OAuth for pgAdmin.

services/postgres.hcl

@@ -74,8 +74,26 @@ job "postgres" {
         PGADMIN_LISTEN_PORT = "${NOMAD_PORT_admin}"
         PGADMIN_DEFAULT_EMAIL = "${var.default_email}"
         PGADMIN_DEFAULT_PASSWORD = "${var.default_password}"
-        PGADMIN_DISABLE_POSTFIX = "true"
+        PGADMIN_DISABLE_POSTFIX = "True"
         PGADMIN_CONFIG_MAIL_SERVER = "'192.168.1.1'"
+        PGADMIN_CONFIG_AUTHENTICATION_SOURCES = "['oauth2', 'internal']"
+        PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER = "True"
+        PGADMIN_CONFIG_OAUTH2_CONFIG = <<EOH
+        [{
+            'OAUTH2_NAME' : 'authentik',
+            'OAUTH2_DISPLAY_NAME' : 'SSO',
+            'OAUTH2_CLIENT_ID' : 'o4p3B03ayTQ2kpwmM7GswbcfO78JHCTdoZqKJEut',
+            'OAUTH2_CLIENT_SECRET' : '7UYHONOCVdjpRMK9Ojwds0qPPpxCiztbIRhK7FJ2IFBpUgN6tnmpEjlkPYimiGKfaHLhy4XE7kQm7Et1Jm0hgyia0iB1VIlp623ckppbwkM6IfpTE1LfEmTMtPrxSngx',
+            'OAUTH2_TOKEN_URL' : 'https://authentik.v.paler.net/application/o/token/',
+            'OAUTH2_AUTHORIZATION_URL' : 'https://authentik.v.paler.net/application/o/authorize/',
+            'OAUTH2_API_BASE_URL' : 'https://authentik.v.paler.net/',
+            'OAUTH2_USERINFO_ENDPOINT' : 'https://authentik.v.paler.net/application/o/userinfo/',
+            'OAUTH2_SERVER_METADATA_URL' : 'https://authentik.v.paler.net/application/o/pgadmin/.well-known/openid-configuration',
+            'OAUTH2_SCOPE' : 'openid email profile',
+            'OAUTH2_ICON' : 'fa-database',
+            'OAUTH2_BUTTON_COLOR' : '#00ff00'
+        }]
+EOH
       }
 
       service {