feat: add ability to provision outposts using blueprints

2026-01-14 14:31:22 +01:00 · 2026-01-14 14:31:22 +01:00 · 0106e8801f
commit 0106e8801f
parent 438a41356a
3 changed files with 48 additions and 0 deletions
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -45,6 +45,18 @@ authentik_proxy_apps: []
 #     authorization_slug: default-provider-authorization-implicit-consent
 #     invalidation_slug: default-provider-invalidation-flow

+authentik_proxy_outposts: []
+# - name: "proxy-main"
+#   type: "proxy"
+#   service_connection: null
+#   providers:
+#     - whoami
+#     - nextcloud-proxy
+#   config:
+#     authentik_host: "https://authentik.local.test/"
+#     authentik_host_browser: "https://authentik.local.test/"
+#     log_level: "info"
+
 authentik_oidc_apps: []
 # - slug: grafana
 #   name: Grafana
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@ -54,6 +54,14 @@
  loop: "{{ authentik_proxy_apps }}"
  register: proxy_templates

+- name: Render outpost blueprints
+  template:
+    src: blueprints/outpost-proxy.yaml.j2
+    dest: "{{ authentik_docker_volume_dir }}/blueprints/30-outpost-{{ item.name }}.yaml"
+    mode: "0644"
+  loop: "{{ authentik_proxy_outposts }}"
+  register: outpost_bp
+
 - name: Create docker-compose file for authentik
  template:
    src: docker-compose.yml.j2
@ -69,5 +77,6 @@
        (
         (oidc_templates is defined and (oidc_templates.results | selectattr('changed') | list | length > 0))
         or (proxy_templates is defined and (proxy_templates.results | selectattr('changed') | list | length > 0))
+         or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
        ) | ternary('always','auto')
      }}
--- a/roles/authentik/templates/blueprints/outpost-proxy.yaml.j2
+++ b/roles/authentik/templates/blueprints/outpost-proxy.yaml.j2
@ -0,0 +1,27 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "outpost-{{ item.name }}"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+
+entries:
+  - model: authentik_outposts.outpost
+    identifiers:
+      name: "{{ item.name }}"
+    attrs:
+      name: "{{ item.name }}"
+      type: {{ item.type | default('proxy') }}
+      service_connection: {{ item.service_connection | default('null') }}
+
+      providers:
+{% for p in item.providers %}
+        - !Find [authentik_providers_proxy.proxyprovider, [name, {{ p }}]]
+{% endfor %}
+
+{% if item.config is defined %}
+      config:
+{%   for k, v in item.config.items() %}
+        {{ k }}: {{ v | tojson }}
+{%   endfor %}
+{% endif %}