recon: add auth.login_url/logout_url to deployment profiles (extraction #2)

Additive prep for the Navi Panel.jsx login/logout cutover. Adds an `auth` block (login_url, logout_url) to each deployment profile, placed after the existing `services` block: - home.yaml login=/outpost.goauthentik.io/start?rd=%2F logout=auth.echo6.co invalidation flow, next=navi.echo6.co - minimal_pi.yaml same, with TODO(matt) to confirm logout next= host - regional_pi.yaml same, with TODO(matt) to confirm logout next= host No Python change. /api/config returns the whole profile dict, so these keys flow through automatically; existing consumers ignore unknown keys, making this backward-safe (the frontend fallback path is simply never needed once this is live). Next steps (separate PRs): the navi-config service (:8422) mirroring this handler, and the Panel.jsx fix to read cfg.auth.login_url/logout_url with the current literals as fallback. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-10 08:54:34 +02:00 · 2026-05-22 08:10:33 -06:00 · 2026-05-22 08:10:33 -06:00 · bb220b7ba3
commit bb220b7ba3
parent f7a501b4d7
3 changed files with 14 additions and 0 deletions
--- a/config/profiles/minimal_pi.yaml
+++ b/config/profiles/minimal_pi.yaml
@ -26,6 +26,11 @@ services:
  address_book: "/api/address_book"
  valhalla: "/valhalla"

+# TODO(matt): confirm logout next= host for this profile
+auth:
+  login_url: "/outpost.goauthentik.io/start?rd=%2F"
+  logout_url: "https://auth.echo6.co/if/flow/default-invalidation-flow/?next=https://navi.echo6.co/"
+
 features:
  has_nominatim_details: false
  has_kiwix_wiki: false