c3cf779532
- Refactor: collapse `*_domain` + `*_extra_domains` into a single `*_domains` list across authentik, collabora, garage and nextcloud roles. First entry is the canonical FQDN (used for OVERWRITEHOST, BASE_URL, notify_push setup and garage root_domain). - Authentik blueprint: guard the OAuth sources block so an empty `authentik_login_sources` no longer renders an invalid YAML key. - Nextcloud: introduce `nextcloud_collabora_public_domain` and set Collabora's `public_wopi_url` separately from the server-to-server `wopi_url` so browsers can reach Collabora via the public name while Nextcloud still talks to it on the internal one. - Nextcloud: URL-encode the postgres user/password in DATABASE_URL.
25 lines
874 B
Django/Jinja
25 lines
874 B
Django/Jinja
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
|
|
version: 1
|
|
metadata:
|
|
name: "login-sources"
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
blueprints.goauthentik.io/description: "Set sources and user fields on the identification stage"
|
|
|
|
entries:
|
|
- model: authentik_stages_identification.identificationstage
|
|
identifiers:
|
|
name: "{{ authentik_identification_stage_name }}"
|
|
attrs:
|
|
# Local login fields (username, email, upn)
|
|
user_fields:
|
|
{% for field in authentik_login_user_fields %}
|
|
- {{ field }}
|
|
{% endfor %}
|
|
{% if authentik_login_sources %}
|
|
# OAuth/social login sources (use !Find to reference sources from other blueprints)
|
|
sources:
|
|
{% for src in authentik_login_sources %}
|
|
- !Find [authentik_sources_oauth.oauthsource, [slug, {{ src.slug }}]]
|
|
{% endfor %}
|
|
{% endif %}
|