flux-charts/mycloud-paperless/templates/authentik-application.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: {{ .Release.Name }}-auth
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $host := .Values.ingress.host | default (printf "paperless.%s" .Values.commons.ingress.domain) }}
    blueprint:
      authentik:
        domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
      provider:
        type: "oidc"
        name: "Paperless"
        oidc:
          clientType: "confidential"
          redirectURL: "https://{{ $host }}/accounts/oidc/mycloud/login/callback/"
          clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "auth.clientID") | quote }}
          clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "auth.clientSecret") | quote }}
          signingKey: "authentik Self-signed Certificate"
          scopes:
            - name: "authentik default OAuth Mapping: OpenID 'openid'"
            - name: "authentik default OAuth Mapping: OpenID 'email'"
            - name: "authentik default OAuth Mapping: OpenID 'profile'"

      groups:
        - slug: "mycloud - users"
          bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"

      application:
        policyEngineMode: "any"
        openInNewTab: true
        publisher: "WrenIX's myCloud"
        slug: "mycloud-paperless"
        group: "Office"
        name: "Paperless"
        launchURL: "https://{{ $host }}/"
        icon: "https://{{ $host }}/favicon.ico"
        description: "A document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper."