mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
♻️ refacto
This commit is contained in:
@@ -29,7 +29,7 @@ access_control:
|
||||
- domain:
|
||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
||||
policy: one_factor
|
||||
subject: ["group:homelab_admins", "group:homelab_users"]
|
||||
subject: ["group:admins", "group:users"]
|
||||
networks:
|
||||
- private
|
||||
# Deny public resources
|
||||
@@ -81,12 +81,3 @@ identity_providers:
|
||||
scopes: ["openid", "profile", "email"]
|
||||
redirect_uris: ["https://photos.${SECRET_CLUSTER_DOMAIN}/auth/login", "app.immich:/"]
|
||||
userinfo_signing_algorithm: none
|
||||
- id: headlamp
|
||||
description: Immich
|
||||
secret: "${SECRET_HEADLAMP_OAUTH_CLIENT_SECRET}"
|
||||
public: false
|
||||
authorization_policy: two_factor
|
||||
pre_configured_consent_duration: 1y
|
||||
scopes: ["openid", "profile", "email"]
|
||||
redirect_uris: ["https://headlamp.${SECRET_CLUSTER_DOMAIN}/oidc-callback"]
|
||||
userinfo_signing_algorithm: none
|
||||
|
@@ -41,8 +41,7 @@ spec:
|
||||
reloader.stakater.com/auto: "true"
|
||||
image:
|
||||
repository: ghcr.io/lldap/lldap
|
||||
# TODO: Switch to release tag on next release
|
||||
tag: latest-alpine@sha256:261dd6d4e7bc3d7441e939ad57296b45c8c4b5125c0150ba0601352396b7a603
|
||||
tag: v0.5.0
|
||||
env:
|
||||
TZ: ${TIMEZONE}
|
||||
LLDAP_HTTP_PORT: &port 8080
|
||||
|
@@ -16,8 +16,8 @@ spec:
|
||||
engineVersion: v2
|
||||
data:
|
||||
# App
|
||||
PAPERLESS_ADMIN_USER: "{{ .PAPERLESS_ADMIN_USER }}"
|
||||
PAPERLESS_ADMIN_PASSWORD: "{{ .PAPERLESS_ADMIN_PASSWORD }}"
|
||||
PAPERLESS_ADMIN_USER: "{{ .username }}"
|
||||
PAPERLESS_ADMIN_PASSWORD: "{{ .password }}"
|
||||
PAPERLESS_SECRET_KEY: "{{ .PAPERLESS_SECRET_KEY }}"
|
||||
PAPERLESS_DBUSER: &dbUser "{{ .POSTGRES_USER }}"
|
||||
PAPERLESS_DBPASS: &dbPass "{{ .POSTGRES_PASS }}"
|
||||
|
@@ -36,16 +36,20 @@ spec:
|
||||
GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
|
||||
GF_SECURITY_ALLOW_EMBEDDING: true
|
||||
GF_SECURITY_COOKIE_SAMESITE: grafana
|
||||
admin:
|
||||
existingSecret: grafana-admin-creds
|
||||
grafana.ini:
|
||||
analytics:
|
||||
check_for_updates: false
|
||||
check_for_plugin_updates: false
|
||||
reporting_enabled: false
|
||||
auth:
|
||||
signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
|
||||
oauth_auto_login: false
|
||||
oauth_auto_login: true
|
||||
oauth_allow_insecure_email_lookup: true
|
||||
auth.generic_oauth:
|
||||
enabled: true
|
||||
name: Authelia
|
||||
client_id: grafana
|
||||
icon: signin
|
||||
client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
|
||||
scopes: "openid profile email groups"
|
||||
empty_scopes: false
|
||||
@@ -61,7 +65,7 @@ spec:
|
||||
contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'people') && 'Viewer'
|
||||
org_id: 1
|
||||
auth.basic:
|
||||
disable_login_form: false
|
||||
enabled: false
|
||||
auth.anonymous:
|
||||
enabled: true
|
||||
org_name: HomeOps
|
||||
@@ -74,8 +78,6 @@ spec:
|
||||
logs: /var/log/grafana
|
||||
plugins: /var/lib/grafana/plugins
|
||||
provisioning: /etc/grafana/provisioning
|
||||
analytics:
|
||||
check_for_updates: false
|
||||
log:
|
||||
mode: console
|
||||
grafana_net:
|
||||
|
@@ -4,5 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: monitoring
|
||||
resources:
|
||||
- ./secrets.sops.yaml
|
||||
- ./helmrelease.yaml
|
||||
|
@@ -1,29 +0,0 @@
|
||||
# yamllint disable
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: grafana-admin-creds
|
||||
namespace: monitoring
|
||||
stringData:
|
||||
admin-user: ENC[AES256_GCM,data:NrH2m8c=,iv:uO1V1XHpx5q72uiZ7ZZ07oagTou64bY2cmA+O+sjbQs=,tag:0kMdvkMr3W83rmwOwmv//w==,type:str]
|
||||
admin-password: ENC[AES256_GCM,data:/UlQnEL9N3pr/XIYKIY=,iv:AtUad/V1y3UG9TGUZnaT7G7lykhzm3Yx7gzaLE/0tlA=,tag:qQ9nok5b1uH+az0gmTKHEw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQmtZeUVvaWtSNzZBWHBx
|
||||
VWxYMjY0MlFSVEN0cjhvQUFxVWNHbFB2cndzCkZURTNGQXBXSm8yT0hvWVR0aDVC
|
||||
NmVhRDNaUFh4eWYyUTFqRTZIQ2o5QkUKLS0tIHhuM3lFREZyYnhlZ3JKQUJwVEdX
|
||||
Z3d6U0dVUWhPTDBZcXY4cFNsRGM3cFUKdIPaiHrS/B4zNHpNaxi9zYrOv+HrZ/oP
|
||||
NVkIbemYIYGKhcqSjRy53EQhIimu0q4oCxal6KkXahVB0edysD9JBQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-07-08T08:38:39Z"
|
||||
mac: ENC[AES256_GCM,data:y/XhXzy4Q3CQOpJFbMtMlDAOfoE3AoewrqL2LD7k3uaGtN5qcZRvZrshtlFc6aLu0Xz0Tquhk2knaRVx4iHBPosHchBQkBnOKydpI7vnqJTpTk9l6rbB08Xy4hwTZToiIonvYclceXeVbt/HKtdasq1LGJVBogNeGEQrn50kVUY=,iv:jDdz7nEw8h3J6Py9MWAnj5mTXY5jxhYvxHB53riiP/M=,tag:znmJxs869qluZNSnk8QmGg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
Reference in New Issue
Block a user