joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b42ee2a22b646a677ab070f8d815b18c0bce7af2
rick-infra/roles/postgresql/templates/postgresql.conf.j2
Joakim b42ee2a22b Fix: Complete authentik Quadlet implementation with networking solution 
Resolves authentik deployment issues by implementing proper Podman Quadlet
configuration and fixing networking for external access through Caddy.

Core Fixes:
• Add missing [Install] sections to container Quadlet files for systemd service generation
• Fix pod references from 'systemd-authentik' to 'authentik.pod' for proper Quadlet linking
• Remove problematic --userns=host to use proper rootless user namespaces
• Configure subuid/subgid ranges for authentik user (200000:65536)
• Update networking to bind 0.0.0.0:9000 only (remove unnecessary HTTPS port 9443)
• Add AUTHENTIK_LISTEN__HTTP=0.0.0.0:9000 environment configuration
• Fix Caddy reverse proxy to use HTTP backend instead of HTTPS

Infrastructure Updates:
• Enhance PostgreSQL role with Unix socket configuration and user management
• Improve Valkey role with proper systemd integration and socket permissions
• Add comprehensive service integration documentation
• Update deployment playbooks with backup and restore capabilities

Security Improvements:
• Secure network isolation with Caddy SSL termination
• Reduced attack surface by removing direct HTTPS container exposure
• Proper rootless container configuration with user namespace mapping

Result: authentik now fully operational with external HTTPS access via auth.jnss.me
All systemd services (authentik-pod, authentik-server, authentik-worker) running correctly.
2025-12-04 19:42:31 +01:00

21 lines
760 B
Django/Jinja
Raw Blame History

# PostgreSQL Configuration - Rick-Infra Simplified
# Generated by Ansible PostgreSQL role
# PostgreSQL's excellent defaults are used except for essentials
# Network and Security
{% if postgresql_unix_socket_enabled %}
# Unix Socket Configuration
unix_socket_directories = '{{ postgresql_unix_socket_directories }}'
unix_socket_permissions = {{ postgresql_unix_socket_permissions }}
{% endif %}
listen_addresses = '{{ postgresql_listen_addresses }}'
port = {{ postgresql_port }}
# Basic Performance (only override if needed)
max_connections = {{ postgresql_max_connections }}
shared_buffers = {{ postgresql_shared_buffers }}
# Authentication
password_encryption = {{ postgresql_auth_method }}
# Rick-Infra: PostgreSQL infrastructure role - keeping it simple
Reference in New Issue View Git Blame Copy Permalink