From 2b00c7e61ea3287cc0e564c96a422efe2cb19991 Mon Sep 17 00:00:00 2001 From: Ultradesu Date: Thu, 12 Mar 2026 18:14:52 +0000 Subject: [PATCH] Fixed authentik TF code --- .gitea/workflows/authentik-apps.yaml | 2 +- .../authentik/.claude/settings.local.json | 7 +- terraform/authentik/.terraform.lock.hcl | 60 ++--- terraform/authentik/groups.tfvars | 10 - terraform/authentik/main.tf | 4 +- terraform/authentik/oauth2-apps.tfvars | 192 --------------- terraform/authentik/providers.tf | 4 +- terraform/authentik/proxy-apps.tfvars | 233 ------------------ terraform/authentik/variables.tf | 8 +- 9 files changed, 44 insertions(+), 476 deletions(-) delete mode 100644 terraform/authentik/groups.tfvars delete mode 100644 terraform/authentik/oauth2-apps.tfvars delete mode 100644 terraform/authentik/proxy-apps.tfvars diff --git a/.gitea/workflows/authentik-apps.yaml b/.gitea/workflows/authentik-apps.yaml index 81c8f29..348e315 100644 --- a/.gitea/workflows/authentik-apps.yaml +++ b/.gitea/workflows/authentik-apps.yaml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v4.0.0 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} diff --git a/terraform/authentik/.claude/settings.local.json b/terraform/authentik/.claude/settings.local.json index ec2d7f4..d297242 100644 --- a/terraform/authentik/.claude/settings.local.json +++ b/terraform/authentik/.claude/settings.local.json @@ -8,9 +8,12 @@ "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -auto-approve -lock=false)", "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" plan -lock=false)", "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -replace=\"authentik_outpost.outposts[\"\"kubernetes-outpost\"\"]\" -auto-approve -lock=false)", - "Bash(terraform plan:*)" + "Bash(terraform plan:*)", + "Bash(terraform state:*)", + "Bash(TF_VAR_authentik_token=ZDTbu4OKl0UcmdYKG5XgkRThZO7vWX2xz0w5vP2d8sudIr44ccwKOby6iRUa terraform plan:*)", + "Bash(TF_VAR_authentik_token=ZDTbu4OKl0UcmdYKG5XgkRThZO7vWX2xz0w5vP2d8sudIr44ccwKOby6iRUa terraform force-unlock:*)" ], "deny": [], "ask": [] } -} \ No newline at end of file +} diff --git a/terraform/authentik/.terraform.lock.hcl b/terraform/authentik/.terraform.lock.hcl index 397c2e1..d1a105b 100644 --- a/terraform/authentik/.terraform.lock.hcl +++ b/terraform/authentik/.terraform.lock.hcl @@ -2,43 +2,43 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/goauthentik/authentik" { - version = "2025.8.1" - constraints = ">= 2023.10.0, 2025.8.1" + version = "2025.12.1" + constraints = ">= 2023.10.0, 2025.12.1" hashes = [ - "h1:R3h8ADB0Kkv/aoY0AaHkBiX2/P4+GnW8sSgkN30kJfQ=", - "zh:0c3f1083fd48f20ed06959401ff1459fbb5d454d81c8175b5b6d321b308c0be3", - "zh:21c6d93f8d26e688da38a660d121b5624e3597c426c671289f31a17a9771abbf", - "zh:301b5763ffc4c5fe47aa7e851ce0b19f71bab4fae5c81003ad81b38775e85f78", - "zh:4f7ee6473f6a687340538ddac0ec4a0453664186b15fdb0bb2fb5fcd8fb3ad30", - "zh:7927f4f634c9e072d4aa6620d09e97dc83eeb1dbd0667102086779cd5fc495c1", - "zh:84e7c2a3f3de721a54abe4c971d9a163127f5e4af91d023260fea305ac74bcf4", - "zh:92af52aaac518c426164eb731d282f51a5825e64e6a02b0695952177a7af7d9c", - "zh:a6920a54d5df69342f4ea2d903676145b00e7375d2f2eecc0840858d83b3b4a8", - "zh:ac8a60801fc55fd05b3471778f908ed43072e046997c0082644c9602b84dafec", - "zh:b1cc29e2878aa94a3827fd5e1dd8cffb98397aa4093d6a4852c6e53157e9b35f", - "zh:c2d78f308c4d70a16ef4f6d1f4822a64f8f160d0a207f2121904cdd6f4942db4", - "zh:ca970e5776f408059a84b4e17f6ac257ec92afae956be74f3807c548e4567eaa", - "zh:eb2e3650ee0eec033207b6d72fcb938dc5846c6feb8a61ae30d61981ea411269", - "zh:fcb93e51c84ba592bc2b075d7342e475126e5029620959666999b5b1bd11cb98", + "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=", + "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515", + "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962", + "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b", + "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91", + "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f", + "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1", + "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338", + "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7", + "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8", + "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897", + "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3", + "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50", + "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18", + "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.7.2" + version = "3.8.1" constraints = ">= 3.5.0" hashes = [ - "h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=", - "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", - "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", - "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", - "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", - "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", - "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", + "h1:u8AKlWVDTH5r9YLSeswoVEjiY72Rt4/ch7U+61ZDkiQ=", + "zh:08dd03b918c7b55713026037c5400c48af5b9f468f483463321bd18e17b907b4", + "zh:0eee654a5542dc1d41920bbf2419032d6f0d5625b03bd81339e5b33394a3e0ae", + "zh:229665ddf060aa0ed315597908483eee5b818a17d09b6417a0f52fd9405c4f57", + "zh:2469d2e48f28076254a2a3fc327f184914566d9e40c5780b8d96ebf7205f8bc0", + "zh:37d7eb334d9561f335e748280f5535a384a88675af9a9eac439d4cfd663bcb66", + "zh:741101426a2f2c52dee37122f0f4a2f2d6af6d852cb1db634480a86398fa3511", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", - "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", - "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", - "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", - "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", + "zh:a902473f08ef8df62cfe6116bd6c157070a93f66622384300de235a533e9d4a9", + "zh:b85c511a23e57a2147355932b3b6dce2a11e856b941165793a0c3d7578d94d05", + "zh:c5172226d18eaac95b1daac80172287b69d4ce32750c82ad77fa0768be4ea4b8", + "zh:dab4434dba34aad569b0bc243c2d3f3ff86dd7740def373f2a49816bd2ff819b", + "zh:f49fd62aa8c5525a5c17abd51e27ca5e213881d58882fd42fec4a545b53c9699", ] } diff --git a/terraform/authentik/groups.tfvars b/terraform/authentik/groups.tfvars deleted file mode 100644 index 5dd26f7..0000000 --- a/terraform/authentik/groups.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -groups = { - "admins" = { - name = "Administrators" - is_superuser = true - attributes = { - notes = "Managed by Terraform" - } - } -} - diff --git a/terraform/authentik/main.tf b/terraform/authentik/main.tf index b06b050..678db83 100644 --- a/terraform/authentik/main.tf +++ b/terraform/authentik/main.tf @@ -31,7 +31,7 @@ resource "authentik_group" "child_groups" { name = each.value.name is_superuser = each.value.is_superuser - parent = authentik_group.root_groups[each.value.parent].id + parents = authentik_group.root_groups[each.value.parent].id attributes = jsonencode(each.value.attributes) depends_on = [authentik_group.root_groups] @@ -305,4 +305,4 @@ resource "authentik_outpost" "outposts" { module.oauth_applications, module.proxy_applications ] -} \ No newline at end of file +} diff --git a/terraform/authentik/oauth2-apps.tfvars b/terraform/authentik/oauth2-apps.tfvars deleted file mode 100644 index 0dbd77d..0000000 --- a/terraform/authentik/oauth2-apps.tfvars +++ /dev/null @@ -1,192 +0,0 @@ -oauth_applications = { - "paperless" = { - name = "Paperless-NGX" - slug = "paperless" - group = "Tools" - meta_description = "Document management system" - meta_icon = "https://img.icons8.com/fluency/48/documents.png" - redirect_uris = ["https://docs.hexor.cy/accounts/oidc/authentik/login/callback/"] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - create_group = true - access_groups = ["admins"] - } - - "gitea" = { - name = "Gitea" - slug = "gitea" - group = "Tools" - meta_description = "Git repository hosting" - meta_icon = "https://img.icons8.com/?size=100&id=20906&format=png&color=000000" - redirect_uris = ["https://gt.hexor.cy/user/oauth2/Authentik/callback"] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=10" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - } - - "jellyfin" = { - name = "Jellyfin" - slug = "jellyfin" - group = "Media and Storage" - meta_description = "Media streaming server" - meta_icon = "https://img.icons8.com/plasticine/100/jellyfin.png" - redirect_uris = [ - "https://jf.hexor.cy/sso/OID/r/authentik", - "https://jf.hexor.cy/sso/OID/redirect/authentik" - ] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=10" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - } - - "argocd" = { - name = "ArgoCD" - slug = "argocd" - group = "Core" - meta_description = "GitOps deployment tool" - meta_icon = "https://img.icons8.com/color-glass/48/octopus.png" - redirect_uris = ["https://ag.hexor.cy/auth/callback"] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - access_groups = ["admins"] - } - - "grafana" = { - name = "Grafana" - slug = "grafana" - group = "Core" - meta_description = "Monitoring and observability" - meta_icon = "https://img.icons8.com/fluency/48/grafana.png" - redirect_uris = ["https://gf.hexor.cy/login/generic_oauth"] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - } - - "immich" = { - name = "Immich" - slug = "immich" - group = "Media and Storage" - meta_description = "Photo and video management" - meta_icon = "https://img.icons8.com/fluency/48/photos.png" - redirect_uris = [ - "https://photos.hexor.cy/auth/login", - "https://photos.hexor.cy/user-settings", - "app.immich:///oauth-callback", - "http://photos.homenet:30283/auth/login", - "http://photos.homenet:30283/user-settings" - ] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - access_groups = ["admins"] - create_group = true - } - - "pgadmin" = { - name = "Postgres WEB Admin" - slug = "pgadmin" - group = "Core" - meta_description = "PostgreSQL WEB administration" - meta_icon = "https://img.icons8.com/?size=100&id=JRnxU7ZWP4mi&format=png&color=000000" - redirect_uris = ["https://pg.hexor.cy/oauth2/authorize"] - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - } - - "home-assistant-lms" = { - name = "Home Assistant LMS" - slug = "home-assistant-lms" - group = "Internal" - meta_description = "Home Assistant Limassol" - meta_icon = "https://img.icons8.com/stickers/100/smart-home-automation.png" - redirect_uris = [ - "http://ha-lms:8123/auth/oidc/callback", - "http://ha-lms.homenet:8123/auth/oidc/callback", - ] - meta_launch_url = "http://ha-lms:8123/auth/oidc/welcome" - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - create_group = true - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - } - "home-assistant-london" = { - name = "Home Assistant London" - slug = "home-assistant-london" - group = "Internal" - meta_description = "Home Assistant London" - meta_icon = "https://img.icons8.com/stickers/100/smart-home-automation.png" - redirect_uris = [ - "http://ha-london:8123/auth/oidc/callback", - "http://ha-london.tail2fe2d.ts.net:8123/auth/oidc/callback", - ] - meta_launch_url = "http://ha-london:8123/auth/oidc/welcome" - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - create_group = true - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - } - - "openwebui" = { - name = "OpenWeb UI" - slug = "openwebui" - group = "Tools" - meta_description = "OpenWeb UI" - meta_icon = "https://ollama.com/public/ollama.png" - redirect_uris = [ - "https://ai.hexor.cy/oauth/oidc/callback", - ] - meta_launch_url = "https://ai.hexor.cy" - client_type = "confidential" - include_claims_in_id_token = true - access_code_validity = "minutes=1" - access_token_validity = "minutes=5" - refresh_token_validity = "days=30" - scope_mappings = ["openid", "profile", "email"] - access_groups = ["admins"] - create_group = true - signing_key = "1b1b5bec-034a-4d96-871a-133f11322360" - } -} - diff --git a/terraform/authentik/providers.tf b/terraform/authentik/providers.tf index 187bf5e..3a494c8 100644 --- a/terraform/authentik/providers.tf +++ b/terraform/authentik/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.8.1" + version = "2025.12.1" } } } @@ -10,4 +10,4 @@ terraform { provider "authentik" { url = var.authentik_url token = var.authentik_token -} \ No newline at end of file +} diff --git a/terraform/authentik/proxy-apps.tfvars b/terraform/authentik/proxy-apps.tfvars deleted file mode 100644 index 09f0bfb..0000000 --- a/terraform/authentik/proxy-apps.tfvars +++ /dev/null @@ -1,233 +0,0 @@ -proxy_applications = { - "k8s-dashboard" = { - name = "K8S dashboard" - slug = "k8s-dashboard-ns" - group = "Core" - external_host = "https://k8s.hexor.cy" - internal_host = "http://kubernetes-dashboard.kubernetes-dashboard.svc" - internal_host_ssl_validation = false - meta_description = "K8S dashboard chart" - mode = "proxy" - outpost = "kubernetes-outpost" - meta_icon = "https://img.icons8.com/color/48/kubernetes.png" - create_group = true - access_groups = ["admins"] - } - "filemanager" = { - name = "FM filemanager" - slug = "fm-filemanager" - group = "Core" - external_host = "https://fm.hexor.cy" - internal_host = "http://fb-filemanager-filebrowser.syncthing.svc" - internal_host_ssl_validation = false - meta_description = "K8S dashboard chart" - mode = "proxy" - outpost = "kubernetes-outpost" - meta_icon = "https://img.icons8.com/external-anggara-flat-anggara-putra/32/external-folder-basic-user-interface-anggara-flat-anggara-putra.png" - create_group = true - access_groups = ["admins"] - } - - "prometheus" = { - name = "Prometheus" - slug = "prometheus" - group = "Core" - external_host = "https://prom.hexor.cy" - internal_host = "http://prometheus-kube-prometheus-prometheus.prometheus.svc:9090" - meta_description = "" - meta_icon = "https://img.icons8.com/fluency/48/prometheus-app.png" - mode = "proxy" - outpost = "kubernetes-outpost" - internal_host_ssl_validation = false - create_group = true - access_groups = ["admins"] - } - - "kubernetes-secrets" = { - name = "kubernetes-secrets" - slug = "k8s-secret" - group = "Core" - external_host = "https://pass.hexor.cy" - internal_host = "http://secret-reader.k8s-secret.svc:80" - internal_host_ssl_validation = false - meta_description = "" - skip_path_regex = <<-EOT -/webhook -EOT - meta_icon = "https://img.icons8.com/ios-filled/50/password.png" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - "mtproxy-links" = { - name = "mtproxy-links" - slug = "mtproxy-links" - group = "Core" - external_host = "https://proxy.hexor.cy" - internal_host = "http://secret-reader.mtproxy.svc:80" - internal_host_ssl_validation = false - meta_description = "" - skip_path_regex = <<-EOT -/webhook -EOT - meta_icon = "https://img.icons8.com/ios-filled/50/password.png" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - # Tools applications - "vpn" = { - name = "VPN" - slug = "vpn" - group = "Tools" - external_host = "https://of.hexor.cy" - internal_host = "http://outfleet.vpn.svc" - internal_host_ssl_validation = false - meta_description = "" - skip_path_regex = <<-EOT -/u/ -/stat/ -/ss/ -/xray/ -/dynamic/ -EOT - meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - - "outfleet-rs" = { - name = "OutFleet" - slug = "outfleet-rs" - group = "Tools" - external_host = "https://vpn.hexor.cy" - internal_host = "http://outfleet-rs.vpn.svc" - internal_host_ssl_validation = false - meta_description = "" - skip_path_regex = <<-EOT -/sub/ -EOT - meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - "qbittorrent" = { - name = "qBittorent" - slug = "qbittorent" - group = "Tools" - external_host = "https://qbt.hexor.cy" - internal_host = "http://qbittorrent.jellyfin.svc" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/nolan/64/qbittorrent--v2.png" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - - # Media and Storage applications - "kopia" = { - name = "Kopia" - slug = "kopia" - group = "Media and Storage" - external_host = "https://backup.hexor.cy" - internal_host = "http://100.72.135.2:51515" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/external-flaticons-lineal-color-flat-icons/64/external-backup-productivity-flaticons-lineal-color-flat-icons.png" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - - "syncthing-router" = { - name = "Syncthing" - slug = "syncthing" - group = "Media and Storage" - external_host = "https://ss.hexor.cy" - internal_host = "http://syncthing-router.syncthing.svc:80" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/?size=100&id=Id4NcEcXcYzF&format=png&color=000000" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - - "truenas" = { - name = "TrueNAS" - slug = "truenas-proxy" - group = "Media and Storage" - external_host = "https://nas.hexor.cy" - internal_host = "http://10.0.5.107:81" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/dusk/64/nas.png" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } - - "khm" = { - name = "KHM" - slug = "khm" - group = "Media and Storage" - external_host = "https://khm.hexor.cy" - internal_host = "http://khm.khm.svc:8080" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/liquid-glass/48/key.png" - mode = "proxy" - outpost = "kubernetes-outpost" - access_groups = ["admins", "khm"] # Используем существующие группы - create_group = true - access_groups = ["admins"] - } - - "minecraft" = { - name = "Minecraft" - slug = "minecraft" - group = "Media and Storage" - external_host = "https://minecraft.hexor.cy" - internal_host = "http://minecraft-dynmap.minecraft.svc" - internal_host_ssl_validation = false - meta_description = "" - meta_icon = "https://img.icons8.com/color/48/minecraft-grass-cube.png" - mode = "proxy" - outpost = "kubernetes-outpost" - skip_path_regex = <<-EOT -/clients -EOT - } - "pasarguard" = { - name = "PasarGuard" - slug = "pasarguard" - group = "Tools" - external_host = "https://ps.hexor.cy" - internal_host = "https://pasarguard.pasarguard.svc:80" - internal_host_ssl_validation = false - meta_description = "" - skip_path_regex = <<-EOT -/ -/sub/ -/dashboard/ -/api/ -EOT - meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000" - mode = "proxy" - outpost = "kubernetes-outpost" - create_group = true - access_groups = ["admins"] - } -} - diff --git a/terraform/authentik/variables.tf b/terraform/authentik/variables.tf index 317f480..ef52ecd 100644 --- a/terraform/authentik/variables.tf +++ b/terraform/authentik/variables.tf @@ -4,7 +4,7 @@ variable "oauth_applications" { name = string slug = string group = optional(string, "") - policy_engine_mode = optional(string, "all") + policy_engine_mode = optional(string, "any") meta_description = optional(string, "") meta_launch_url = optional(string, "") meta_icon = optional(string, "") @@ -32,7 +32,7 @@ variable "proxy_applications" { name = string slug = string group = optional(string, "") - policy_engine_mode = optional(string, "all") + policy_engine_mode = optional(string, "any") meta_description = optional(string, "") meta_launch_url = optional(string, "") meta_icon = optional(string, "") @@ -60,7 +60,7 @@ variable "saml_applications" { name = string slug = string group = optional(string, "") - policy_engine_mode = optional(string, "all") + policy_engine_mode = optional(string, "any") meta_description = optional(string, "") meta_launch_url = optional(string, "") meta_icon = optional(string, "") @@ -95,7 +95,7 @@ variable "flows" { title = string slug = string designation = string - policy_engine_mode = optional(string, "all") + policy_engine_mode = optional(string, "any") compatibility_mode = optional(bool, false) layout = optional(string, "stacked") denied_action = optional(string, "message_continue")