Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/authentik/tasks/docker.yml
Pieter 20856f7f18 Add Authentik identity provider to architecture 
Added Authentik as the identity provider for SSO authentication:

Why Authentik:
- MIT license (truly open source, most permissive)
- Simple Docker Compose deployment (no manual wizards)
- Lightweight Python-based architecture
- Comprehensive protocol support (SAML, OAuth2/OIDC, LDAP, RADIUS)
- No Redis required as of v2025.10 (all caching in PostgreSQL)
- Active development and strong community

Implementation:
- Created complete Authentik Ansible role
- Docker Compose with server + worker architecture
- PostgreSQL 16 database backend
- Traefik integration with Let's Encrypt SSL
- Bootstrap tasks for initial setup guidance
- Health checks and proper service dependencies

Architecture decisions updated:
- Documented comparison: Authentik vs Zitadel vs Keycloak
- Explained Zitadel removal (FirstInstance bugs)
- Added deployment example and configuration notes

Next steps:
- Update documentation (PROJECT_REFERENCE.md, README.md)
- Create Authentik agent configuration
- Add secrets template
- Test deployment on test server

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-07 11:23:13 +01:00

46 lines
1.2 KiB
YAML
Raw Blame History

---
# Docker Compose setup for Authentik
- name: Create Authentik configuration directory
file:
path: "{{ authentik_config_dir }}"
state: directory
mode: '0755'
- name: Create Authentik internal network
community.docker.docker_network:
name: "{{ authentik_network }}"
driver: bridge
internal: yes
- name: Deploy Authentik Docker Compose configuration
template:
src: docker-compose.authentik.yml.j2
dest: "{{ authentik_config_dir }}/docker-compose.yml"
mode: '0644'
notify: Restart Authentik
- name: Start Authentik services
community.docker.docker_compose_v2:
project_src: "{{ authentik_config_dir }}"
state: present
- name: Wait for Authentik database to be ready
community.docker.docker_container_info:
name: authentik-db
register: db_container
until: db_container.container.State.Health.Status == "healthy"
retries: 30
delay: 5
changed_when: false
- name: Wait for Authentik server to be healthy
uri:
url: "https://{{ authentik_domain }}/"
validate_certs: yes
status_code: [200, 302]
register: authentik_health
until: authentik_health.status in [200, 302]
retries: 30
delay: 10
changed_when: false
Reference in a new issue View git blame Copy permalink