terraform { required_version = ">= 1.6" backend "s3" { bucket = "fuku-terraform" key = "authentik/terraform" region = "us-east-1" } required_providers { authentik = { source = "goauthentik/authentik" version = "2025.12.0" } } } data "authentik_user" "catalin" { username = "catalin" } resource "authentik_group" "ci" { name = "ci" users = [data.authentik_user.catalin.id] } resource "authentik_group" "vods" { name = "vods" users = [data.authentik_user.catalin.id] } resource "authentik_group" "admins" { name = "authentik Admins" is_superuser = true } resource "authentik_group" "arrs" { name = "arrs" is_superuser = false } resource "authentik_group" "vpn" { name = "vpn" is_superuser = false } resource "authentik_group" "ftp" { name = "ftp" is_superuser = false } resource "authentik_group" "mediamanager" { name = "mediamanager" is_superuser = false } module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" app_slug = "gitea" client_id = var.gitea_client_id client_secret = var.gitea_client_secret app_access_group_id = "" redirect_uris = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }] app_icon = "https://git.roboces.dev/assets/img/logo.svg" app_description = "Beyond coding. We forge." app_publisher = "Forgejo" app_url = "https://git.roboces.dev/user/oauth2/authentik" sub_mode = "hashed_user_id" } module "miniflux" { source = "../modules/authentik-oidc" app_name = "Miniflux" app_slug = "miniflux" client_id = var.miniflux_client_id client_secret = var.miniflux_client_secret app_access_group_id = "" redirect_uris = [ { matching_mode = "strict", url = "https://feeds.roboces.dev/oauth2/oidc/callback" }, { matching_mode = "strict", url = "https://feeds.fuku/oauth2/oidc/callback" } ] app_icon = "https://miniflux.app/favicon.ico" app_description = "RSS aggregator" app_publisher = "Miniflux" app_url = "https://feeds.roboces.dev" sub_mode = "hashed_user_id" } module "portainer" { source = "../modules/authentik-oidc" app_name = "Portainer" app_slug = "portainer" client_id = var.portainer_client_id client_secret = var.portainer_client_secret app_access_group_id = authentik_group.admins.id redirect_uris = [ { matching_mode = "strict", url = "https://containers.fukurokuju.dev/" } ] app_icon = "https://www.portainer.io/hubfs/crane-icon.svg" app_description = "Kubernetes and Docker container Management Software" app_publisher = "Portainer" app_url = "https://containers.fukurokuju.dev/" sub_mode = "hashed_user_id" } module "paperless" { source = "../modules/authentik-oidc" app_name = "Paperless" app_slug = "paperless" client_id = var.paperless_client_id client_secret = var.paperless_client_secret app_access_group_id = "" redirect_uris = [ { matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" } ] app_icon = "https://paperless.roboces.dev/favicon.ico" app_description = "Document manager" app_publisher = "Paperless" app_url = "https://paperless.roboces.dev" } module "sonarr" { source = "../modules/authentik-proxy" app_name = "Sonarr" app_slug = "sonarr" app_access_group_id = authentik_group.arrs.id app_url = "https://sonarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38013/" internal_host_ssl_validation = false app_icon = "https://sonarr.tv/img/logo.png" } module "radarr" { source = "../modules/authentik-proxy" app_name = "Radarr" app_slug = "radarr" app_access_group_id = authentik_group.arrs.id app_url = "https://radarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38012/" internal_host_ssl_validation = false app_icon = "https://radarr.video/img/background/logo.png" } module "lidarr" { source = "../modules/authentik-proxy" app_name = "Lidarr" app_slug = "lidarr" app_access_group_id = authentik_group.arrs.id app_url = "https://lidarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38010/" internal_host_ssl_validation = false app_icon = "https://lidarr.audio/img/background/logo.png" } module "qbit" { source = "../modules/authentik-proxy" app_name = "qBit" app_slug = "qbit" app_access_group_id = authentik_group.arrs.id app_url = "https://qbit.fukurokuju.dev" internal_host = "http://192.168.1.3:30024" internal_host_ssl_validation = false } module "prowlarr" { source = "../modules/authentik-proxy" app_name = "Prowlarr" app_slug = "prowlarr" app_access_group_id = authentik_group.admins.id app_url = "https://prowlarr.fukurokuju.dev" internal_host = "http://192.168.1.3:38014" internal_host_ssl_validation = false } module "sftpgo" { source = "../modules/authentik-oidc" app_name = "SFTPGo" app_slug = "SFTPGo" client_id = var.sftpgo_client_id client_secret = var.sftpgo_client_secret client_type = "confidential" app_access_group_id = authentik_group.ftp.id redirect_uris = [ { matching_mode = "regex", url = "https://ftp.fukurokuju.dev/.*" } ] extra_property_mappings = [ ] app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png" access_token_validity = "days=10" app_url = "https://ftp.fukurokuju.dev" app_description = "SFTPGo" sub_mode = "user_username" } module "rustical" { source = "../modules/authentik-oidc" app_name = "rustical" app_slug = "rustical" app_url = "https://cal.roboces.dev" app_icon = "https://cal.roboces.dev/favicon.ico" client_id = var.rustical_client_id client_secret = var.rustical_client_secret redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }] app_access_group_id = "" } module "jellyfin" { source = "../modules/authentik-ldap" app_name = "Jellyfin" app_slug = "jellyfin" base_dn = "DC=ldap,DC=fukurokuju,DC=dev" name = "jellyfin" app_url = "https://jelly.roboces.dev" app_icon = "https://jelly.roboces.dev/favicon.ico" app_access_group_id = authentik_group.arrs.id } module "tandoor" { source = "../modules/authentik-oidc" app_name = "Tandoor" app_slug = "tandoor" app_access_group_id = "" app_url = "https://recipes.roboces.dev" redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }] app_icon = "https://recipes.roboces.dev/favicon.icon" client_id = var.tandoor_client_id client_secret = var.tandoor_client_secret } module "ganymede" { source = "../modules/authentik-oidc" app_name = "Ganymede" app_slug = "ganymede" redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }] client_id = var.ganymede_client_id client_secret = var.ganymede_client_secret app_url = "https://vods.roboces.dev" app_icon = "https://vods.roboces.dev/favicon.ico" app_access_group_id = authentik_group.vods.id }