ilia/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/playbooks/caddy-auth-authentik.yml
ilia de49b34cdc
Some checks failed
CI / skip-ci-check (pull_request) Successful in 6s
Details
CI / lint-and-test (pull_request) Failing after 9s
Details
CI / ansible-validation (pull_request) Failing after 6s
Details
CI / secret-scanning (pull_request) Successful in 5s
Details
CI / dependency-scan (pull_request) Successful in 8s
Details
CI / sast-scan (pull_request) Failing after 5s
Details
CI / license-check (pull_request) Successful in 11s
Details
CI / vault-check (pull_request) Failing after 6s
Details
CI / playbook-test (pull_request) Failing after 6s
Details
CI / container-scan (pull_request) Failing after 6s
Details
CI / sonar-analysis (pull_request) Failing after 2s
Details
CI / workflow-summary (pull_request) Successful in 4s
Details
Add homelab monitoring, portfolio site, and vault tooling. 
Document pve10 static IPs, monitoring stack, and site LXCs; add portfolio
to inventory; Mailcow mailbox automation; vault import/export scripts;
security audit guides and UniFi DHCP reference.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 16:25:07 -04:00

54 lines
1.6 KiB
YAML
Raw Blame History

---
# Playbook: caddy-auth-authentik
# Purpose: Add auth.levkin.ca reverse proxy to Caddy (Phase 1 Authentik)
# Targets: caddy
# Usage: make -f Makefile caddy-auth OR ansible-playbook playbooks/caddy-auth-authentik.yml
- name: Add Authentik proxy block to Caddy
hosts: caddy
become: true
become_method: su
tasks:
- name: Ensure auth.levkin.ca HTTPS block exists (after cal block)
ansible.builtin.shell: |
set -euo pipefail
if grep -q '^auth\.levkin\.ca {' /etc/caddy/Caddyfile; then
exit 0
fi
awk '
/^cal\.levkin\.ca \{/ { in_cal=1 }
in_cal && /^}$/ && !done {
print
print ""
print "auth.levkin.ca {"
print " import security-headers"
print " encode gzip"
print " reverse_proxy 10.0.10.21:9000"
print "}"
done=1
next
}
{ print }
' /etc/caddy/Caddyfile > /tmp/Caddyfile.new
mv /tmp/Caddyfile.new /etc/caddy/Caddyfile
args:
executable: /bin/bash
changed_when: true
notify: Reload caddy
- name: Ensure auth.levkin.ca HTTP redirect in :80 block
ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED auth.levkin.ca :80"
insertafter: '@vault host vault.levkin.ca'
block: |2
@auth host auth.levkin.ca
redir @auth https://auth.levkin.ca{uri} permanent
notify: Reload caddy
handlers:
- name: Reload caddy
ansible.builtin.command: caddy reload --config /etc/caddy/Caddyfile
changed_when: true
Reference in New Issue View Git Blame Copy Permalink