Semaphore UI¶

Semaphore UI is being used as a GUI to Ansible to help manage my playbooks.

Installation¶

Default Port: 3000

Configuration path: /etc/semaphore

Admin password: cat ~/semaphore.creds

Database: BoltDB

AMD64ARM64

bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/semaphore.sh)"

bash -c "$(wget -qLO - https://github.com/asylumexp/Proxmox/raw/main/ct/semaphore.sh)"

Config¶

Make symlinks to repo.

authentik ¶

authentik GUI

Applications -> Applications

Redirect URI: https://semaphore.company/api/auth/oidc/authentik/redirect/

/etc/semaphore/config.json

Manual

{
  "oidc_providers": {
    "authentik": {
      "display_name": "Sign in with authentik",
      "provider_url": "https://authentik.company/application/o/<slug>/",
      "client_id": "<client-id>",
      "client_secret": "<client-secret>",
      "redirect_url": "https://semaphore.company/api/auth/oidc/authentik/redirect/",
      "username_claim": "preferred_username",
      "name_claim": "preferred_username",
      "scopes": ["openid", "profile", "email"]
    }
  },
  "web_host": "/",
  ...
}

Tip

The name of the oidc_provider (e.g. authentik) needs to match the name on the redirect URL.

Tip

If a Not Found error is displayed after the login, you might need to set the web_root to / (see https://github.com/semaphoreui/semaphore/issues/2681):

/etc/semaphore/config.json

{    
  "web_host": "/"
}

Traefik¶

homelab/pve/traefik/conf.d/semaphore.yaml

---
http:
 #region routers 
  routers:
    semaphore:
      entryPoints:
        - "websecure"
      rule: "Host(`semaphore.l.nicholaswilde.io`)"
      middlewares:
        - default-headers@file
        - https-redirectscheme@file
      tls: {}
      service: semaphore
#endregion
#region services
  services:
    semaphore:
      loadBalancer:
        servers:
          - url: "http://192.168.2.90:3000"
        passHostHeader: true
#endregion