joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0507e3291deb5bf931afe323e2377e8773b155c4
rick-infra/roles/authentik/defaults/main.yml
Joakim 0507e3291d Fix: Update authentik Caddy template to use HTTP backend 
- Change reverse_proxy from https:// to http:// backend
- Use authentik_http_port instead of authentik_https_port
- Remove unnecessary TLS transport configuration
- Remove health check for non-existent endpoint

This aligns the Ansible template with the working configuration
where authentik only serves HTTP internally and Caddy handles SSL.
2025-12-07 16:45:42 +01:00

111 lines
4.0 KiB
YAML
Raw Blame History

---
# =================================================================
# Authentik Authentication Role - Default Variables
# =================================================================
# Self-contained Authentik deployment with Podman and Unix sockets
# =================================================================
# Service Configuration
# =================================================================
# Service user and directories
authentik_user: authentik
authentik_group: authentik
authentik_home: /opt/authentik
authentik_data_dir: "{{ authentik_home }}/data"
authentik_media_dir: "{{ authentik_home }}/media"
authentik_log_dir: "{{ authentik_home }}/logs"
# Container configuration
authentik_version: "2025.10"
authentik_image: "ghcr.io/goauthentik/server"
# Service management
authentik_service_enabled: true
authentik_service_state: "started"
# =================================================================
# Database Configuration (Self-managed)
# =================================================================
authentik_db_name: "authentik"
authentik_db_user: "authentik"
authentik_db_password: "{{ vault_authentik_db_password }}"
# =================================================================
# Cache Configuration (Self-managed)
# =================================================================
authentik_valkey_db: 1 # Use database 1 for Authentik
# =================================================================
# Network Configuration
# =================================================================
authentik_domain: "auth.jnss.me"
authentik_http_port: 9000
authentik_bind_address: "127.0.0.1"
# =================================================================
# Authentik Core Configuration
# =================================================================
authentik_secret_key: "{{ vault_authentik_secret_key }}"
authentik_log_level: "info"
authentik_error_reporting: false
# =================================================================
# Email Configuration (Optional)
# =================================================================
authentik_email_enabled: false
authentik_email_host: ""
authentik_email_port: 587
authentik_email_username: ""
authentik_email_password: "{{ vault_authentik_email_password | default('') }}"
authentik_email_tls: true
authentik_email_from: "authentik@{{ authentik_domain }}"
# =================================================================
# Security Configuration
# =================================================================
# Default admin user (created during deployment)
authentik_default_admin_email: "admin@{{ authentik_domain }}"
authentik_default_admin_password: "{{ vault_authentik_admin_password }}"
# =================================================================
# Podman Pod Configuration
# =================================================================
# Pod service name is simply "authentik" (generated from authentik.pod)
authentik_container_server_name: "authentik-server"
authentik_container_worker_name: "authentik-worker"
# Quadlet service directories (USER SCOPE)
authentik_quadlet_dir: "{{ authentik_user_quadlet_dir }}"
authentik_user_quadlet_dir: "{{ authentik_home }}/.config/containers/systemd"
# User session variables (set dynamically during deployment)
authentik_uid: ""
# =================================================================
# Caddy Integration
# =================================================================
# Caddy configuration (assumes caddy role provides these variables)
caddy_sites_enabled_dir: "/etc/caddy/sites-enabled"
caddy_log_dir: "/var/log/caddy"
caddy_user: "caddy"
# =================================================================
# Infrastructure Dependencies (Read-only)
# =================================================================
# PostgreSQL socket configuration (managed by postgresql role)
postgresql_unix_socket_directories: "/var/run/postgresql"
# Valkey socket configuration (managed by valkey role)
valkey_unix_socket_path: "/var/run/valkey/valkey.sock"
valkey_password: "{{ vault_valkey_password }}"
Reference in New Issue View Git Blame Copy Permalink