gitea and authentik

This commit is contained in:
2026-05-16 16:22:14 -05:00
parent 84523d0054
commit 9f3ac95d8d
8 changed files with 396 additions and 290 deletions

View File

@@ -0,0 +1,43 @@
# boilerplates/authentik/blueprints/gitea.yaml
version: 1
metadata:
name: mk-labs-gitea
labels:
blueprints.goauthentik.io/instantiate: "true"
entries:
# ── OIDC Provider ────────────────────────────────────────────────────────
- model: authentik_providers_oauth2.oauth2provider
id: gitea-provider
state: present
identifiers:
name: "Provider for Gitea"
attrs:
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
client_type: confidential
client_id: !Env GITEA_OIDC_CLIENT_ID
client_secret: !Env GITEA_OIDC_CLIENT_SECRET
redirect_uris:
- url: "https://gitea.mk-labs.cloud/user/oauth2/authentik/callback"
matching_mode: strict
- url: "https://gitea.local.mk-labs.cloud/user/oauth2/authentik/callback"
matching_mode: strict
sub_mode: hashed_user_id
property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
# ── Application ──────────────────────────────────────────────────────────
- model: authentik_core.application
id: gitea-application
state: present
identifiers:
slug: gitea
attrs:
name: "Gitea"
provider: !KeyOf gitea-provider
group: "Development"
meta_launch_url: "https://gitea.mk-labs.cloud"
policy_engine_mode: any