Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-16 11:25:07

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/matrix/external-secrets.yaml

@@ -21,16 +21,22 @@ spec:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
+        conversionStrategy: Default
-        property: CHANGE_ME
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[14].value
     - secretKey: mas_db_password
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
+        conversionStrategy: Default
-        property: CHANGE_ME
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[15].value
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -46,11 +52,12 @@ spec:
         mas-oidc.yaml: |
           upstream_oauth2:
             providers:
-              - id: authentik
+              - id: 001KKV4EKY7KG98W2M9T806K6A
                 human_name: Authentik
                 issuer: https://idm.hexor.cy/application/o/matrix/
-                client_id: {{ .oauth_client_id }}
+                client_id: "{{ .oauth_client_id }}"
-                client_secret: {{ .oauth_client_secret }}
+                client_secret: "{{ .oauth_client_secret }}"
+                token_endpoint_auth_method: client_secret_post
                 scope: "openid profile email"
                 claims_imports:
                   localpart:
@@ -70,13 +77,19 @@ spec:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
+        conversionStrategy: Default
-        property: CHANGE_ME
+        decodingStrategy: None
+        metadataPolicy: None
+        key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
+        property: fields[0].value
     - secretKey: oauth_client_secret
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
+        conversionStrategy: Default
-        property: CHANGE_ME
+        decodingStrategy: None
+        metadataPolicy: None
+        key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
+        property: fields[1].value

k8s/apps/matrix/matrix-stack-values.yaml

@@ -20,12 +20,12 @@ matrixRTC:
   enabled: false
 hookshot:
   enabled: false
-haproxy:
-  enabled: false
 
 ## Synapse homeserver
 synapse:
   enabled: true
+  ingress:
+    host: matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -35,6 +35,11 @@ synapse:
     password:
       secret: matrix-postgres-creds
       secretKey: synapse_db_password
+  additional:
+    0-unsafe-locale:
+      config: |
+        database:
+          allow_unsafe_locale: true
   media:
     storage:
       size: 20Gi
@@ -45,6 +50,8 @@ synapse:
 ## Matrix Authentication Service
 matrixAuthenticationService:
   enabled: true
+  ingress:
+    host: auth.matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -54,9 +61,15 @@ matrixAuthenticationService:
     password:
       secret: matrix-postgres-creds
       secretKey: mas_db_password
-  ## Authentik OIDC upstream provider
+  ## Admin policy
   additional:
-    0-oidc:
+    0-admin-policy:
+      config: |
+        policy:
+          data:
+            admin_users:
+              - username: ultradesu
+    1-oidc:
       configSecret: matrix-oidc-config
       configSecretKey: mas-oidc.yaml
   # nodeSelector:
@@ -78,8 +91,6 @@ elementAdmin:
   # nodeSelector:
   #   kubernetes.io/hostname: nas.homenet
 
-## Well-known delegation on the base domain
+## Well-known delegation on the base domain (host is derived from serverName)
 wellKnownDelegation:
   enabled: true
-  ingress:
-    host: matrix.hexor.cy

terraform/authentik/oauth2-apps.auto.tfvars

@@ -188,5 +188,25 @@ oauth_applications = {
     create_group               = true
     signing_key                = "1b1b5bec-034a-4d96-871a-133f11322360"
   }
+  "matrix" = {
+    name             = "Matrix Chat"
+    slug             = "matrix"
+    group            = "Tools"
+    meta_description = "Matrix Chat"
+    meta_icon        = "https://img.icons8.com/ios/100/40C057/matrix-logo.png"
+    redirect_uris = [
+      "https://auth.matrix.hexor.cy/upstream/callback/001KKV4EKY7KG98W2M9T806K6A",
+    ]
+    meta_launch_url            = "https://matrix.hexor.cy"
+    client_type                = "confidential"
+    include_claims_in_id_token = true
+    access_code_validity       = "minutes=1"
+    access_token_validity      = "minutes=5"
+    refresh_token_validity     = "days=30"
+    scope_mappings             = ["openid", "profile", "email"]
+    access_groups              = []
+    create_group               = true
+    signing_key                = "1b1b5bec-034a-4d96-871a-133f11322360"
+  }
 }