Files
homelab/modules/containers-terraform-authentik.nix
T
Xavier Morel ff508fd669
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 2s
feat: several updates
2026-03-26 00:16:20 +01:00

68 lines
1.9 KiB
Nix

{
config,
tools,
lib,
...
}:
let
cfg = config.my-lxc;
sec = import ../config/_matrix_secrets.nix;
in
{
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
name = containerName;
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
external_host = "https://${tools.build_hostname containerName}/";
mode = "forward_single";
}
) cfg
);
authentik_application =
lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
name = containerName;
slug = containerName;
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
}
) cfg
)
// {
matrix = {
name = "matrix";
slug = "matrix";
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
};
};
authentik_outpost_provider_attachment =
lib.filterAttrs (_: v: v != { }) (
lib.mapAttrs (
containerName: def:
lib.optionalAttrs (def.auth) {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
}
) cfg
)
// {
matrix = {
outpost = "\${data.authentik_outpost.embedded.id}";
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
};
};
authentik_provider_oauth2.matrix = {
name = "matrix";
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
client_id = sec.oidc_client_id;
client_secret = sec.oidc_client_secret;
};
}