feat: add firezone tofu app

tofu/authentik/main.tf

@@ -21,6 +21,11 @@ resource "authentik_group" "ci" {
   users = [data.authentik_user.catalin.id]
 }
 
+resource "authentik_group" "admins" {
+  name = "authentik Admins"
+  is_superuser = true
+}
+
 module "argo-workflows" {
   source              = "../modules/authentik"
   app_name            = "Argo Workflows"
@@ -28,6 +33,24 @@ module "argo-workflows" {
   client_id           = var.argo_workflows_client_id
   client_secret       = var.argo_workflows_client_secret
   app_access_group_id = authentik_group.ci.id
-  redirect_uris = ["https://ci.fuku/oauth2/callback"]
-  app_icon = "https://argoproj.github.io/icons/icon-512x512.png"
+  redirect_uris       = ["https://ci.fuku/oauth2/callback"]
+  app_icon            = "https://argoproj.github.io/icons/icon-512x512.png"
+  app_description = "Kubernetes-native workflow engine supporting DAG and step-based workflows"
+  app_publisher = "Argo Project"
+  app_url = "https://ci.fuku"
+}
+
+module "firezone" {
+  source              = "../modules/authentik"
+  app_name            = "Firezone"
+  app_slug            = "firezone"
+  client_id           = var.firezone_client_id
+  client_secret       = var.firezone_client_secret
+  app_access_group_id = authentik_group.admins.id
+  redirect_uris       = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"]
+  app_icon            = "https://www.firezone.dev/icon.svg"
+  app_description = "VPN"
+  app_publisher = "Firezone"
+  app_url = "https://fz.fukurokuju.dev"
+  sub_mode = "hashed_user_id"
 }