authcheck: Initial version of role

roles/authcheck/handlers/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Rebuild authcheck-container
+  ansible.builtin.command:
+    argv:
+      - podman
+      - build
+      - -t
+      - authcheck
+      - /usr/local/src/docker-authcheck
+  become: true
+  become_user: authcheck
+  notify: Restart authcheck-container
+
+- name: Restart authcheck-container
+  ansible.builtin.service:
+    name: authcheck-container
+    state: restarted

roles/authcheck/meta/main.yml

@@ -0,0 +1,5 @@
+---
+dependencies:
+  - {role: git}
+  - {role: nginx}
+  - {role: podman}

roles/authcheck/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Create group
+  ansible.builtin.group:
+    name: authcheck
+
+- name: Create user
+  ansible.builtin.user:
+    name: authcheck
+    comment: Podman Auth
+    group: authcheck
+    shell: /sbin/nologin
+
+- name: Get container source
+  ansible.builtin.git:
+    dest: /usr/local/src/docker-authcheck
+    repo: https://github.com/foo-sh/docker-authcheck.git
+    update: false
+    version: main
+  notify: Rebuild authcheck-container
+
+- name: Create service file
+  ansible.builtin.template:
+    dest: /etc/systemd/system/authcheck-container.service
+    src: authcheck-container.service.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Enable service
+  ansible.builtin.service:
+    name: authcheck-container
+    state: started
+    enabled: true
+
+- name: Copy nginx config
+  ansible.builtin.copy:
+    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/authcheck-container.conf"
+    content: |
+      location /authcheck {
+        proxy_pass http://127.0.0.1:8003;
+      }
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx

roles/authcheck/templates/authcheck-container.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=LDAP Auth Check Container
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=authcheck
+ExecStart=/usr/bin/podman run \
+    --rm -p 127.0.0.1:8003:8000 \
+    --name authcheck \
+    --env LDAP_URI=ldaps://{{ ldap_server[0] }} \
+    authcheck:latest
+ExecStop=/usr/bin/podman stop --ignore authcheck
+ExecStopPost=/usr/bin/podman rm -f --ignore authcheck
+
+[Install]
+WantedBy=multi-user.target