serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix authentik config

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-09 02:29:08 +02:00
parent 979a386831
commit 424e1db07f
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
9 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/services/authentik.tf
View file

@ -2,10 +2,14 @@ data "authentik_flow" "default_authorization_flow" {
slug = "default-provider-authorization-implicit-consent"
}
data "authentik_certificate_key_pair" "default" {
data "authentik_certificate_key_pair" "ecdsa" {
name = "auth.serguzim.me"
}
data "authentik_certificate_key_pair" "rsa" {
name = "authentik Self-signed Certificate"
}
data "authentik_property_mapping_provider_scope" "default_scopes" {
managed_list = [
"goauthentik.io/providers/oauth2/scope-email",
@ -58,7 +62,9 @@ resource "authentik_provider_oauth2" "service_providers" {
data.authentik_property_mapping_provider_scope.default_scopes.ids,
each.key == "minio" ? [authentik_property_mapping_provider_scope.minio.id] : []
])
signing_key = data.authentik_certificate_key_pair.default.id
signing_key = (each.value.auth_cert == "rsa" ?
data.authentik_certificate_key_pair.rsa.id :
data.authentik_certificate_key_pair.ecdsa.id)
}
resource "authentik_application" "service_applications" {

2
modules/services/output.tf
View file

@ -1,7 +1,7 @@
output "authentik_data" {
value = {
for key in keys(authentik_application.service_applications) : key => {
"base_url" = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}/"
"base_url" = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
"client_id" = authentik_provider_oauth2.service_providers[key].client_id
"client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
}

1
modules/services/variables.tf
View file

@ -37,6 +37,7 @@ variable "services" {
})))
ports = optional(list(string))
auth = bool
auth_cert = optional(string)
auth_redirects = optional(list(string))
s3 = bool
database = bool