Files
homelab/modules/terraform-base.nix
T
Xavier Morel 0ec109e39f
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 3s
feat: add Authentik config for HA OAuth
2026-05-28 18:26:41 +02:00

81 lines
2.3 KiB
Nix

{ lib, ... }:
{
terraform.required_providers = {
proxmox = {
source = "Telmate/proxmox";
version = "~> 2.9.11";
};
postgresql = {
source = "cyrilgdn/postgresql";
version = "~> 1.26.0";
};
authentik = {
source = "goauthentik/authentik";
version = "~> 2025.12.1";
};
};
provider.authentik = {
url = "\${var.ak_url}";
token = "\${var.ak_token}";
};
variable.ak_url.type = "string";
variable.ak_token.type = "string";
data.authentik_certificate_key_pair.generated = {
name = "authentik Self-signed Certificate";
};
data.authentik_property_mapping_provider_scope.openid_email = {
name = "authentik default OAuth Mapping: OpenID 'email'";
};
data.authentik_property_mapping_provider_scope.openid_offline_access = {
name = "authentik default OAuth Mapping: OpenID 'offline_access'";
};
data.authentik_property_mapping_provider_scope.openid_openid = {
name = "authentik default OAuth Mapping: OpenID 'openid'";
};
data.authentik_property_mapping_provider_scope.openid_profile = {
name = "authentik default OAuth Mapping: OpenID 'profile'";
};
data.authentik_property_mapping_provider_scope.app_entitlement = {
name = "authentik default OAuth Mapping: Application Entitlements";
};
data.authentik_property_mapping_provider_scope.authentik_api = {
name = "authentik default OAuth Mapping: authentik API access";
};
data.authentik_property_mapping_provider_scope.proxy_outpost = {
name = "authentik default OAuth Mapping: Proxy outpost";
};
provider.proxmox = {
pm_api_url = "\${var.pm_api_url}";
pm_api_token_id = "\${var.pm_api_token_id}";
pm_api_token_secret = "\${var.pm_api_token_secret}";
pm_tls_insecure = "\${var.pm_tls_insecure}";
};
variable.pm_api_url.type = "string";
variable.pm_api_token_id.type = "string";
variable.pm_api_token_secret.type = "string";
variable.pm_tls_insecure.type = "bool";
variable.pve_node.type = "string";
variable.ostemplate.type = "string";
provider.postgresql = {
host = "\${var.pg_host}";
port = 5432;
database = "postgres";
username = "\${var.pg_user}";
password = "\${var.pg_pass}";
sslmode = "disable";
connect_timeout = 15;
};
variable.pg_host.type = "string";
variable.pg_user.type = "string";
variable.pg_pass.type = "string";
}