forked from infra/ansible
authentik: enable automatic updates of docker images
This commit is contained in:
parent
e1c900ad65
commit
d7aab43f06
@ -37,7 +37,11 @@
|
|||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Systemd unit for authentik
|
- name: Systemd unit for authentik
|
||||||
template: src=authentik.service.j2 dest=/etc/systemd/system/authentik.service
|
template: src=authentik{{ item }}.j2 dest=/etc/systemd/system/authentik{{ item }}
|
||||||
|
with_items:
|
||||||
|
- ".service"
|
||||||
|
- "-reload.service"
|
||||||
|
- "-reload.timer"
|
||||||
notify:
|
notify:
|
||||||
- Reload systemd
|
- Reload systemd
|
||||||
- Restart authentik
|
- Restart authentik
|
||||||
@ -45,6 +49,9 @@
|
|||||||
- name: Start the authentik service
|
- name: Start the authentik service
|
||||||
service: name=authentik state=started enabled=yes
|
service: name=authentik state=started enabled=yes
|
||||||
|
|
||||||
|
- name: Enable auto update timer
|
||||||
|
service: name=authentik-reload.timer state=started enabled=yes
|
||||||
|
|
||||||
- name: Enable monitoring
|
- name: Enable monitoring
|
||||||
include_role: name=icinga-monitor tasks_from=http
|
include_role: name=icinga-monitor tasks_from=http
|
||||||
vars:
|
vars:
|
||||||
|
7
roles/authentik/templates/authentik-reload.service.j2
Normal file
7
roles/authentik/templates/authentik-reload.service.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Refresh authentik images
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
|
||||||
|
ExecStart=/bin/systemctl reload-or-restart authentik.service
|
10
roles/authentik/templates/authentik-reload.timer.j2
Normal file
10
roles/authentik/templates/authentik-reload.timer.j2
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Refresh authentik images
|
||||||
|
Requires=authentik.service
|
||||||
|
After=authentik.service
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=*:0/15
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -5,7 +5,7 @@ After=docker.service
|
|||||||
Before=nginx.service
|
Before=nginx.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=oneshot
|
||||||
|
|
||||||
User=authentik
|
User=authentik
|
||||||
Group=authentik
|
Group=authentik
|
||||||
@ -17,12 +17,18 @@ WorkingDirectory=/opt/authentik
|
|||||||
|
|
||||||
# Make sure no old containers are running
|
# Make sure no old containers are running
|
||||||
ExecStartPre=/usr/bin/docker-compose down -v
|
ExecStartPre=/usr/bin/docker-compose down -v
|
||||||
|
# Update images
|
||||||
|
ExecStartPre=-/usr/bin/docker-compose pull --quiet
|
||||||
|
|
||||||
# Compose up
|
# Compose up
|
||||||
ExecStart=/usr/bin/docker-compose up
|
ExecStart=/usr/bin/docker-compose up -d
|
||||||
|
|
||||||
# Compose down, remove containers and volumes
|
# Compose down, remove containers and volumes
|
||||||
ExecStop=/usr/bin/docker-compose down -v
|
ExecStop=/usr/bin/docker-compose down -v
|
||||||
|
|
||||||
|
# Refresh on reload
|
||||||
|
ExecReload=-/usr/bin/docker-compose pull --quiet
|
||||||
|
ExecReload=/usr/bin/docker-compose up -d
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Loading…
Reference in New Issue
Block a user