terraform { required_version = ">= 1.6" backend "s3" { bucket = "fuku-terraform" key = "authentik/terraform" region = "us-east-1" } required_providers { authentik = { source = "goauthentik/authentik" version = "2024.12.0" } } } data "authentik_user" "catalin" { username = "catalin" } resource "authentik_group" "ci" { name = "ci" users = [data.authentik_user.catalin.id] } resource "authentik_group" "admins" { name = "authentik Admins" is_superuser = true } resource "authentik_group" "vpn" { name = "vpn" is_superuser = false } resource "authentik_group" "ftp" { name = "ftp" is_superuser = false } module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" app_slug = "gitea" client_id = var.gitea_client_id client_secret = var.gitea_client_secret app_access_group_id = "" redirect_uris = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }] app_icon = "https://git.roboces.dev/assets/img/logo.svg" app_description = "Beyond coding. We forge." app_publisher = "Forgejo" app_url = "https://git.roboces.dev/user/oauth2/authentik" sub_mode = "hashed_user_id" } module "miniflux" { source = "../modules/authentik-oidc" app_name = "Miniflux" app_slug = "miniflux" client_id = var.miniflux_client_id client_secret = var.miniflux_client_secret app_access_group_id = "" redirect_uris = [ { matching_mode = "strict", url = "https://feeds.roboces.dev/oauth2/oidc/callback" }, { matching_mode = "strict", url = "https://feeds.fuku/oauth2/oidc/callback" } ] app_icon = "https://miniflux.app/favicon.ico" app_description = "RSS aggregator" app_publisher = "Miniflux" app_url = "https://feeds.roboces.dev" sub_mode = "hashed_user_id" } module "portainer" { source = "../modules/authentik-oidc" app_name = "Portainer" app_slug = "portainer" client_id = var.portainer_client_id client_secret = var.portainer_client_secret app_access_group_id = authentik_group.admins.id redirect_uris = [ { matching_mode = "strict", url = "https://containers.fukurokuju.dev/" } ] app_icon = "https://www.portainer.io/hubfs/crane-icon.svg" app_description = "Kubernetes and Docker container Management Software" app_publisher = "Portainer" app_url = "https://containers.fukurokuju.dev/" sub_mode = "hashed_user_id" } module "paperless" { source = "../modules/authentik-oidc" app_name = "Paperless" app_slug = "paperless" client_id = var.paperless_client_id client_secret = var.paperless_client_secret app_access_group_id = "" redirect_uris = [ { matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" } ] app_icon = "https://paperless.roboces.dev/favicon.ico" app_description = "Document manager" app_publisher = "Paperless" app_url = "https://paperless.roboces.dev" } module "sonarr" { source = "../modules/authentik-proxy" app_name = "Sonarr" app_slug = "sonarr" app_access_group_id = authentik_group.admins.id app_url = "https://sonarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38013/" internal_host_ssl_validation = false app_icon = "https://sonarr.tv/img/logo.png" } module "radarr" { source = "../modules/authentik-proxy" app_name = "Radarr" app_slug = "radarr" app_access_group_id = authentik_group.admins.id app_url = "https://radarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38012/" internal_host_ssl_validation = false app_icon = "https://radarr.video/img/background/logo.png" } module "lidarr" { source = "../modules/authentik-proxy" app_name = "Lidarr" app_slug = "lidarr" app_access_group_id = authentik_group.admins.id app_url = "https://lidarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38010/" internal_host_ssl_validation = false app_icon = "https://lidarr.audio/img/background/logo.png" } module "sftpgo" { source = "../modules/authentik-oidc" app_name = "SFTPGo" app_slug = "SFTPGo" client_id = var.sftpgo_client_id client_secret = var.sftpgo_client_secret client_type = "confidential" app_access_group_id = authentik_group.ftp.id redirect_uris = [ { matching_mode = "regex", url = "https://ftp.fukurokuju.dev/.*" } ] extra_property_mappings = [ ] app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png" access_token_validity = "days=10" app_url = "https://ftp.fukurokuju.dev" app_description = "SFTPGo" sub_mode = "user_username" } module "netbird" { source = "../modules/authentik-oidc" app_name = "netbird" app_slug = "netbird" client_id = var.netbird_client_id client_secret = var.netbird_client_secret client_type = "public" app_access_group_id = authentik_group.vpn.id redirect_uris = [ { matching_mode = "strict", url = "https://vpn.fukurokuju.dev", }, { matching_mode = "regex", url = "https://vpn.fukurokuju.dev.*", }, { matching_mode = "strict", url = "http://localhost:53000" }, ] sub_mode = "user_id" extra_property_mappings = [ "goauthentik.io/providers/oauth2/scope-authentik_api" ] app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" access_token_validity = "days=10" }