chore: apply authentik role for testing in vagrant
This commit is contained in:
parent
437262d6cc
commit
1b0b2db43a
GPG key ID:
C1E0AB516AC16D1A
2 changed files with 75 additions and 0 deletions
69
inventories/vagrant/host_vars/backend/authentik.yml
Normal file
69
inventories/vagrant/host_vars/backend/authentik.yml
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
authentik_domain: authentik.local.test
|
||||
authentik_secret_key: "vagrant-test-secret-key-change-in-production"
|
||||
authentik_postgres_password: "vagrant-test-password"
|
||||
|
||||
authentik_proxy_apps:
|
||||
- slug: httpbin
|
||||
name: httpbin
|
||||
internal_host: "http://httbin.local.test:80"
|
||||
external_host: "https://httbin.local.test"
|
||||
skip_path_regex: |
|
||||
^/healthz$
|
||||
flows:
|
||||
authentication_slug: default-authentication-flow
|
||||
authorization_slug: default-provider-authorization-implicit-consent
|
||||
invalidation_slug: default-provider-invalidation-flow
|
||||
|
||||
authentik_proxy_outposts:
|
||||
- name: "proxy-main"
|
||||
type: "proxy"
|
||||
service_connection: null
|
||||
providers:
|
||||
- httpbin
|
||||
config:
|
||||
authentik_host: "https://authentik.local.test/"
|
||||
authentik_host_browser: "https://authentik.local.test/"
|
||||
log_level: "info"
|
||||
|
||||
authentik_oidc_apps:
|
||||
- slug: nextcloud
|
||||
name: Nextcloud
|
||||
client_id_env: NEXTCLOUD_OIDC_CLIENT_ID
|
||||
client_secret_env: NEXTCLOUD_OIDC_CLIENT_SECRET
|
||||
redirect_uris:
|
||||
- url: "https://nextcloud.local.test/login/generic_oauth"
|
||||
matching_mode: strict
|
||||
signing_key_name: "authentik Self-signed Certificate"
|
||||
flows:
|
||||
authorization_slug: default-provider-authorization-implicit-consent
|
||||
invalidation_slug: default-provider-invalidation-flow
|
||||
scopes: [openid, email, profile, offline_access]
|
||||
|
||||
authentik_entra_sources:
|
||||
- slug: entra-id
|
||||
name: "Login with Entra"
|
||||
tenant_mode: multi # Use 'single' with real tenant ID in production
|
||||
# tenant_id_env: ENTRA_TENANT_ID # Not needed for multi-tenant mode
|
||||
client_id_env: ENTRA_CLIENT_ID
|
||||
client_secret_env: ENTRA_CLIENT_SECRET
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
|
||||
authentik_login_sources:
|
||||
- slug: entra-id
|
||||
|
||||
authentik_local_users:
|
||||
- username: akadmin
|
||||
name: "Authentik Admin"
|
||||
email: "admin@local.test"
|
||||
password_env: AKADMIN_PASSWORD
|
||||
is_active: true
|
||||
groups:
|
||||
- authentik Admins
|
||||
|
||||
authentik_blueprint_env:
|
||||
AKADMIN_PASSWORD: "admin"
|
||||
NEXTCLOUD_OIDC_CLIENT_ID: test1234
|
||||
NEXTCLOUD_OIDC_CLIENT_SECRET: test1234
|
||||
|
|
@ -35,6 +35,12 @@
|
|||
roles:
|
||||
- digitalboard.core.nextcloud
|
||||
|
||||
- name: Deploy authentik service
|
||||
hosts: authentik_servers
|
||||
become: yes
|
||||
roles:
|
||||
- digitalboard.core.authentik
|
||||
|
||||
- name: Configure reverse proxy on DMZ servers
|
||||
hosts: traefik_servers_dmz
|
||||
become: yes
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue