gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance Authentik role in noble cluster setup by adding support for resolving OAuth2 flow, signing key, and scope mapping UUIDs from the worker database, improving API access under 2026+ RBAC. Update README with troubleshooting steps for common OAuth2 provider issues and adjust default variables for better configuration management. Ensure seamless integration with oauth2-proxy by allowing unverified email handling in development environments.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 14:26:43 -04:00
parent c392ce1e5a
commit 5e5c6ef671
24 changed files with 868 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/noble_authentik/templates/authentik-worker-admin-access-spec.json.j2 Normal file
View File

@@ -0,0 +1,3 @@
{
"bootstrap_email": {{ noble_authentik_bootstrap_email | default('') | trim | to_json }}
}

32
ansible/roles/noble_authentik/templates/authentik-worker-oidc-spec.json.j2 Normal file
View File

@@ -0,0 +1,32 @@
{
"authorization_flow": {{ noble_authentik_oauth_authorization_flow_pk | trim | to_json }},
"invalidation_flow": {{ noble_authentik_oauth_invalidation_flow_pk | trim | to_json }},
"signing_key": {{ noble_authentik_oauth_signing_key_pk | trim | to_json }},
"property_mappings": {{ (noble_authentik_oauth_scope_mapping_pks | default('')).split(',') | map('trim') | reject('equalto', '') | list | to_json }},
"clients": {
"argocd": {
"name": "Argo CD",
"client_id": {{ noble_authentik_client_id_argocd | to_json }},
"client_secret": {{ noble_authentik_client_secret_argocd | to_json }},
"redirect_uri": "https://argo.apps.noble.lab.pcenicni.dev/auth/callback"
},
"grafana": {
"name": "Grafana",
"client_id": {{ noble_authentik_client_id_grafana | to_json }},
"client_secret": {{ noble_authentik_client_secret_grafana | to_json }},
"redirect_uri": "https://grafana.apps.noble.lab.pcenicni.dev/login/generic_oauth"
},
"headlamp": {
"name": "Headlamp",
"client_id": {{ noble_authentik_client_id_headlamp | to_json }},
"client_secret": {{ noble_authentik_client_secret_headlamp | to_json }},
"redirect_uri": "https://headlamp.apps.noble.lab.pcenicni.dev/oidc-callback"
},
"oauth2-proxy": {
"name": "oauth2-proxy (ForwardAuth)",
"client_id": {{ noble_authentik_client_id_oauth2_proxy | to_json }},
"client_secret": {{ noble_authentik_client_secret_oauth2_proxy | to_json }},
"redirect_uri": "https://{{ noble_authentik_oauth2_proxy_host }}/oauth2/callback"
}
}
}

7
ansible/roles/noble_authentik/templates/authentik-worker-user-groups-spec.json.j2 Normal file
View File

@@ -0,0 +1,7 @@
{
"email": {{ noble_authentik_bootstrap_email | trim | to_json }},
"group_pks": [
{{ noble_authentik_group_pk_noble_admins | trim | to_json }},
{{ noble_authentik_group_pk_noble_editors | trim | to_json }}
]
}