♻️ refacto

2025-09-17 18:24:14 +02:00 · 2023-09-14 22:52:04 +02:00
parent 16bdd0e977
commit 10ed7ead5d
6 changed files with 12 additions and 50 deletions
--- a/kubernetes/apps/default/authelia/app/config/configuration.yaml
+++ b/kubernetes/apps/default/authelia/app/config/configuration.yaml
@@ -29,7 +29,7 @@ access_control:
    - domain:
        - "*.${SECRET_CLUSTER_DOMAIN}"
      policy: one_factor
-      subject: ["group:homelab_admins", "group:homelab_users"]
+      subject: ["group:admins", "group:users"]
      networks:
        - private
    # Deny public resources
@@ -81,12 +81,3 @@ identity_providers:
        scopes: ["openid", "profile", "email"]
        redirect_uris: ["https://photos.${SECRET_CLUSTER_DOMAIN}/auth/login", "app.immich:/"]
        userinfo_signing_algorithm: none
-      - id: headlamp
-        description: Immich
-        secret: "${SECRET_HEADLAMP_OAUTH_CLIENT_SECRET}"
-        public: false
-        authorization_policy: two_factor
-        pre_configured_consent_duration: 1y
-        scopes: ["openid", "profile", "email"]
-        redirect_uris: ["https://headlamp.${SECRET_CLUSTER_DOMAIN}/oidc-callback"]
-        userinfo_signing_algorithm: none
--- a/kubernetes/apps/default/lldap/app/helmrelease.yaml
+++ b/kubernetes/apps/default/lldap/app/helmrelease.yaml
@@ -41,8 +41,7 @@ spec:
        reloader.stakater.com/auto: "true"
    image:
      repository: ghcr.io/lldap/lldap
-      # TODO: Switch to release tag on next release
-      tag: latest-alpine@sha256:261dd6d4e7bc3d7441e939ad57296b45c8c4b5125c0150ba0601352396b7a603
+      tag: v0.5.0
    env:
      TZ: ${TIMEZONE}
      LLDAP_HTTP_PORT: &port 8080
--- a/kubernetes/apps/default/paperless/app/externalsecret.yaml
+++ b/kubernetes/apps/default/paperless/app/externalsecret.yaml
@@ -16,8 +16,8 @@ spec:
      engineVersion: v2
      data:
        # App
-        PAPERLESS_ADMIN_USER: "{{ .PAPERLESS_ADMIN_USER }}"
-        PAPERLESS_ADMIN_PASSWORD: "{{ .PAPERLESS_ADMIN_PASSWORD }}"
+        PAPERLESS_ADMIN_USER: "{{ .username }}"
+        PAPERLESS_ADMIN_PASSWORD: "{{ .password }}"
        PAPERLESS_SECRET_KEY: "{{ .PAPERLESS_SECRET_KEY }}"
        PAPERLESS_DBUSER: &dbUser "{{ .POSTGRES_USER }}"
        PAPERLESS_DBPASS: &dbPass "{{ .POSTGRES_PASS }}"
--- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
@@ -36,16 +36,20 @@ spec:
      GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
      GF_SECURITY_ALLOW_EMBEDDING: true
      GF_SECURITY_COOKIE_SAMESITE: grafana
-    admin:
-      existingSecret: grafana-admin-creds
    grafana.ini:
+      analytics:
+        check_for_updates: false
+        check_for_plugin_updates: false
+        reporting_enabled: false
      auth:
        signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
-        oauth_auto_login: false
+        oauth_auto_login: true
+        oauth_allow_insecure_email_lookup: true
      auth.generic_oauth:
        enabled: true
        name: Authelia
        client_id: grafana
+        icon: signin
        client_secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
        scopes: "openid profile email groups"
        empty_scopes: false
@@ -61,7 +65,7 @@ spec:
          contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'people') && 'Viewer'
        org_id: 1
      auth.basic:
-        disable_login_form: false
+        enabled: false
      auth.anonymous:
        enabled: true
        org_name: HomeOps
@@ -74,8 +78,6 @@ spec:
        logs: /var/log/grafana
        plugins: /var/lib/grafana/plugins
        provisioning: /etc/grafana/provisioning
-      analytics:
-        check_for_updates: false
      log:
        mode: console
      grafana_net:
--- a/kubernetes/apps/monitoring/grafana/app/kustomization.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/kustomization.yaml
@@ -4,5 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: monitoring
 resources:
-  - ./secrets.sops.yaml
  - ./helmrelease.yaml
--- a/kubernetes/apps/monitoring/grafana/app/secrets.sops.yaml
+++ b/kubernetes/apps/monitoring/grafana/app/secrets.sops.yaml
@@ -1,29 +0,0 @@
-# yamllint disable
-apiVersion: v1
-kind: Secret
-metadata:
-    name: grafana-admin-creds
-    namespace: monitoring
-stringData:
-    admin-user: ENC[AES256_GCM,data:NrH2m8c=,iv:uO1V1XHpx5q72uiZ7ZZ07oagTou64bY2cmA+O+sjbQs=,tag:0kMdvkMr3W83rmwOwmv//w==,type:str]
-    admin-password: ENC[AES256_GCM,data:/UlQnEL9N3pr/XIYKIY=,iv:AtUad/V1y3UG9TGUZnaT7G7lykhzm3Yx7gzaLE/0tlA=,tag:qQ9nok5b1uH+az0gmTKHEw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQmtZeUVvaWtSNzZBWHBx
-            VWxYMjY0MlFSVEN0cjhvQUFxVWNHbFB2cndzCkZURTNGQXBXSm8yT0hvWVR0aDVC
-            NmVhRDNaUFh4eWYyUTFqRTZIQ2o5QkUKLS0tIHhuM3lFREZyYnhlZ3JKQUJwVEdX
-            Z3d6U0dVUWhPTDBZcXY4cFNsRGM3cFUKdIPaiHrS/B4zNHpNaxi9zYrOv+HrZ/oP
-            NVkIbemYIYGKhcqSjRy53EQhIimu0q4oCxal6KkXahVB0edysD9JBQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-08T08:38:39Z"
-    mac: ENC[AES256_GCM,data:y/XhXzy4Q3CQOpJFbMtMlDAOfoE3AoewrqL2LD7k3uaGtN5qcZRvZrshtlFc6aLu0Xz0Tquhk2knaRVx4iHBPosHchBQkBnOKydpI7vnqJTpTk9l6rbB08Xy4hwTZToiIonvYclceXeVbt/HKtdasq1LGJVBogNeGEQrn50kVUY=,iv:jDdz7nEw8h3J6Py9MWAnj5mTXY5jxhYvxHB53riiP/M=,tag:znmJxs869qluZNSnk8QmGg==,type:str]
-    pgp: []
-    encrypted_regex: ^(data|stringData)$
-    version: 3.7.3