feat: add terraforming of authentik
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s

This commit is contained in:
Xavier Morel
2026-03-25 21:24:08 +01:00
parent f66447fd26
commit 047d68a998
30 changed files with 819 additions and 142 deletions
@@ -4,5 +4,47 @@
lib,
...
}:
let
cfg = config.my-lxc;
in
{
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
name = containerName;
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
external_host = "https://${tools.build_hostname containerName}/";
mode = "forward_single";
}
) cfg
);
# dns_provider = {
# name = "dns";
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
# external_host = "https://dns.plg.m0rel.eu/";
# mode = "forward_single";
# };
authentik_application = lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
name = containerName;
slug = containerName;
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
}
) cfg
);
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
}
) cfg
);
}
+9
View File
@@ -314,6 +314,15 @@ in
(import ./containers-terraform-proxmox.nix { inherit config tools lib; })
(import ./containers-terraform-authentik.nix { inherit config tools lib; })
];
tf.data.authentik_outpost.embedded = {
name = "authentik Embedded Outpost";
};
tf.data.authentik_flow.default-authorization-flow = {
slug = "default-provider-authorization-implicit-consent";
};
tf.data.authentik_flow.default-invalidation-flow = {
slug = "default-provider-invalidation-flow";
};
nixosModule = lib.mapAttrs (
container: def:
+13
View File
@@ -10,8 +10,21 @@
source = "cyrilgdn/postgresql";
version = "~> 1.26.0";
};
authentik = {
source = "goauthentik/authentik";
version = "~> 2025.12.1";
};
};
provider.authentik = {
url = "\${var.ak_url}";
token = "\${var.ak_token}";
};
variable.ak_url.type = "string";
variable.ak_token.type = "string";
provider.proxmox = {
pm_api_url = "\${var.pm_api_url}";
pm_api_token_id = "\${var.pm_api_token_id}";