diff --git a/authentik/jellyfin.tf b/authentik/jellyfin.tf index e824fe8..0c876b8 100644 --- a/authentik/jellyfin.tf +++ b/authentik/jellyfin.tf @@ -9,7 +9,8 @@ resource "authentik_provider_oauth2" "jellyfin" { authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id redirect_uris = [ - "https://jellyfin.lab.cowley.tech/sso/OID/start/authentik" + "https://jellyfin.lab.cowley.tech/sso/OID/start/authentik", + ".*", ] property_mappings = [ diff --git a/authentik/wiki.tf b/authentik/wiki.tf new file mode 100644 index 0000000..5753ebd --- /dev/null +++ b/authentik/wiki.tf @@ -0,0 +1,49 @@ +resource "random_id" "wikijs_client_id" { + byte_length = 16 +} + +resource "authentik_provider_oauth2" "wikijs" { + name = "Wiki.js" + # Required. You can use the output of: + # $ openssl rand -hex 16 + client_id = random_id.wikijs_client_id.id + authentication_flow = data.authentik_flow.default-authentication-flow.id + authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id + + client_type = "public" + + redirect_uris = [ + "https://wiki.lab.cowley.tech/", + ".*" + ] + + property_mappings = [ + data.authentik_property_mapping_provider_scope.scope-email.id, + data.authentik_property_mapping_provider_scope.scope-profile.id, + data.authentik_property_mapping_provider_scope.scope-openid.id, + ] + lifecycle { + ignore_changes = [ + signing_key, + authentication_flow, + ] + } +} +resource "kubernetes_secret" "wikijs-oauth" { + metadata { + name = "wikijs-oauth" + namespace = "wikijs" + } + data = { + "key" = authentik_provider_oauth2.wikijs.client_id + "secret" = authentik_provider_oauth2.wikijs.client_secret + } +} +resource "authentik_application" "wikijs" { + name = "Wiki.js" + slug = "wikijs" + protocol_provider = authentik_provider_oauth2.wikijs.id + + meta_launch_url = "https://wiki.lab.cowley.tech/login/144cdcbe-d199-4f2c-93ae-cde7f662ce04" + open_in_new_tab = true +}