dc14b12688
Automated recovery flow setup via blueprints was too complex and unreliable. Recovery flows (password reset via email) must now be configured manually in Authentik admin UI. Changes: - Removed recovery-flow.yaml blueprint - Removed configure_recovery_flow.py script - Removed update-recovery-flow.yml playbook - Updated flows.yml to remove recovery references - Updated custom-flows.yaml to remove brand recovery flow config - Updated comments to reflect manual recovery flow requirement Automated configuration still includes: - Enrollment flow with invitation support - 2FA/MFA enforcement - OIDC provider for Nextcloud - Email configuration via SMTP 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
---
|
|
# Main tasks file for Authentik role
|
|
|
|
- name: Include Docker Compose setup
|
|
include_tasks: docker.yml
|
|
|
|
- name: Include bootstrap setup
|
|
include_tasks: bootstrap.yml
|
|
when: authentik_bootstrap | default(true)
|
|
|
|
- name: Include OIDC provider configuration
|
|
include_tasks: providers.yml
|
|
tags: ['authentik', 'oidc']
|
|
|
|
- name: Include email configuration
|
|
include_tasks: email.yml
|
|
when: mailgun_smtp_user is defined or (client_secrets.mailgun_smtp_user is defined and client_secrets.mailgun_smtp_user != "" and "PLACEHOLDER" not in client_secrets.mailgun_smtp_user)
|
|
tags: ['authentik', 'email']
|
|
|
|
- name: Include flows configuration (invitation, 2FA)
|
|
include_tasks: flows.yml
|
|
when: authentik_bootstrap | default(true)
|
|
tags: ['authentik', 'flows']
|
|
|
|
- name: Include MFA/2FA enforcement configuration
|
|
include_tasks: mfa.yml
|
|
when: authentik_bootstrap | default(true)
|
|
tags: ['authentik', 'mfa', '2fa']
|
|
|
|
- name: Include invitation stage configuration
|
|
include_tasks: invitation.yml
|
|
when: authentik_bootstrap | default(true)
|
|
tags: ['authentik', 'invitation']
|