From 24218d4d50325d970cc6f80202f25f2a940ed63b Mon Sep 17 00:00:00 2001
From: Hills Eternity <ab@hexor.cy>
Date: Tue, 5 May 2026 17:37:20 +0000
Subject: [PATCH] Update k8s/core/argocd/values.yaml

---
 k8s/core/argocd/values.yaml | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml
index 89c17a1..f00b835 100644
--- a/k8s/core/argocd/values.yaml
+++ b/k8s/core/argocd/values.yaml
@@ -25,7 +25,7 @@ configs:
     timeout.reconciliation: 60s
     oidc.config: |
       name: Authentik
-      issuer: https://idm.hexor.cy/application/o/argocd/
+      issuer: https://auth.hexor.cy/auth/realms/hexor
       clientID: $oidc-creds:id
       clientSecret: $oidc-creds:secret
       requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
@@ -35,20 +35,19 @@ configs:
     create: true
     policy.default: ""
     policy.csv: |
-      # Bound OIDC Group and internal role
-      g, Game Servers Managers, GameServersManagersRole
-      # Role permissions
-      p, GameServersManagersRole, applications, get, games/*, allow
-      p, GameServersManagersRole, applications, update, games/*, allow
-      p, GameServersManagersRole, applications, sync, games/*, allow
-      p, GameServersManagersRole, applications, override, games/*, allow
-      p, GameServersManagersRole, applications, action/*, games/*, allow
-      p, GameServersManagersRole, exec, create, games/*, allow
-      p, GameServersManagersRole, logs, get, games/*, allow
-      p, GameServersManagersRole, applications, delete, games/*, deny
-
-      # Admin policy
-      g, ArgoCD Admins, role:admin
+        g, game-servers-managers, GameServersManagersRole
+        # Role permissions
+        p, GameServersManagersRole, applications, get, games/*, allow
+        p, GameServersManagersRole, applications, update, games/*, allow
+        p, GameServersManagersRole, applications, sync, games/*, allow
+        p, GameServersManagersRole, applications, override, games/*, allow
+        p, GameServersManagersRole, applications, action/*, games/*, allow
+        p, GameServersManagersRole, exec, create, games/*, allow
+        p, GameServersManagersRole, logs, get, games/*, allow
+        p, GameServersManagersRole, applications, delete, games/*, deny
+    
+        # Admin policy
+        g, argocd-admins, role:admin
 
   secret:
     createSecret: true