gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Authentik and oauth2-proxy support to noble cluster setup, including environment variables, playbook tags, and landing URLs. Update README and kustomization.yaml to reflect new OIDC integration, enhancing security and user authentication capabilities.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 00:23:48 -04:00
parent 2bf7277917
commit 78b524a044
25 changed files with 1125 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
ansible/roles/noble_authentik/defaults/main.yml Normal file
View File

@@ -0,0 +1,42 @@
---
# Set **noble_authentik_install: true** after filling **.env** (see role README and repository **.env.sample**).
noble_authentik_install: false
# When true, run **configure_authentik.py** against the Authentik API (requires bootstrap token + client secrets).
noble_authentik_configure_idp: true
noble_authentik_chart_version: "2026.2.3"
noble_authentik_oauth2_proxy_chart_version: "10.4.3"
noble_authentik_host: auth.apps.noble.lab.pcenicni.dev
noble_authentik_public_url: "https://{{ noble_authentik_host }}"
noble_authentik_api_base: "{{ noble_authentik_public_url }}/api/v3"
noble_authentik_oauth2_proxy_host: oauth2.apps.noble.lab.pcenicni.dev
# OIDC client ids (must match Authentik providers created by configure script)
noble_authentik_client_id_argocd: argocd
noble_authentik_client_id_grafana: grafana
noble_authentik_client_id_headlamp: headlamp
noble_authentik_client_id_oauth2_proxy: oauth2-proxy
# Secrets / bootstrap — prefer **lookup('env', ...)** set via repository **.env** (see from_env.yml).
noble_authentik_secret_key: ""
noble_authentik_postgresql_password: ""
noble_authentik_bootstrap_token: ""
noble_authentik_bootstrap_email: ""
noble_authentik_bootstrap_password: ""
noble_authentik_client_secret_argocd: ""
noble_authentik_client_secret_grafana: ""
noble_authentik_client_secret_headlamp: ""
noble_authentik_client_secret_oauth2_proxy: ""
noble_authentik_oauth2_proxy_cookie_secret: ""
noble_authentik_helm_wait_timeout: 25m
# Re-apply the same chart versions as the rest of noble.yml when flipping SSO on.
noble_authentik_argocd_chart_version: "9.4.17"
noble_authentik_kube_prometheus_chart_version: "82.15.1"
noble_authentik_headlamp_chart_version: "0.40.1"
noble_authentik_longhorn_chart_version: "1.11.2"
noble_authentik_kube_prometheus_helm_wait_timeout: 60m