ab/homelab

Fork 1

Files

History

AB-UK 27bc3f31c9

Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s

Details

Terraform / Terraform (push) Failing after 12s

Details

Fixed IDM outpust

2026-03-18 11:59:13 +00:00

modules

Added Authentik TF code

2025-09-16 15:28:50 +03:00

.terraform.lock.hcl

Fixed authentik TF code

2026-03-12 18:14:52 +00:00

groups.auto.tfvars

Fixed authentik

2026-03-12 21:22:45 +00:00

main.tf

Fixed IDM outpust

2026-03-18 11:39:11 +00:00

oauth2-apps.auto.tfvars

Fixed furumi oauth app

2026-03-17 15:19:12 +00:00

outputs.tf

Added wiki generator

2025-09-16 16:24:30 +03:00

providers.tf

Fixed authentik TF code

2026-03-12 18:14:52 +00:00

proxy-apps.auto.tfvars

Fixed IDM outpust

2026-03-18 11:59:13 +00:00

README.md

Update TF readmi

2026-03-12 18:20:40 +00:00

state.tf

Added Authentik TF code

2025-09-16 15:28:50 +03:00

terraform.tfvars

Added Authentik TF code

2025-09-16 15:35:36 +03:00

variables.tf

Fixed authentik TF code

2026-03-12 18:14:52 +00:00

README.md

Authentik Terraform Configuration

Root Terraform configuration for managing Authentik SSO — applications (OAuth2/OIDC, Proxy, SAML), groups, outposts, flows, certificates, and property mappings.

State is stored in Terraform Cloud (organization ultradesu, workspace Authentik).

Structure

.
├── main.tf                      # Resources: groups, outposts, policy bindings, module calls
├── variables.tf                 # Input variable definitions
├── outputs.tf                   # Outputs (app details, groups, flows, wiki data)
├── providers.tf                 # Authentik provider (goauthentik/authentik 2025.12.1)
├── state.tf                     # Terraform Cloud backend
├── terraform.tfvars             # General settings: authentik_url, outposts, flows, tags
├── oauth2-apps.auto.tfvars      # OAuth2/OIDC application definitions
├── proxy-apps.auto.tfvars       # Proxy application definitions
├── groups.auto.tfvars           # Group definitions
└── modules/
    ├── oauth-provider/          # OAuth2/OIDC provider + application
    ├── proxy-provider/          # Proxy provider + application
    └── saml-provider/           # SAML provider + application

Usage

# Set the API token
export TF_VAR_authentik_token="..."

terraform init
terraform plan
terraform apply

All *.auto.tfvars files are loaded automatically — no -var-file flags needed.

Adding applications

OAuth2/OIDC — add to oauth2-apps.auto.tfvars:

oauth_applications = {
  "my-app" = {
    name          = "My App"
    slug          = "my-app"
    group         = "Tools"
    redirect_uris = ["https://my-app.example.com/callback"]
    create_group  = true
    access_groups = ["admins"]
  }
}

Proxy — add to proxy-apps.auto.tfvars:

proxy_applications = {
  "my-proxy" = {
    name          = "My Proxy"
    slug          = "my-proxy"
    group         = "Tools"
    external_host = "https://my-proxy.example.com"
    internal_host = "http://my-service.namespace.svc:80"
    outpost       = "kubernetes-outpost"
    create_group  = true
    access_groups = ["admins"]
  }
}

CI/CD

Managed via Gitea Actions (.gitea/workflows/authentik-apps.yaml). Runs terraform apply on push to main when files in terraform/authentik/ change. Also generates a wiki page with the applications list.

Requirements

Terraform >= 1.0
goauthentik/authentik provider 2025.12.1
Authentik API token with admin permissions