gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor Authentik blueprint configuration to merge public, extra, and Nikflix directory groups into a single YAML template. Update README to clarify group entry requirements and enhance validation in Ansible tasks for blueprint entries. This improves the structure and usability of directory groups in Authentik deployments.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 22:39:53 -04:00
parent 93d602de9d
commit 7b337f7128
4 changed files with 102 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
ansible/roles/noble_authentik/defaults/main.yml
View File

@@ -29,10 +29,35 @@ noble_authentik_ingress_extra_hosts: []
# Mounted **blueprints** (ConfigMap → worker `/blueprints/mounted/cm-*`). See README § split routing / two-Brand.
noble_authentik_blueprints_enabled: false
noble_authentik_blueprints_configmap_name: authentik-noble-blueprints
# Directory groups for the public Brand(s); adjust names to match your apps policies / OAuth claims.
# Directory groups for the public Brand(s), merged with **`noble_authentik_blueprint_extra_directory_groups`**
# and **`noble_authentik_blueprint_nikflix_groups`** into **`templates/blueprints/10-noble-public-groups.yaml.j2`**. Each item may be:
# - a **string** (group name only), or
# - a **dict** with **`name`** (required) and optional **`is_superuser`** (bool), **`attributes`** (dict → JSON in blueprint),
# **`parents`** (list of **existing** group names — list parents *before* children in these lists, or use built-in groups).
noble_authentik_blueprint_public_groups:
- noble-public-users
- noble-public-admins
- name: noble-public-users
attributes:
"noble.ak/audience": public
- name: noble-public-admins
parents:
- noble-public-users
attributes:
"noble.ak/audience": public
# Additional directory groups (same entry shape as **`noble_authentik_blueprint_public_groups`**); merged into one blueprint.
noble_authentik_blueprint_extra_directory_groups: []
# Nikflix (e.g. **auth.nikflix.ca**) directory groups — merged **after** public + extra so **`parents`** can reference those.
# Prefer **audience** groups (`nikflix-users` / `nikflix-admins`); add per-service groups only when an app needs a distinct binding.
noble_authentik_blueprint_nikflix_groups:
- name: nikflix-users
attributes:
"noble.ak/brand": nikflix
"noble.ak/audience": public
- name: nikflix-admins
parents:
- nikflix-users
attributes:
"noble.ak/brand": nikflix
"noble.ak/audience": public
# Lab-only authentication flow slug (Brand for **`noble_authentik_host`** points here).
noble_authentik_blueprint_lab_flow_slug: noble-lab-operator-authentication-flow
noble_authentik_blueprint_operator_policy_name: noble-lab-operators-only