authentik: enable automatic updates of docker images

roles/authentik/tasks/main.yml

@@ -37,7 +37,11 @@
   notify: Restart nginx
 
 - name: Systemd unit for authentik
-  template: src=authentik.service.j2 dest=/etc/systemd/system/authentik.service
+  template: src=authentik{{ item }}.j2 dest=/etc/systemd/system/authentik{{ item }}
+  with_items:
+  - ".service"
+  - "-reload.service"
+  - "-reload.timer"
   notify:
   - Reload systemd
   - Restart authentik
@@ -45,6 +49,9 @@
 - name: Start the authentik service
   service: name=authentik state=started enabled=yes
 
+- name: Enable auto update timer
+  service: name=authentik-reload.timer state=started enabled=yes
+
 - name: Enable monitoring
   include_role: name=icinga-monitor tasks_from=http
   vars:

roles/authentik/templates/authentik-reload.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Refresh authentik images
+
+[Service]
+Type=oneshot
+
+ExecStart=/bin/systemctl reload-or-restart authentik.service

roles/authentik/templates/authentik-reload.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Refresh authentik images
+Requires=authentik.service
+After=authentik.service
+
+[Timer]
+OnCalendar=*:0/15
+
+[Install]
+WantedBy=timers.target

roles/authentik/templates/authentik.service.j2

@@ -5,7 +5,7 @@ After=docker.service
 Before=nginx.service
 
 [Service]
-Type=simple
+Type=oneshot
 
 User=authentik
 Group=authentik
@@ -17,12 +17,18 @@ WorkingDirectory=/opt/authentik
 
 # Make sure no old containers are running
 ExecStartPre=/usr/bin/docker-compose down -v
+# Update images
+ExecStartPre=-/usr/bin/docker-compose pull --quiet
 
 # Compose up
-ExecStart=/usr/bin/docker-compose up
+ExecStart=/usr/bin/docker-compose up -d
 
 # Compose down, remove containers and volumes
 ExecStop=/usr/bin/docker-compose down -v
 
+# Refresh on reload
+ExecReload=-/usr/bin/docker-compose pull --quiet
+ExecReload=/usr/bin/docker-compose up -d
+
 [Install]
 WantedBy=multi-user.target