wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions
flux-charts/mycloud-nextcloud/templates/authentik-application.yaml

69 lines
2.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: {{ .Release.Name }}-auth
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./authentik-application"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $host := .Values.ingress.host | default (printf "fs.%s" .Values.commons.ingress.domain) }}
blueprint:
authentik:
domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
provider:
type: "oidc"
name: "Nextcloud"
oidc:
clientType: "confidential"
redirectURL: "https://{{ $host }}/apps/user_oidc/code"
clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "auth.clientID") | quote }}
clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "auth.clientSecret") | quote }}
signingKey: "authentik Self-signed Certificate"
scopes:
- name: "authentik default OAuth Mapping: OpenID 'openid'"
- name: "authentik default OAuth Mapping: OpenID 'email'"
- name: "OAuth Mapping: Nextcloud Profile"
scope_name: profile
expression: |-
groups = [group.name for group in user.ak_groups.all() if group.attributes.get("nextcloud_group", False)]
groups.append("all")
if user.is_superuser and "admin" not in groups:
groups.append("admin")
return {
"nickname": request.user.username,
"name": request.user.name,
"groups": groups,
"quota": user.group_attributes().get("nextcloud_quota", {{ with .Values.quota }}{{ . | quote }}{{ else }}None{{ end }})
}
groups:
- slug: "mycloud - users"
bindID: "4525d9a3-1853-45dc-adc0-6d411a3a907e"
application:
policyEngineMode: "any"
openInNewTab: true
publisher: "WrenIX's myCloud"
slug: "mycloud-nextcloud"
group: "Office"
name: "Nextcloud"
launchURL: "https://{{ $host }}/"
icon: "https://{{ $host }}/core/img/favicon-touch.png"
description: "📱☁️💻 A safe home for all your data community-driven, free & open source 👏"
Reference in a new issue View git blame Copy permalink