CaZzzer/alpina
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

authentik: add support for basic http auth on arrstack

Browse Source
This commit is contained in:
Iurii Tatishchev 2023-04-04 02:46:51 -07:00
parent 659d5ffebc
commit ec335e5d3c
Signed by: CaZzzer
GPG Key ID: 9A156B7DA6398968
3 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/authentik/templates/blueprints/arrstack.yaml.j2
View File

@ -8,6 +8,9 @@ entries:
name: arrstack name: arrstack
model: authentik_core.group model: authentik_core.group
id: arrstack id: arrstack
attrs:
arrstack_username: "arr"
arrstack_password: "{{ arrstack_password }}"
{% for service in ["qBit", "Prowlarr", "Sonarr", "Radarr"] -%} {% for service in ["qBit", "Prowlarr", "Sonarr", "Radarr"] -%}
- identifiers: - identifiers:
@ -18,6 +21,11 @@ entries:
access_token_validity: hours=24 access_token_validity: hours=24
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
certificate: !Find [authentik_crypto.certificatekeypair, [name, "authentik Self-signed Certificate"]] certificate: !Find [authentik_crypto.certificatekeypair, [name, "authentik Self-signed Certificate"]]
{% if service != 'qBit' -%}
basic_auth_enabled: true
basic_auth_user_attribute: arrstack_username
basic_auth_password_attribute: arrstack_password
{% endif -%}
intercept_header_auth: true intercept_header_auth: true
external_host: https://{{ service | lower }}.{{ domain }}/ external_host: https://{{ service | lower }}.{{ domain }}/
mode: forward_single mode: forward_single

2
roles/authentik/templates/docker-compose.yml.j2
View File

@ -15,7 +15,7 @@ services:
- {{ helpers.traefik_labels('auth', port='9000') | indent(6) }} - {{ helpers.traefik_labels('auth', port='9000') | indent(6) }}
- traefik.http.middlewares.authentik.forwardauth.address=http://localhost:9000/outpost.goauthentik.io/auth/traefik - traefik.http.middlewares.authentik.forwardauth.address=http://localhost:9000/outpost.goauthentik.io/auth/traefik
- traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=Authorization,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
restart: unless-stopped restart: unless-stopped
# Port forward is needed because traefik can't resolve the container name from the host network # Port forward is needed because traefik can't resolve the container name from the host network
ports: ports:

35
roles/authentik/vars/app_config.yml
View File

@ -1,18 +1,19 @@
$ANSIBLE_VAULT;1.2;AES256;alpina $ANSIBLE_VAULT;1.2;AES256;alpina
38336166363764396232386330336236356663376532323666326237336636626661343963653838 33343634343761393265346336326263346166326365656461353361373738343262613534363664
6362363439383865393864363535613664656565653138360a373066343138633337653536386138 6238313838623436643730393465353361343730343938380a373235363835313561333934366361
63373232616430626464303832313966353162626333393032656237313939366538643930613365 61626630616365633134393337376464303537623839623639626561383036663432336537396338
6637373666616538370a353635393731356237316462326437326463636438306134323839323637 6230366561373638350a636634613436346237373166626162656535306234346439666161633634
31653333326531663236333862316533346533623761306135393233333730386131666235356663 63633436376562373739396261313133383161353463393737346436623239346232393034363335
62313030323736373837633938646237303966373865353037656339613364386165646534373461 38363962306463386464633338363162623832363431373765656232343931376363653464313438
64343164663533613931613461616166646632353362386638336162303935336466393133356265 62316635623236633762353061326539343435393737333563313331393134643439393463623637
31643366623036356632646338616431663737636637656462316165363231383631353961383663 64633262656366333537663663346239653533353132343066383438333636396238393135623530
35613565316638353361316632376263633866353562303832623562393832326439386230343237 35323439666437313936343733376336383961653864396133373831316139353163613337306533
39386536376530336365336234363134643334303836326130396330626566366663303764313262 63366233333865653166336466343830336239346532373466376261333530666230633434393933
33333333353738623230633139343135613730636161306662636136646361613863363461333462 30383032613466393833353065653465633633663333663132636164303264316163343961653562
64633434323361643034333834643766336466333636616136616563643930636339663462633865 36356138343130316636333231613033646565353863323132643432656239636538366462353338
34343133663737356633633264396433373334393065366130313563393231633932663231616137 37353936326661303064313635633865663939316631623764393235383630353132343135616338
65643739333137393034623362303735643166326132343133643435613936373333333464356638 32623938616136326561323033336134636364623165646566646662353066623432363538386364
32646436373264636161613630366661383265373537646239643562303237636663616638383030 30663734366136313933666332323538346266306133383838323839363233653435643862316136
62363664633332663638396630366134613464363137323562646236383961373239333133323964 33353436313834356230313164623838363363336266323637353263353763326235636161383836
3065 63323839363438333538326130653063313734303237623234376235396638343531623661626661
3364616438373366663837613933376361653664363532653833