feat: add ability to provision using blueprints

2026-01-14 13:49:40 +01:00 · 2026-01-14 13:49:40 +01:00 · 3f8afa12ef
commit 3f8afa12ef
parent f814496049
4 changed files with 96 additions and 0 deletions
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@ -31,3 +31,23 @@ authentik_use_ssl: true
 # Authentik environment settings
 authentik_log_level: "info"
 authentik_error_reporting_enabled: false
+
+# Blueprints
+# OIDC apps to provision
+
+authentik_oidc_apps: []
+# - slug: grafana
+#   name: Grafana
+#   client_id_env: GRAFANA_OIDC_CLIENT_ID
+#   client_secret_env: GRAFANA_OIDC_CLIENT_SECRET
+#   redirect_uris:
+#     - url: "https://grafana.example.com/login/generic_oauth"
+#       matching_mode: strict
+#   signing_key_name: "authentik Self-signed Certificate"
+#   flows:
+#     authorization_slug: default-provider-authorization-implicit-consent
+#     invalidation_slug: default-provider-invalidation-flow
+#   scopes: [openid, email, profile, offline_access]
+authentik_blueprint_env: []
+# GRAFANA_OIDC_CLIENT_ID: "grafana"
+# GRAFANA_OIDC_CLIENT_SECRET: "{{ vault_grafana_oidc_secret }}"