authentik_domain: authentik.local.test authentik_secret_key: "vagrant-test-secret-key-change-in-production" authentik_postgres_password: "vagrant-test-password" authentik_proxy_apps: - slug: httpbin name: httpbin internal_host: "http://httbin.local.test:80" external_host: "https://httbin.local.test" skip_path_regex: | ^/healthz$ flows: authentication_slug: default-authentication-flow authorization_slug: default-provider-authorization-implicit-consent invalidation_slug: default-provider-invalidation-flow authentik_proxy_outposts: - name: "proxy-main" type: "proxy" service_connection: null providers: - httpbin config: authentik_host: "https://authentik.local.test/" authentik_host_browser: "https://authentik.local.test/" log_level: "info" authentik_oidc_apps: - slug: nextcloud name: Nextcloud client_id_env: NEXTCLOUD_OIDC_CLIENT_ID client_secret_env: NEXTCLOUD_OIDC_CLIENT_SECRET redirect_uris: - url: "https://nextcloud.local.test/login/generic_oauth" matching_mode: strict signing_key_name: "authentik Self-signed Certificate" flows: authorization_slug: default-provider-authorization-implicit-consent invalidation_slug: default-provider-invalidation-flow scopes: [openid, email, profile, offline_access] authentik_entra_sources: - slug: entra-id name: "Login with Entra" tenant_mode: multi # Use 'single' with real tenant ID in production # tenant_id_env: ENTRA_TENANT_ID # Not needed for multi-tenant mode client_id_env: ENTRA_CLIENT_ID client_secret_env: ENTRA_CLIENT_SECRET scopes: - openid - profile - email authentik_login_sources: - slug: entra-id authentik_local_users: - username: akadmin name: "Authentik Admin" email: "admin@local.test" password_env: AKADMIN_PASSWORD is_active: true groups: - authentik Admins authentik_blueprint_env: AKADMIN_PASSWORD: "admin" NEXTCLOUD_OIDC_CLIENT_ID: test1234 NEXTCLOUD_OIDC_CLIENT_SECRET: test1234