chore: apply authentik role for testing in vagrant
This commit is contained in:
parent
437262d6cc
commit
1b0b2db43a
GPG key ID:
C1E0AB516AC16D1A
2 changed files with 75 additions and 0 deletions
69
inventories/vagrant/host_vars/backend/authentik.yml
Normal file
69
inventories/vagrant/host_vars/backend/authentik.yml
Normal file
|
|
@ -0,0 +1,69 @@
|
||||||
|
authentik_domain: authentik.local.test
|
||||||
|
authentik_secret_key: "vagrant-test-secret-key-change-in-production"
|
||||||
|
authentik_postgres_password: "vagrant-test-password"
|
||||||
|
|
||||||
|
authentik_proxy_apps:
|
||||||
|
- slug: httpbin
|
||||||
|
name: httpbin
|
||||||
|
internal_host: "http://httbin.local.test:80"
|
||||||
|
external_host: "https://httbin.local.test"
|
||||||
|
skip_path_regex: |
|
||||||
|
^/healthz$
|
||||||
|
flows:
|
||||||
|
authentication_slug: default-authentication-flow
|
||||||
|
authorization_slug: default-provider-authorization-implicit-consent
|
||||||
|
invalidation_slug: default-provider-invalidation-flow
|
||||||
|
|
||||||
|
authentik_proxy_outposts:
|
||||||
|
- name: "proxy-main"
|
||||||
|
type: "proxy"
|
||||||
|
service_connection: null
|
||||||
|
providers:
|
||||||
|
- httpbin
|
||||||
|
config:
|
||||||
|
authentik_host: "https://authentik.local.test/"
|
||||||
|
authentik_host_browser: "https://authentik.local.test/"
|
||||||
|
log_level: "info"
|
||||||
|
|
||||||
|
authentik_oidc_apps:
|
||||||
|
- slug: nextcloud
|
||||||
|
name: Nextcloud
|
||||||
|
client_id_env: NEXTCLOUD_OIDC_CLIENT_ID
|
||||||
|
client_secret_env: NEXTCLOUD_OIDC_CLIENT_SECRET
|
||||||
|
redirect_uris:
|
||||||
|
- url: "https://nextcloud.local.test/login/generic_oauth"
|
||||||
|
matching_mode: strict
|
||||||
|
signing_key_name: "authentik Self-signed Certificate"
|
||||||
|
flows:
|
||||||
|
authorization_slug: default-provider-authorization-implicit-consent
|
||||||
|
invalidation_slug: default-provider-invalidation-flow
|
||||||
|
scopes: [openid, email, profile, offline_access]
|
||||||
|
|
||||||
|
authentik_entra_sources:
|
||||||
|
- slug: entra-id
|
||||||
|
name: "Login with Entra"
|
||||||
|
tenant_mode: multi # Use 'single' with real tenant ID in production
|
||||||
|
# tenant_id_env: ENTRA_TENANT_ID # Not needed for multi-tenant mode
|
||||||
|
client_id_env: ENTRA_CLIENT_ID
|
||||||
|
client_secret_env: ENTRA_CLIENT_SECRET
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
|
||||||
|
authentik_login_sources:
|
||||||
|
- slug: entra-id
|
||||||
|
|
||||||
|
authentik_local_users:
|
||||||
|
- username: akadmin
|
||||||
|
name: "Authentik Admin"
|
||||||
|
email: "admin@local.test"
|
||||||
|
password_env: AKADMIN_PASSWORD
|
||||||
|
is_active: true
|
||||||
|
groups:
|
||||||
|
- authentik Admins
|
||||||
|
|
||||||
|
authentik_blueprint_env:
|
||||||
|
AKADMIN_PASSWORD: "admin"
|
||||||
|
NEXTCLOUD_OIDC_CLIENT_ID: test1234
|
||||||
|
NEXTCLOUD_OIDC_CLIENT_SECRET: test1234
|
||||||
|
|
@ -35,6 +35,12 @@
|
||||||
roles:
|
roles:
|
||||||
- digitalboard.core.nextcloud
|
- digitalboard.core.nextcloud
|
||||||
|
|
||||||
|
- name: Deploy authentik service
|
||||||
|
hosts: authentik_servers
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- digitalboard.core.authentik
|
||||||
|
|
||||||
- name: Configure reverse proxy on DMZ servers
|
- name: Configure reverse proxy on DMZ servers
|
||||||
hosts: traefik_servers_dmz
|
hosts: traefik_servers_dmz
|
||||||
become: yes
|
become: yes
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue