From fe4e8da22aabb18c1f9017df31599a6b5f678933 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Mon, 25 Mar 2024 08:48:20 +0100
Subject: [PATCH] feat: add miniflux tofu app

---
 ansible/gitea/gitea-playbook.yml               |  2 +-
 ansible/gitea/roles/gitea/tasks/main.yml       |  2 +-
 ansible/gitea/sample.env                       |  2 +-
 ansible/inventory                              |  2 +-
 k8s/argo-apps/loki.yaml                        |  4 ++--
 .../argo-workflows/admin-service-account.yaml  |  2 +-
 k8s/services/argo/project-management.yaml      |  2 +-
 k8s/services/authentik/serverstransport.yaml   |  2 +-
 tofu/authentik/main.tf                         | 15 +++++++++++++++
 tofu/authentik/sample.env                      | 18 ++++++++++--------
 tofu/authentik/vars.tf                         | 10 ++++++++++
 tofu/modules/authentik/main.tf                 | 12 ++++++------
 12 files changed, 50 insertions(+), 23 deletions(-)

diff --git a/ansible/gitea/gitea-playbook.yml b/ansible/gitea/gitea-playbook.yml
index 696ea05..5506624 100644
--- a/ansible/gitea/gitea-playbook.yml
+++ b/ansible/gitea/gitea-playbook.yml
@@ -3,4 +3,4 @@
     - giteas
 
   roles:
-    - role: roles/gitea
\ No newline at end of file
+    - role: roles/gitea
diff --git a/ansible/gitea/roles/gitea/tasks/main.yml b/ansible/gitea/roles/gitea/tasks/main.yml
index ca43c26..f0d86ef 100644
--- a/ansible/gitea/roles/gitea/tasks/main.yml
+++ b/ansible/gitea/roles/gitea/tasks/main.yml
@@ -20,4 +20,4 @@
   ansible.builtin.systemd_service:
     state: restarted
     daemon_reload: true
-    name: gitea
\ No newline at end of file
+    name: gitea
diff --git a/ansible/gitea/sample.env b/ansible/gitea/sample.env
index ed795f5..4c94f26 100644
--- a/ansible/gitea/sample.env
+++ b/ansible/gitea/sample.env
@@ -12,4 +12,4 @@ GITEA_MAILER_HOST=mail.fukurokuju.dev:587
 GITEA_MAILER_FROM=git@fukurokuju.dev
 GITEA_MAILER_USER=
 GITEA_MAILER_PASSWORD=
-GITEA_NO_REPLY_ADDRESS=git@fukurokuju.dev
\ No newline at end of file
+GITEA_NO_REPLY_ADDRESS=git@fukurokuju.dev
diff --git a/ansible/inventory b/ansible/inventory
index 9a98d0c..00d7046 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -23,4 +23,4 @@ ansible_user=ci
 gitea.fuku
 
 [giteas:vars]
-ansible_user=root
\ No newline at end of file
+ansible_user=root
diff --git a/k8s/argo-apps/loki.yaml b/k8s/argo-apps/loki.yaml
index 14ebd00..d5fb8ba 100644
--- a/k8s/argo-apps/loki.yaml
+++ b/k8s/argo-apps/loki.yaml
@@ -90,11 +90,11 @@ spec:
               - job_name: 'argocd-notifications-controller-metrics'
                 static_configs:
                   - targets: ["argocd-notifications-controller-metrics.argocd:9001"]
-              
+
               - job_name: 'miniflux'
                 static_configs:
                   - targets: ["miniflux-service.apps-roboces:8888"]
-              
+
               - job_name: 'authentik'
                 static_configs:
                   - targets: ["authentik-server-metrics.apps-fuku:9300"]
diff --git a/k8s/services/argo-workflows/admin-service-account.yaml b/k8s/services/argo-workflows/admin-service-account.yaml
index 5907eb1..c415017 100644
--- a/k8s/services/argo-workflows/admin-service-account.yaml
+++ b/k8s/services/argo-workflows/admin-service-account.yaml
@@ -28,4 +28,4 @@ metadata:
   namespace: argo-workflows
   annotations:
     kubernetes.io/service-account.name: admin-user
-type: kubernetes.io/service-account-token
\ No newline at end of file
+type: kubernetes.io/service-account-token
diff --git a/k8s/services/argo/project-management.yaml b/k8s/services/argo/project-management.yaml
index 7d1f4fc..18195f4 100644
--- a/k8s/services/argo/project-management.yaml
+++ b/k8s/services/argo/project-management.yaml
@@ -29,4 +29,4 @@ spec:
     - https://kubernetes-sigs.github.io/descheduler/
     - https://github.com/rancher/system-upgrade-controller.git
     - https://charts.bitnami.com/bitnami
-    - https://argoproj.github.io/argo-helm
\ No newline at end of file
+    - https://argoproj.github.io/argo-helm
diff --git a/k8s/services/authentik/serverstransport.yaml b/k8s/services/authentik/serverstransport.yaml
index 095300b..fb948fe 100644
--- a/k8s/services/authentik/serverstransport.yaml
+++ b/k8s/services/authentik/serverstransport.yaml
@@ -5,4 +5,4 @@ metadata:
   name: skipverify-authentik
   namespace: apps-fuku
 spec:
-  insecureSkipVerify: true
\ No newline at end of file
+  insecureSkipVerify: true
diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf
index 843b8d6..5ada1ce 100644
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@@ -69,3 +69,18 @@ module "gitea" {
   app_url             = "https://git.roboces.dev/user/oauth2/authentik"
   sub_mode            = "hashed_user_id"
 }
+
+module "miniflux" {
+  source              = "../modules/authentik"
+  app_name            = "Miniflux"
+  app_slug            = "miniflux"
+  client_id           = var.miniflux_client_id
+  client_secret       = var.miniflux_client_secret
+  app_access_group_id = ""
+  redirect_uris       = ["https://feeds.roboces.dev/oauth2/oidc/callback"]
+  app_icon            = "https://miniflux.app/favicon.ico"
+  app_description     = "RSS aggregator"
+  app_publisher       = "Miniflux"
+  app_url             = "https://feeds.roboces.dev"
+  sub_mode            = "hashed_user_id"
+}
diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env
index ae38be8..5950ef6 100644
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@@ -1,8 +1,10 @@
- AUTHENTIK_URL=https://auth.fukurokuju.dev
- AUTHENTIK_TOKEN=
- TF_VAR_argo_workflows_client_id=
- TF_VAR_argo_workflows_client_secret=
- TF_VAR_firezone_client_id=
- TF_VAR_firezone_client_secret=
- TF_VAR_gitea_client_id=
- TF_VAR_gitea_client_secret=
+AUTHENTIK_URL=https://auth.fukurokuju.dev
+AUTHENTIK_TOKEN=
+TF_VAR_argo_workflows_client_id=
+TF_VAR_argo_workflows_client_secret=
+TF_VAR_firezone_client_id=
+TF_VAR_firezone_client_secret=
+TF_VAR_gitea_client_id=
+TF_VAR_gitea_client_secret=
+TF_VAR_miniflux_client_id=
+TF_VAR_miniflux_client_secret=
diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf
index 21b9ed0..1c96f52 100644
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@@ -27,3 +27,13 @@ variable "gitea_client_secret" {
   description = "Client secret"
   type        = string
 }
+
+variable "miniflux_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "miniflux_client_secret" {
+  description = "Client secret"
+  type        = string
+}
diff --git a/tofu/modules/authentik/main.tf b/tofu/modules/authentik/main.tf
index dd36b32..3a2f191 100644
--- a/tofu/modules/authentik/main.tf
+++ b/tofu/modules/authentik/main.tf
@@ -37,15 +37,15 @@ resource "authentik_application" "app" {
   slug              = var.app_slug
   protocol_provider = authentik_provider_oauth2.provider_oidc.id
   open_in_new_tab   = var.open_in_new_tab
-  meta_icon = var.app_icon
-  meta_description = var.app_description
-  meta_publisher = var.app_publisher
-  meta_launch_url = var.app_url
+  meta_icon         = var.app_icon
+  meta_description  = var.app_description
+  meta_publisher    = var.app_publisher
+  meta_launch_url   = var.app_url
 }
 
 resource "authentik_policy_binding" "app_access" {
   target = authentik_application.app.uuid
   group  = var.app_access_group_id
   order  = 0
-  count = var.app_access_group_id != "" ? 1 : 0
-}
\ No newline at end of file
+  count  = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
+}