feat: add gitea tofu app

2024-03-25 08:41:20 +01:00 · 2024-03-25 08:41:20 +01:00 · c00e10a505
commit c00e10a505
parent dc6fc316e7
4 changed files with 38 additions and 9 deletions
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -22,7 +22,7 @@ resource "authentik_group" "ci" {
 }

 resource "authentik_group" "admins" {
-  name = "authentik Admins"
+  name         = "authentik Admins"
  is_superuser = true
 }

@ -35,9 +35,9 @@ module "argo-workflows" {
  app_access_group_id = authentik_group.ci.id
  redirect_uris       = ["https://ci.fuku/oauth2/callback"]
  app_icon            = "https://argoproj.github.io/icons/icon-512x512.png"
-  app_description = "Kubernetes-native workflow engine supporting DAG and step-based workflows"
-  app_publisher = "Argo Project"
-  app_url = "https://ci.fuku"
+  app_description     = "Kubernetes-native workflow engine supporting DAG and step-based workflows"
+  app_publisher       = "Argo Project"
+  app_url             = "https://ci.fuku"
 }

 module "firezone" {
@ -49,8 +49,23 @@ module "firezone" {
  app_access_group_id = authentik_group.admins.id
  redirect_uris       = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"]
  app_icon            = "https://www.firezone.dev/icon.svg"
-  app_description = "VPN"
-  app_publisher = "Firezone"
-  app_url = "https://fz.fukurokuju.dev"
-  sub_mode = "hashed_user_id"
-}
+  app_description     = "VPN"
+  app_publisher       = "Firezone"
+  app_url             = "https://fz.fukurokuju.dev"
+  sub_mode            = "hashed_user_id"
+}
+
+module "gitea" {
+  source              = "../modules/authentik"
+  app_name            = "Gitea"
+  app_slug            = "gitea"
+  client_id           = var.gitea_client_id
+  client_secret       = var.gitea_client_secret
+  app_access_group_id = ""
+  redirect_uris       = ["https://git.roboces.dev/user/oauth2/authentik/callback"]
+  app_icon            = "https://about.gitea.com/gitea.svg"
+  app_description     = "Git with a cup of Tea 🍵"
+  app_publisher       = "Gitea"
+  app_url             = "https://git.roboces.dev/user/oauth2/authentik"
+  sub_mode            = "hashed_user_id"
+}
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@ -4,3 +4,5 @@
 TF_VAR_argo_workflows_client_secret=
 TF_VAR_firezone_client_id=
 TF_VAR_firezone_client_secret=
+ TF_VAR_gitea_client_id=
+ TF_VAR_gitea_client_secret=
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -17,3 +17,13 @@ variable "firezone_client_secret" {
  description = "Client secret"
  type        = string
 }
+
+variable "gitea_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "gitea_client_secret" {
+  description = "Client secret"
+  type        = string
+}