ansible/roles/authentik/tasks/build.yml

@@ -0,0 +1,32 @@
+---
+- name: Get authentik source
+  ansible.builtin.git:
+    repo: 'https://github.com/goauthentik/authentik.git'
+    dest: /opt/authentik/src
+    version: version/2024.2.2
+    force: true
+
+- name: Build front
+  ansible.builtin.shell: |
+    cd /opt/authentik/src/website
+    npm i
+    npm run build-docs-only
+    cd /opt/authentik/src/web
+    npm i
+    npm run build
+
+- name: Create virtualenv
+  ansible.builtin.command: "python3.12 -m venv /opt/authentik/src/venv"
+
+- name: Installl poetry and dependencies
+  ansible.builtin.shell: |
+    cd /opt/authentik/src/
+    venv/bin/pip install poetry
+    venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
+
+
+- name: Build go proxy
+  ansible.builtin.shell: |
+    cd /opt/authentik/src/
+    sed -i "s/c.Setup(\".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/c.Setup(\"\/etc\/authentik\/config.yml\", \".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/" /opt/authentik/src/internal/config/config.go
+    go build -o /opt/authentik/src/authentik-server  ./cmd/server/

ansible/roles/authentik/tasks/dependencies.yml

@@ -0,0 +1,60 @@
+---
+- name: Install roles dependencies
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  with_items:
+    - git
+    - libpq-dev
+    - libxmlsec1-dev
+
+- name: Add deadsnake ppa for python3.12
+  ansible.builtin.apt_repository:
+    repo: 'ppa:deadsnakes/ppa'
+
+- name: Install python3.12
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  with_items:
+    - python3.12
+    - python3.12-distutils
+    - python3.12-venv
+    - python3.12-dev
+
+- name: Add longsleep ppa for go 1.22
+  ansible.builtin.apt_repository:
+    repo: 'ppa:longsleep/golang-backports'
+
+- name: Install go 1.22
+  ansible.builtin.apt:
+    name: "golang-go"
+
+- name: Download node GPG key
+  ansible.builtin.get_url:
+    url: 'https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key'
+    dest: "/usr/share/keyrings/node-archive-keyring.asc"
+    mode: "0644"
+    validate_certs: true
+    checksum: sha512:36c77b2bddaea0523ab90962a38ebd3ee90c3d5cf17e525f02898aa8e7b14fd1026f6d659b99d931fe907e9142a98ff08075ebfc56f0f1e2001c6ba4791d3daa
+  changed_when: false
+  no_log: false
+
+- name: Add nodesource repo for node
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64 signed-by=/usr/share/keyrings/node-archive-keyring.asc] https://deb.nodesource.com/node_21.x nodistro main'
+
+- name: Install nodejs
+  ansible.builtin.apt:
+    name: nodejs
+
+- name: Add authentik user
+  ansible.builtin.user:
+    name: "authentik"
+    system: true
+  
+- name: Create /opt/authentik
+  ansible.builtin.file:
+    path: /opt/authentik
+    state: directory
+    mode: '0755'
+    owner: authentik
+

ansible/roles/authentik/tasks/main.yml

@@ -1,21 +1,13 @@
 ---
-- name: Install knot repository
-  ansible.builtin.apt:
-    deb: https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
-  notify:
-    - Package cache update
+- name: Install dependencies
+  ansible.builtin.import_tasks: dependencies.yml
+  become: true
+  tags:
+    - install_dependencies 
 
-- name: Install knot resolver
-  ansible.builtin.apt:
-    name: knot-resolver
-  notify:
-    - Enable knot resolver
-    - Restart knot resolver
-
-- name: Configure
-  ansible.builtin.template:
-    src: kresd.conf.j2
-    dest: /etc/knot-resolver/kresd.conf
-    mode: "0644"
-  notify:
-    - Restart knot resolver
+- name: Build authentik
+  ansible.builtin.import_tasks: build.yml
+  become: true
+  tags:
+    - build
+  become_user: authentik