vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-26 11:14:00 +01:00
parent 0c5e247c0c
commit a0addbd842
91 changed files with 2236 additions and 2236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
share/authentik/datas.tf
View File

@@ -46,7 +46,7 @@ data "kustomization_overlay" "data" {
"AUTHENTIK_POSTGRESQL__PORT=5432",
"AUTHENTIK_POSTGRESQL__USER=${var.component}",
"AUTHENTIK_REDIS__HOST=${var.name}-${var.component}-redis",
"AUTHENTIK_BOOTSTRAP_EMAIL=${var.admin.email}@${var.domain-name}",
"AUTHENTIK_BOOTSTRAP_EMAIL=${var.admin.email}@${var.domain_name}",
]
}
patches {

256
share/authentik/index.yaml
View File

@@ -23,10 +23,35 @@ options:
type: boolean
type: object
type: object
ingress-class:
default: traefik
postgres:
default:
replicas: 1
examples:
- traefik
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
email:
default: auth-admin
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
email:
default:
@@ -53,11 +78,110 @@ options:
default: false
type: boolean
type: object
domain-name:
loglevel:
default: info
examples:
- info
type: string
sub-domain:
default: auth
examples:
- auth
type: string
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
error_reporting:
default:
enabled: false
environment: k8s
send_pii: false
examples:
- enabled: false
environment: k8s
send_pii: false
properties:
enabled:
default: false
type: boolean
environment:
default: k8s
type: string
send_pii:
default: false
type: boolean
type: object
ingress_class:
default: traefik
examples:
- traefik
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
retention:
default:
db: 30d
properties:
db:
default: 30d
type: string
type: object
schedule:
default:
db: 0 3 * * *
properties:
db:
default: 0 3 * * *
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
use-barman:
default: false
type: boolean
type: object
storage:
default:
postgres:
@@ -224,130 +348,6 @@ options:
type: string
type: object
type: object
domain:
default: your-company
examples:
- your-company
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
retention:
default:
db: 30d
properties:
db:
default: 30d
type: string
type: object
schedule:
default:
db: 0 3 * * *
properties:
db:
default: 0 3 * * *
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
use-barman:
default: false
type: boolean
type: object
error_reporting:
default:
enabled: false
environment: k8s
send_pii: false
examples:
- enabled: false
environment: k8s
send_pii: false
properties:
enabled:
default: false
type: boolean
environment:
default: k8s
type: string
send_pii:
default: false
type: boolean
type: object
loglevel:
default: info
examples:
- info
type: string
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
email:
default: auth-admin
type: string
type: object
postgres:
default:
replicas: 1
examples:
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
sub-domain:
default: auth
examples:
- auth
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dependencies:
- dist: null
category: core

4
share/authentik/ingress.tf
View File

@@ -1,5 +1,5 @@
locals {
dns_names = ["${var.sub-domain}.${var.domain-name}"]
dns_names = ["${var.sub-domain}.${var.domain_name}"]
middlewares = ["${var.instance}-https"]
service = {
"name" = "${var.instance}"
@@ -66,7 +66,7 @@ resource "kubectl_manifest" "prj_ingress" {
annotations:
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
spec:
ingressClassName: "${var.ingress-class}"
ingressClassName: "${var.ingress_class}"
rules: ${jsonencode(local.rules)}
tls:
- hosts: ${jsonencode(local.dns_names)}