From bae8274261e34e6adf0a73599555025383b7be06 Mon Sep 17 00:00:00 2001
From: tolerryan <105945216+tolerryan@users.noreply.github.com>
Date: Mon, 26 May 2025 02:29:07 -0500
Subject: [PATCH] first authelia setup

---
 .ansible.d/inventory                    |   5 +-
 authelia.tf                             |  48 +++++++++++
 grail.tf                                |   2 +-
 roles/ind/authelia/authelia.yml         | 107 ++++++++++++++++++++++++
 roles/ind/authelia/cron.vars            |  18 ++++
 roles/ind/authelia/docker-compose.env   |   0
 roles/ind/authelia/docker-compose.yml   |  31 +++++++
 roles/ind/debcache/debcache-install.yml |   2 +-
 8 files changed, 210 insertions(+), 3 deletions(-)
 create mode 100644 authelia.tf
 create mode 100644 roles/ind/authelia/authelia.yml
 create mode 100644 roles/ind/authelia/cron.vars
 create mode 100644 roles/ind/authelia/docker-compose.env
 create mode 100644 roles/ind/authelia/docker-compose.yml

diff --git a/.ansible.d/inventory b/.ansible.d/inventory
index bda37b1..1f87b48 100644
--- a/.ansible.d/inventory
+++ b/.ansible.d/inventory
@@ -4,6 +4,7 @@
 nas
 
 [lxc]
+debcache
 wikmd
 grail-tf
 pihole
@@ -11,7 +12,8 @@ downloader
 archivewarrior2
 archivewarrior
 navidrome
-debcache
+authelia
+
 
 [docker]
 grail-tf
@@ -21,4 +23,5 @@ archivewarrior2
 archivewarrior
 navidrome
 debcache
+authelia
 nas
\ No newline at end of file
diff --git a/authelia.tf b/authelia.tf
new file mode 100644
index 0000000..8628d5f
--- /dev/null
+++ b/authelia.tf
@@ -0,0 +1,48 @@
+resource "proxmox_lxc" "authelia" {
+    target_node = "ryuk"
+    hostname = "authelia"
+    vmid = 225
+    ostemplate = "cephfs:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+    password = "terraform"
+    unprivileged = true
+    cores = 6
+    memory = 4096
+    swap = 1024
+    start = true
+    tags = "terraform"
+    nameserver = "192.168.0.224"
+    ssh_public_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFw70PrMsilcsqCrwW1I6PAt3anQbhmVg+t/HUfomug ryan@mxDesktop"
+
+    features {
+        nesting = true
+    }
+
+    rootfs {
+        storage = "local-lvm"
+        size = "64G"
+    }
+
+    mountpoint{
+        key = "0"
+        slot = 0
+        storage = "Ceph"
+        mp      = "/data"
+        size    = "400G"
+    }    
+
+    network {
+        name = "eth0"
+        bridge = "vmbr0"
+        ip = "192.168.0.61/24"
+        gw = "192.168.0.1"
+
+    }
+
+    provisioner "local-exec" {
+        command = "./.ansible.d/setup.sh $IP"
+        environment = {
+            IP = "192.168.0.61"
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/grail.tf b/grail.tf
index 115d1a0..ff4d6ad 100644
--- a/grail.tf
+++ b/grail.tf
@@ -26,7 +26,7 @@ resource "proxmox_lxc" "grail" {
         key = "1"
         slot = 1
         # Dir on host
-        storage = "/omv/media"
+        st ia"
         # volume is needed as a workaround for bug
         volume = "/omv/media"
         # mountpoint within container
diff --git a/roles/ind/authelia/authelia.yml b/roles/ind/authelia/authelia.yml
new file mode 100644
index 0000000..09496fb
--- /dev/null
+++ b/roles/ind/authelia/authelia.yml
@@ -0,0 +1,107 @@
+---
+- hosts: all
+  become: yes
+  remote_user: ansible
+  gather_facts: false
+
+  vars:
+
+ tasks:
+
+    - name: Upgrade-packages.yml - update packages
+      include: ../../lib/upgrade-packages.yml
+    
+    - name: Install-docker.yml - setting up docker
+      include: ../../lib/install-docker.yml
+
+    - name: Install Restic and setup 
+      include:  ../../lib/setup-restic.yml
+
+    - name: Setup Restic Cron jobs
+      include: ../../lib/setup-restic-cron.yml
+
+    - name: Create grail user
+      user:
+        name: grail
+        uid: 2003
+        group: docker
+        state: present
+        create_home: yes
+        home: /home/docker
+        shell: /bin/bash
+
+    - name: Install nfs Packages
+      apt:
+        name:
+          - nfs-common
+        state: present
+        update_cache: no
+
+    - name: Install Python Packages
+      apt:
+        name:
+          - python3-full
+          - python3-pip
+        state: present
+        update_cache: yes
+
+    - name: Setup Service
+      copy:
+        dest: /etc/systemd/system/authelia.service
+        content: |
+          [Unit]
+          Description=Docker Compose service
+          Requires=docker.service
+          After=docker.service
+
+          [Service]
+          Type=oneshot
+          RemainAfterExit=yes
+          WorkingDirectory=/home/docker
+          ExecStart=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml up -d
+          ExecStop=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml down
+
+          [Install]
+          WantedBy=multi-user.target
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Write docker-compose.yml 
+      ansible.builtin.copy:
+        src: docker-compose.yml
+        dest: /home/docker/docker-compose.yml
+        owner: docker
+        group: docker
+        mode: u=rw,g=r,o=r
+
+    - name: Write docker-compose.env
+      ansible.builtin.copy:
+        src: docker-compose.env
+        dest: /home/docker/docker-compose.env
+        owner: docker
+        group: docker
+        mode: u=rw,g=r,o=r
+
+    - name: Check if docker config directory exists
+      stat:
+        path: /home/docker/data
+      register: data_stat
+
+    - name: Restore docker config Dir
+      shell: |
+        restic --password-file /home/restic/.resticpassword -r sftp:misamisa://home/restic/$(hostname) --target / restore latest
+      args:
+        chdir: /home/docker/
+        creates: /home/docker/data
+      when: not data_stat.stat.exists or not data_stat.stat.isdir
+      
+    - name: Reload systemd daemon
+      systemd:
+        daemon_reload: yes
+        
+    - name: Start downloader Service
+      systemd:
+        name: authelia
+        state: started
+        enabled: yes
\ No newline at end of file
diff --git a/roles/ind/authelia/cron.vars b/roles/ind/authelia/cron.vars
new file mode 100644
index 0000000..b9d5566
--- /dev/null
+++ b/roles/ind/authelia/cron.vars
@@ -0,0 +1,18 @@
+---
+cronjob:
+
+  - name: appdata
+    job_name: "Daily /home/docker/  Backup"
+    job_minute: "0"
+    job_hour: "5"
+    job_day: "*"
+    user: "root"
+    job_command: "/home/docker/restic.sh --backup /home/docker/ "
+  
+  - name: weeklydb
+    job_name: "Weekly /home/docker/ verification"
+    job_minute: "10"
+    job_hour: "2"
+    job_day: "1"
+    user: "root"
+    job_command: "/home/docker/restic.sh --verify /home/docker/"
\ No newline at end of file
diff --git a/roles/ind/authelia/docker-compose.env b/roles/ind/authelia/docker-compose.env
new file mode 100644
index 0000000..e69de29
diff --git a/roles/ind/authelia/docker-compose.yml b/roles/ind/authelia/docker-compose.yml
new file mode 100644
index 0000000..0e725d1
--- /dev/null
+++ b/roles/ind/authelia/docker-compose.yml
@@ -0,0 +1,31 @@
+services:
+  server:
+    image: caddy
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - '/home/docker/caddy/Caddyfile:/etc/caddy/Caddyfile'
+      - '/home/docker/caddy/root_ca.pem:/etc/caddy/root_ca.pem'
+      - '/home/docker/caddy/certs:/certs'
+    restart: unless-stopped
+
+  authelia:
+     image: authelia/authelia
+     container_name: authelia
+     ports:
+        - 9091:9091/tcp
+     volumes:
+        - '/home/docker/authelia:/config'
+     restart: unless-stopped
+
+     
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    volumes:
+     - '/home/docker/redis:/data'
+    expose:
+      - 6379
+    restart: unless-stopped
\ No newline at end of file
diff --git a/roles/ind/debcache/debcache-install.yml b/roles/ind/debcache/debcache-install.yml
index e9f13d9..36d7d3b 100644
--- a/roles/ind/debcache/debcache-install.yml
+++ b/roles/ind/debcache/debcache-install.yml
@@ -49,7 +49,7 @@
         state: present
         update_cache: no
 
-    - name: Start downloader Service
+    - name: Start apt-cacher-ng Service
       systemd:
         name: apt-cacher-ng
         state: started