opentofu-common/authentik.tf

# git.auengun.net/homelab/opentofu-common
# Copyright (C) 2024  GregoryDosh
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-FileCopyrightText: 2024 GregoryDosh

variable "authentik" {
  description = "Options to configure the Authentik module."

  type = object({
    # Create an authentik application for this app?
    enabled = optional(bool, false)

    application_name  = string
    application_slug  = string
    application_group = optional(string, "🏡 Home Apps 📱")

    proxy_provider      = optional(bool, false)
    proxy_provider_mode = optional(string, "proxy")
  })
}

# https://registry.terraform.io/providers/goauthentik/authentik/latest/docs/resources/flow/
data "authentik_flow" "default-authorization-flow" {
  slug = "default-provider-authorization-implicit-consent"
}

# https://registry.terraform.io/providers/goauthentik/authentik/latest/docs/resources/provider_proxy
resource "authentik_provider_proxy" "proxy_provider" {
  name               = var.authentik.application_name
  internal_host      = "https://${local.internal_hostname}"
  external_host      = "https://${local.external_hostname}"
  authorization_flow = data.authentik_flow.default-authorization-flow.id

  mode = var.authentik.proxy_provider_mode

  count = var.authentik.proxy_provider == true ? 1 : 0
}

# https://registry.terraform.io/providers/goauthentik/authentik/latest/docs/resources/application
resource "authentik_application" "proxy_main_app" {
  name              = var.authentik.application_name
  slug              = var.authentik.application_slug
  group             = var.authentik.application_group
  protocol_provider = var.authentik.proxy_provider == true ? one(authentik_provider_proxy.proxy_provider[*].id) : null


  meta_launch_url = "https://${local.external_hostname}"
  open_in_new_tab = true
  count = var.authentik.enabled == true ? 1 : 0
}