Disable authentik CI

.gitea/workflows/authentik-apps.yaml

@@ -13,6 +13,7 @@ permissions:
 jobs:
   terraform:
     name: 'Terraform'
+    if: false
     runs-on: ubuntu-latest
     environment: production
 

k8s/core/prom-stack/prom-values.yaml

@@ -1,5 +1,4 @@
 
-
 alertmanager:
   config:
     global:
@@ -109,18 +108,27 @@ grafana:
 
   grafana.ini:
     auth:
-      signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
+      signout_redirect_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgf.hexor.cy%2Flogin&client_id=Grafana
+      oauth_allow_insecure_email_lookup: true
     auth.generic_oauth:
-      name: authentik
+      name: Keycloak
       enabled: true
       scopes: "openid profile email"
-      auth_url: https://idm.hexor.cy/application/o/authorize/
-      token_url: https://idm.hexor.cy/application/o/token/
-      api_url: https://idm.hexor.cy/application/o/userinfo/
+      allow_sign_up: true
+      auth_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/auth
+      token_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/token
+      api_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/userinfo
+      email_attribute_path: email
+      login_attribute_path: preferred_username
+      name_attribute_path: name
       role_attribute_path: >-
-        contains(groups, 'Grafana Admin') && 'Admin' ||
-        contains(groups, 'Grafana Editors') && 'Editor' ||
-        contains(groups, 'Grafana Viewer') && 'Viewer'
+        contains(groups[*], 'hexor-admin') && 'Admin' ||
+        contains(groups[*], 'hexor-guest') && 'Viewer' ||
+        'Viewer'
+      role_attribute_strict: false
+    log:
+      level: debug
+      filters: "oauth.generic_oauth:debug"
     database:
       type: postgres
       host: psql.psql.svc:5432

terraform/authentik/proxy-apps.auto.tfvars

@@ -43,23 +43,6 @@ proxy_applications = {
     access_groups                = ["admins"]
   }
 
-  "kubernetes-secrets" = {
-    name                         = "kubernetes-secrets"
-    slug                         = "k8s-secret"
-    group                        = "Core"
-    external_host                = "https://pass.hexor.cy"
-    internal_host                = "http://secret-reader.k8s-secret.svc:80"
-    internal_host_ssl_validation = false
-    meta_description             = ""
-    skip_path_regex              = <<-EOT
-/webhook
-EOT
-    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
-    mode                         = "proxy"
-    outpost                      = "kubernetes-outpost"
-    create_group                 = true
-    access_groups                = ["admins"]
-  }
   "mtproxy-links" = {
     name                         = "mtproxy-links"
     slug                         = "mtproxy-links"