feat: add ability to provision local users using blueprints

2026-01-14 15:43:03 +01:00 · 2026-01-14 15:43:03 +01:00 · d800d43c71
commit d800d43c71
parent 359622d17a
3 changed files with 56 additions and 0 deletions
--- a/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
+++ b/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
@ -0,0 +1,34 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "local-users"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+    blueprints.goauthentik.io/description: "Local user accounts"
+
+entries:
+{% for user in authentik_local_users %}
+  - model: authentik_core.user
+    id: user-{{ user.username }}
+    identifiers:
+      username: {{ user.username }}
+    attrs:
+      username: {{ user.username }}
+      name: "{{ user.name | default(user.username) }}"
+      email: "{{ user.email | default('') }}"
+      is_active: {{ user.is_active | default(true) | lower }}
+{% if user.password_env is defined %}
+      password: !Env {{ user.password_env }}
+{% endif %}
+{% if user.groups is defined and user.groups | length > 0 %}
+      groups:
+{% for group in user.groups %}
+        - !Find [authentik_core.group, [name, {{ group }}]]
+{% endfor %}
+{% endif %}
+{% if user.attributes is defined %}
+      attributes:
+{{ user.attributes | to_nice_yaml(indent=2) | indent(8, first=true) }}
+{% endif %}
+
+{% endfor %}