Joakim
b42ee2a22b
Resolves authentik deployment issues by implementing proper Podman Quadlet configuration and fixing networking for external access through Caddy. Core Fixes: • Add missing [Install] sections to container Quadlet files for systemd service generation • Fix pod references from 'systemd-authentik' to 'authentik.pod' for proper Quadlet linking • Remove problematic --userns=host to use proper rootless user namespaces • Configure subuid/subgid ranges for authentik user (200000:65536) • Update networking to bind 0.0.0.0:9000 only (remove unnecessary HTTPS port 9443) • Add AUTHENTIK_LISTEN__HTTP=0.0.0.0:9000 environment configuration • Fix Caddy reverse proxy to use HTTP backend instead of HTTPS Infrastructure Updates: • Enhance PostgreSQL role with Unix socket configuration and user management • Improve Valkey role with proper systemd integration and socket permissions • Add comprehensive service integration documentation • Update deployment playbooks with backup and restore capabilities Security Improvements: • Secure network isolation with Caddy SSL termination • Reduced attack surface by removing direct HTTPS container exposure • Proper rootless container configuration with user namespace mapping Result: authentik now fully operational with external HTTPS access via auth.jnss.me All systemd services (authentik-pod, authentik-server, authentik-worker) running correctly.
66 lines
2.2 KiB
YAML
66 lines
2.2 KiB
YAML
---
|
|
# Sigvild Gallery Data Backup Playbook
|
|
#
|
|
# This playbook creates a compressed backup of all Sigvild Gallery production data
|
|
# including the PocketBase database and uploaded files.
|
|
|
|
- name: Backup Sigvild Gallery Production Data
|
|
hosts: arch-vps
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
# Backup configuration - can be overridden with --extra-vars
|
|
sigvild_gallery_backup_local_path: "{{ playbook_dir }}/backups/sigvild-gallery"
|
|
|
|
pre_tasks:
|
|
- name: Ensure local backup directory exists
|
|
local_action:
|
|
module: file
|
|
path: "{{ sigvild_gallery_backup_local_path }}"
|
|
state: directory
|
|
mode: '0755'
|
|
become: false
|
|
run_once: true
|
|
|
|
- name: Display backup operation info
|
|
debug:
|
|
msg:
|
|
- "🔄 Starting Sigvild Gallery Data Backup"
|
|
- "Target server: {{ inventory_hostname }}"
|
|
- "Local backup storage: {{ sigvild_gallery_backup_local_path }}"
|
|
- "Timestamp: {{ ansible_date_time.iso8601 }}"
|
|
|
|
tasks:
|
|
- name: Execute backup tasks
|
|
include_role:
|
|
name: sigvild-gallery
|
|
tasks_from: backup
|
|
tags: [backup, data]
|
|
|
|
post_tasks:
|
|
- name: List local backups
|
|
local_action:
|
|
module: find
|
|
paths: "{{ sigvild_gallery_backup_local_path }}"
|
|
patterns: "sigvild-gallery-backup-*.tar.gz"
|
|
register: all_backups
|
|
become: false
|
|
|
|
- name: Display backup summary
|
|
debug:
|
|
msg:
|
|
- "✅ Backup operation completed successfully!"
|
|
- "Total backups available: {{ all_backups.files | length }}"
|
|
- "Latest backup: sigvild-gallery-backup-{{ ansible_date_time.iso8601_basic_short }}.tar.gz"
|
|
- "Backup location: {{ sigvild_gallery_backup_local_path }}"
|
|
- ""
|
|
- "⚠️ IMPORTANT: Store this backup safely before formatting your server!"
|
|
- "💡 To restore: Run normal deployment - restoration is automatic if backup exists"
|
|
|
|
- name: Show backup file details
|
|
debug:
|
|
msg: "Backup: {{ item.path | basename }} - {{ (item.size / 1024 / 1024) | round(2) }}MB - {{ item.mtime | to_datetime('%Y-%m-%d %H:%M:%S') }}"
|
|
loop: "{{ all_backups.files | sort(attribute='mtime') | reverse }}"
|
|
loop_control:
|
|
label: "{{ item.path | basename }}" |