fix(authentik): set appropriate permissions for subdirectories (#19)

netr0m · Aug 3, 2024 · 82f7357 · 82f7357
1 parent 80161ea
commit 82f7357
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/defaults/main/authentik.yml b/defaults/main/authentik.yml
@@ -53,11 +53,22 @@ infra_authentik_directory_owner: "{{ infra_directory_owner }}"
 # Directory group ownership
 infra_authentik_directory_group: "{{ infra_directory_group }}"
 # Directory mode
-infra_authentik_directory_mode: "{{ infra_directory_mode }}"
+infra_authentik_directory_mode: "0770"
+# User ownership of the Authentik subdirectories
+infra_authentik_subdirectory_owner: 1000
+# Group ownership of the Authentik subdirectories
+infra_authentik_subdirectory_group: 1000
+# Mode of the Authentik subdirectories (as an octal)
+infra_authentik_subdirectory_mode: "0750"
+# Subdirectories to create
+infra_authentik_subdirectories:
+  - media
+  - certs
+  - templates
 
 ## File paths
 # File mode
-infra_authentik_file_mode: "{{ infra_file_mode }}"
+infra_authentik_file_mode: "0660"
 # authentik compose file path
 infra_authentik_compose_path: "{{ infra_authentik_directory_path }}/compose.yml"
 # authentik env file path

diff --git a/tasks/deploy_authentik.yml b/tasks/deploy_authentik.yml
@@ -7,6 +7,15 @@
     group: "{{ infra_authentik_directory_group }}"
     mode: "{{ infra_authentik_directory_mode }}"
 
+- name: Ensure authentik subdirectories are present
+  ansible.builtin.file:
+    path: "{{ infra_authentik_directory_path }}/{{ item }}"
+    state: directory
+    owner: "{{ infra_authentik_subdirectory_owner }}"
+    group: "{{ infra_authentik_subdirectory_group }}"
+    mode: "{{ infra_authentik_subdirectory_mode }}"
+  with_items: "{{ infra_authentik_subdirectories }}"
+
 - name: Manage service files
   block:
     - name: Write authentik DB password secret to file