68 lines
1.8 KiB
HCL
68 lines
1.8 KiB
HCL
resource "random_id" "paperless_client_id" {
|
|
byte_length = 16
|
|
}
|
|
|
|
resource "authentik_provider_oauth2" "paperless" {
|
|
name = "Paperless"
|
|
# Required. You can use the output of:
|
|
# $ openssl rand -hex 16
|
|
client_id = random_id.paperless_client_id.id
|
|
|
|
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
|
|
|
|
redirect_uris = [
|
|
"https://paperless.lab.cowley.tech/accounts/oidc/authentik/login/callback/"
|
|
]
|
|
|
|
property_mappings = [
|
|
data.authentik_property_mapping_provider_scope.scope-email.id,
|
|
data.authentik_property_mapping_provider_scope.scope-profile.id,
|
|
data.authentik_property_mapping_provider_scope.scope-openid.id,
|
|
]
|
|
lifecycle {
|
|
ignore_changes = [
|
|
signing_key,
|
|
authentication_flow,
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "authentik_application" "paperless" {
|
|
name = "Paperless"
|
|
slug = "paperless"
|
|
protocol_provider = authentik_provider_oauth2.paperless.id
|
|
}
|
|
|
|
#data "template_file" "paperless-config" {
|
|
# template = "${file("${path.module}/paperless.tpl")}"
|
|
# vars = {
|
|
# client_id = authentik_provider_oauth2.paperless.client_id
|
|
# }
|
|
#}
|
|
|
|
resource "kubernetes_namespace" "paperless" {
|
|
metadata {
|
|
name = "paperless-ngx"
|
|
}
|
|
lifecycle {
|
|
ignore_changes = [
|
|
metadata[0].labels
|
|
]
|
|
}
|
|
}
|
|
resource "kubernetes_secret" "paperless-env" {
|
|
metadata {
|
|
name = "paperless-env"
|
|
namespace = kubernetes_namespace.paperless.metadata[0].name
|
|
}
|
|
data = {
|
|
"PAPERLESS_APPS" = "allauth.socialaccount.providers.openid_connect"
|
|
"PAPERLESS_SOCIALACCOUNT_PROVIDERS" = templatefile(
|
|
"${path.module}/paperless.tpl",
|
|
{
|
|
client_id = authentik_provider_oauth2.paperless.client_id,
|
|
client_secret = authentik_provider_oauth2.paperless.client_secret
|
|
}
|
|
)
|
|
}
|
|
}
|