feat: add authentik config for nas

This commit is contained in:
Xavier Morel
2026-06-01 14:13:30 +02:00
parent d4018d9df0
commit 9ae79092fb
2 changed files with 34 additions and 0 deletions
@@ -10,6 +10,7 @@ let
hass = import ../config/_ha_secrets.nix;
vw = import ../config/_vw_secrets.nix;
git = import ../config/_git_secrets.nix;
nas = import ../config/_nas_secrets.nix;
in
{
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
@@ -56,6 +57,11 @@ in
slug = "gitea";
protocol_provider = "\${resource.authentik_provider_oauth2.gitea.id}";
};
nas = {
name = "nas";
slug = "nas";
protocol_provider = "\${resource.authentik_provider_oauth2.nas.id}";
};
};
authentik_application_entitlement = {
@@ -108,6 +114,10 @@ in
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_oauth2.gitea.id}";
};
nas = {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_oauth2.nas.id}";
};
};
authentik_property_mapping_provider_scope = {
@@ -183,6 +193,7 @@ in
url = "https://matrix.plg.m0rel.eu/_synapse/client/oidc/callback";
}
];
signing_key = "\${data.authentik_certificate_key_pair.generated.id}";
};
vaultwarden = {
name = "vaultwarden";
@@ -230,6 +241,28 @@ in
}
];
};
nas = {
name = "nas";
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
client_id = nas.oidc_client_id;
client_secret = nas.oidc_client_secret;
property_mappings = [
"\${data.authentik_property_mapping_provider_scope.openid_openid.id}"
"\${data.authentik_property_mapping_provider_scope.openid_profile.id}"
"\${data.authentik_property_mapping_provider_scope.openid_email.id}"
];
signing_key = "\${data.authentik_certificate_key_pair.generated.id}";
allowed_redirect_uris = [
{
matching_mode = "strict";
url = "https://nas.plg.m0rel.eu/";
}
];
};
};
authentik_group = {