From 278839fdba24b2fc9030a75c56dd62790ee903b1 Mon Sep 17 00:00:00 2001 From: Yuri Tatishchev Date: Tue, 31 Dec 2024 18:09:23 -0800 Subject: [PATCH] authentik: add vpgen group, change default enrollment group to vpgen --- group_vars/alpina/vars.yml | 3 ++- .../authentik/blueprints/alpina-enrollment-internal.yaml.j2 | 2 +- .../services/authentik/blueprints/alpina-groups.yaml.j2 | 5 +++++ .../authentik/blueprints/alpina-oauth-sources.yaml.j2 | 2 +- .../services/authentik/blueprints/apps-oauth2.yaml.j2 | 2 +- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/group_vars/alpina/vars.yml b/group_vars/alpina/vars.yml index 21ece46..3e74ae0 100644 --- a/group_vars/alpina/vars.yml +++ b/group_vars/alpina/vars.yml @@ -10,7 +10,6 @@ traefik_subnet: 172.16.122.0 # Authentik authentik_db_password: "{{ vault_authentik_db_password }}" authentik_secret_key: "{{ vault_authentik_secret_key }}" - authentik_sendgrid_api_key: "{{ vault_authentik_sendgrid_api_key }}" auth_grafana_client_secret: "{{ vault_auth_grafana_client_secret }}" @@ -20,6 +19,8 @@ auth_nextcloud_client_secret: "{{ vault_auth_nextcloud_client_secret }}" arrstack_password: "{{ vault_arrstack_password }}" auth_vpgen_client_secret: "{{ vault_auth_vpgen_client_secret }}" +auth_default_enrollment_group: vpgen + # Minio minio_password: "{{ vault_minio_password }}" diff --git a/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2 b/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2 index 577d8b9..ceca238 100644 --- a/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2 +++ b/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2 @@ -93,7 +93,7 @@ entries: id: enrollment-user-write attrs: user_type: internal - create_users_group: !Find [authentik_core.group, [name, users]] + create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]] - identifiers: name: alpina-enrollment-email-verify model: authentik_stages_email.emailstage diff --git a/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2 b/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2 index e459d4f..dbda9b4 100644 --- a/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2 +++ b/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2 @@ -38,3 +38,8 @@ entries: return { "policy": policy, } + + - identifiers: + name: "vpgen" + model: authentik_core.group + id: "vpgen" diff --git a/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2 b/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2 index 52c9dc1..044787e 100644 --- a/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2 +++ b/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2 @@ -76,4 +76,4 @@ entries: model: authentik_stages_user_write.userwritestage attrs: user_type: internal - create_users_group: !Find [authentik_core.group, [name, users]] + create_users_group: !Find [authentik_core.group, [name, {{ auth_default_enrollment_group }}]] diff --git a/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2 b/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2 index 12ce343..d81150e 100644 --- a/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2 +++ b/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2 @@ -38,7 +38,7 @@ entries: "icon": "https://vpgen."~ domain ~"/favicon.png", "client_secret": auth_vpgen_client_secret, "ui_group": "Apps", - "allowed_for_groups": ["admins", "users"], + "allowed_for_groups": ["admins", "users", "vpgen"], }, } -%} {% for app in apps.keys() -%}