many things

2025-02-19 10:59:18 +00:00 · 2025-02-19 10:59:18 +00:00 · d908078ee6
commit d908078ee6
parent 846fca77c1
51 changed files with 4649 additions and 276 deletions
--- a/authentik/outposts.tf
+++ b/authentik/outposts.tf
@ -0,0 +1,67 @@
+resource "authentik_outpost" "embedded_outpost" {
+  name = "authentik Embedded Outpost"
+  protocol_providers = [
+    authentik_provider_proxy.spotizerr.id,
+    authentik_provider_proxy.esphome.id,
+    #authentik_provider_proxy.tubearchivist.id,
+  ]
+  service_connection = authentik_service_connection_kubernetes.local.id
+
+
+  #  config = jsonencode({
+  #    authentik_host                 = "https://auth.lab.cowley.tech"
+  #    authentik_host_browser         = ""
+  #    authentik_host_insecure        = false
+  #    docker_map_ports               = true
+  #    kubernetes_disabled_components = []
+  #    kubernetes_image_pull_secrets  = []
+  #    kubernetes_ingress_class_name  = "nginx"
+  #    kubernetes_ingress_annotations = {
+  #      "cert-manager.io/cluster-issuer" = "letsencrypt"
+  #    }
+  #    kubernetes_ingress_secret_name = "authentik-outpost-tls"
+  #    kubernetes_json_patches        = null
+  #    kubernetes_namespace           = "authentik"
+  #    kubernetes_replicas            = 1
+  #    kubernetes_service_type        = "ClusterIP"
+  #    log_level                      = "info"
+  #    object_naming_template         = "ak-outpost-%(name)s"
+  #    refresh_interval               = "minutes=5"
+  #  })
+}
+
+resource "authentik_outpost" "internal" {
+  name = "Internal Outpost"
+
+  protocol_providers = [
+    authentik_provider_proxy.longhorn.id,
+  ]
+  service_connection = authentik_service_connection_kubernetes.local.id
+
+  config = jsonencode({
+    authentik_host                = "https://auth.lab.cowley.tech"
+    docker_map_ports              = true
+    kubernetes_ingress_class_name = "traefik"
+    kubernetes_ingress_annotations = {
+      "cert-manager.io/cluster-issuer" = "letsencrypt"
+    }
+    kubernetes_ingress_secret_name = "authentk_internal_outpost_tls"
+    kubernetes_json_patches        = null
+    kubernetes_namespace           = "authentik"
+    kubernetes_replicas            = 1
+    kubernetes_service_type        = "ClusterIP"
+    log_level                      = "info"
+    object_naming_template         = "ak-outpost-%(name)s"
+    refresh_interval               = "minutes=5"
+  })
+}
+
+resource "authentik_service_connection_kubernetes" "local" {
+  name  = "Local Kubernetes Cluster"
+  local = true
+}
+
+#resource "authentik_service_connection_kubernetes" "k3s" {
+#  name  = "Homelab K3s Cluster"
+#  local = true
+#}