fix
This commit is contained in:
soraefir
@@ -11,6 +11,7 @@ let
|
||||
// (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.domain}";} else {})
|
||||
// (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.domain}";} else {})
|
||||
// (if serverCfg.containers?immich then { IMMICH_DOMAIN = "${serverCfg.containers.immich.subdomain}.${serverCfg.domain}";} else {})
|
||||
// (if serverCfg.containers?homepage then { HOMEPAGE_DOMAIN = "${serverCfg.containers.homepage.subdomain}.${serverCfg.domain}";} else {})
|
||||
// (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.domain}";} else {});
|
||||
};
|
||||
in {
|
||||
@@ -49,6 +50,8 @@ in {
|
||||
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
|
||||
};
|
||||
overrides = {
|
||||
environmentFiles = [ config.sops.secrets."AUTHENTIK".path config.sops.secrets."CUSTOM".path ] ;
|
||||
|
||||
cmd = [ "server" ];
|
||||
volumes = [
|
||||
"${serverCfg.configPath}/authentik/media:/media"
|
||||
@@ -104,6 +107,7 @@ in {
|
||||
${lib.optionalString (serverCfg.containers ? jellyfin) ''$AK apply_blueprint /blueprints/custom/jellyfin.yaml''}
|
||||
${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}
|
||||
${lib.optionalString (serverCfg.containers ? immich) ''$AK apply_blueprint /blueprints/custom/immich.yaml''}
|
||||
${lib.optionalString (serverCfg.containers ? homepage) ''$AK apply_blueprint /blueprints/custom/homepage.yaml''}
|
||||
|
||||
echo "Completed Authentik Setup"
|
||||
'';
|
||||
|
||||
58
modules/server/containers/data/authentik/homepage.yaml
Normal file
58
modules/server/containers/data/authentik/homepage.yaml
Normal file
@@ -0,0 +1,58 @@
|
||||
version: 1
|
||||
metadata:
|
||||
name: "Homepage Dashboard - OIDC Provisioning"
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
|
||||
entries:
|
||||
# 1. Create the OIDC Scope Mapping for Groups
|
||||
- model: authentik_providers_oauth2.scopemapping
|
||||
identifiers:
|
||||
slug: homepage-scope-groups
|
||||
attrs:
|
||||
name: "Homepage Custom Scope: Groups"
|
||||
scope_name: "groups"
|
||||
description: "Pass user groups array to Homepage for conditional element rendering"
|
||||
expression: |
|
||||
return {
|
||||
"groups": [group.name for group in request.user.ak_groups.all()]
|
||||
}
|
||||
|
||||
# 2. Create the OAuth2/OIDC Provider
|
||||
- model: authentik_providers_oauth2.oauth2provider
|
||||
identifiers:
|
||||
slug: homepage-provider
|
||||
attrs:
|
||||
name: "Homepage Dashboard Provider"
|
||||
client_type: "confidential"
|
||||
client_id: !Env HOMEPAGE_CLIENT_ID"
|
||||
client_secret: !Env HOMEPAGE_CLIENT_SECRET"
|
||||
authorization_flow:
|
||||
!Find [authentik_flows.flow, [slug, default-authorization-flow]]
|
||||
# Update this URI to match your dashboard's literal URL
|
||||
redirect_uris:
|
||||
- "https://@HOMEPAGE_DOMAIN@"
|
||||
# Bind default OpenID scopes plus our custom groups scope
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [
|
||||
authentik_providers_oauth2.scopemapping,
|
||||
[slug, homepage-scope-groups],
|
||||
]
|
||||
|
||||
# 3. Create the Application and link it to the Provider
|
||||
- model: authentik_core.application
|
||||
identifiers:
|
||||
slug: homepage-dashboard
|
||||
attrs:
|
||||
name: "Homepage Dashboard"
|
||||
slug: "homepage"
|
||||
launch_url: "@HOMEPAGE_DOMAIN@"
|
||||
provider:
|
||||
!Find [
|
||||
authentik_providers_oauth2.oauth2provider,
|
||||
[slug, homepage-provider],
|
||||
]
|
||||
open_in_new_tab: false
|
||||
Reference in New Issue
Block a user