# boilerplates/authentik/blueprints/gitea.yaml version: 1 metadata: name: mk-labs-gitea labels: blueprints.goauthentik.io/instantiate: "true" entries: # ── OIDC Provider ──────────────────────────────────────────────────────── - model: authentik_providers_oauth2.oauth2provider id: gitea-provider state: present identifiers: name: "Provider for Gitea" attrs: authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] client_type: confidential client_id: !Env GITEA_OIDC_CLIENT_ID client_secret: !Env GITEA_OIDC_CLIENT_SECRET redirect_uris: - url: "https://gitea.mk-labs.cloud/user/oauth2/authentik/callback" matching_mode: strict - url: "https://gitea.local.mk-labs.cloud/user/oauth2/authentik/callback" matching_mode: strict sub_mode: hashed_user_id property_mappings: - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] # ── Application ────────────────────────────────────────────────────────── - model: authentik_core.application id: gitea-application state: present identifiers: slug: gitea attrs: name: "Gitea" provider: !KeyOf gitea-provider group: "Development" meta_launch_url: "https://gitea.mk-labs.cloud" policy_engine_mode: any