Fix authentik config

2024-10-09 02:29:08 +02:00 · 2024-10-09 02:29:08 +02:00 · 424e1db07f
commit 424e1db07f
parent 979a386831
9 changed files with 17 additions and 7 deletions
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@ -88,6 +88,7 @@ variable "services" {
    })))
    ports = optional(list(string))
    auth = bool
+    auth_cert = optional(string)
    auth_redirects = optional(list(string))
    s3 = bool
    database = bool
--- a/modules/services/authentik.tf
+++ b/modules/services/authentik.tf
@ -2,10 +2,14 @@ data "authentik_flow" "default_authorization_flow" {
  slug = "default-provider-authorization-implicit-consent"
 }

-data "authentik_certificate_key_pair" "default" {
+data "authentik_certificate_key_pair" "ecdsa" {
  name = "auth.serguzim.me"
 }

+data "authentik_certificate_key_pair" "rsa" {
+  name = "authentik Self-signed Certificate"
+}
+
 data "authentik_property_mapping_provider_scope" "default_scopes" {
  managed_list = [
    "goauthentik.io/providers/oauth2/scope-email",
@ -58,7 +62,9 @@ resource "authentik_provider_oauth2" "service_providers" {
      data.authentik_property_mapping_provider_scope.default_scopes.ids,
      each.key == "minio" ? [authentik_property_mapping_provider_scope.minio.id] : []
  ])
-  signing_key        = data.authentik_certificate_key_pair.default.id
+  signing_key        = (each.value.auth_cert == "rsa" ?
+      data.authentik_certificate_key_pair.rsa.id :
+      data.authentik_certificate_key_pair.ecdsa.id)
 }

 resource "authentik_application" "service_applications" {
--- a/modules/services/output.tf
+++ b/modules/services/output.tf
@ -1,7 +1,7 @@
 output "authentik_data" {
  value = {
    for key in keys(authentik_application.service_applications) : key => {
-      "base_url"      = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}/"
+      "base_url"      = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
      "client_id"     = authentik_provider_oauth2.service_providers[key].client_id
      "client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
    }
--- a/modules/services/variables.tf
+++ b/modules/services/variables.tf
@ -37,6 +37,7 @@ variable "services" {
    })))
    ports = optional(list(string))
    auth = bool
+    auth_cert = optional(string)
    auth_redirects = optional(list(string))
    s3 = bool
    database = bool