service account homepage

modules/server/containers/data/authentik/homepage.yaml

@@ -75,12 +75,39 @@ entries:
       open_in_new_tab: false
 
   # 3. Provision the static API token linked to the user account
+  - model: authentik_core.user
+    state: present
+    identifiers:
+      username: homepage-svc
+    attrs:
+      name: Homepage Dashboard Service Account
+      path: goauthentik.io/service-accounts
+      is_active: true
+      attributes:
+        goauthentik.io/user/service-account: true
+
+  - model: authentik_policies.policybinding
+    state: present
+    identifiers:
+      user: !Find [authentik_core.user, [username, "homepage-svc"]]
+      permission: authentik_core.view_user
+    attrs:
+      enabled: true
+
+  - model: authentik_policies.policybinding
+    state: present
+    identifiers:
+      user: !Find [authentik_core.user, [username, "homepage-svc"]]
+      permission: authentik_events.view_event
+    attrs:
+      enabled: true
+
   - model: authentik_core.token
     state: present
     identifiers:
       identifier: homepage-token
     attrs:
       key: !Env HOMEPAGE_VAR_AUTHENTIK_API
-      user: !Find [authentik_core.user, [username, "akadmin"]]
+      user: !Find [authentik_core.user, [username, "homepage-svc"]]
       intent: api
       expiring: false