gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor Authentik blueprint configuration to merge public, extra, and Nikflix directory groups into a single YAML template. Update README to clarify group entry requirements and enhance validation in Ansible tasks for blueprint entries. This improves the structure and usability of directory groups in Authentik deployments.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 22:39:53 -04:00
parent 93d602de9d
commit 7b337f7128
4 changed files with 102 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ansible/roles/noble_authentik/templates/blueprints/10-noble-public-groups.yaml.j2
View File

@@ -1,13 +1,38 @@
# Noble — directory groups for the **public** hostname Brand (see role README).
# Groups are global to the instance; use policies and OAuth scope mappings to scope claims per app.
# Noble — directory groups (blueprint). Merges (in order): **noble_authentik_blueprint_public_groups**,
# **noble_authentik_blueprint_extra_directory_groups**, **noble_authentik_blueprint_nikflix_groups** (see role README).
# Each entry: a string (**name** only), or a mapping with **name** and optional **is_superuser**, **attributes**, **parents**.
# **parents** must reference groups that already exist: list those entries *before* children in the merged list, or rely on built-in groups.
version: 1
metadata:
name: noble-public-groups
name: noble-directory-groups
labels:
blueprints.goauthentik.io/instantiate: "true"
entries:
{% for group in noble_authentik_blueprint_public_groups | default([]) %}
{% set _all = (noble_authentik_blueprint_public_groups | default([]))
+ (noble_authentik_blueprint_extra_directory_groups | default([]))
+ (noble_authentik_blueprint_nikflix_groups | default([])) %}
{% for g in _all %}
{% set gn = (g.name if (g is mapping) else g) | trim %}
- model: authentik_core.group
identifiers:
name: "{{ group | trim }}"
name: {{ gn | to_json }}
{% if g is mapping and (
(g.get('is_superuser') | default(false) | bool)
or ((g.get('attributes') or {}) | length > 0)
or ((g.get('parents') or []) | length > 0)
) %}
attrs:
{% if g.get('is_superuser') | default(false) | bool %}
is_superuser: true
{% endif %}
{% if (g.get('attributes') or {}) | length > 0 %}
attributes: {{ g.attributes | to_json }}
{% endif %}
{% if (g.get('parents') or []) | length > 0 %}
parents:
{% for p in g.parents %}
- !Find [authentik_core.group, [name, {{ p | trim | to_json }}]]
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}