feat: add terraforming of authentik
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s
This commit is contained in:
@@ -4,5 +4,47 @@
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.my-lxc;
|
||||
in
|
||||
{
|
||||
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
containerName: def:
|
||||
lib.optionalAttrs (def.auth) {
|
||||
name = containerName;
|
||||
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||
external_host = "https://${tools.build_hostname containerName}/";
|
||||
mode = "forward_single";
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
|
||||
# dns_provider = {
|
||||
# name = "dns";
|
||||
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||
# external_host = "https://dns.plg.m0rel.eu/";
|
||||
# mode = "forward_single";
|
||||
# };
|
||||
authentik_application = lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
containerName: def:
|
||||
lib.optionalAttrs (def.auth) {
|
||||
name = containerName;
|
||||
slug = containerName;
|
||||
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
containerName: def:
|
||||
lib.optionalAttrs (def.auth) {
|
||||
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
}
|
||||
|
||||
@@ -314,6 +314,15 @@ in
|
||||
(import ./containers-terraform-proxmox.nix { inherit config tools lib; })
|
||||
(import ./containers-terraform-authentik.nix { inherit config tools lib; })
|
||||
];
|
||||
tf.data.authentik_outpost.embedded = {
|
||||
name = "authentik Embedded Outpost";
|
||||
};
|
||||
tf.data.authentik_flow.default-authorization-flow = {
|
||||
slug = "default-provider-authorization-implicit-consent";
|
||||
};
|
||||
tf.data.authentik_flow.default-invalidation-flow = {
|
||||
slug = "default-provider-invalidation-flow";
|
||||
};
|
||||
|
||||
nixosModule = lib.mapAttrs (
|
||||
container: def:
|
||||
|
||||
@@ -10,8 +10,21 @@
|
||||
source = "cyrilgdn/postgresql";
|
||||
version = "~> 1.26.0";
|
||||
};
|
||||
|
||||
authentik = {
|
||||
source = "goauthentik/authentik";
|
||||
version = "~> 2025.12.1";
|
||||
};
|
||||
};
|
||||
|
||||
provider.authentik = {
|
||||
url = "\${var.ak_url}";
|
||||
token = "\${var.ak_token}";
|
||||
};
|
||||
|
||||
variable.ak_url.type = "string";
|
||||
variable.ak_token.type = "string";
|
||||
|
||||
provider.proxmox = {
|
||||
pm_api_url = "\${var.pm_api_url}";
|
||||
pm_api_token_id = "\${var.pm_api_token_id}";
|
||||
|
||||
Reference in New Issue
Block a user