homelab/terraform/authentik/modules/proxy-provider/main.tf

terraform {
  required_providers {
    authentik = {
      source  = "goauthentik/authentik"
      version = ">= 2023.10.0"
    }
  }
}

resource "authentik_provider_proxy" "provider" {
  name                         = var.name
  external_host               = var.external_host
  internal_host               = var.internal_host
  internal_host_ssl_validation = var.internal_host_ssl_validation
  authorization_flow          = var.authorization_flow
  invalidation_flow           = var.invalidation_flow
  mode                        = var.mode
  cookie_domain              = var.cookie_domain
  skip_path_regex            = var.skip_path_regex
  intercept_header_auth      = var.intercept_header_auth
  basic_auth_enabled         = var.basic_auth_enabled
  basic_auth_password_attribute = var.basic_auth_password_attribute
  
  property_mappings          = var.property_mappings
}

resource "authentik_application" "app" {
  name                = var.app_name
  slug                = var.app_slug
  protocol_provider   = authentik_provider_proxy.provider.id
  group              = var.app_group
  policy_engine_mode = var.policy_engine_mode
  meta_description   = var.meta_description
  meta_launch_url    = var.meta_launch_url
  meta_icon          = var.meta_icon
}

resource "authentik_policy_binding" "app_access" {
  for_each = var.access_policies

  target = authentik_application.app.id
  policy = each.value.policy_id
  order  = each.value.order
  
  enabled        = lookup(each.value, "enabled", true)
  timeout        = lookup(each.value, "timeout", 30)
  negate         = lookup(each.value, "negate", false)
  failure_result = lookup(each.value, "failure_result", true)
}

# Binding groups to the application
resource "authentik_policy_binding" "group_bindings" {
  for_each = { for idx, group_id in var.access_groups : idx => group_id }

  target = authentik_application.app.uuid
  group  = each.value
  order  = 10 + each.key
}
Added authentik terraform 2025-09-15 21:42:01 +03:00			`terraform {`
			`required_providers {`
			`authentik = {`
			`source = "goauthentik/authentik"`
			`version = ">= 2023.10.0"`
			`}`
			`}`
			`}`

			`resource "authentik_provider_proxy" "provider" {`
			`name = var.name`
			`external_host = var.external_host`
			`internal_host = var.internal_host`
			`internal_host_ssl_validation = var.internal_host_ssl_validation`
			`authorization_flow = var.authorization_flow`
			`invalidation_flow = var.invalidation_flow`
			`mode = var.mode`
			`cookie_domain = var.cookie_domain`
			`skip_path_regex = var.skip_path_regex`
			`intercept_header_auth = var.intercept_header_auth`
			`basic_auth_enabled = var.basic_auth_enabled`
			`basic_auth_password_attribute = var.basic_auth_password_attribute`

			`property_mappings = var.property_mappings`
			`}`

			`resource "authentik_application" "app" {`
			`name = var.app_name`
			`slug = var.app_slug`
			`protocol_provider = authentik_provider_proxy.provider.id`
			`group = var.app_group`
			`policy_engine_mode = var.policy_engine_mode`
			`meta_description = var.meta_description`
			`meta_launch_url = var.meta_launch_url`
			`meta_icon = var.meta_icon`
			`}`

			`resource "authentik_policy_binding" "app_access" {`
			`for_each = var.access_policies`

			`target = authentik_application.app.id`
			`policy = each.value.policy_id`
			`order = each.value.order`

			`enabled = lookup(each.value, "enabled", true)`
			`timeout = lookup(each.value, "timeout", 30)`
			`negate = lookup(each.value, "negate", false)`
			`failure_result = lookup(each.value, "failure_result", true)`
Added Authentik TF code 2025-09-16 15:28:42 +03:00			`}`

			`# Binding groups to the application`
			`resource "authentik_policy_binding" "group_bindings" {`
			`for_each = { for idx, group_id in var.access_groups : idx => group_id }`

			`target = authentik_application.app.uuid`
			`group = each.value`
			`order = 10 + each.key`
Added authentik terraform 2025-09-15 21:42:01 +03:00			`}`