# Noble — directory groups (blueprint). Merges (in order): **noble_authentik_blueprint_public_groups**,
# **noble_authentik_blueprint_extra_directory_groups**, **noble_authentik_blueprint_nikflix_groups** (see role README).
# Each entry: a string (**name** only), or a mapping with **name** and optional **is_superuser**, **attributes**, **parents**.
# **parents** must reference groups that already exist: list those entries *before* children in the merged list, or rely on built-in groups.
version: 1
metadata:
  name: noble-directory-groups
  labels:
    blueprints.goauthentik.io/instantiate: "true"
entries:
{% set _all = (noble_authentik_blueprint_public_groups | default([]))
    + (noble_authentik_blueprint_extra_directory_groups | default([]))
    + (noble_authentik_blueprint_nikflix_groups | default([])) %}
{% for g in _all %}
{% set gn = (g.name if (g is mapping) else g) | trim %}
  - model: authentik_core.group
    identifiers:
      name: {{ gn | to_json }}
{% if g is mapping and (
     (g.get('is_superuser') | default(false) | bool)
     or ((g.get('attributes') or {}) | length > 0)
     or ((g.get('parents') or []) | length > 0)
   ) %}
    attrs:
{% if g.get('is_superuser') | default(false) | bool %}
      is_superuser: true
{% endif %}
{% if (g.get('attributes') or {}) | length > 0 %}
      attributes: {{ g.attributes | to_json }}
{% endif %}
{% if (g.get('parents') or []) | length > 0 %}
      parents:
{% for p in g.parents %}
        - !Find [authentik_core.group, [name, {{ p | trim | to_json }}]]
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}