gitea and authentik
This commit is contained in:
43
boilerplates/authentik/blueprints/gitea.yaml
Normal file
43
boilerplates/authentik/blueprints/gitea.yaml
Normal file
@@ -0,0 +1,43 @@
|
||||
# boilerplates/authentik/blueprints/gitea.yaml
|
||||
version: 1
|
||||
metadata:
|
||||
name: mk-labs-gitea
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
entries:
|
||||
# ── OIDC Provider ────────────────────────────────────────────────────────
|
||||
- model: authentik_providers_oauth2.oauth2provider
|
||||
id: gitea-provider
|
||||
state: present
|
||||
identifiers:
|
||||
name: "Provider for Gitea"
|
||||
attrs:
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
|
||||
client_type: confidential
|
||||
client_id: !Env GITEA_OIDC_CLIENT_ID
|
||||
client_secret: !Env GITEA_OIDC_CLIENT_SECRET
|
||||
redirect_uris:
|
||||
- url: "https://gitea.mk-labs.cloud/user/oauth2/authentik/callback"
|
||||
matching_mode: strict
|
||||
- url: "https://gitea.local.mk-labs.cloud/user/oauth2/authentik/callback"
|
||||
matching_mode: strict
|
||||
sub_mode: hashed_user_id
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
|
||||
# ── Application ──────────────────────────────────────────────────────────
|
||||
- model: authentik_core.application
|
||||
id: gitea-application
|
||||
state: present
|
||||
identifiers:
|
||||
slug: gitea
|
||||
attrs:
|
||||
name: "Gitea"
|
||||
provider: !KeyOf gitea-provider
|
||||
group: "Development"
|
||||
meta_launch_url: "https://gitea.mk-labs.cloud"
|
||||
policy_engine_mode: any
|
||||
Reference in New Issue
Block a user