From 7a4f608d2e8df5a030bb2afd15e311b9f7a8eddc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Wed, 28 Jan 2026 11:07:42 +0100 Subject: [PATCH] feat: add jellyseerr --- tofu/authentik/main.tf | 25 ++++++++---- tofu/modules/authentik-app/main.tf | 26 +++++++++++++ tofu/modules/authentik-app/vars.tf | 62 ++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 8 deletions(-) create mode 100644 tofu/modules/authentik-app/main.tf create mode 100644 tofu/modules/authentik-app/vars.tf diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 42c0582..7979f79 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -52,6 +52,7 @@ resource "authentik_group" "mediamanager" { is_superuser = false } + module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" @@ -133,7 +134,7 @@ module "sonarr" { app_slug = "sonarr" app_access_group_id = authentik_group.arrs.id app_url = "https://sonarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:38013/" + internal_host = "http://192.168.1.3:30113/" internal_host_ssl_validation = false app_icon = "https://sonarr.tv/img/logo.png" } @@ -144,7 +145,7 @@ module "radarr" { app_slug = "radarr" app_access_group_id = authentik_group.arrs.id app_url = "https://radarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:38012/" + internal_host = "http://192.168.1.3:30025/" internal_host_ssl_validation = false app_icon = "https://radarr.video/img/background/logo.png" } @@ -155,7 +156,7 @@ module "lidarr" { app_slug = "lidarr" app_access_group_id = authentik_group.arrs.id app_url = "https://lidarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:38010/" + internal_host = "http://192.168.1.3:30071/" internal_host_ssl_validation = false app_icon = "https://lidarr.audio/img/background/logo.png" } @@ -176,7 +177,7 @@ module "prowlarr" { app_slug = "prowlarr" app_access_group_id = authentik_group.admins.id app_url = "https://prowlarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:38014" + internal_host = "http://192.168.1.3:30050" internal_host_ssl_validation = false } @@ -204,13 +205,11 @@ module "sftpgo" { sub_mode = "user_username" } - module "rustical" { source = "../modules/authentik-oidc" app_name = "rustical" app_slug = "rustical" app_url = "https://cal.roboces.dev" - app_icon = "https://cal.roboces.dev/favicon.ico" client_id = var.rustical_client_id client_secret = var.rustical_client_secret redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }] @@ -224,7 +223,7 @@ module "jellyfin" { base_dn = "DC=ldap,DC=fukurokuju,DC=dev" name = "jellyfin" app_url = "https://jelly.roboces.dev" - app_icon = "https://jelly.roboces.dev/favicon.ico" + app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png" app_access_group_id = authentik_group.arrs.id } @@ -235,7 +234,7 @@ module "tandoor" { app_access_group_id = "" app_url = "https://recipes.roboces.dev" redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }] - app_icon = "https://recipes.roboces.dev/favicon.icon" + app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png" client_id = var.tandoor_client_id client_secret = var.tandoor_client_secret } @@ -251,3 +250,13 @@ module "ganymede" { app_icon = "https://vods.roboces.dev/favicon.ico" app_access_group_id = authentik_group.vods.id } + +module "jellyseerr" { + source = "../modules/authentik-app" + app_name = "Solicitudes Jelly" + app_slug = "jellyseer" + app_url = "https://requests.roboces.dev" + app_icon = "https://requests.roboces.dev/os_icon.svg" + app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin" + app_access_group_id = authentik_group.arrs.id +} diff --git a/tofu/modules/authentik-app/main.tf b/tofu/modules/authentik-app/main.tf new file mode 100644 index 0000000..778e119 --- /dev/null +++ b/tofu/modules/authentik-app/main.tf @@ -0,0 +1,26 @@ +terraform { + required_version = ">= 1.6" + required_providers { + authentik = { + source = "goauthentik/authentik" + version = "2025.12.0" + } + } +} + +resource "authentik_application" "app" { + name = var.app_name + slug = var.app_slug + open_in_new_tab = var.open_in_new_tab + meta_icon = var.app_icon + meta_description = var.app_description + meta_publisher = var.app_publisher + meta_launch_url = var.app_url +} + +resource "authentik_policy_binding" "app_access" { + target = authentik_application.app.uuid + group = var.app_access_group_id + order = 0 + count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists +} diff --git a/tofu/modules/authentik-app/vars.tf b/tofu/modules/authentik-app/vars.tf new file mode 100644 index 0000000..445710f --- /dev/null +++ b/tofu/modules/authentik-app/vars.tf @@ -0,0 +1,62 @@ +variable "app_name" { + description = "App name" + type = string +} + +variable "app_slug" { + description = "App slug, a human-readable URL identifier, e.g.: Google -> google" + type = string +} + + +variable "client_type" { + type = string + default = "confidential" + + validation { + condition = contains(["confidential", "public"], var.client_type) + error_message = "client_type must be 'confidential' or 'public'" + } +} + +variable "app_access_group_id" { + description = "ID of a group which will have access to the app" + type = string +} + +variable "sub_mode" { + type = string + default = "user_username" + + validation { + condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode) + error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'" + } +} + + +variable "open_in_new_tab" { + type = bool + description = "Open apps in a new tab" + default = true +} + +variable "app_icon" { + type = string + default = "" +} + +variable "app_description" { + type = string + default = "" +} + +variable "app_publisher" { + type = string + default = "" +} + +variable "app_url" { + type = string + default = "" +}