joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switching over to using unix sockets for ICP

Browse Source
This commit is contained in:
Joakim
2025-11-23 22:50:24 +01:00
parent d814369c99
commit dd62e93517
11 changed files with 157 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/authentik/defaults/main.yml
View File

@@ -46,7 +46,7 @@ caddy_sites_enabled_dir: "/etc/caddy/sites-enabled"
# Authentik manages its own database
authentik_db_engine: "postgresql"
authentik_db_host: "host.containers.internal"
authentik_db_host: "/run/postgresql" # Unix socket directory
authentik_db_port: 5432
authentik_db_name: "authentik"
authentik_db_user: "authentik"
@@ -56,11 +56,11 @@ authentik_db_password: "{{ vault_authentik_db_password }}"
# Cache Configuration (Valkey/Redis)
# =================================================================
# Valkey/Redis cache configuration
authentik_redis_host: "host.containers.internal"
# Valkey/Redis cache configuration (TCP via host gateway)
authentik_redis_host: "host.containers.internal" # Using TCP due to Authentik Unix socket issues
authentik_redis_port: 6379
authentik_redis_db: 1
authentik_redis_password: "" # Valkey has no auth by default
authentik_redis_password: "{{ vault_valkey_password | default('') }}"
# =================================================================
# Application Settings
@@ -104,4 +104,4 @@ authentik_enable_host_gateway: true
# - Uses Valkey database 1 for caching
# - Deploys Caddy configuration to sites-enabled
# - Uses Podman quadlets for systemd integration
# - Follows containerized service pattern with service-specific user
# - Follows containerized service pattern with service-specific user

6
roles/authentik/templates/authentik.pod.j2
View File

@@ -9,6 +9,10 @@ After=network-online.target
[Pod]
PodName={{ authentik_pod_name }}
Network={{ authentik_network_name }}
# Mount Unix socket for PostgreSQL (Valkey uses TCP via host.containers.internal)
Volume=/run/postgresql:/run/postgresql:ro
# Host gateway allows access to localhost services
{% if authentik_enable_host_gateway | default(true) %}
AddHost=host.containers.internal:host-gateway
{% endif %}
@@ -18,4 +22,4 @@ PublishPort={{ authentik_http_port }}:9000
PublishPort={{ authentik_https_port }}:9443
[Install]
WantedBy=default.target
WantedBy=default.target