feat: add Authentik config for vaultwarden OAuth
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 3s
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 3s
This commit is contained in:
@@ -8,6 +8,7 @@ let
|
||||
cfg = config.my-lxc;
|
||||
matrix = import ../config/_matrix_secrets.nix;
|
||||
hass = import ../config/_ha_secrets.nix;
|
||||
vw = import ../config/_vw_secrets.nix;
|
||||
in
|
||||
{
|
||||
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
|
||||
@@ -44,7 +45,13 @@ in
|
||||
slug = "matrix";
|
||||
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
|
||||
};
|
||||
vaultwarden = {
|
||||
name = "vaultwarden";
|
||||
slug = "vaultwarden";
|
||||
protocol_provider = "\${resource.authentik_provider_oauth2.vaultwarden.id}";
|
||||
};
|
||||
};
|
||||
|
||||
authentik_outpost_provider_attachment =
|
||||
lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
@@ -64,8 +71,25 @@ in
|
||||
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
|
||||
};
|
||||
vaultwarden = {
|
||||
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||
protocol_provider = "\${authentik_provider_oauth2.vaultwarden.id}";
|
||||
};
|
||||
};
|
||||
|
||||
authentik_property_mapping_provider_scope = {
|
||||
vaultwarden_email = {
|
||||
name = "vaultwarden_email";
|
||||
scope_name = "email";
|
||||
expression = ''
|
||||
return {
|
||||
"email": request.user.email,
|
||||
"email_verified": True
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
authentik_provider_oauth2 = {
|
||||
home_assistant = {
|
||||
name = "home_assistant";
|
||||
@@ -107,5 +131,69 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
vaultwarden = {
|
||||
name = "vaultwarden";
|
||||
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||
client_id = vw.oidc_client_id;
|
||||
client_secret = vw.oidc_secret_id;
|
||||
|
||||
property_mappings = [
|
||||
"\${data.authentik_property_mapping_provider_scope.openid_openid.id}"
|
||||
"\${data.authentik_property_mapping_provider_scope.openid_profile.id}"
|
||||
"\${data.authentik_property_mapping_provider_scope.openid_offline_access.id}"
|
||||
"\${authentik_property_mapping_provider_scope.vaultwarden_email.id}"
|
||||
];
|
||||
|
||||
signing_key = "\${data.authentik_certificate_key_pair.generated.id}";
|
||||
|
||||
allowed_redirect_uris = [
|
||||
{
|
||||
matching_mode = "strict";
|
||||
url = "https://vault.plg.m0rel.eu/identity/connect/oidc-signin";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
authentik_group = {
|
||||
admins = {
|
||||
name = "Admin";
|
||||
is_superuser = true;
|
||||
};
|
||||
users = {
|
||||
name = "Utilisateur";
|
||||
};
|
||||
visitors = {
|
||||
name = "Visiteur";
|
||||
};
|
||||
};
|
||||
|
||||
authentik_user = {
|
||||
yoru = {
|
||||
username = "yoru";
|
||||
name = "Xavier";
|
||||
email = "morelx42@protonmail.com";
|
||||
groups = [
|
||||
"\${authentik_group.admins.id}"
|
||||
"\${authentik_group.users.id}"
|
||||
];
|
||||
};
|
||||
shauni = {
|
||||
username = "shauni";
|
||||
name = "Laetitia";
|
||||
email = "laetitia.laversin@gmail.com";
|
||||
groups = [
|
||||
"\${authentik_group.admins.id}"
|
||||
"\${authentik_group.users.id}"
|
||||
];
|
||||
};
|
||||
lily = {
|
||||
username = "lily";
|
||||
name = "Lily";
|
||||
groups = [
|
||||
"\${authentik_group.users.id}"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user