diff --git a/share/wildduck/application.tf b/share/wildduck/application.tf new file mode 100644 index 0000000..7bed5ed --- /dev/null +++ b/share/wildduck/application.tf @@ -0,0 +1,30 @@ +data "authentik_group" "akadmin" { + name = "authentik Admins" +} +resource "authentik_group" "groups" { + name = "mail-users" +} +data "authentik_group" "readed_groups" { + depends_on = [ authentik_group.groups ] + name = "mail-users" +} + +resource "authentik_application" "prj_app" { + name = "${var.instance}" + slug = "${var.component}-${var.instance}" + #protocol_provider = authentik_provider_oauth2.oauth2.id + backchannel_providers = [authentik_provider_scim.scim.id] + meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) + meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png") +} + +resource "authentik_policy_binding" "prj_access_users" { + target = authentik_application.prj_app.uuid + group = authentik_group.groups.id + order = 0 +} +resource "authentik_policy_binding" "prj_access_vynil" { + target = authentik_application.prj_app.uuid + group = data.authentik_group.akadmin.id + order = 1 +} diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 7563c12..569b2dc 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,20 +6,88 @@ metadata: name: wildduck description: null options: - ingress-class: - default: traefik + sub-domain: + default: mail examples: - - traefik + - mail type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - sub-domain: - default: mail + ingress-class: + default: traefik examples: - - mail + - traefik + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 2Gi + type: string + type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + domain: + default: your-company + examples: + - your-company type: string images: default: @@ -230,84 +298,16 @@ options: type: string type: object type: object - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object - additional-domains: - default: [] - items: - type: string - type: array - domain: - default: your-company - examples: - - your-company - type: string - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 2Gi - type: string - type: object domain-name: default: your_company.com examples: - your_company.com type: string + additional-domains: + default: [] + items: + type: string + type: array dependencies: - dist: null category: dbo diff --git a/share/wildduck/scim.tf b/share/wildduck/scim.tf new file mode 100644 index 0000000..00d2114 --- /dev/null +++ b/share/wildduck/scim.tf @@ -0,0 +1,15 @@ +data "authentik_property_mapping_scim" "user" { + managed = "goauthentik.io/providers/scim/user" +} + +data "authentik_property_mapping_scim" "group" { + managed = "goauthentik.io/providers/scim/group" +} + +resource "authentik_provider_scim" "scim" { + name = "${var.component}-${var.instance}-scim" + url = "http://${var.instance}-scimgateway.${var.namespace}.svc.cluster.local/scim" + token = local.secrets.authentik + property_mappings = [data.authentik_property_mapping_scim.user.id] + property_mappings_group = [data.authentik_property_mapping_scim.group.id] +}