Compare commits
1 Commits
auto-updat
...
auto-updat
| Author | SHA1 | Date | |
|---|---|---|---|
|
3f68b5c6e6 |
@@ -22,10 +22,7 @@ spec:
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: FURUMI_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: furumi-ng-token
|
||||
key: TOKEN
|
||||
value: "f38387266e75effe891b7953eb9c06b4"
|
||||
- name: FURUMI_ROOT
|
||||
value: "/media"
|
||||
ports:
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: furumi-ng-token
|
||||
spec:
|
||||
target:
|
||||
name: furumi-ng-token
|
||||
deletionPolicy: Delete
|
||||
template:
|
||||
type: Opaque
|
||||
data:
|
||||
TOKEN: |-
|
||||
{{ .token }}
|
||||
data:
|
||||
- secretKey: token
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
|
||||
property: fields[0].value
|
||||
@@ -6,4 +6,3 @@ resources:
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- servicemonitor.yaml
|
||||
- external-secrets.yaml
|
||||
|
||||
@@ -52,17 +52,16 @@ spec:
|
||||
mas-oidc.yaml: |
|
||||
upstream_oauth2:
|
||||
providers:
|
||||
- id: 001KKV4EKY7KG98W2M9T806K6A
|
||||
- id: authentik
|
||||
human_name: Authentik
|
||||
issuer: https://idm.hexor.cy/application/o/matrix/
|
||||
client_id: "{{ .oauth_client_id }}"
|
||||
client_secret: "{{ .oauth_client_secret }}"
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
client_id: {{ .oauth_client_id }}
|
||||
client_secret: {{ .oauth_client_secret }}
|
||||
scope: "openid profile email"
|
||||
claims_imports:
|
||||
localpart:
|
||||
action: suggest
|
||||
template: "{{ `{{ user.preferred_username | split(\"@\") | first }}` }}"
|
||||
action: require
|
||||
template: "{{ `{{ user.preferred_username }}` }}"
|
||||
displayname:
|
||||
action: suggest
|
||||
template: "{{ `{{ user.name }}` }}"
|
||||
|
||||
@@ -24,8 +24,6 @@ hookshot:
|
||||
## Synapse homeserver
|
||||
synapse:
|
||||
enabled: true
|
||||
ingress:
|
||||
host: synapse.matrix.hexor.cy
|
||||
postgres:
|
||||
host: psql.psql.svc
|
||||
port: 5432
|
||||
@@ -45,8 +43,6 @@ synapse:
|
||||
## Matrix Authentication Service
|
||||
matrixAuthenticationService:
|
||||
enabled: true
|
||||
ingress:
|
||||
host: auth.matrix.hexor.cy
|
||||
postgres:
|
||||
host: psql.psql.svc
|
||||
port: 5432
|
||||
@@ -56,15 +52,9 @@ matrixAuthenticationService:
|
||||
password:
|
||||
secret: matrix-postgres-creds
|
||||
secretKey: mas_db_password
|
||||
## Admin policy
|
||||
## Authentik OIDC upstream provider
|
||||
additional:
|
||||
0-admin-policy:
|
||||
config: |
|
||||
policy:
|
||||
data:
|
||||
admin_users:
|
||||
- username: ultradesu
|
||||
1-oidc:
|
||||
0-oidc:
|
||||
configSecret: matrix-oidc-config
|
||||
configSecretKey: mas-oidc.yaml
|
||||
# nodeSelector:
|
||||
@@ -74,7 +64,7 @@ matrixAuthenticationService:
|
||||
elementWeb:
|
||||
enabled: true
|
||||
ingress:
|
||||
host: chat.matrix.hexor.cy
|
||||
host: chat.hexor.cy
|
||||
# nodeSelector:
|
||||
# kubernetes.io/hostname: nas.homenet
|
||||
|
||||
@@ -82,7 +72,7 @@ elementWeb:
|
||||
elementAdmin:
|
||||
enabled: true
|
||||
ingress:
|
||||
host: admin.matrix.hexor.cy
|
||||
host: matrix-admin.hexor.cy
|
||||
# nodeSelector:
|
||||
# kubernetes.io/hostname: nas.homenet
|
||||
|
||||
|
||||
@@ -54,6 +54,19 @@ server:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
|
||||
hosts:
|
||||
- idm.hexor.cy
|
||||
- nas.hexor.cy # TrueNAS Limassol
|
||||
- nc.hexor.cy # NaxtCloud
|
||||
- of.hexor.cy # Outfleet-v2
|
||||
- k8s.hexor.cy # k8s dashboard
|
||||
- qbt.hexor.cy # qBittorent for Jellyfin
|
||||
- prom.hexor.cy # Prometheus
|
||||
- khm.hexor.cy # Known Hosts keys Manager
|
||||
- backup.hexor.cy # Kopia Backup UI
|
||||
- fm.hexor.cy # Filemanager
|
||||
- minecraft.hexor.cy # Minecraft UI and server
|
||||
- pass.hexor.cy # k8s-secret for openai
|
||||
- ps.hexor.cy # pasarguard UI
|
||||
# - rw.hexor.cy # RemnaWave UI
|
||||
tls:
|
||||
- secretName: idm-tls
|
||||
hosts:
|
||||
|
||||
@@ -37,5 +37,4 @@ spec:
|
||||
dnsZones:
|
||||
- "ps.hexor.cy"
|
||||
- "of.hexor.cy"
|
||||
- "matrix.hexor.cy"
|
||||
|
||||
|
||||
@@ -195,9 +195,9 @@ oauth_applications = {
|
||||
meta_description = "Matrix Chat"
|
||||
meta_icon = "https://img.icons8.com/ios/100/40C057/matrix-logo.png"
|
||||
redirect_uris = [
|
||||
"https://auth.matrix.hexor.cy/upstream/callback/001KKV4EKY7KG98W2M9T806K6A",
|
||||
"https://matrix.hexor.cy/_matrix/client/unstable/org.matrix.msc2965/auth/upstream/callback",
|
||||
]
|
||||
meta_launch_url = "https://chat.matrix.hexor.cy"
|
||||
meta_launch_url = "https://matrix.hexor.cy"
|
||||
client_type = "confidential"
|
||||
include_claims_in_id_token = true
|
||||
access_code_validity = "minutes=1"
|
||||
@@ -205,7 +205,7 @@ oauth_applications = {
|
||||
refresh_token_validity = "days=30"
|
||||
scope_mappings = ["openid", "profile", "email"]
|
||||
access_groups = []
|
||||
create_group = false
|
||||
create_group = true
|
||||
signing_key = "1b1b5bec-034a-4d96-871a-133f11322360"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user