Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/authentik/tasks/flows.yml
Pieter 64e76036b2 Fix bash loop syntax in API readiness check 
Change from brace expansion to while loop for better portability.
2026-01-14 09:03:13 +01:00

100 lines
3.2 KiB
YAML
Raw Blame History

---
# Configure Authentik flows (invitation, recovery, 2FA) via API
- name: Use bootstrap token for API access
set_fact:
authentik_api_token: "{{ client_secrets.authentik_bootstrap_token }}"
- name: Wait for Authentik API to be ready
shell: |
i=1
while [ $i -le 30 ]; do
if docker exec authentik-server curl -sf -H "Authorization: Bearer {{ authentik_api_token }}" http://localhost:9000/api/v3/core/tenants/ > /dev/null 2>&1; then
echo "Authentik API is ready"
exit 0
fi
echo "Waiting for Authentik API... attempt $i/30"
sleep 5
i=$((i+1))
done
exit 1
register: api_wait
changed_when: false
- name: Copy invitation flow configuration script to server
copy:
src: configure_invitation_flow.py
dest: /tmp/configure_invitation_flow.py
mode: '0755'
- name: Copy recovery flow configuration script to server
copy:
src: configure_recovery_flow.py
dest: /tmp/configure_recovery_flow.py
mode: '0755'
- name: Copy 2FA enforcement configuration script to server
copy:
src: configure_2fa_enforcement.py
dest: /tmp/configure_2fa_enforcement.py
mode: '0755'
- name: Copy scripts into container
shell: |
docker cp /tmp/configure_invitation_flow.py authentik-server:/tmp/
docker cp /tmp/configure_recovery_flow.py authentik-server:/tmp/
docker cp /tmp/configure_2fa_enforcement.py authentik-server:/tmp/
changed_when: false
- name: Configure invitation flow
shell: |
docker exec authentik-server python3 /tmp/configure_invitation_flow.py \
"http://localhost:9000" \
"{{ authentik_api_token }}"
register: invitation_result
changed_when: "'success' in invitation_result.stdout"
- name: Configure recovery flow
shell: |
docker exec authentik-server python3 /tmp/configure_recovery_flow.py \
"http://localhost:9000" \
"{{ authentik_api_token }}"
register: recovery_result
changed_when: "'success' in recovery_result.stdout"
- name: Configure 2FA enforcement
shell: |
docker exec authentik-server python3 /tmp/configure_2fa_enforcement.py \
"http://localhost:9000" \
"{{ authentik_api_token }}"
register: twofa_result
changed_when: "'success' in twofa_result.stdout"
- name: Cleanup configuration scripts from host
file:
path: "{{ item }}"
state: absent
loop:
- /tmp/configure_invitation_flow.py
- /tmp/configure_recovery_flow.py
- /tmp/configure_2fa_enforcement.py
- name: Display flows configuration status
debug:
msg: |
========================================
Authentik Flows Configuration
========================================
✓ Invitation Flow: {{ 'Configured' if invitation_result.rc == 0 else 'Failed' }}
{{ (invitation_result.stdout | from_json).message | default('') }}
✓ Recovery Flow: {{ 'Configured' if recovery_result.rc == 0 else 'Failed' }}
{{ (recovery_result.stdout | from_json).message | default('') }}
✓ 2FA Enforcement: {{ 'Configured' if twofa_result.rc == 0 else 'Failed' }}
{{ (twofa_result.stdout | from_json).message | default('') }}
Email configuration is active and flows
will send emails via Mailgun SMTP.
========================================
Reference in a new issue View git blame Copy permalink