homelab/terraform/authentik/README.md

# Authentik Terraform Module

Terraform module for managing Authentik applications with OAuth2/OpenID and Proxy providers, including automatic Outpost assignment.

## Usage

```hcl
module "authentik" {
  source = "./authentik"

  authentik_url   = "https://auth.example.com"
  authentik_token = var.authentik_token

  oauth_applications = {
    "gitlab" = {
      name         = "GitLab OAuth"
      slug         = "gitlab"
      redirect_uris = ["https://gitlab.example.com/users/auth/openid_connect/callback"]
    }
  }

  proxy_applications = {
    "portainer" = {
      name          = "Portainer"
      slug          = "portainer"
      external_host = "https://portainer.example.com"
      internal_host = "http://portainer:9000"
      outpost       = "k8s-outpost"
    }
  }

  outposts = {
    "k8s-outpost" = {
      name = "Kubernetes Outpost"
      type = "proxy"
      service_connection = "k8s-local"
    }
  }
}
```

## Structure

- `main.tf` - Main configuration
- `variables.tf` - Input variables  
- `outputs.tf` - Output values
- `modules/oauth-provider/` - OAuth2/OIDC provider module
- `modules/proxy-provider/` - Proxy provider module
- `terraform.tfvars.example` - Configuration example

## Requirements

- Terraform >= 1.0
- Authentik provider >= 2023.10.0
- Authentik API token with admin permissions
Added authentik terraform 2025-09-15 21:42:01 +03:00			`# Authentik Terraform Module`

			`Terraform module for managing Authentik applications with OAuth2/OpenID and Proxy providers, including automatic Outpost assignment.`

			`## Usage`

			```hcl
			`module "authentik" {`
			`source = "./authentik"`

			`authentik_url = "https://auth.example.com"`
			`authentik_token = var.authentik_token`

			`oauth_applications = {`
			`"gitlab" = {`
			`name = "GitLab OAuth"`
			`slug = "gitlab"`
			`redirect_uris = ["https://gitlab.example.com/users/auth/openid_connect/callback"]`
			`}`
			`}`

			`proxy_applications = {`
			`"portainer" = {`
			`name = "Portainer"`
			`slug = "portainer"`
			`external_host = "https://portainer.example.com"`
			`internal_host = "http://portainer:9000"`
			`outpost = "k8s-outpost"`
			`}`
			`}`

			`outposts = {`
			`"k8s-outpost" = {`
			`name = "Kubernetes Outpost"`
			`type = "proxy"`
			`service_connection = "k8s-local"`
			`}`
			`}`
			`}`
			```

			`## Structure`

			- `main.tf` - Main configuration
			- `variables.tf` - Input variables
			- `outputs.tf` - Output values
			- `modules/oauth-provider/` - OAuth2/OIDC provider module
			- `modules/proxy-provider/` - Proxy provider module
			- `terraform.tfvars.example` - Configuration example

			`## Requirements`

			`- Terraform >= 1.0`
			`- Authentik provider >= 2023.10.0`
			`- Authentik API token with admin permissions`