96 lines
2.9 KiB
Django/Jinja
96 lines
2.9 KiB
Django/Jinja
version: 1
|
|
metadata:
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
name: Alpina - Proxied Apps
|
|
entries:
|
|
# TODO: Possibly refactor this into a jinja macro (?)
|
|
{% set apps = {
|
|
"Uptime Kuma": {
|
|
"host": "uptime",
|
|
"icon": "https://uptime."~ domain ~"/icon.svg",
|
|
"unauthenticated_paths": "^/icon.svg$",
|
|
"ui_group": "Services",
|
|
"allowed_for_groups": ["admins"],
|
|
},
|
|
"Syncthing": {
|
|
"host": "sync",
|
|
"icon": "https://sync."~ domain ~"/assets/img/favicon-default.png",
|
|
"unauthenticated_paths": "^/assets/img/favicon-default.png$",
|
|
"ui_group": "Apps",
|
|
"allowed_for_groups": ["admins"],
|
|
},
|
|
"qBit": {
|
|
"host": "qbit",
|
|
"icon": "https://qbit."~ domain ~"/images/qbittorrent-tray.svg",
|
|
"unauthenticated_paths": "^/images/qbittorrent-tray.svg$",
|
|
"ui_group": "Arrstack",
|
|
"allowed_for_groups": ["arrstack"],
|
|
},
|
|
"Prowlarr": {
|
|
"host": "prowlarr",
|
|
"icon": "https://prowlarr."~ domain ~"/Content/Images/logo.svg",
|
|
"unauthenticated_paths": "^/Content/Images/logo.svg$",
|
|
"ui_group": "Arrstack",
|
|
"allowed_for_groups": ["arrstack"],
|
|
},
|
|
"Sonarr": {
|
|
"host": "sonarr",
|
|
"icon": "https://sonarr."~ domain ~"/Content/Images/logo.svg",
|
|
"unauthenticated_paths": "^/Content/Images/logo.svg$",
|
|
"ui_group": "Arrstack",
|
|
"allowed_for_groups": ["arrstack"],
|
|
},
|
|
"Radarr": {
|
|
"host": "radarr",
|
|
"icon": "https://radarr."~ domain ~"/Content/Images/logo.svg",
|
|
"unauthenticated_paths": "^/Content/Images/logo.svg$",
|
|
"ui_group": "Arrstack",
|
|
"allowed_for_groups": ["arrstack"],
|
|
},
|
|
} -%}
|
|
{% for app in apps.keys() -%}
|
|
- identifiers:
|
|
name: {{ app }}
|
|
model: authentik_providers_proxy.proxyprovider
|
|
id: {{ app }}
|
|
attrs:
|
|
authorization_flow: !Find [authentik_flows.flow, [ slug, default-provider-authorization-implicit-consent ] ]
|
|
mode: forward_single
|
|
external_host: "https://{{ apps[app]["host"] }}.{{ domain }}/"
|
|
skip_path_regex: "{{ apps[app]["unauthenticated_paths"] }}"
|
|
|
|
- identifiers:
|
|
slug: {{ app | lower | replace(" ", "-") }}
|
|
model: authentik_core.application
|
|
id: app-{{ app }}
|
|
attrs:
|
|
name: {{ app }}
|
|
group: {{ apps[app]["ui_group"] }}
|
|
meta_description: "Hello, I'm {{ app }}!"
|
|
meta_publisher: Alpina
|
|
icon: "{{ apps[app]["icon"] }}"
|
|
open_in_new_tab: true
|
|
provider: !KeyOf {{ app }}
|
|
|
|
{% for group in apps[app]["allowed_for_groups"] -%}
|
|
- identifiers:
|
|
group: !Find [authentik_core.group, [name, {{ group }}]]
|
|
target: !KeyOf app-{{ app }}
|
|
model: authentik_policies.policybinding
|
|
attrs:
|
|
order: 10
|
|
{% endfor %}
|
|
|
|
{% endfor %}
|
|
|
|
- identifiers:
|
|
managed: goauthentik.io/outposts/embedded
|
|
name: authentik Embedded Outpost
|
|
model: authentik_outposts.outpost
|
|
attrs:
|
|
providers:
|
|
{% for app in apps.keys() -%}
|
|
- !KeyOf {{ app }}
|
|
{% endfor %}
|