gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance Authentik and Newt configurations to support Open WebUI integration. Add necessary environment variables and secrets management for Open WebUI in .env.sample and Ansible tasks. Update README to clarify setup steps for automating HTTP resources with Pangolin, ensuring consistency with new branding and deployment practices.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-15 00:04:34 -04:00
parent 97da42b15c
commit 2fb86f5930
18 changed files with 674 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.env.sample
View File

@@ -12,13 +12,21 @@ PANGOLIN_ENDPOINT=
NEWT_ID=
NEWT_SECRET=
# Optional: Pangolin Integration API — automate public HTTP resources + Traefik targets (**noble_pangolin_sync_http_resources=true** in **group_vars**; see **clusters/noble/bootstrap/newt/README.md** §4).
# NOBLE_PANGOLIN_API_BASE=https://api.your-pangolin.example/v1
# NOBLE_PANGOLIN_ORG_ID=
# NOBLE_PANGOLIN_API_TOKEN=
# NOBLE_PANGOLIN_SITE_ID=
# NOBLE_PANGOLIN_TRAEFIK_IP=192.168.50.211
# NOBLE_PANGOLIN_TRAEFIK_PORT=443
# Velero — when **noble_velero_install=true**, set bucket + S3 API URL and credentials (see clusters/noble/bootstrap/velero/README.md).
NOBLE_VELERO_S3_BUCKET=
NOBLE_VELERO_S3_URL=
NOBLE_VELERO_AWS_ACCESS_KEY_ID=
NOBLE_VELERO_AWS_SECRET_ACCESS_KEY=
# Authentik + OIDC — when **noble_authentik_install=true**, Ansible installs Authentik and reconfigures Argo CD, Grafana, Headlamp (native OIDC) and Prometheus/Alertmanager/Longhorn via oauth2-proxy (OIDC to Authentik + Traefik ForwardAuth). See **ansible/roles/noble_authentik/README.md**.
# Authentik + OIDC — when **noble_authentik_install=true**, Ansible installs Authentik and reconfigures Argo CD, Grafana, Headlamp, **Open WebUI** (native OIDC) and Prometheus/Alertmanager/Longhorn via oauth2-proxy (OIDC to Authentik + Traefik ForwardAuth). See **ansible/roles/noble_authentik/README.md**.
NOBLE_AUTHENTIK_SECRET_KEY=
NOBLE_AUTHENTIK_POSTGRES_PASSWORD=
NOBLE_AUTHENTIK_BOOTSTRAP_TOKEN=
@@ -28,6 +36,11 @@ NOBLE_AUTHENTIK_CLIENT_SECRET_ARGOCD=
NOBLE_AUTHENTIK_CLIENT_SECRET_GRAFANA=
NOBLE_AUTHENTIK_CLIENT_SECRET_HEADLAMP=
NOBLE_AUTHENTIK_CLIENT_SECRET_OAUTH2_PROXY=
# Open WebUI (Argo app **clusters/noble/apps/open-webui**) — OIDC client secret + app secrets (see **clusters/noble/apps/open-webui/values.yaml**).
NOBLE_AUTHENTIK_CLIENT_SECRET_OPEN_WEBUI=
NOBLE_OPEN_WEBUI_OPENAI_API_KEY=
# e.g. openssl rand -hex 32
NOBLE_OPEN_WEBUI_WEBUI_SECRET_KEY=
# Random secret for oauth2-proxy session cookie (see oauth2-proxy Helm chart docs; e.g. openssl rand -base64 32 | head -c 32 | base64)
NOBLE_AUTHENTIK_OAUTH2_PROXY_COOKIE_SECRET=
# S3 media — **separate** bucket from Velero backups (**NOBLE_VELERO_S3_BUCKET**). Endpoint and keys default to the Velero vars above unless you set the Authentik-specific overrides.