd_allow %}
+view:addr('{{ prefix }}', policy.all(policy.PASS))
+{% endfor %}
+view:addr('0.0.0.0/0', policy.all(policy.DROP))
+view:addr('::/0', policy.all(policy.DROP))
+
+log_target('stdout')
+log_level('debug')
\ No newline at end of file
--
2.49.1
From c20f8e5df0cc0c174ee70dbcbcf06f7d4909273f Mon Sep 17 00:00:00 2001
From: Ada <ada@gnous.eu>
Date: Mon, 25 Mar 2024 00:32:09 +0100
Subject: [PATCH 2/4] WIP
---
ansible/roles/authentik/tasks/build.yml | 32 ++++++++++
.../roles/authentik/tasks/dependencies.yml | 60 +++++++++++++++++++
ansible/roles/authentik/tasks/main.yml | 30 ++++------
3 files changed, 103 insertions(+), 19 deletions(-)
create mode 100644 ansible/roles/authentik/tasks/build.yml
create mode 100644 ansible/roles/authentik/tasks/dependencies.yml
diff --git a/ansible/roles/authentik/tasks/build.yml b/ansible/roles/authentik/tasks/build.yml
new file mode 100644
index 0000000..a2b3bba
--- /dev/null
+++ b/ansible/roles/authentik/tasks/build.yml
@@ -0,0 +1,32 @@
+---
+- name: Get authentik source
+ ansible.builtin.git:
+ repo: 'https://github.com/goauthentik/authentik.git'
+ dest: /opt/authentik/src
+ version: version/2024.2.2
+ force: true
+
+- name: Build front
+ ansible.builtin.shell: |
+ cd /opt/authentik/src/website
+ npm i
+ npm run build-docs-only
+ cd /opt/authentik/src/web
+ npm i
+ npm run build
+
+- name: Create virtualenv
+ ansible.builtin.command: "python3.12 -m venv /opt/authentik/src/venv"
+
+- name: Installl poetry and dependencies
+ ansible.builtin.shell: |
+ cd /opt/authentik/src/
+ venv/bin/pip install poetry
+ venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
+
+
+- name: Build go proxy
+ ansible.builtin.shell: |
+ cd /opt/authentik/src/
+ sed -i "s/c.Setup(\".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/c.Setup(\"\/etc\/authentik\/config.yml\", \".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/" /opt/authentik/src/internal/config/config.go
+ go build -o /opt/authentik/src/authentik-server ./cmd/server/
\ No newline at end of file
diff --git a/ansible/roles/authentik/tasks/dependencies.yml b/ansible/roles/authentik/tasks/dependencies.yml
new file mode 100644
index 0000000..1477107
--- /dev/null
+++ b/ansible/roles/authentik/tasks/dependencies.yml
@@ -0,0 +1,60 @@
+---
+- name: Install roles dependencies
+ ansible.builtin.apt:
+ name: "{{ item }}"
+ with_items:
+ - git
+ - libpq-dev
+ - libxmlsec1-dev
+
+- name: Add deadsnake ppa for python3.12
+ ansible.builtin.apt_repository:
+ repo: 'ppa:deadsnakes/ppa'
+
+- name: Install python3.12
+ ansible.builtin.apt:
+ name: "{{ item }}"
+ with_items:
+ - python3.12
+ - python3.12-distutils
+ - python3.12-venv
+ - python3.12-dev
+
+- name: Add longsleep ppa for go 1.22
+ ansible.builtin.apt_repository:
+ repo: 'ppa:longsleep/golang-backports'
+
+- name: Install go 1.22
+ ansible.builtin.apt:
+ name: "golang-go"
+
+- name: Download node GPG key
+ ansible.builtin.get_url:
+ url: 'https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key'
+ dest: "/usr/share/keyrings/node-archive-keyring.asc"
+ mode: "0644"
+ validate_certs: true
+ checksum: sha512:36c77b2bddaea0523ab90962a38ebd3ee90c3d5cf17e525f02898aa8e7b14fd1026f6d659b99d931fe907e9142a98ff08075ebfc56f0f1e2001c6ba4791d3daa
+ changed_when: false
+ no_log: false
+
+- name: Add nodesource repo for node
+ ansible.builtin.apt_repository:
+ repo: 'deb [arch=amd64 signed-by=/usr/share/keyrings/node-archive-keyring.asc] https://deb.nodesource.com/node_21.x nodistro main'
+
+- name: Install nodejs
+ ansible.builtin.apt:
+ name: nodejs
+
+- name: Add authentik user
+ ansible.builtin.user:
+ name: "authentik"
+ system: true
+
+- name: Create /opt/authentik
+ ansible.builtin.file:
+ path: /opt/authentik
+ state: directory
+ mode: '0755'
+ owner: authentik
+
diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml
index e798b06..d809de1 100644
--- a/ansible/roles/authentik/tasks/main.yml
+++ b/ansible/roles/authentik/tasks/main.yml
@@ -1,21 +1,13 @@
---
-- name: Install knot repository
- ansible.builtin.apt:
- deb: https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
- notify:
- - Package cache update
+- name: Install dependencies
+ ansible.builtin.import_tasks: dependencies.yml
+ become: true
+ tags:
+ - install_dependencies
-- name: Install knot resolver
- ansible.builtin.apt:
- name: knot-resolver
- notify:
- - Enable knot resolver
- - Restart knot resolver
-
-- name: Configure
- ansible.builtin.template:
- src: kresd.conf.j2
- dest: /etc/knot-resolver/kresd.conf
- mode: "0644"
- notify:
- - Restart knot resolver
+- name: Build authentik
+ ansible.builtin.import_tasks: build.yml
+ become: true
+ tags:
+ - build
+ become_user: authentik
--
2.49.1
From 440ab26df6a245607a67bc0398f792becdad770f Mon Sep 17 00:00:00 2001
From: Ada <ada@gnous.eu>
Date: Mon, 25 Mar 2024 00:51:16 +0100
Subject: [PATCH 3/4] WIP
---
ansible/roles/authentik/tasks/build.yml | 8 ++++----
.../roles/authentik/tasks/dependencies.yml | 19 +++++++++----------
ansible/roles/authentik/tasks/main.yml | 2 +-
3 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/ansible/roles/authentik/tasks/build.yml b/ansible/roles/authentik/tasks/build.yml
index a2b3bba..128ba15 100644
--- a/ansible/roles/authentik/tasks/build.yml
+++ b/ansible/roles/authentik/tasks/build.yml
@@ -1,7 +1,7 @@
---
- name: Get authentik source
ansible.builtin.git:
- repo: 'https://github.com/goauthentik/authentik.git'
+ repo: https://github.com/goauthentik/authentik.git
dest: /opt/authentik/src
version: version/2024.2.2
force: true
@@ -16,7 +16,7 @@
npm run build
- name: Create virtualenv
- ansible.builtin.command: "python3.12 -m venv /opt/authentik/src/venv"
+ ansible.builtin.command: python3.12 -m venv /opt/authentik/src/venv
- name: Installl poetry and dependencies
ansible.builtin.shell: |
@@ -26,7 +26,7 @@
- name: Build go proxy
- ansible.builtin.shell: |
+ ansible.builtin.shell: |-
cd /opt/authentik/src/
sed -i "s/c.Setup(\".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/c.Setup(\"\/etc\/authentik\/config.yml\", \".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/" /opt/authentik/src/internal/config/config.go
- go build -o /opt/authentik/src/authentik-server ./cmd/server/
\ No newline at end of file
+ go build -o /opt/authentik/src/authentik-server ./cmd/server/
diff --git a/ansible/roles/authentik/tasks/dependencies.yml b/ansible/roles/authentik/tasks/dependencies.yml
index 1477107..b277a2d 100644
--- a/ansible/roles/authentik/tasks/dependencies.yml
+++ b/ansible/roles/authentik/tasks/dependencies.yml
@@ -9,7 +9,7 @@
- name: Add deadsnake ppa for python3.12
ansible.builtin.apt_repository:
- repo: 'ppa:deadsnakes/ppa'
+ repo: ppa:deadsnakes/ppa
- name: Install python3.12
ansible.builtin.apt:
@@ -22,16 +22,16 @@
- name: Add longsleep ppa for go 1.22
ansible.builtin.apt_repository:
- repo: 'ppa:longsleep/golang-backports'
+ repo: ppa:longsleep/golang-backports
- name: Install go 1.22
ansible.builtin.apt:
- name: "golang-go"
+ name: golang-go
- name: Download node GPG key
ansible.builtin.get_url:
- url: 'https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key'
- dest: "/usr/share/keyrings/node-archive-keyring.asc"
+ url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key
+ dest: /usr/share/keyrings/node-archive-keyring.asc
mode: "0644"
validate_certs: true
checksum: sha512:36c77b2bddaea0523ab90962a38ebd3ee90c3d5cf17e525f02898aa8e7b14fd1026f6d659b99d931fe907e9142a98ff08075ebfc56f0f1e2001c6ba4791d3daa
@@ -40,7 +40,7 @@
- name: Add nodesource repo for node
ansible.builtin.apt_repository:
- repo: 'deb [arch=amd64 signed-by=/usr/share/keyrings/node-archive-keyring.asc] https://deb.nodesource.com/node_21.x nodistro main'
+ repo: deb [arch=amd64 signed-by=/usr/share/keyrings/node-archive-keyring.asc] https://deb.nodesource.com/node_21.x nodistro main
- name: Install nodejs
ansible.builtin.apt:
@@ -48,13 +48,12 @@
- name: Add authentik user
ansible.builtin.user:
- name: "authentik"
+ name: authentik
system: true
-
+
- name: Create /opt/authentik
ansible.builtin.file:
path: /opt/authentik
state: directory
- mode: '0755'
+ mode: "0755"
owner: authentik
-
diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml
index d809de1..1020310 100644
--- a/ansible/roles/authentik/tasks/main.yml
+++ b/ansible/roles/authentik/tasks/main.yml
@@ -3,7 +3,7 @@
ansible.builtin.import_tasks: dependencies.yml
become: true
tags:
- - install_dependencies
+ - install_dependencies
- name: Build authentik
ansible.builtin.import_tasks: build.yml
--
2.49.1
From f4109954e175f74e57eec68b8325230912a49654 Mon Sep 17 00:00:00 2001
From: Ada <ada@gnous.eu>
Date: Wed, 17 Apr 2024 10:45:26 +0200
Subject: [PATCH 4/4] wip
---
ansible/roles/authentik/tasks/build.yml | 47 ++++++++++++-------
.../roles/authentik/tasks/dependencies.yml | 4 ++
ansible/roles/authentik/tasks/main.yml | 19 ++++++++
3 files changed, 52 insertions(+), 18 deletions(-)
diff --git a/ansible/roles/authentik/tasks/build.yml b/ansible/roles/authentik/tasks/build.yml
index 128ba15..78f9780 100644
--- a/ansible/roles/authentik/tasks/build.yml
+++ b/ansible/roles/authentik/tasks/build.yml
@@ -7,26 +7,37 @@
force: true
- name: Build front
- ansible.builtin.shell: |
- cd /opt/authentik/src/website
- npm i
- npm run build-docs-only
- cd /opt/authentik/src/web
- npm i
- npm run build
+ ansible.builtin.shell:
+ executable: /bin/bash
+ cmd: |
+ export NODE_ENV=production
+ cd /opt/authentik/src/website
+ npm ci --include=dev
+ npm run build-docs-only
+ cd /opt/authentik/src/web
+ npm ci --include=dev
+ npm run build
+
+- name: Build go proxy
+ ansible.builtin.shell:
+ executable: /bin/bash
+ cmd: |
+ cd /opt/authentik/src/
+ go mod download
+ CGO_ENABLED=0 go build -o /opt/authentik/server ./cmd/server
- name: Create virtualenv
ansible.builtin.command: python3.12 -m venv /opt/authentik/src/venv
- name: Installl poetry and dependencies
- ansible.builtin.shell: |
- cd /opt/authentik/src/
- venv/bin/pip install poetry
- venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
-
-
-- name: Build go proxy
- ansible.builtin.shell: |-
- cd /opt/authentik/src/
- sed -i "s/c.Setup(\".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/c.Setup(\"\/etc\/authentik\/config.yml\", \".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/" /opt/authentik/src/internal/config/config.go
- go build -o /opt/authentik/src/authentik-server ./cmd/server/
+ ansible.builtin.shell:
+ executable: /bin/bash
+ cmd: |
+ cd /opt/authentik/src
+ source /opt/authentik/src/venv/bin/activate
+ export VENV_PATH=/opt/authentik/src/venv
+ export POETRY_VIRTUALENVS_CREATE=false
+ venv/bin/pip3 install --upgrade pip
+ venv/bin/pip3 install poetry
+ venv/bin/poetry venv use venv/python3.12
+ venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
diff --git a/ansible/roles/authentik/tasks/dependencies.yml b/ansible/roles/authentik/tasks/dependencies.yml
index b277a2d..2e449ea 100644
--- a/ansible/roles/authentik/tasks/dependencies.yml
+++ b/ansible/roles/authentik/tasks/dependencies.yml
@@ -1,9 +1,13 @@
---
- name: Install roles dependencies
ansible.builtin.apt:
+ install_recommends: false
name: "{{ item }}"
with_items:
- git
+ - build-essential
+ - pkg-config
+ - zlib1g-dev
- libpq-dev
- libxmlsec1-dev
diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml
index 1020310..1447498 100644
--- a/ansible/roles/authentik/tasks/main.yml
+++ b/ansible/roles/authentik/tasks/main.yml
@@ -11,3 +11,22 @@
tags:
- build
become_user: authentik
+
+- name: Create useful directory
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ mode: "0755"
+ owner: authentik
+ with_items:
+ - /opt/authentik/certs
+ - /opt/authentik/media
+ - /etc/authentik
+
+- name: Test
+ ansible.builtin.copy:
+ remote_src: true
+ src: /opt/authentik/src/blueprints
+ dest: /opt/authentik/blueprints
+ owner: authentik
+ become: true
--
2.49.1