feat: add miniflux tofu app

2024-03-25 08:48:20 +01:00 · 2024-03-25 08:48:20 +01:00 · fe4e8da22a
commit fe4e8da22a
parent c00e10a505
12 changed files with 50 additions and 23 deletions
--- a/ansible/gitea/gitea-playbook.yml
+++ b/ansible/gitea/gitea-playbook.yml
@ -3,4 +3,4 @@
    - giteas

  roles:
-    - role: roles/gitea
+    - role: roles/gitea
--- a/ansible/gitea/roles/gitea/tasks/main.yml
+++ b/ansible/gitea/roles/gitea/tasks/main.yml
@ -20,4 +20,4 @@
  ansible.builtin.systemd_service:
    state: restarted
    daemon_reload: true
-    name: gitea
+    name: gitea
--- a/ansible/gitea/sample.env
+++ b/ansible/gitea/sample.env
@ -12,4 +12,4 @@ GITEA_MAILER_HOST=mail.fukurokuju.dev:587
 GITEA_MAILER_FROM=git@fukurokuju.dev
 GITEA_MAILER_USER=
 GITEA_MAILER_PASSWORD=
-GITEA_NO_REPLY_ADDRESS=git@fukurokuju.dev
+GITEA_NO_REPLY_ADDRESS=git@fukurokuju.dev
--- a/ansible/inventory
+++ b/ansible/inventory
@ -23,4 +23,4 @@ ansible_user=ci
 gitea.fuku

 [giteas:vars]
-ansible_user=root
+ansible_user=root
--- a/k8s/argo-apps/loki.yaml
+++ b/k8s/argo-apps/loki.yaml
@ -90,11 +90,11 @@ spec:
              - job_name: 'argocd-notifications-controller-metrics'
                static_configs:
                  - targets: ["argocd-notifications-controller-metrics.argocd:9001"]
-              
+
              - job_name: 'miniflux'
                static_configs:
                  - targets: ["miniflux-service.apps-roboces:8888"]
-              
+
              - job_name: 'authentik'
                static_configs:
                  - targets: ["authentik-server-metrics.apps-fuku:9300"]
--- a/k8s/services/argo-workflows/admin-service-account.yaml
+++ b/k8s/services/argo-workflows/admin-service-account.yaml
@ -28,4 +28,4 @@ metadata:
  namespace: argo-workflows
  annotations:
    kubernetes.io/service-account.name: admin-user
-type: kubernetes.io/service-account-token
+type: kubernetes.io/service-account-token
--- a/k8s/services/argo/project-management.yaml
+++ b/k8s/services/argo/project-management.yaml
@ -29,4 +29,4 @@ spec:
    - https://kubernetes-sigs.github.io/descheduler/
    - https://github.com/rancher/system-upgrade-controller.git
    - https://charts.bitnami.com/bitnami
-    - https://argoproj.github.io/argo-helm
+    - https://argoproj.github.io/argo-helm
--- a/k8s/services/authentik/serverstransport.yaml
+++ b/k8s/services/authentik/serverstransport.yaml
@ -5,4 +5,4 @@ metadata:
  name: skipverify-authentik
  namespace: apps-fuku
 spec:
-  insecureSkipVerify: true
+  insecureSkipVerify: true
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -69,3 +69,18 @@ module "gitea" {
  app_url             = "https://git.roboces.dev/user/oauth2/authentik"
  sub_mode            = "hashed_user_id"
 }
+
+module "miniflux" {
+  source              = "../modules/authentik"
+  app_name            = "Miniflux"
+  app_slug            = "miniflux"
+  client_id           = var.miniflux_client_id
+  client_secret       = var.miniflux_client_secret
+  app_access_group_id = ""
+  redirect_uris       = ["https://feeds.roboces.dev/oauth2/oidc/callback"]
+  app_icon            = "https://miniflux.app/favicon.ico"
+  app_description     = "RSS aggregator"
+  app_publisher       = "Miniflux"
+  app_url             = "https://feeds.roboces.dev"
+  sub_mode            = "hashed_user_id"
+}
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@ -1,8 +1,10 @@
- AUTHENTIK_URL=https://auth.fukurokuju.dev
- AUTHENTIK_TOKEN=
- TF_VAR_argo_workflows_client_id=
- TF_VAR_argo_workflows_client_secret=
- TF_VAR_firezone_client_id=
- TF_VAR_firezone_client_secret=
- TF_VAR_gitea_client_id=
- TF_VAR_gitea_client_secret=
+AUTHENTIK_URL=https://auth.fukurokuju.dev
+AUTHENTIK_TOKEN=
+TF_VAR_argo_workflows_client_id=
+TF_VAR_argo_workflows_client_secret=
+TF_VAR_firezone_client_id=
+TF_VAR_firezone_client_secret=
+TF_VAR_gitea_client_id=
+TF_VAR_gitea_client_secret=
+TF_VAR_miniflux_client_id=
+TF_VAR_miniflux_client_secret=
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -27,3 +27,13 @@ variable "gitea_client_secret" {
  description = "Client secret"
  type        = string
 }
+
+variable "miniflux_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "miniflux_client_secret" {
+  description = "Client secret"
+  type        = string
+}
--- a/tofu/modules/authentik/main.tf
+++ b/tofu/modules/authentik/main.tf
@ -37,15 +37,15 @@ resource "authentik_application" "app" {
  slug              = var.app_slug
  protocol_provider = authentik_provider_oauth2.provider_oidc.id
  open_in_new_tab   = var.open_in_new_tab
-  meta_icon = var.app_icon
-  meta_description = var.app_description
-  meta_publisher = var.app_publisher
-  meta_launch_url = var.app_url
+  meta_icon         = var.app_icon
+  meta_description  = var.app_description
+  meta_publisher    = var.app_publisher
+  meta_launch_url   = var.app_url
 }

 resource "authentik_policy_binding" "app_access" {
  target = authentik_application.app.uuid
  group  = var.app_access_group_id
  order  = 0
-  count = var.app_access_group_id != "" ? 1 : 0
-}
+  count  = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
+}