From 82f735755d24878ad09a4d9422aafab9d42e457e Mon Sep 17 00:00:00 2001 From: Morten Amundsen Date: Sat, 3 Aug 2024 07:40:02 +0000 Subject: [PATCH] fix(authentik): set appropriate permissions for subdirectories (#19) --- defaults/main/authentik.yml | 15 +++++++++++++-- tasks/deploy_authentik.yml | 9 +++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/defaults/main/authentik.yml b/defaults/main/authentik.yml index d30fce7..f2dd91e 100644 --- a/defaults/main/authentik.yml +++ b/defaults/main/authentik.yml @@ -53,11 +53,22 @@ infra_authentik_directory_owner: "{{ infra_directory_owner }}" # Directory group ownership infra_authentik_directory_group: "{{ infra_directory_group }}" # Directory mode -infra_authentik_directory_mode: "{{ infra_directory_mode }}" +infra_authentik_directory_mode: "0770" +# User ownership of the Authentik subdirectories +infra_authentik_subdirectory_owner: 1000 +# Group ownership of the Authentik subdirectories +infra_authentik_subdirectory_group: 1000 +# Mode of the Authentik subdirectories (as an octal) +infra_authentik_subdirectory_mode: "0750" +# Subdirectories to create +infra_authentik_subdirectories: + - media + - certs + - templates ## File paths # File mode -infra_authentik_file_mode: "{{ infra_file_mode }}" +infra_authentik_file_mode: "0660" # authentik compose file path infra_authentik_compose_path: "{{ infra_authentik_directory_path }}/compose.yml" # authentik env file path diff --git a/tasks/deploy_authentik.yml b/tasks/deploy_authentik.yml index a3ce9ae..3aa02ec 100644 --- a/tasks/deploy_authentik.yml +++ b/tasks/deploy_authentik.yml @@ -7,6 +7,15 @@ group: "{{ infra_authentik_directory_group }}" mode: "{{ infra_authentik_directory_mode }}" +- name: Ensure authentik subdirectories are present + ansible.builtin.file: + path: "{{ infra_authentik_directory_path }}/{{ item }}" + state: directory + owner: "{{ infra_authentik_subdirectory_owner }}" + group: "{{ infra_authentik_subdirectory_group }}" + mode: "{{ infra_authentik_subdirectory_mode }}" + with_items: "{{ infra_authentik_subdirectories }}" + - name: Manage service files block: - name: Write authentik DB password secret to file