feat: allow deletion of ressources via blueprints

chore: add removal of stale blueprints
chore: add minimal readme
2026-01-14 16:22:58 +01:00 · 2026-01-14 16:22:57 +01:00 · 2026-01-14 16:22:57 +01:00 · 2026-01-14 16:22:57 +01:00
2 changed files with 72 additions and 0 deletions
--- a/roles/authentik/templates/blueprints/blueprint-cleanup.yaml.j2
+++ b/roles/authentik/templates/blueprints/blueprint-cleanup.yaml.j2
@ -0,0 +1,38 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "cleanup"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+    blueprints.goauthentik.io/description: "Remove stale resources"
+
+entries:
+{% for slug in authentik_removed_oidc_apps %}
+  # Remove OIDC app: {{ slug }}
+  - model: authentik_core.application
+    state: absent
+    identifiers:
+      slug: {{ slug }}
+  - model: authentik_providers_oauth2.oauth2provider
+    state: absent
+    identifiers:
+      name: {{ slug }}
+{% endfor %}
+{% for slug in authentik_removed_proxy_apps %}
+  # Remove proxy app: {{ slug }}
+  - model: authentik_core.application
+    state: absent
+    identifiers:
+      slug: {{ slug }}
+  - model: authentik_providers_proxy.proxyprovider
+    state: absent
+    identifiers:
+      name: {{ slug }}
+{% endfor %}
+{% for username in authentik_removed_local_users %}
+  # Remove user: {{ username }}
+  - model: authentik_core.user
+    state: absent
+    identifiers:
+      username: {{ username }}
+{% endfor %}
--- a/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
+++ b/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
@ -0,0 +1,34 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "local-users"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+    blueprints.goauthentik.io/description: "Local user accounts"
+
+entries:
+{% for user in authentik_local_users %}
+  - model: authentik_core.user
+    id: user-{{ user.username }}
+    identifiers:
+      username: {{ user.username }}
+    attrs:
+      username: {{ user.username }}
+      name: "{{ user.name | default(user.username) }}"
+      email: "{{ user.email | default('') }}"
+      is_active: {{ user.is_active | default(true) | lower }}
+{% if user.password_env is defined %}
+      password: !Env {{ user.password_env }}
+{% endif %}
+{% if user.groups is defined and user.groups | length > 0 %}
+      groups:
+{% for group in user.groups %}
+        - !Find [authentik_core.group, [name, {{ group }}]]
+{% endfor %}
+{% endif %}
+{% if user.attributes is defined %}
+      attributes:
+{{ user.attributes | to_nice_yaml(indent=2) | indent(8, first=true) }}
+{% endif %}
+
+{% endfor %}
Author	SHA1	Message	Date
Bert-Jan Fikse	3d3a09025a	feat: allow deletion of ressources via blueprints	2026-01-14 16:22:58 +01:00
Bert-Jan Fikse	f8b9975ae4	chore: add removal of stale blueprints	2026-01-14 16:22:57 +01:00
Bert-Jan Fikse	8828436adf	chore: add minimal readme	2026-01-14 16:22:57 +01:00
Bert-Jan Fikse	d800d43c71	feat: add ability to provision local users using blueprints	2026-01-14 16:22:57 +01:00