gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add optional SMTP configuration for Authentik, including email host, port, and credentials. Update README and .env.sample to clarify usage for outbound email settings. Introduce blueprint support for enhanced deployment flexibility, with assertions in Ansible tasks to ensure required variables are set when enabled.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 22:21:11 -04:00
parent e48b19b64c
commit fbcd2416e6
14 changed files with 478 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
ansible/roles/noble_authentik/defaults/main.yml
View File

@@ -26,6 +26,24 @@ noble_authentik_api_base: "{{ noble_authentik_public_url }}/api/v3"
# Ansible merges these into **server.ingress.hosts** / **tls** (one cert Secret with multiple SANs).
noble_authentik_ingress_extra_hosts: []
# Mounted **blueprints** (ConfigMap → worker `/blueprints/mounted/cm-*`). See README § split routing / two-Brand.
noble_authentik_blueprints_enabled: false
noble_authentik_blueprints_configmap_name: authentik-noble-blueprints
# Directory groups for the public Brand(s); adjust names to match your apps policies / OAuth claims.
noble_authentik_blueprint_public_groups:
- noble-public-users
- noble-public-admins
# Lab-only authentication flow slug (Brand for **`noble_authentik_host`** points here).
noble_authentik_blueprint_lab_flow_slug: noble-lab-operator-authentication-flow
noble_authentik_blueprint_operator_policy_name: noble-lab-operators-only
# Who may sign in on the **lab** hostname (`noble_authentik_host`). Bootstrap user should be in **noble-admins**
# and/or **authentik Admins** (see **`noble_authentik_ensure_admin_ui_access`**).
noble_authentik_blueprint_lab_operator_groups:
- noble-admins
- authentik Admins
noble_authentik_blueprint_lab_brand_title: Noble lab (operators)
noble_authentik_blueprint_public_brand_title_prefix: Noble public
noble_authentik_oauth2_proxy_host: oauth2.apps.noble.lab.pcenicni.dev
# Media: **S3** via Ansible **`global.env`** (same S3 **URL** + **access keys** as **Velero** when you omit Authentik-specific overrides).
@@ -37,6 +55,17 @@ noble_authentik_s3_secret_key: ""
noble_authentik_s3_region: "us-east-1"
noble_authentik_s3_addressing_style: "path"
# Optional outbound SMTP (maps to **AUTHENTIK_EMAIL__*** in Helm **global.env**). Leave **noble_authentik_smtp_host**
# empty to omit email env vars; set **NOBLE_AUTHENTIK_SMTP_HOST** (and **NOBLE_AUTHENTIK_SMTP_FROM**) in **.env** to enable.
noble_authentik_smtp_host: ""
noble_authentik_smtp_port: "587"
noble_authentik_smtp_username: ""
noble_authentik_smtp_password: ""
noble_authentik_smtp_use_tls: "true"
noble_authentik_smtp_use_ssl: "false"
noble_authentik_smtp_timeout: "30"
noble_authentik_smtp_from: ""
# OIDC client ids (must match Authentik providers created by configure script)
noble_authentik_client_id_argocd: argocd
noble_authentik_client_id_grafana: grafana