feat: add miniflux tofu app

2024-03-25 08:48:20 +01:00 · 2024-03-25 08:48:20 +01:00 · fe4e8da22a
commit fe4e8da22a
parent c00e10a505
12 changed files with 50 additions and 23 deletions
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -69,3 +69,18 @@ module "gitea" {
  app_url             = "https://git.roboces.dev/user/oauth2/authentik"
  sub_mode            = "hashed_user_id"
 }
+
+module "miniflux" {
+  source              = "../modules/authentik"
+  app_name            = "Miniflux"
+  app_slug            = "miniflux"
+  client_id           = var.miniflux_client_id
+  client_secret       = var.miniflux_client_secret
+  app_access_group_id = ""
+  redirect_uris       = ["https://feeds.roboces.dev/oauth2/oidc/callback"]
+  app_icon            = "https://miniflux.app/favicon.ico"
+  app_description     = "RSS aggregator"
+  app_publisher       = "Miniflux"
+  app_url             = "https://feeds.roboces.dev"
+  sub_mode            = "hashed_user_id"
+}
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@ -1,8 +1,10 @@
- AUTHENTIK_URL=https://auth.fukurokuju.dev
- AUTHENTIK_TOKEN=
- TF_VAR_argo_workflows_client_id=
- TF_VAR_argo_workflows_client_secret=
- TF_VAR_firezone_client_id=
- TF_VAR_firezone_client_secret=
- TF_VAR_gitea_client_id=
- TF_VAR_gitea_client_secret=
+AUTHENTIK_URL=https://auth.fukurokuju.dev
+AUTHENTIK_TOKEN=
+TF_VAR_argo_workflows_client_id=
+TF_VAR_argo_workflows_client_secret=
+TF_VAR_firezone_client_id=
+TF_VAR_firezone_client_secret=
+TF_VAR_gitea_client_id=
+TF_VAR_gitea_client_secret=
+TF_VAR_miniflux_client_id=
+TF_VAR_miniflux_client_secret=
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -27,3 +27,13 @@ variable "gitea_client_secret" {
  description = "Client secret"
  type        = string
 }
+
+variable "miniflux_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "miniflux_client_secret" {
+  description = "Client secret"
+  type        = string
+}
--- a/tofu/modules/authentik/main.tf
+++ b/tofu/modules/authentik/main.tf
@ -37,15 +37,15 @@ resource "authentik_application" "app" {
  slug              = var.app_slug
  protocol_provider = authentik_provider_oauth2.provider_oidc.id
  open_in_new_tab   = var.open_in_new_tab
-  meta_icon = var.app_icon
-  meta_description = var.app_description
-  meta_publisher = var.app_publisher
-  meta_launch_url = var.app_url
+  meta_icon         = var.app_icon
+  meta_description  = var.app_description
+  meta_publisher    = var.app_publisher
+  meta_launch_url   = var.app_url
 }

 resource "authentik_policy_binding" "app_access" {
  target = authentik_application.app.uuid
  group  = var.app_access_group_id
  order  = 0
-  count = var.app_access_group_id != "" ? 1 : 0
+  count  = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
 }