initial commit

defaults/main.yml

@@ -0,0 +1,19 @@
+louketo_version: "1.0.0"
+louketo_archive_url: "https://github.com/louketo/louketo-proxy/releases/download/{{ louketo_version }}/louketo-proxy_{{ louketo_version }}_linux_amd64.tar.gz"
+louketo_install_path: "/opt/louketo/"
+louketo_config_path: "/etc/louketo"
+louketo_user: "louketo"
+louketo_group: "{{ louketo_user }}"
+
+louketo_instances:
+  - name: testsite
+    config: |
+      client-id: louketo
+      enable-default-deny: false
+      secure-cookie: false
+      listen: :3000
+      redirection-url: http://127.0.0.1:3000
+      upstream-url: http://127.0.0.1:8000
+      resources:
+      - uri: /*
+    state: absent

tasks/instance.yml

@@ -0,0 +1,36 @@
+---
+- name: Copy instance config-file
+  copy:
+    content: "{{ item.config }}"
+    dest: "{{ louketo_config_path }}/{{ item.name }}.yaml"
+  when: item.state != "absent"
+  register: copy_config
+
+- name: Remove instance config-file
+  file:
+    path: "{{ louketo_config_path }}/{{ item.name }}.yaml"
+    state: absent
+  when: item.state == "absent"
+
+- name: Enable & start instance
+  service:
+    name: "louketo@{{ item.name }}"
+    state: started
+    enabled: yes
+  when: item.state != "absent"
+
+- name: Disable & stop instance
+  service:
+    name: "louketo@{{ item.name }}"
+    state: stopped
+    enabled: no
+  when: item.state == "absent"
+
+- name: Restart instance
+  service:
+    name: "louketo@{{ item.name }}"
+    state: restarted
+  when:
+    - ((not stat_version_file.stat.exists) or (slurp_version_file.content | b64decode != louketo_version) or (copy_config is changed)) and item.state != "absent"
+
+

tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Create louketo group
+  group:
+    name: "{{ louketo_group }}"
+    state: present
+
+- name: Create louketo user
+  user:
+    name: "{{ louketo_user }}"
+    group: "{{ louketo_group }}"
+    create_home: no
+    system: yes
+
+- name: Create louketo directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ louketo_user }}"
+    group: "{{ louketo_group }}"
+  loop:
+    - "{{ louketo_install_path }}"
+    - "{{ louketo_config_path }}"
+
+- name: Check if file with current installed version exists
+  stat:
+    path: "{{ louketo_install_path }}/VERSION"
+  register: stat_version_file
+
+- name: Get content of file with current installed version
+  slurp:
+    src: "{{ louketo_install_path }}/VERSION"
+  register: slurp_version_file
+  when: stat_version_file.stat.exists
+
+- name: Download louketo
+  unarchive:
+    src: "{{ louketo_archive_url }}"
+    dest: "{{ louketo_install_path }}"
+    remote_src: true
+    extra_opts:
+      - '--strip-components=1'
+    owner: "{{ louketo_user }}"
+    group: "{{ louketo_group }}"
+  when: (not stat_version_file.stat.exists) or (slurp_version_file.content | b64decode != louketo_version)
+
+- name: Copy louketo systemd-service
+  template:
+    src: louketo@.service.j2
+    dest: /etc/systemd/system/louketo@.service
+
+- name: Reload systemd-deamon
+  service:
+    daemon-reload: yes
+
+- include_tasks: instance.yml
+  loop: "{{ louketo_instances }}"
+
+- name: Create file for saving current installed version
+  copy:
+    content: "{{ louketo_version }}"
+    dest: "{{ louketo_install_path }}/VERSION"
+    owner: "{{ louketo_user }}"
+    group: "{{ louketo_group }}"
+  when: (not stat_version_file.stat.exists) or (slurp_version_file.content | b64decode != louketo_version)

templates/louketo@.service.j2

@@ -0,0 +1,15 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Louketo auth proxy for %I
+
+[Service]
+Type=simple
+User={{ louketo_user }}
+WorkingDirectory={{ louketo_install_path }}
+ExecStart={{ louketo_install_path }}/louketo-proxy --config={{ louketo_config_path }}/%i.yaml
+Restart=always
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target