From d7aab43f0666ef017582cf8af6a6fb4db92101f1 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 5 Nov 2024 22:18:12 +0100 Subject: [PATCH] authentik: enable automatic updates of docker images --- roles/authentik/tasks/main.yml | 9 ++++++++- roles/authentik/templates/authentik-reload.service.j2 | 7 +++++++ roles/authentik/templates/authentik-reload.timer.j2 | 10 ++++++++++ roles/authentik/templates/authentik.service.j2 | 10 ++++++++-- 4 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 roles/authentik/templates/authentik-reload.service.j2 create mode 100644 roles/authentik/templates/authentik-reload.timer.j2 diff --git a/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml index 4186c0d..762fbc6 100644 --- a/roles/authentik/tasks/main.yml +++ b/roles/authentik/tasks/main.yml @@ -37,7 +37,11 @@ notify: Restart nginx - name: Systemd unit for authentik - template: src=authentik.service.j2 dest=/etc/systemd/system/authentik.service + template: src=authentik{{ item }}.j2 dest=/etc/systemd/system/authentik{{ item }} + with_items: + - ".service" + - "-reload.service" + - "-reload.timer" notify: - Reload systemd - Restart authentik @@ -45,6 +49,9 @@ - name: Start the authentik service service: name=authentik state=started enabled=yes +- name: Enable auto update timer + service: name=authentik-reload.timer state=started enabled=yes + - name: Enable monitoring include_role: name=icinga-monitor tasks_from=http vars: diff --git a/roles/authentik/templates/authentik-reload.service.j2 b/roles/authentik/templates/authentik-reload.service.j2 new file mode 100644 index 0000000..f181bc8 --- /dev/null +++ b/roles/authentik/templates/authentik-reload.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Refresh authentik images + +[Service] +Type=oneshot + +ExecStart=/bin/systemctl reload-or-restart authentik.service diff --git a/roles/authentik/templates/authentik-reload.timer.j2 b/roles/authentik/templates/authentik-reload.timer.j2 new file mode 100644 index 0000000..6add452 --- /dev/null +++ b/roles/authentik/templates/authentik-reload.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Refresh authentik images +Requires=authentik.service +After=authentik.service + +[Timer] +OnCalendar=*:0/15 + +[Install] +WantedBy=timers.target diff --git a/roles/authentik/templates/authentik.service.j2 b/roles/authentik/templates/authentik.service.j2 index 7da1a77..e6172b3 100644 --- a/roles/authentik/templates/authentik.service.j2 +++ b/roles/authentik/templates/authentik.service.j2 @@ -5,7 +5,7 @@ After=docker.service Before=nginx.service [Service] -Type=simple +Type=oneshot User=authentik Group=authentik @@ -17,12 +17,18 @@ WorkingDirectory=/opt/authentik # Make sure no old containers are running ExecStartPre=/usr/bin/docker-compose down -v +# Update images +ExecStartPre=-/usr/bin/docker-compose pull --quiet # Compose up -ExecStart=/usr/bin/docker-compose up +ExecStart=/usr/bin/docker-compose up -d # Compose down, remove containers and volumes ExecStop=/usr/bin/docker-compose down -v +# Refresh on reload +ExecReload=-/usr/bin/docker-compose pull --quiet +ExecReload=/usr/bin/docker-compose up -d + [Install] WantedBy=multi-user.target