Move terraform files into modules

2024-09-30 01:22:03 +02:00 · 2024-09-30 01:22:03 +02:00 · bae9fe9e0f
commit bae9fe9e0f
parent 4e495dbc51
14 changed files with 286 additions and 104 deletions
--- a/modules/services/authentik.tf
+++ b/modules/services/authentik.tf
@ -0,0 +1,33 @@
+data "authentik_flow" "default_authorization_flow" {
+  slug = "default-provider-authorization-implicit-consent"
+}
+
+data "authentik_certificate_key_pair" "default" {
+  name = "auth.serguzim.me"
+}
+
+data "authentik_property_mapping_provider_scope" "default_scopes" {
+  managed_list = [
+    "goauthentik.io/providers/oauth2/scope-email",
+    "goauthentik.io/providers/oauth2/scope-openid",
+    "goauthentik.io/providers/oauth2/scope-profile"
+  ]
+}
+
+resource "authentik_provider_oauth2" "service_providers" {
+  for_each           = local.services_auth
+  name               = each.value.name
+  client_type        = "confidential"
+  client_id          = each.value.name
+  authorization_flow = data.authentik_flow.default_authorization_flow.id
+  redirect_uris      = each.value.auth_redirects
+  property_mappings  = data.authentik_property_mapping_provider_scope.default_scopes.ids
+  signing_key        = data.authentik_certificate_key_pair.default.id
+}
+
+resource "authentik_application" "service_applications" {
+  for_each          = local.services_auth
+  name              = each.value.name
+  slug              = "${each.value.subdomain}-serguzim-me"
+  protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
+}