ghndrx/authentik-terraform
1
0
Fork 0
mirror of https://github.com/ghndrx/authentik-terraform.git synced 2026-02-10 06:44:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5d2535067e9fb382b941274c4a597b9bdfd6bc1b
authentik-terraform/ldap-outpost.tf
Greg Hendrickson 814e41f3f2 feat: Authentik Terraform configuration for homelab SSO 
Infrastructure as Code for Authentik identity provider managing:

OAuth2/OIDC Applications:
- Grafana, Home Assistant, Immich
- Uptime Kuma (proxy auth)
- Sonarr, Radarr, Prowlarr (*arr stack proxy auth)
- ArgoCD

Identity Sources:
- Google Workspace federation

LDAP:
- TrueNAS LDAP provider and outpost

CI/CD:
- GitHub Actions workflow for plan/apply
- Secrets managed via GitHub Actions secrets

Provider: beryju/authentik v2025.2
2026-02-01 20:03:45 +00:00

50 lines
1.5 KiB
HCL
Raw Blame History

# =============================================================================
# LDAP Provider and Outpost for TrueNAS
# Allows LDAP-based authentication against Authentik
# =============================================================================
# LDAP Provider
resource "authentik_provider_ldap" "truenas" {
name = "TrueNAS LDAP"
base_dn = "dc=ldap,dc=example,dc=com" # TODO: Update to your domain
bind_flow = data.authentik_flow.default_authentication.id
unbind_flow = data.authentik_flow.default_invalidation.id
# Bind mode - direct means users bind with their own credentials
bind_mode = "direct"
# Search mode
search_mode = "direct"
# MFA support (optional)
mfa_support = false
}
# Application for LDAP
resource "authentik_application" "truenas_ldap" {
name = "TrueNAS LDAP"
slug = "truenas-ldap"
protocol_provider = authentik_provider_ldap.truenas.id
meta_description = "LDAP authentication for TrueNAS"
group = "Infrastructure"
}
# LDAP Outpost (standalone container needed for LDAP)
resource "authentik_outpost" "ldap" {
name = "LDAP Outpost"
type = "ldap"
protocol_providers = [authentik_provider_ldap.truenas.id]
config = jsonencode({
authentik_host = "https://authentik.example.com" # TODO: Update
authentik_host_insecure = false
log_level = "info"
})
}
output "ldap_base_dn" {
value = "dc=ldap,dc=example,dc=com" # TODO: Update to match above
}
Reference in New Issue View Git Blame Copy Permalink