catalin/fukuops
1
0
Fork 1
Code Issues Pull requests 2 Releases Packages 1 Activity
fukuops/tofu/authentik/main.tf
cătălin 36136746cb
Some checks failed
checks / pre-commit (push) Has been cancelled
Details
checks / k8s (push) Has been cancelled
Details
checks / tflint (push) Has been cancelled
Details
feat: add oxicloud charts and argo app
2026-04-02 00:51:42 +02:00

230 lines
7.8 KiB
HCL
Raw Blame History

terraform {
required_version = ">= 1.6"
backend "s3" {
bucket = "fuku-terraform"
key = "authentik/terraform"
region = "us-east-1"
}
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "2025.12.1"
}
}
}
data "authentik_user" "catalin" {
username = "catalin"
}
resource "authentik_group" "ci" {
name = "ci"
users = [data.authentik_user.catalin.id]
}
resource "authentik_group" "vods" {
name = "vods"
users = [data.authentik_user.catalin.id]
}
resource "authentik_group" "admins" {
name = "authentik Admins"
is_superuser = true
}
resource "authentik_group" "arrs" {
name = "arrs"
is_superuser = false
}
resource "authentik_group" "cloud" {
name = "cloud"
is_superuser = false
}
module "gitea" {
source = "../modules/authentik-oidc"
app_name = "Gitea"
app_slug = "gitea"
client_id = var.gitea_client_id
client_secret = var.gitea_client_secret
app_access_group_id = ""
redirect_uris = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }]
app_icon = "https://git.roboces.dev/assets/img/logo.svg"
app_description = "Beyond coding. We forge."
app_publisher = "Forgejo"
app_url = "https://git.roboces.dev/user/oauth2/authentik"
sub_mode = "hashed_user_id"
}
module "miniflux" {
source = "../modules/authentik-oidc"
app_name = "Miniflux"
app_slug = "miniflux"
client_id = var.miniflux_client_id
client_secret = var.miniflux_client_secret
app_access_group_id = ""
redirect_uris = [
{
matching_mode = "strict",
url = "https://feeds.roboces.dev/oauth2/oidc/callback"
},
{
matching_mode = "strict",
url = "https://feeds.fuku/oauth2/oidc/callback"
}
]
app_icon = "https://miniflux.app/favicon.ico"
app_description = "RSS aggregator"
app_publisher = "Miniflux"
app_url = "https://feeds.roboces.dev"
sub_mode = "hashed_user_id"
}
module "portainer" {
source = "../modules/authentik-oidc"
app_name = "Portainer"
app_slug = "portainer"
client_id = var.portainer_client_id
client_secret = var.portainer_client_secret
app_access_group_id = authentik_group.admins.id
redirect_uris = [
{
matching_mode = "strict",
url = "https://containers.fukurokuju.dev/"
}
]
app_icon = "https://www.portainer.io/hubfs/crane-icon.svg"
app_description = "Kubernetes and Docker container Management Software"
app_publisher = "Portainer"
app_url = "https://containers.fukurokuju.dev/"
sub_mode = "hashed_user_id"
}
module "paperless" {
source = "../modules/authentik-oidc"
app_name = "Paperless"
app_slug = "paperless"
client_id = var.paperless_client_id
client_secret = var.paperless_client_secret
app_access_group_id = ""
redirect_uris = [
{ matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" }
]
app_icon = "https://paperless.roboces.dev/favicon.ico"
app_description = "Document manager"
app_publisher = "Paperless"
app_url = "https://paperless.roboces.dev"
}
module "sonarr" {
source = "../modules/authentik-proxy"
app_name = "Sonarr"
app_slug = "sonarr"
app_access_group_id = authentik_group.arrs.id
app_url = "https://sonarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:30113/"
internal_host_ssl_validation = false
app_icon = "https://sonarr.tv/img/logo.png"
}
module "radarr" {
source = "../modules/authentik-proxy"
app_name = "Radarr"
app_slug = "radarr"
app_access_group_id = authentik_group.arrs.id
app_url = "https://radarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:30025/"
internal_host_ssl_validation = false
app_icon = "https://radarr.video/img/background/logo.png"
}
module "lidarr" {
source = "../modules/authentik-proxy"
app_name = "Lidarr"
app_slug = "lidarr"
app_access_group_id = authentik_group.arrs.id
app_url = "https://lidarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:30071/"
internal_host_ssl_validation = false
app_icon = "https://lidarr.audio/img/background/logo.png"
}
module "qbit" {
source = "../modules/authentik-proxy"
app_name = "qBit"
app_slug = "qbit"
app_access_group_id = authentik_group.arrs.id
app_url = "https://qbit.fukurokuju.dev"
internal_host = "http://192.168.1.3:30024"
internal_host_ssl_validation = false
}
module "prowlarr" {
source = "../modules/authentik-proxy"
app_name = "Prowlarr"
app_slug = "prowlarr"
app_access_group_id = authentik_group.admins.id
app_url = "https://prowlarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:30050"
internal_host_ssl_validation = false
}
module "rustical" {
source = "../modules/authentik-oidc"
app_name = "rustical"
app_slug = "rustical"
app_url = "https://cal.roboces.dev"
client_id = var.rustical_client_id
client_secret = var.rustical_client_secret
redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }]
app_access_group_id = ""
}
module "jellyfin" {
source = "../modules/authentik-ldap"
app_name = "Jellyfin"
app_slug = "jellyfin"
base_dn = "DC=ldap,DC=fukurokuju,DC=dev"
name = "jellyfin"
app_url = "https://jelly.roboces.dev"
app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png"
app_access_group_id = authentik_group.arrs.id
}
module "ganymede" {
source = "../modules/authentik-oidc"
app_name = "Ganymede"
app_slug = "ganymede"
redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }]
client_id = var.ganymede_client_id
client_secret = var.ganymede_client_secret
app_url = "https://vods.roboces.dev"
app_icon = "https://vods.roboces.dev/favicon.ico"
app_access_group_id = authentik_group.vods.id
}
module "jellyseerr" {
source = "../modules/authentik-app"
app_name = "Solicitudes Jelly"
app_slug = "jellyseer"
app_url = "https://requests.roboces.dev"
app_icon = "https://requests.roboces.dev/os_icon.svg"
app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
app_access_group_id = authentik_group.arrs.id
}
module "cloud" {
source = "../modules/authentik-oidc"
app_name = "Cloud"
app_slug = "cloud"
app_url = "https://cloud.roboces.dev"
client_id = var.oxicloud_client_id
client_secret = var.oxicloud_client_secret
app_icon = "https://cloud.roboces.dev/themes/opencloud/assets/favicon.svg"
redirect_uris = [{
matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback"
}]
app_access_group_id = authentik_group.cloud.id
}
Reference in a new issue View git blame Copy permalink