69 lines
No EOL
2 KiB
YAML
69 lines
No EOL
2 KiB
YAML
authentik_domain: authentik.local.test
|
|
authentik_secret_key: "vagrant-test-secret-key-change-in-production"
|
|
authentik_postgres_password: "vagrant-test-password"
|
|
|
|
authentik_proxy_apps:
|
|
- slug: httpbin
|
|
name: httpbin
|
|
internal_host: "http://httbin.local.test:80"
|
|
external_host: "https://httbin.local.test"
|
|
skip_path_regex: |
|
|
^/healthz$
|
|
flows:
|
|
authentication_slug: default-authentication-flow
|
|
authorization_slug: default-provider-authorization-implicit-consent
|
|
invalidation_slug: default-provider-invalidation-flow
|
|
|
|
authentik_proxy_outposts:
|
|
- name: "proxy-main"
|
|
type: "proxy"
|
|
service_connection: null
|
|
providers:
|
|
- httpbin
|
|
config:
|
|
authentik_host: "https://authentik.local.test/"
|
|
authentik_host_browser: "https://authentik.local.test/"
|
|
log_level: "info"
|
|
|
|
authentik_oidc_apps:
|
|
- slug: nextcloud
|
|
name: Nextcloud
|
|
client_id_env: NEXTCLOUD_OIDC_CLIENT_ID
|
|
client_secret_env: NEXTCLOUD_OIDC_CLIENT_SECRET
|
|
redirect_uris:
|
|
- url: "https://nextcloud.local.test/login/generic_oauth"
|
|
matching_mode: strict
|
|
signing_key_name: "authentik Self-signed Certificate"
|
|
flows:
|
|
authorization_slug: default-provider-authorization-implicit-consent
|
|
invalidation_slug: default-provider-invalidation-flow
|
|
scopes: [openid, email, profile, offline_access]
|
|
|
|
authentik_entra_sources:
|
|
- slug: entra-id
|
|
name: "Login with Entra"
|
|
tenant_mode: multi # Use 'single' with real tenant ID in production
|
|
# tenant_id_env: ENTRA_TENANT_ID # Not needed for multi-tenant mode
|
|
client_id_env: ENTRA_CLIENT_ID
|
|
client_secret_env: ENTRA_CLIENT_SECRET
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
|
|
authentik_login_sources:
|
|
- slug: entra-id
|
|
|
|
authentik_local_users:
|
|
- username: akadmin
|
|
name: "Authentik Admin"
|
|
email: "admin@local.test"
|
|
password_env: AKADMIN_PASSWORD
|
|
is_active: true
|
|
groups:
|
|
- authentik Admins
|
|
|
|
authentik_blueprint_env:
|
|
AKADMIN_PASSWORD: "admin"
|
|
NEXTCLOUD_OIDC_CLIENT_ID: test1234
|
|
NEXTCLOUD_OIDC_CLIENT_SECRET: test1234 |