✨ Add Pocket ID

README.md

@@ -189,6 +189,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Plex](https://www.plex.tv/) - Plex Media Server
   * [Plex Autoscan](https://github.com/Cloudbox/autoscan) - automatic Plex library updates
   * [Plex Meta Manager](https://metamanager.wiki) - Python script to update metadata information for items in plex
+* [Pocket-ID](https://github.com/stonith404/pocket-id) - A simple OIDC provider
 * [Portainer](https://portainer.io/) - for managing Docker and running custom images
 * [Pretix](https://pretix.eu/about/en/) - Ticketing software that cares about your event—all the way.
 * [Prometheus](https://prometheus.io/) - Time series database and monitoring system (via stats role).

nas.yml

@@ -737,6 +737,10 @@
       tags:
         - plex
 
+    - role: pocketid
+      tags:
+        - pocketid
+
     - role: portainer
       tags:
         - portainer

roles/pocketid/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+pocketid_enabled: false
+pocketid_available_externally: false
+
+# directories
+pocketid_data_directory: "{{ docker_home }}/pocketid"
+
+# network
+pocketid_port: "8174"
+pocketid_hostname: "pocketid"
+
+# specs
+pocketid_memory: 1g
+
+# docker
+pocketid_container_name: pocketid
+pocketid_image_name: "stonith404/pocket-id"
+pocketid_image_version: latest
+pocketid_user_id: "1000"
+pocketid_group_id: "1000"
+
+# pocketid
+pocketid_public_app_url: https://{{ pocketid_hostname }}.{{ ansible_nas_domain }}

roles/pocketid/molecule/default/molecule.yml

@@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        pocketid_enabled: true

roles/pocketid/molecule/default/side_effect.yml

@@ -0,0 +1,10 @@
+---
+- name: Stop
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role"
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        pocketid_enabled: false

roles/pocketid/molecule/default/verify.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Get pocketid container state
+      community.docker.docker_container:
+        name: "{{ pocketid_container_name }}"
+      register: result
+
+    - name: Check if pocketid containers are running
+      ansible.builtin.assert:
+        that:
+          - result.container['State']['Status'] == "running"
+          - result.container['State']['Restarting'] == false

roles/pocketid/molecule/default/verify_stopped.yml

@@ -0,0 +1,19 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include vars
+      ansible.builtin.include_vars:
+        file: ../../defaults/main.yml
+
+    - name: Try and stop and remove pocketid
+      community.docker.docker_container:
+        name: "{{ pocketid_container_name }}"
+        state: absent
+      register: result
+
+    - name: Check if pocketid is stopped
+      ansible.builtin.assert:
+        that:
+          - not result.changed

roles/pocketid/requirements.yml

@@ -0,0 +1 @@
+../../requirements.yml

roles/pocketid/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: Start Pocket-ID
+  block:
+    - name: Create Pocket-ID Directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ pocketid_data_directory }}"
+        - "{{ pocketid_data_directory }}/data"
+
+    - name: Create Pocket-ID Docker Container
+      community.docker.docker_container:
+        container_default_behavior: no_defaults
+        name: "{{ pocketid_container_name }}"
+        image: "{{ pocketid_image_name }}:{{ pocketid_image_version }}"
+        pull: true
+        volumes:
+          - "{{ pocketid_data_directory }}/data:/app/backend/data"
+        ports:
+          - "{{ pocketid_port }}:80"
+        env:
+          PUBLIC_APP_URL: "{{ pocketid_public_app_url }}"
+        restart_policy: unless-stopped
+        memory: "{{ pocketid_memory }}"
+        labels:
+          traefik.enable: "{{ pocketid_available_externally | string }}"
+          traefik.http.routers.pocketid.rule: "Host(`{{ pocketid_hostname }}.{{ ansible_nas_domain }}`)"
+          traefik.http.routers.pocketid.tls.certresolver: "letsencrypt"
+          traefik.http.routers.pocketid.tls.domains[0].main: "{{ ansible_nas_domain }}"
+          traefik.http.routers.pocketid.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+          traefik.http.services.pocketid.loadbalancer.server.port: "80"
+  when: pocketid_enabled is true
+
+- name: Stop Pocket-ID
+  block:
+    - name: Stop Pocket-ID
+      community.docker.docker_container:
+        name: "{{ pocketid_container_name }}"
+        state: absent
+  when: pocketid_enabled is false

website/docs/applications/other/pocketid.md

@@ -0,0 +1,14 @@
+---
+title: "Pocket-ID"
+description: "A simple OIDC provider"
+---
+
+Homepage: [https://github.com/stonith404/pocket-id](https://github.com/stonith404/pocket-id)
+
+A simple OIDC provider that allows users to authenticate with their passkeys to your services.
+
+## Usage
+
+Set `pocketid_enabled: true` in your `inventories/<your_inventory>/group_vars/nas.yml` file.
+
+Pocket-ID web interface can be found at [http://ansible_nas_host_or_ip:8174](http://ansible_nas_host_or_ip:8174).