diff --git a/.forgejo/workflows/deploy-tofu.yaml b/.forgejo/workflows/deploy-tofu.yaml index 3f7a401..211d8db 100644 --- a/.forgejo/workflows/deploy-tofu.yaml +++ b/.forgejo/workflows/deploy-tofu.yaml @@ -14,7 +14,7 @@ jobs: - uses: https://code.forgejo.org/actions/checkout@v4 - uses: opentofu/setup-opentofu@v1 with: - tofu_version: 1.7.0 + tofu_version: 1.8.1 - name: Deploy env: AUTHENTIK_URL: ${{ secrets.AUTHENTIK_URL }} diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index 955585a..13843fa 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -5,19 +5,20 @@ provider "registry.opentofu.org/goauthentik/authentik" { version = "2024.8.2" constraints = "2024.8.2" hashes = [ - "h1:+RVux9TSmkUsxIinptup4oOdfzObeXLaOnc0oi0Vat4=", - "h1:A7QTemIzwGczjtF83aq4UeZuHeDCI3V95tPxvRbr1Us=", - "h1:CW1zudHvXdxnoHNSFpPUuHL5b6OfjN64e9vXWg7XW0g=", - "h1:EQFfUrVDOolYS1vnQCycM8h/sJ5kSmaaLlgarMaGeUA=", - "h1:IDQUpQ0ywLW8e76Ua0KDNL2yQK6gPzZDmr6IR2+vggg=", - "h1:MTDeGtUV4fv0p5mBrixtih0ZCxSs9nVY6Cg/d9QSirU=", - "h1:OlGx4JID7vw8lv7pLOP37p6YG5kFVNW2D3uK3n0dtPA=", - "h1:UFfuygHbOClWv7qQRdOrQ78sb90AX7H9M0G4NfXvBs0=", - "h1:YUYGP/59f6rR8MfSLfO1ZDSHzR/ftLC8AcAODpX/E+I=", - "h1:YwAH0SX7sTqc2lBt6Qksxrs1QwuRHFut5OS6aRC401g=", - "h1:ZraJmKi78q13HZBD9GBqtOMNsqUWVkbHHJHmJpmEe2E=", "h1:a/zGxz5mU9L/j0s0QuhBFDNw057ZzsEhD8aaH4YTsjI=", - "h1:eBg0O2cBNQiDPCY+h3lLkQRxdkgHRaP/RwwtA75WgeA=", - "h1:j8xZm+N7SRKlaJwGzXDzWD3awDcCrD+jz257F7JFTZI=", + "zh:1a08cf73a35237bf84e8761eb026b4175bc34bab4c6a206110cb9a3d06c86391", + "zh:1f5807c2ab22e21a9f4c1d19bc64c52150ac003c6a90417315d8fafb6cbfd09d", + "zh:20237b247cbee340d03629f3bb4e156e8ccf65db246eeffb4cad3dabe34f26bb", + "zh:416ee251d684360e993ea3bdd7b9b3abb869f1d27d3bfe7c53731d444493bad3", + "zh:4d76186b29969509fb950ddce03b80eba9bc3409b6bbd20f8a9e7623d84b63c0", + "zh:588bbeb5768dc0e6d6b3e7bc67709ef7bc4a7f48eeb659801bc8511d646141ac", + "zh:5f95796b207c90e4dcf5d9f2945929351c5709754ce66839279e87279a04204f", + "zh:60263694ce7e107f3f78d5cc727d6143082e0eaa97b15727af83aaed8305d351", + "zh:6ecc4bd586e37987cfa057fc3a3f87bd461e3215d9efb5654fdd639a8d5318e9", + "zh:9e05d3d930a92f160cd788a699b3e11c80b59cb67b5f0b4a9970a1f7e9b08045", + "zh:c6ecaafa4176f12c8930fe2225c34a6d64eb9eb9774b50df17714d2ae338068d", + "zh:d781b9de7ce45a0b67b177705f755746b3afb11c4cac9171825bd9ace4017da6", + "zh:df6d9bc87b752c4e75f5246b32a98049a3253762389fd8476a9b4f96729f9cdd", + "zh:ef6c1ce79965e212929674063de6280abae5ee5c064049880ab81ca0e27b7434", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index d93c913..97e82f1 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -51,9 +51,9 @@ module "gitea" { client_secret = var.gitea_client_secret app_access_group_id = "" redirect_uris = ["https://git.roboces.dev/user/oauth2/authentik/callback"] - app_icon = "https://about.gitea.com/gitea.svg" - app_description = "Git with a cup of Tea 🍵" - app_publisher = "Gitea" + app_icon = "https://git.roboces.dev/assets/img/logo.svg" + app_description = "Beyond coding. We forge. " + app_publisher = "Forgejo" app_url = "https://git.roboces.dev/user/oauth2/authentik" sub_mode = "hashed_user_id" } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index ca42afe..ef3bd14 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -16,7 +16,8 @@ data "authentik_flow" "default-authentication-flow" { slug = "default-authentication-flow" } -data "authentik_scope_mapping" "default-scopes" { + +data "authentik_property_mapping_provider_scope" "default-scopes" { managed_list = [ "goauthentik.io/providers/oauth2/scope-email", "goauthentik.io/providers/oauth2/scope-openid", @@ -33,7 +34,7 @@ resource "authentik_provider_oauth2" "provider_oidc" { authorization_flow = data.authentik_flow.default-authorization-flow.id authentication_flow = data.authentik_flow.default-authentication-flow.id redirect_uris = var.redirect_uris - property_mappings = data.authentik_scope_mapping.default-scopes.ids + property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids sub_mode = var.sub_mode signing_key = var.oidc_signing_key }