terraform {
  backend "s3" {
    bucket = "fuku-terraform"
    key    = "authentik/terraform"
    region = "us-east-1"
  }
  required_providers {
    authentik = {
      source  = "goauthentik/authentik"
      version = "2024.2.0"
    }
  }
}

data "authentik_user" "catalin" {
  username = "catalin"
}

resource "authentik_group" "ci" {
  name  = "ci"
  users = [data.authentik_user.catalin.id]
}

resource "authentik_group" "admins" {
  name = "authentik Admins"
  is_superuser = true
}

module "argo-workflows" {
  source              = "../modules/authentik"
  app_name            = "Argo Workflows"
  app_slug            = "argo-workflows"
  client_id           = var.argo_workflows_client_id
  client_secret       = var.argo_workflows_client_secret
  app_access_group_id = authentik_group.ci.id
  redirect_uris       = ["https://ci.fuku/oauth2/callback"]
  app_icon            = "https://argoproj.github.io/icons/icon-512x512.png"
  app_description = "Kubernetes-native workflow engine supporting DAG and step-based workflows"
  app_publisher = "Argo Project"
  app_url = "https://ci.fuku"
}

module "firezone" {
  source              = "../modules/authentik"
  app_name            = "Firezone"
  app_slug            = "firezone"
  client_id           = var.firezone_client_id
  client_secret       = var.firezone_client_secret
  app_access_group_id = authentik_group.admins.id
  redirect_uris       = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"]
  app_icon            = "https://www.firezone.dev/icon.svg"
  app_description = "VPN"
  app_publisher = "Firezone"
  app_url = "https://fz.fukurokuju.dev"
  sub_mode = "hashed_user_id"
}