pet-project-server/playbook-authelia.yml

---
- name: "Configure authelia application"
  hosts: all

  vars_files:
    - vars/secrets.yml
    - files/authelia/secrets.yml

  vars:
    app_name: "authelia"
    app_user: "{{ app_name }}"
    app_owner_uid: 1011
    app_owner_gid: 1012
    base_dir: "{{ (application_dir, app_name) | path_join }}"
    data_dir: "{{ (base_dir, 'data') | path_join }}"
    config_dir: "{{ (base_dir, 'config') | path_join }}"
    backups_dir: "{{ (base_dir, 'backups') | path_join }}"
    gobackup_config: "{{ (base_dir, 'gobackup.yml') | path_join }}"

  tasks:
    - name: "Create user and environment"
      ansible.builtin.import_role:
        name: owner
      vars:
        owner_name: "{{ app_user }}"
        owner_uid: "{{ app_owner_uid }}"
        owner_gid: "{{ app_owner_gid }}"
        owner_extra_groups: ["docker"]

    - name: "Create internal application directories"
      ansible.builtin.file:
        path: "{{ item }}"
        state: "directory"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0700"
      loop:
        - "{{ base_dir }}"
        - "{{ data_dir }}"
        - "{{ config_dir }}"
        - "{{ backups_dir }}"

    - name: "Copy users file"
      ansible.builtin.copy:
        src: "files/{{ app_name }}/users.secrets.yml"
        dest: "{{ (config_dir, 'users.yml') | path_join }}"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0600"

    - name: "Copy configuration file"
      ansible.builtin.template:
        src: "files/{{ app_name }}/configuration.template.yml"
        dest: "{{ (config_dir, 'configuration.yml') | path_join }}"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0600"

    - name: "Copy gobackup config"
      ansible.builtin.template:
        src: "files/{{ app_name }}/gobackup.template.yml"
        dest: "{{ gobackup_config }}"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0640"

    - name: "Copy backup script"
      ansible.builtin.template:
        src: "files/{{ app_name }}/backup.template.sh"
        dest: "{{ (base_dir, 'backup.sh') | path_join }}"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0750"

    - name: "Copy docker compose file"
      ansible.builtin.template:
        src: "./files/{{ app_name }}/docker-compose.template.yml"
        dest: "{{ base_dir }}/docker-compose.yml"
        owner: "{{ app_user }}"
        group: "{{ app_user }}"
        mode: "0640"

    - name: "Run application with docker compose"
      community.docker.docker_compose_v2:
        project_src: "{{ base_dir }}"
        state: "present"
        remove_orphans: true
      tags:
        - run-app

    - name: "Restart application with docker compose"
      community.docker.docker_compose_v2:
        project_src: "{{ base_dir }}"
        state: "restarted"
      tags:
        - run-app