uumas/ansible-docker
1
0
Fork 1
Code Issues 8 Pull Requests Projects Releases Wiki Activity

Compare commits

base: uumas:4d4ade6ae24d0929501033b34e21a5a18a57ced9
Branches Tags
uumas:master uumas:unifi
..
compare: uumas:8fdb8eaf8096e40ca842105915e7f11ecccb0362
Branches Tags
uumas:master uumas:unifi

2 Commits
4d4ade6ae2 ... 8fdb8eaf80

Author SHA1 Message Date
uumas
8fdb8eaf80 authentik: Support for additional mounts 2025-05-26 00:00:27 +03:00
uumas
bc2220e1ed service: fix published ports 2025-05-25 23:59:57 +03:00
5 changed files with 49 additions and 15 deletions
Expand all files Collapse all files

2
roles/authentik/defaults/main.yml
View File

@@ -3,3 +3,5 @@ authentik_tag: latest
authentik_env: {}
docker_networks:
- name: authentik
authentik_additional_mounts: []

36
roles/authentik/meta/argument_specs.yml
View File

@@ -15,6 +15,42 @@ argument_specs:
type: dict
required: false
default: {}
authentik_additional_mounts:
description: "List of bind mounts or volumes to be mounted inside the container. Each element is a dict with path and exactly one of name, src or template"
type: list
required: false
default: []
elements: dict
options:
path:
description: "The path inside the container to mount at"
type: str
required: true
readonly:
description: "If true, volume will be mounted as read only inside the container. Only applies for named and src mounts."
type: bool
required: false
default: false
mode:
description: "Permissions for the created/templated directory. Defaults to '0644' for files, '0755' for directories. Doesn't apply for named volumes."
type: str
required: false
name:
description: "If docker_volume_type is named, the name of the named volume to be mounted at path. If docker_volume_type is bind, the name of the folder to create under /opt/<service>[/suffix]/mounts/ and mount at path."
type: str
required: false
src:
description: "Host path to bind mount inside the container."
type: str
required: false
template:
description: "Name of template without .j2 extension. Will be templated at /opt/<service>[/suffix]/mounts/<template> and mounted read only inside the container."
type: str
required: false
copypath:
description: "Name of file or directory to copy. Will be deployed from files/<copypath> to /opt/<service>[/suffix]/mounts/<copypath> and mounted read only inside the container."
type: str
required: false
# All options after this will be passed directly to the container role
docker_service_suffix:

16
roles/authentik/tasks/main.yml
View File

@@ -12,13 +12,7 @@
docker_additional_services:
- redis
docker_env: "{{ authentik_common_env | combine(authentik_env) }}"
docker_mounts:
- path: /media
name: "media"
- path: /templates
name: "templates"
- path: /certs
name: "certs"
docker_mounts: "{{ _authentik_mounts }}"
- name: Authentik worker container
ansible.builtin.include_role:
@@ -31,10 +25,4 @@
- worker
reverse_proxy_type: none
docker_env: "{{ authentik_common_env | combine(authentik_env) }}"
docker_mounts:
- path: /media
name: "media"
- path: /templates
name: "templates"
- path: /certs
name: "certs"
docker_mounts: "{{ _authentik_mounts }}"

8
roles/authentik/vars/main.yml
View File

@@ -1,4 +1,12 @@
---
_authentik_default_mounts:
- path: /media
name: "media"
- path: /templates
name: "templates"
- path: /certs
name: "certs"
_authentik_mounts: "{{ _authentik_default_mounts + authentik_additional_mounts }}"
authentik_common_env:
AUTHENTIK_REDIS__HOST: authentik-redis

2
roles/service/tasks/main.yml
View File

@@ -101,7 +101,7 @@
image: "{{ container_image.Id if (not ansible_check_mode) or (container_image | length > 0) else docker_image }}"
user: "{{ docker_user if docker_host_user else omit }}"
mounts: "{{ docker_mount_definition }}"
published_ports: "{{ container_published_ports + _docker_published_ports }}"
published_ports: "{{ container_published_ports + docker_published_ports }}"
labels: "{{ traefik_labels | default(omit) }}"
env: "{{ docker_env | combine(docker_additional_env) | combine({'TZ': timezone}) }}"
entrypoint: "{{ docker_entrypoint | default(omit) }}"