fix

share/wildduck/application.tf

@@ -0,0 +1,30 @@
+data "authentik_group" "akadmin" {
+  name = "authentik Admins"
+}
+resource "authentik_group" "groups" {
+  name  = "mail-users"
+}
+data "authentik_group" "readed_groups" {
+  depends_on = [ authentik_group.groups ]
+  name  = "mail-users"
+}
+
+resource "authentik_application" "prj_app" {
+  name              = "${var.instance}"
+  slug              = "${var.component}-${var.instance}"
+  #protocol_provider = authentik_provider_oauth2.oauth2.id
+  backchannel_providers = [authentik_provider_scim.scim.id]
+  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
+  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png")
+}
+
+resource "authentik_policy_binding" "prj_access_users" {
+  target = authentik_application.prj_app.uuid
+  group  = authentik_group.groups.id
+  order  = 0
+}
+resource "authentik_policy_binding" "prj_access_vynil" {
+  target = authentik_application.prj_app.uuid
+  group  = data.authentik_group.akadmin.id
+  order  = 1
+}

share/wildduck/index.yaml

@@ -6,20 +6,88 @@ metadata:
   name: wildduck
   description: null
 options:
-  ingress-class:
+  sub-domain:
-    default: traefik
+    default: mail
     examples:
-    - traefik
+    - mail
     type: string
   issuer:
     default: letsencrypt-prod
     examples:
     - letsencrypt-prod
     type: string
-  sub-domain:
+  ingress-class:
-    default: mail
+    default: traefik
     examples:
-    - mail
+    - traefik
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.5
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
     type: string
   images:
     default:
@@ -230,84 +298,16 @@ options:
             type: string
         type: object
     type: object
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.5
-        type: string
-      storage:
-        default: 2Gi
-        type: string
-    type: object
   domain-name:
     default: your_company.com
     examples:
     - your_company.com
     type: string
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
 dependencies:
 - dist: null
   category: dbo

share/wildduck/scim.tf

@@ -0,0 +1,15 @@
+data "authentik_property_mapping_scim" "user" {
+  managed = "goauthentik.io/providers/scim/user"
+}
+
+data "authentik_property_mapping_scim" "group" {
+  managed = "goauthentik.io/providers/scim/group"
+}
+
+resource "authentik_provider_scim" "scim" {
+  name                    = "${var.component}-${var.instance}-scim"
+  url                     = "http://${var.instance}-scimgateway.${var.namespace}.svc.cluster.local/scim"
+  token                   = local.secrets.authentik
+  property_mappings       = [data.authentik_property_mapping_scim.user.id]
+  property_mappings_group = [data.authentik_property_mapping_scim.group.id]
+}