ab/homelab
1
1
Fork 1
Code Pull Requests 143 Actions Packages Wiki Activity
Files
09a0311718cb641ab24a7d510d0357b2af8387ec
homelab/k8s/apps/matrix/external-secrets.yaml
Ultradesu bd13badd0c
All checks were successful
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 10s
Details
Check with kubeconform / lint (push) Successful in 13s
Details
Auto-update README / Generate README and Create MR (push) Successful in 27s
Details
Added matrix
2026-03-16 10:28:23 +00:00

95 lines
2.7 KiB
YAML
Raw Blame History

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-postgres-creds
spec:
target:
name: matrix-postgres-creds
deletionPolicy: Delete
template:
type: Opaque
data:
synapse_db_password: |-
{{ .synapse_db_password }}
mas_db_password: |-
{{ .mas_db_password }}
data:
- secretKey: synapse_db_password
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[14].value
- secretKey: mas_db_password
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
key: 2a9deb39-ef22-433e-a1be-df1555625e22
property: fields[15].value
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-oidc-config
spec:
target:
name: matrix-oidc-config
deletionPolicy: Delete
template:
type: Opaque
data:
mas-oidc.yaml: |
upstream_oauth2:
providers:
- id: authentik
human_name: Authentik
issuer: https://idm.hexor.cy/application/o/matrix/
client_id: {{ .oauth_client_id }}
client_secret: {{ .oauth_client_secret }}
scope: "openid profile email"
claims_imports:
localpart:
action: require
template: "{{ `{{ user.preferred_username }}` }}"
displayname:
action: suggest
template: "{{ `{{ user.name }}` }}"
email:
action: suggest
template: "{{ `{{ user.email }}` }}"
set_email_verification: always
data:
- secretKey: oauth_client_id
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
property: fields[0].value
- secretKey: oauth_client_secret
sourceRef:
storeRef:
name: vaultwarden-login
kind: ClusterSecretStore
remoteRef:
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
property: fields[1].value
View Git Blame Copy Permalink