infra

Viktor Barzin 7e7e41cbef All checks were successful ci/woodpecker/push/default Pipeline was successful Details fix(authentik): derive username from email in tripit-enrollment (user_write needs it) The passwordless enrollment prompt collects only email+name, so user_write aborted with 'Aborting write to empty username' (ak-stage-access-denied). Add an expression policy on the user_write binding (evaluate_on_plan=false + re_evaluate_policies=true, like guest.tf) that sets prompt_data['username'] = the entered email before the write. Verified the failure live via the flow executor API. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>		2026-06-17 07:35:23 +00:00
..
modules/authentik	fix(authentik): SMTP host = mail.viktorbarzin.me (svc name fails wildcard-cert verify)	2026-06-17 07:13:53 +00:00
admin-services-restriction.tf	feat(authentik): TripIt external self-signup group + forward-auth fence (ADR-0020)	2026-06-15 21:48:04 +00:00
authentik_provider.tf
email-secret.tf	feat(authentik): wire SMTP (noreply@) for TripIt signup verification + recovery email (ADR-0020)	2026-06-17 07:04:52 +00:00
guest.tf
main.tf
secrets
t3-users.tf
terragrunt.hcl
tripit-email-blueprint.tf	fix(authentik): deliver tripit email-verify stages via blueprint (provider token_expiry too old)	2026-06-17 07:30:05 +00:00
tripit-email-stages.yaml	fix(authentik): deliver tripit email-verify stages via blueprint (provider token_expiry too old)	2026-06-17 07:30:05 +00:00
tripit-external.tf	feat(authentik): tripit-enrollment + tripit-recovery flows (passwordless signup, ADR-0020)	2026-06-17 07:20:11 +00:00
tripit-flows.tf	fix(authentik): derive username from email in tripit-enrollment (user_write needs it)	2026-06-17 07:35:23 +00:00
vault-authz-binding.tf	fix(authentik): pin Vault binding UUIDs as literals (provider has no authentik_application data source)	2026-06-15 22:01:29 +00:00