Fediver

Authentikでいい感じにするためのblueprint

version: 1
metadata:
  name: Matrix - Provider, Application, Enrollment Flow
  labels:
    blueprints.goauthentik.io/instantiate: "true"
entries:
  # ─────────────────────────── Stages ───────────────────────────

  - model: authentik_stages_invitation.invitationstage
    identifiers:
      name: matrix-invitation-stage
    attrs:
      continue_flow_without_invitation: false

  - model: authentik_stages_prompt.promptstage
    identifiers:
      name: matrix-prompt-stage
    attrs:
      fields:
        - !Find [authentik_stages_prompt.prompt, [field_key, username]]
        - !Find [authentik_stages_prompt.prompt, [field_key, password]]
        - !Find [authentik_stages_prompt.prompt, [field_key, password_repeat]]
        - !Find [authentik_stages_prompt.prompt, [field_key, name]]
        - !Find [authentik_stages_prompt.prompt, [field_key, email]]

  - model: authentik_stages_user_write.userwritestage
    identifiers:
      name: matrix-user-write-stage
    attrs:
      create_users_as_inactive: false
      user_type: internal

  - model: authentik_stages_user_login.userloginstage
    identifiers:
      name: matrix-user-login-stage

  - model: authentik_stages_redirect.redirectstage
    identifiers:
      name: matrix-redirect-to-element
    attrs:
      mode: static
      target_static: https://element.mq1.dev/#/login
      keep_context: true

  # ─────────────────────────── Flow ───────────────────────────

  - model: authentik_flows.flow
    identifiers:
      slug: matrix-enroll
    attrs:
      name: Matrix Enrollment Flow
      title: Create your Matrix account
      designation: enrollment
      authentication: none

  # ──────────────────── Stage Bindings to Flow ──────────────────

  - model: authentik_flows.flowstagebinding
    identifiers:
      target: !Find [authentik_flows.flow, [slug, matrix-enroll]]
      order: 10
    attrs:
      stage: !Find [authentik_stages_invitation.invitationstage, [name, matrix-invitation-stage]]

  - model: authentik_flows.flowstagebinding
    identifiers:
      target: !Find [authentik_flows.flow, [slug, matrix-enroll]]
      order: 20
    attrs:
      stage: !Find [authentik_stages_prompt.promptstage, [name, matrix-prompt-stage]]

  - model: authentik_flows.flowstagebinding
    identifiers:
      target: !Find [authentik_flows.flow, [slug, matrix-enroll]]
      order: 30
    attrs:
      stage: !Find [authentik_stages_user_write.userwritestage, [name, matrix-user-write-stage]]

  - model: authentik_flows.flowstagebinding
    identifiers:
      target: !Find [authentik_flows.flow, [slug, matrix-enroll]]
      order: 40
    attrs:
      stage: !Find [authentik_stages_user_login.userloginstage, [name, matrix-user-login-stage]]

  - model: authentik_flows.flowstagebinding
    identifiers:
      target: !Find [authentik_flows.flow, [slug, matrix-enroll]]
      order: 50
    attrs:
      stage: !Find [authentik_stages_redirect.redirectstage, [name, matrix-redirect-to-element]]

  # ──────────────────────── OIDC Provider ───────────────────────

  - model: authentik_providers_oauth2.oauth2provider
    identifiers:
      client_id: YsO64zWpBpLDRDHDpZsetqkd3RtAbXztn5zRsZBz
    attrs:
      name: matrix
      client_type: confidential
      client_secret: !Env AUTHENTIK_MATRIX_CLIENT_SECRET
      authorization_flow: !Find
        - authentik_flows.flow
        - [slug, default-provider-authorization-implicit-consent]
      invalidation_flow: !Find
        - authentik_flows.flow
        - [slug, default-provider-invalidation-flow]
      redirect_uris:
        - matching_mode: regex
          url: ^https://matrix\.mq1\.dev/_matrix/client/unstable/login/sso/callback/.*$
      property_mappings:
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
      signing_key: !Find
        - authentik_crypto.certificatekeypair
        - [name, "authentik Self-signed Certificate"]

  # ──────────────────────── Application ─────────────────────────

  - model: authentik_core.application
    identifiers:
      slug: matrix
    attrs:
      name: Matrix
      provider: !Find [authentik_providers_oauth2.oauth2provider, [name, matrix]]
      meta_launch_url: https://element.mq1.dev

@syobon matrix.orgでもE2EEだからね
運営がカスになったとかのいざという時の脱出口として考えてる

MatrixをAuthentikでいい感じにできるようになった

なかよくしてください
https://matrix.to/#/@chan-mai:matrix.mq1.dev

みんなMatrixはじめよう
話し相手がいない

全く記憶にないけど2025年9月にmatrix.orgでアカウントを作っていた

Matrix建てたはいいものの、話し相手の殆どがdiscordなことに気付いてしまった

@mai_llj @hakurei.win:matrix.org

Matrix建てた
誰か繋がって;;

Matrix建てようと思ったんだけど、どのドメイン使おう

matrix建てよっかな
話し相手いないけど

matrixいいなー

matrixよりxmppの方がシンプルで好きだな
matrixは仕様に暗号化が既定されてるけど同期のために前方秘匿性はないし

Matrix、誤解をおそれずに言うと分散型Discord

Matrixの通信品質とかってどうなんでしょうね　でぃすこが一番こだわって開発していた部分のはずなので

だいたいxmppもmatrixも雑魚じゃないだろ！

Today we are spinning with DJ Matrix and The Egyptian Lover ​​​​