Ldap WIP

modules/server/containers/data/authentik/gitea.yaml

@@ -0,0 +1,13 @@
+version: 1
+metadata:
+  name: gitea-ldap-setup
+entries:
+  - model: authentik_core.application
+    id: gitea-app
+    identifiers:
+      slug: gitea
+    attrs:
+      name: Gitea
+      provider:
+        !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
+      launch_url: "@GITEA_DOMAIN@"

modules/server/containers/data/authentik/jellyfin.yaml

@@ -10,6 +10,4 @@ entries:
       name: Jellyfin
       provider:
         !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
-      open_in_new_tab: false
       launch_url: "@JELLYFIN_DOMAIN@"
-    state: present

modules/server/containers/data/authentik/ldap.yaml

@@ -32,3 +32,30 @@ entries:
         !Find [authentik_core.token, [identifier, ldap-outpost-static-token]]
       config:
         log_level: info
+
+  - model: authentik_core.user
+    state: present
+    identifiers:
+      username: "ldap-service"
+    attrs:
+      name: "LDAP Bind Service Account"
+      is_active: true
+      password: !Env DEFAULT_LDAP_PASSWORD
+      attributes:
+        ak_recovery_immutable: true
+
+  - model: authentik_core.group
+    state: present
+    identifiers:
+      name: "LDAP Bind Service Account Group"
+    attrs:
+      users:
+        - !Find [authentik_core.user, [username, ldap-service]]
+
+  - model: authentik_policies.policybinding
+    state: present
+    identifiers:
+      target:
+        !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
+      permission: "authentik_providers_ldap.search_full_directory"
+      user: !Find [authentik_core.user, [username, ldap-service]]

modules/server/containers/data/authentik/nextcloud.yaml

@@ -85,5 +85,4 @@ entries:
       name: Nextcloud
       provider:
         !Find [authentik_providers_saml.samlprovider, [name, Nextcloud SAML]]
-      group: "Cloud Services"
       launch_url: "@NEXTCLOUD_DOMAIN@"