diff --git a/README.md b/README.md index 8be2b62d5..48f291606 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,7 @@ If you have a spare domain name you can configure applications to be accessible * [Plex](https://www.plex.tv/) - Plex Media Server * [Plex Autoscan](https://github.com/Cloudbox/autoscan) - automatic Plex library updates * [Plex Meta Manager](https://metamanager.wiki) - Python script to update metadata information for items in plex +* [Pocket-ID](https://github.com/stonith404/pocket-id) - A simple OIDC provider * [Portainer](https://portainer.io/) - for managing Docker and running custom images * [Pretix](https://pretix.eu/about/en/) - Ticketing software that cares about your event—all the way. * [Prometheus](https://prometheus.io/) - Time series database and monitoring system (via stats role). diff --git a/nas.yml b/nas.yml index 0fd8951f9..7c30dcb83 100644 --- a/nas.yml +++ b/nas.yml @@ -737,6 +737,10 @@ tags: - plex + - role: pocketid + tags: + - pocketid + - role: portainer tags: - portainer diff --git a/roles/pocketid/defaults/main.yml b/roles/pocketid/defaults/main.yml new file mode 100644 index 000000000..449766353 --- /dev/null +++ b/roles/pocketid/defaults/main.yml @@ -0,0 +1,23 @@ +--- +pocketid_enabled: false +pocketid_available_externally: false + +# directories +pocketid_data_directory: "{{ docker_home }}/pocketid" + +# network +pocketid_port: "8174" +pocketid_hostname: "pocketid" + +# specs +pocketid_memory: 1g + +# docker +pocketid_container_name: pocketid +pocketid_image_name: "stonith404/pocket-id" +pocketid_image_version: latest +pocketid_user_id: "1000" +pocketid_group_id: "1000" + +# pocketid +pocketid_public_app_url: https://{{ pocketid_hostname }}.{{ ansible_nas_domain }} diff --git a/roles/pocketid/molecule/default/molecule.yml b/roles/pocketid/molecule/default/molecule.yml new file mode 100644 index 000000000..4a84f7cb8 --- /dev/null +++ b/roles/pocketid/molecule/default/molecule.yml @@ -0,0 +1,6 @@ +--- +provisioner: + inventory: + group_vars: + all: + pocketid_enabled: true diff --git a/roles/pocketid/molecule/default/side_effect.yml b/roles/pocketid/molecule/default/side_effect.yml new file mode 100644 index 000000000..2c4404595 --- /dev/null +++ b/roles/pocketid/molecule/default/side_effect.yml @@ -0,0 +1,10 @@ +--- +- name: Stop + hosts: all + become: true + tasks: + - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role" + ansible.builtin.include_role: + name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + vars: + pocketid_enabled: false diff --git a/roles/pocketid/molecule/default/verify.yml b/roles/pocketid/molecule/default/verify.yml new file mode 100644 index 000000000..6f23df94a --- /dev/null +++ b/roles/pocketid/molecule/default/verify.yml @@ -0,0 +1,19 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Include vars + ansible.builtin.include_vars: + file: ../../defaults/main.yml + + - name: Get pocketid container state + community.docker.docker_container: + name: "{{ pocketid_container_name }}" + register: result + + - name: Check if pocketid containers are running + ansible.builtin.assert: + that: + - result.container['State']['Status'] == "running" + - result.container['State']['Restarting'] == false diff --git a/roles/pocketid/molecule/default/verify_stopped.yml b/roles/pocketid/molecule/default/verify_stopped.yml new file mode 100644 index 000000000..3f6c26e15 --- /dev/null +++ b/roles/pocketid/molecule/default/verify_stopped.yml @@ -0,0 +1,19 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Include vars + ansible.builtin.include_vars: + file: ../../defaults/main.yml + + - name: Try and stop and remove pocketid + community.docker.docker_container: + name: "{{ pocketid_container_name }}" + state: absent + register: result + + - name: Check if pocketid is stopped + ansible.builtin.assert: + that: + - not result.changed diff --git a/roles/pocketid/requirements.yml b/roles/pocketid/requirements.yml new file mode 120000 index 000000000..9a736435a --- /dev/null +++ b/roles/pocketid/requirements.yml @@ -0,0 +1 @@ +../../requirements.yml \ No newline at end of file diff --git a/roles/pocketid/tasks/main.yml b/roles/pocketid/tasks/main.yml new file mode 100644 index 000000000..c98498654 --- /dev/null +++ b/roles/pocketid/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Start Pocket-ID + block: + - name: Create Pocket-ID Directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + with_items: + - "{{ pocketid_data_directory }}" + - "{{ pocketid_data_directory }}/data" + + - name: Create Pocket-ID Docker Container + community.docker.docker_container: + container_default_behavior: no_defaults + name: "{{ pocketid_container_name }}" + image: "{{ pocketid_image_name }}:{{ pocketid_image_version }}" + pull: true + volumes: + - "{{ pocketid_data_directory }}/data:/app/backend/data" + ports: + - "{{ pocketid_port }}:80" + env: + PUBLIC_APP_URL: "{{ pocketid_public_app_url }}" + restart_policy: unless-stopped + memory: "{{ pocketid_memory }}" + labels: + traefik.enable: "{{ pocketid_available_externally | string }}" + traefik.http.routers.pocketid.rule: "Host(`{{ pocketid_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.pocketid.tls.certresolver: "letsencrypt" + traefik.http.routers.pocketid.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.pocketid.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.pocketid.loadbalancer.server.port: "80" + when: pocketid_enabled is true + +- name: Stop Pocket-ID + block: + - name: Stop Pocket-ID + community.docker.docker_container: + name: "{{ pocketid_container_name }}" + state: absent + when: pocketid_enabled is false diff --git a/website/docs/applications/other/pocketid.md b/website/docs/applications/other/pocketid.md new file mode 100644 index 000000000..b6315585a --- /dev/null +++ b/website/docs/applications/other/pocketid.md @@ -0,0 +1,14 @@ +--- +title: "Pocket-ID" +description: "A simple OIDC provider" +--- + +Homepage: [https://github.com/stonith404/pocket-id](https://github.com/stonith404/pocket-id) + +A simple OIDC provider that allows users to authenticate with their passkeys to your services. + +## Usage + +Set `pocketid_enabled: true` in your `inventories//group_vars/nas.yml` file. + +Pocket-ID web interface can be found at [http://ansible_nas_host_or_ip:8174](http://ansible_nas_host_or_ip:8174).