ab/homelab
1
1
Fork 1
Code Pull Requests 143 Actions Packages Wiki Activity

Fixed authentik TF code
Some checks failed
Terraform / Terraform (push) Failing after 1m26s
Details
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 1m19s
Details

Browse Source
This commit is contained in:
Ultradesu
2026-03-12 18:14:52 +00:00
parent fa53fdcd93
commit 2b00c7e61e
9 changed files with 44 additions and 476 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/authentik-apps.yaml
View File

@@ -25,7 +25,7 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Setup Terraform - name: Setup Terraform
uses: hashicorp/setup-terraform@v2 uses: hashicorp/setup-terraform@v4.0.0
with: with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

5
terraform/authentik/.claude/settings.local.json
View File

@@ -8,7 +8,10 @@
"Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -auto-approve -lock=false)", "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -auto-approve -lock=false)",
"Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" plan -lock=false)", "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" plan -lock=false)",
"Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -replace=\"authentik_outpost.outposts[\"\"kubernetes-outpost\"\"]\" -auto-approve -lock=false)", "Bash(\"C:\\Users\\ab\\AppData\\Local\\Microsoft\\WinGet\\Packages\\Hashicorp.Terraform_Microsoft.Winget.Source_8wekyb3d8bbwe\\terraform.exe\" apply -replace=\"authentik_outpost.outposts[\"\"kubernetes-outpost\"\"]\" -auto-approve -lock=false)",
"Bash(terraform plan:*)" "Bash(terraform plan:*)",
"Bash(terraform state:*)",
"Bash(TF_VAR_authentik_token=ZDTbu4OKl0UcmdYKG5XgkRThZO7vWX2xz0w5vP2d8sudIr44ccwKOby6iRUa terraform plan:*)",
"Bash(TF_VAR_authentik_token=ZDTbu4OKl0UcmdYKG5XgkRThZO7vWX2xz0w5vP2d8sudIr44ccwKOby6iRUa terraform force-unlock:*)"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

60
terraform/authentik/.terraform.lock.hcl generated
View File

@@ -2,43 +2,43 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/goauthentik/authentik" { provider "registry.terraform.io/goauthentik/authentik" {
version = "2025.8.1" version = "2025.12.1"
constraints = ">= 2023.10.0, 2025.8.1" constraints = ">= 2023.10.0, 2025.12.1"
hashes = [ hashes = [
"h1:R3h8ADB0Kkv/aoY0AaHkBiX2/P4+GnW8sSgkN30kJfQ=", "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=",
"zh:0c3f1083fd48f20ed06959401ff1459fbb5d454d81c8175b5b6d321b308c0be3", "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515",
"zh:21c6d93f8d26e688da38a660d121b5624e3597c426c671289f31a17a9771abbf", "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962",
"zh:301b5763ffc4c5fe47aa7e851ce0b19f71bab4fae5c81003ad81b38775e85f78", "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b",
"zh:4f7ee6473f6a687340538ddac0ec4a0453664186b15fdb0bb2fb5fcd8fb3ad30", "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91",
"zh:7927f4f634c9e072d4aa6620d09e97dc83eeb1dbd0667102086779cd5fc495c1", "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f",
"zh:84e7c2a3f3de721a54abe4c971d9a163127f5e4af91d023260fea305ac74bcf4", "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1",
"zh:92af52aaac518c426164eb731d282f51a5825e64e6a02b0695952177a7af7d9c", "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338",
"zh:a6920a54d5df69342f4ea2d903676145b00e7375d2f2eecc0840858d83b3b4a8", "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7",
"zh:ac8a60801fc55fd05b3471778f908ed43072e046997c0082644c9602b84dafec", "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8",
"zh:b1cc29e2878aa94a3827fd5e1dd8cffb98397aa4093d6a4852c6e53157e9b35f", "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897",
"zh:c2d78f308c4d70a16ef4f6d1f4822a64f8f160d0a207f2121904cdd6f4942db4", "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3",
"zh:ca970e5776f408059a84b4e17f6ac257ec92afae956be74f3807c548e4567eaa", "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50",
"zh:eb2e3650ee0eec033207b6d72fcb938dc5846c6feb8a61ae30d61981ea411269", "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18",
"zh:fcb93e51c84ba592bc2b075d7342e475126e5029620959666999b5b1bd11cb98", "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25",
] ]
} }
provider "registry.terraform.io/hashicorp/random" { provider "registry.terraform.io/hashicorp/random" {
version = "3.7.2" version = "3.8.1"
constraints = ">= 3.5.0" constraints = ">= 3.5.0"
hashes = [ hashes = [
"h1:356j/3XnXEKr9nyicLUufzoF4Yr6hRy481KIxRVpK0c=", "h1:u8AKlWVDTH5r9YLSeswoVEjiY72Rt4/ch7U+61ZDkiQ=",
"zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", "zh:08dd03b918c7b55713026037c5400c48af5b9f468f483463321bd18e17b907b4",
"zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", "zh:0eee654a5542dc1d41920bbf2419032d6f0d5625b03bd81339e5b33394a3e0ae",
"zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", "zh:229665ddf060aa0ed315597908483eee5b818a17d09b6417a0f52fd9405c4f57",
"zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", "zh:2469d2e48f28076254a2a3fc327f184914566d9e40c5780b8d96ebf7205f8bc0",
"zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", "zh:37d7eb334d9561f335e748280f5535a384a88675af9a9eac439d4cfd663bcb66",
"zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", "zh:741101426a2f2c52dee37122f0f4a2f2d6af6d852cb1db634480a86398fa3511",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", "zh:a902473f08ef8df62cfe6116bd6c157070a93f66622384300de235a533e9d4a9",
"zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", "zh:b85c511a23e57a2147355932b3b6dce2a11e856b941165793a0c3d7578d94d05",
"zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", "zh:c5172226d18eaac95b1daac80172287b69d4ce32750c82ad77fa0768be4ea4b8",
"zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", "zh:dab4434dba34aad569b0bc243c2d3f3ff86dd7740def373f2a49816bd2ff819b",
"zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", "zh:f49fd62aa8c5525a5c17abd51e27ca5e213881d58882fd42fec4a545b53c9699",
] ]
} }

10
terraform/authentik/groups.tfvars
View File

@@ -1,10 +0,0 @@
groups = {
"admins" = {
name = "Administrators"
is_superuser = true
attributes = {
notes = "Managed by Terraform"
}
}
}

2
terraform/authentik/main.tf
View File

@@ -31,7 +31,7 @@ resource "authentik_group" "child_groups" {
name = each.value.name name = each.value.name
is_superuser = each.value.is_superuser is_superuser = each.value.is_superuser
parent = authentik_group.root_groups[each.value.parent].id parents = authentik_group.root_groups[each.value.parent].id
attributes = jsonencode(each.value.attributes) attributes = jsonencode(each.value.attributes)
depends_on = [authentik_group.root_groups] depends_on = [authentik_group.root_groups]

192
terraform/authentik/oauth2-apps.tfvars
View File

@@ -1,192 +0,0 @@
oauth_applications = {
"paperless" = {
name = "Paperless-NGX"
slug = "paperless"
group = "Tools"
meta_description = "Document management system"
meta_icon = "https://img.icons8.com/fluency/48/documents.png"
redirect_uris = ["https://docs.hexor.cy/accounts/oidc/authentik/login/callback/"]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
create_group = true
access_groups = ["admins"]
}
"gitea" = {
name = "Gitea"
slug = "gitea"
group = "Tools"
meta_description = "Git repository hosting"
meta_icon = "https://img.icons8.com/?size=100&id=20906&format=png&color=000000"
redirect_uris = ["https://gt.hexor.cy/user/oauth2/Authentik/callback"]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=10"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
}
"jellyfin" = {
name = "Jellyfin"
slug = "jellyfin"
group = "Media and Storage"
meta_description = "Media streaming server"
meta_icon = "https://img.icons8.com/plasticine/100/jellyfin.png"
redirect_uris = [
"https://jf.hexor.cy/sso/OID/r/authentik",
"https://jf.hexor.cy/sso/OID/redirect/authentik"
]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=10"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
}
"argocd" = {
name = "ArgoCD"
slug = "argocd"
group = "Core"
meta_description = "GitOps deployment tool"
meta_icon = "https://img.icons8.com/color-glass/48/octopus.png"
redirect_uris = ["https://ag.hexor.cy/auth/callback"]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
access_groups = ["admins"]
}
"grafana" = {
name = "Grafana"
slug = "grafana"
group = "Core"
meta_description = "Monitoring and observability"
meta_icon = "https://img.icons8.com/fluency/48/grafana.png"
redirect_uris = ["https://gf.hexor.cy/login/generic_oauth"]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
}
"immich" = {
name = "Immich"
slug = "immich"
group = "Media and Storage"
meta_description = "Photo and video management"
meta_icon = "https://img.icons8.com/fluency/48/photos.png"
redirect_uris = [
"https://photos.hexor.cy/auth/login",
"https://photos.hexor.cy/user-settings",
"app.immich:///oauth-callback",
"http://photos.homenet:30283/auth/login",
"http://photos.homenet:30283/user-settings"
]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
access_groups = ["admins"]
create_group = true
}
"pgadmin" = {
name = "Postgres WEB Admin"
slug = "pgadmin"
group = "Core"
meta_description = "PostgreSQL WEB administration"
meta_icon = "https://img.icons8.com/?size=100&id=JRnxU7ZWP4mi&format=png&color=000000"
redirect_uris = ["https://pg.hexor.cy/oauth2/authorize"]
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
}
"home-assistant-lms" = {
name = "Home Assistant LMS"
slug = "home-assistant-lms"
group = "Internal"
meta_description = "Home Assistant Limassol"
meta_icon = "https://img.icons8.com/stickers/100/smart-home-automation.png"
redirect_uris = [
"http://ha-lms:8123/auth/oidc/callback",
"http://ha-lms.homenet:8123/auth/oidc/callback",
]
meta_launch_url = "http://ha-lms:8123/auth/oidc/welcome"
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
create_group = true
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
}
"home-assistant-london" = {
name = "Home Assistant London"
slug = "home-assistant-london"
group = "Internal"
meta_description = "Home Assistant London"
meta_icon = "https://img.icons8.com/stickers/100/smart-home-automation.png"
redirect_uris = [
"http://ha-london:8123/auth/oidc/callback",
"http://ha-london.tail2fe2d.ts.net:8123/auth/oidc/callback",
]
meta_launch_url = "http://ha-london:8123/auth/oidc/welcome"
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
create_group = true
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
}
"openwebui" = {
name = "OpenWeb UI"
slug = "openwebui"
group = "Tools"
meta_description = "OpenWeb UI"
meta_icon = "https://ollama.com/public/ollama.png"
redirect_uris = [
"https://ai.hexor.cy/oauth/oidc/callback",
]
meta_launch_url = "https://ai.hexor.cy"
client_type = "confidential"
include_claims_in_id_token = true
access_code_validity = "minutes=1"
access_token_validity = "minutes=5"
refresh_token_validity = "days=30"
scope_mappings = ["openid", "profile", "email"]
access_groups = ["admins"]
create_group = true
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
}
}

2
terraform/authentik/providers.tf
View File

@@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2025.8.1" version = "2025.12.1"
} }
} }
} }

233
terraform/authentik/proxy-apps.tfvars
View File

@@ -1,233 +0,0 @@
proxy_applications = {
"k8s-dashboard" = {
name = "K8S dashboard"
slug = "k8s-dashboard-ns"
group = "Core"
external_host = "https://k8s.hexor.cy"
internal_host = "http://kubernetes-dashboard.kubernetes-dashboard.svc"
internal_host_ssl_validation = false
meta_description = "K8S dashboard chart"
mode = "proxy"
outpost = "kubernetes-outpost"
meta_icon = "https://img.icons8.com/color/48/kubernetes.png"
create_group = true
access_groups = ["admins"]
}
"filemanager" = {
name = "FM filemanager"
slug = "fm-filemanager"
group = "Core"
external_host = "https://fm.hexor.cy"
internal_host = "http://fb-filemanager-filebrowser.syncthing.svc"
internal_host_ssl_validation = false
meta_description = "K8S dashboard chart"
mode = "proxy"
outpost = "kubernetes-outpost"
meta_icon = "https://img.icons8.com/external-anggara-flat-anggara-putra/32/external-folder-basic-user-interface-anggara-flat-anggara-putra.png"
create_group = true
access_groups = ["admins"]
}
"prometheus" = {
name = "Prometheus"
slug = "prometheus"
group = "Core"
external_host = "https://prom.hexor.cy"
internal_host = "http://prometheus-kube-prometheus-prometheus.prometheus.svc:9090"
meta_description = ""
meta_icon = "https://img.icons8.com/fluency/48/prometheus-app.png"
mode = "proxy"
outpost = "kubernetes-outpost"
internal_host_ssl_validation = false
create_group = true
access_groups = ["admins"]
}
"kubernetes-secrets" = {
name = "kubernetes-secrets"
slug = "k8s-secret"
group = "Core"
external_host = "https://pass.hexor.cy"
internal_host = "http://secret-reader.k8s-secret.svc:80"
internal_host_ssl_validation = false
meta_description = ""
skip_path_regex = <<-EOT
/webhook
EOT
meta_icon = "https://img.icons8.com/ios-filled/50/password.png"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"mtproxy-links" = {
name = "mtproxy-links"
slug = "mtproxy-links"
group = "Core"
external_host = "https://proxy.hexor.cy"
internal_host = "http://secret-reader.mtproxy.svc:80"
internal_host_ssl_validation = false
meta_description = ""
skip_path_regex = <<-EOT
/webhook
EOT
meta_icon = "https://img.icons8.com/ios-filled/50/password.png"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
# Tools applications
"vpn" = {
name = "VPN"
slug = "vpn"
group = "Tools"
external_host = "https://of.hexor.cy"
internal_host = "http://outfleet.vpn.svc"
internal_host_ssl_validation = false
meta_description = ""
skip_path_regex = <<-EOT
/u/
/stat/
/ss/
/xray/
/dynamic/
EOT
meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"outfleet-rs" = {
name = "OutFleet"
slug = "outfleet-rs"
group = "Tools"
external_host = "https://vpn.hexor.cy"
internal_host = "http://outfleet-rs.vpn.svc"
internal_host_ssl_validation = false
meta_description = ""
skip_path_regex = <<-EOT
/sub/
EOT
meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"qbittorrent" = {
name = "qBittorent"
slug = "qbittorent"
group = "Tools"
external_host = "https://qbt.hexor.cy"
internal_host = "http://qbittorrent.jellyfin.svc"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/nolan/64/qbittorrent--v2.png"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
# Media and Storage applications
"kopia" = {
name = "Kopia"
slug = "kopia"
group = "Media and Storage"
external_host = "https://backup.hexor.cy"
internal_host = "http://100.72.135.2:51515"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/external-flaticons-lineal-color-flat-icons/64/external-backup-productivity-flaticons-lineal-color-flat-icons.png"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"syncthing-router" = {
name = "Syncthing"
slug = "syncthing"
group = "Media and Storage"
external_host = "https://ss.hexor.cy"
internal_host = "http://syncthing-router.syncthing.svc:80"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/?size=100&id=Id4NcEcXcYzF&format=png&color=000000"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"truenas" = {
name = "TrueNAS"
slug = "truenas-proxy"
group = "Media and Storage"
external_host = "https://nas.hexor.cy"
internal_host = "http://10.0.5.107:81"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/dusk/64/nas.png"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
"khm" = {
name = "KHM"
slug = "khm"
group = "Media and Storage"
external_host = "https://khm.hexor.cy"
internal_host = "http://khm.khm.svc:8080"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/liquid-glass/48/key.png"
mode = "proxy"
outpost = "kubernetes-outpost"
access_groups = ["admins", "khm"] # Используем существующие группы
create_group = true
access_groups = ["admins"]
}
"minecraft" = {
name = "Minecraft"
slug = "minecraft"
group = "Media and Storage"
external_host = "https://minecraft.hexor.cy"
internal_host = "http://minecraft-dynmap.minecraft.svc"
internal_host_ssl_validation = false
meta_description = ""
meta_icon = "https://img.icons8.com/color/48/minecraft-grass-cube.png"
mode = "proxy"
outpost = "kubernetes-outpost"
skip_path_regex = <<-EOT
/clients
EOT
}
"pasarguard" = {
name = "PasarGuard"
slug = "pasarguard"
group = "Tools"
external_host = "https://ps.hexor.cy"
internal_host = "https://pasarguard.pasarguard.svc:80"
internal_host_ssl_validation = false
meta_description = ""
skip_path_regex = <<-EOT
/
/sub/
/dashboard/
/api/
EOT
meta_icon = "https://img.icons8.com/?size=100&id=fqAD3lAB6zTe&format=png&color=000000"
mode = "proxy"
outpost = "kubernetes-outpost"
create_group = true
access_groups = ["admins"]
}
}

8
terraform/authentik/variables.tf
View File

@@ -4,7 +4,7 @@ variable "oauth_applications" {
name = string name = string
slug = string slug = string
group = optional(string, "") group = optional(string, "")
policy_engine_mode = optional(string, "all") policy_engine_mode = optional(string, "any")
meta_description = optional(string, "") meta_description = optional(string, "")
meta_launch_url = optional(string, "") meta_launch_url = optional(string, "")
meta_icon = optional(string, "") meta_icon = optional(string, "")
@@ -32,7 +32,7 @@ variable "proxy_applications" {
name = string name = string
slug = string slug = string
group = optional(string, "") group = optional(string, "")
policy_engine_mode = optional(string, "all") policy_engine_mode = optional(string, "any")
meta_description = optional(string, "") meta_description = optional(string, "")
meta_launch_url = optional(string, "") meta_launch_url = optional(string, "")
meta_icon = optional(string, "") meta_icon = optional(string, "")
@@ -60,7 +60,7 @@ variable "saml_applications" {
name = string name = string
slug = string slug = string
group = optional(string, "") group = optional(string, "")
policy_engine_mode = optional(string, "all") policy_engine_mode = optional(string, "any")
meta_description = optional(string, "") meta_description = optional(string, "")
meta_launch_url = optional(string, "") meta_launch_url = optional(string, "")
meta_icon = optional(string, "") meta_icon = optional(string, "")
@@ -95,7 +95,7 @@ variable "flows" {
title = string title = string
slug = string slug = string
designation = string designation = string
policy_engine_mode = optional(string, "all") policy_engine_mode = optional(string, "any")
compatibility_mode = optional(bool, false) compatibility_mode = optional(bool, false)
layout = optional(string, "stacked") layout = optional(string, "stacked")
denied_action = optional(string, "message_continue") denied_action = optional(string, "message_continue")