{ config, tools, lib, ... }: let cfg = config.my-lxc; in { authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) ( lib.mapAttrs ( containerName: def: lib.optionalAttrs (def.auth) { name = containerName; authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; external_host = "https://${tools.build_hostname containerName}/"; mode = "forward_single"; } ) cfg ); # dns_provider = { # name = "dns"; # authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; # invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; # external_host = "https://dns.plg.m0rel.eu/"; # mode = "forward_single"; # }; authentik_application = lib.filterAttrs (_: v: v != { }) ( lib.mapAttrs ( containerName: def: lib.optionalAttrs (def.auth) { name = containerName; slug = containerName; protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}"; } ) cfg ); authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) ( lib.mapAttrs ( containerName: def: lib.optionalAttrs (def.auth) { outpost = "\${data.authentik_outpost.embedded.id}"; protocol_provider = "\${authentik_provider_proxy.${containerName}.id}"; } ) cfg ); }