fix
This commit is contained in:
@@ -1,12 +1,13 @@
|
||||
locals {
|
||||
app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||
main-group = format("app-%s", local.app-name)
|
||||
}
|
||||
data "authentik_group" "akadmin" {
|
||||
name = "authentik Admins"
|
||||
}
|
||||
resource "authentik_group" "groups" {
|
||||
name = "mail-users"
|
||||
}
|
||||
data "authentik_group" "readed_groups" {
|
||||
depends_on = [ authentik_group.groups ]
|
||||
name = "mail-users"
|
||||
name = local.main-group
|
||||
attributes = jsonencode({"${local.app-name}" = true})
|
||||
}
|
||||
|
||||
resource "authentik_application" "prj_app" {
|
||||
@@ -18,9 +19,17 @@ resource "authentik_application" "prj_app" {
|
||||
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png")
|
||||
}
|
||||
|
||||
resource "authentik_policy_expression" "policy" {
|
||||
name = local.main-group
|
||||
expression = <<-EOF
|
||||
attr = request.user.group_attributes()
|
||||
return attr['${local.app-name}'] if '${local.app-name}' in attr else False
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "authentik_policy_binding" "prj_access_users" {
|
||||
target = authentik_application.prj_app.uuid
|
||||
group = authentik_group.groups.id
|
||||
policy = authentik_policy_expression.policy.id
|
||||
order = 0
|
||||
}
|
||||
resource "authentik_policy_binding" "prj_access_vynil" {
|
||||
|
||||
@@ -6,10 +6,15 @@ metadata:
|
||||
name: wildduck
|
||||
description: null
|
||||
options:
|
||||
issuer:
|
||||
default: letsencrypt-prod
|
||||
domain-name:
|
||||
default: your_company.com
|
||||
examples:
|
||||
- letsencrypt-prod
|
||||
- your_company.com
|
||||
type: string
|
||||
domain:
|
||||
default: your-company
|
||||
examples:
|
||||
- your-company
|
||||
type: string
|
||||
redis:
|
||||
default:
|
||||
@@ -44,11 +49,11 @@ options:
|
||||
default: 2Gi
|
||||
type: string
|
||||
type: object
|
||||
domain:
|
||||
default: your-company
|
||||
examples:
|
||||
- your-company
|
||||
type: string
|
||||
additional-domains:
|
||||
default: []
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
backups:
|
||||
default:
|
||||
enable: false
|
||||
@@ -79,26 +84,6 @@ options:
|
||||
default: backup-settings
|
||||
type: string
|
||||
type: object
|
||||
domain-name:
|
||||
default: your_company.com
|
||||
examples:
|
||||
- your_company.com
|
||||
type: string
|
||||
sub-domain:
|
||||
default: mail
|
||||
examples:
|
||||
- mail
|
||||
type: string
|
||||
ingress-class:
|
||||
default: traefik
|
||||
examples:
|
||||
- traefik
|
||||
type: string
|
||||
additional-domains:
|
||||
default: []
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
images:
|
||||
default:
|
||||
haraka:
|
||||
@@ -308,6 +293,21 @@ options:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
sub-domain:
|
||||
default: mail
|
||||
examples:
|
||||
- mail
|
||||
type: string
|
||||
ingress-class:
|
||||
default: traefik
|
||||
examples:
|
||||
- traefik
|
||||
type: string
|
||||
issuer:
|
||||
default: letsencrypt-prod
|
||||
examples:
|
||||
- letsencrypt-prod
|
||||
type: string
|
||||
dependencies:
|
||||
- dist: null
|
||||
category: dbo
|
||||
|
||||
Reference in New Issue
Block a user