🔥 glauth

2025-09-17 18:24:14 +02:00 · 2023-07-08 19:07:52 +02:00
parent 0280e7ac4b
commit 3153bb3c4b
11 changed files with 1 additions and 263 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,10 +4,6 @@ creation_rules:
      key_groups:
        - age:
            - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-    - path_regex: kubernetes/.*\.sops\.toml
-      key_groups:
-        - age:
-            - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
    - path_regex: ansible/.*\.sops\.ya?ml
      unencrypted_regex: ^(kind)$
      key_groups:
--- a/kubernetes/apps/default/authelia/app/helmrelease.yaml
+++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml
@@ -29,6 +29,7 @@ spec:
  dependsOn:
    - name: lldap
    - name: redis
+    - name: smtp-relay
  values:
    initContainers:
      01-init-db:
--- a/kubernetes/apps/default/authelia/ks.yaml
+++ b/kubernetes/apps/default/authelia/ks.yaml
@@ -10,9 +10,6 @@ metadata:
 spec:
  dependsOn:
    - name: cluster-apps-cloudnative-pg-app
-    - name: cluster-apps-glauth
-    - name: cluster-apps-redis
-    - name: cluster-apps-smtp-relay
  path: ./kubernetes/apps/default/authelia/app
  prune: true
  sourceRef:
--- a/kubernetes/apps/default/glauth/app/config/groups.sops.toml
+++ b/kubernetes/apps/default/glauth/app/config/groups.sops.toml
@@ -1,20 +0,0 @@
-{
-    "data": "ENC[AES256_GCM,data:s910tBBBfRjMxw3/W+Y8Wpm9ODOtWGb8MLQUgRbLLBIczBnZvuDUE6NrQnJAyK7H8sY0SqF2iYGbCKhbp/kFMe1zkB7Txi0EC81+vNCWMEzsKBWeB5HN7R/4LgwT19Ge0vXWYwfP4++Twiin/C5n8/KiPCqQDvcO92o96c5+zkWmvnayGYovmAuTkguSUDaPNJRffHZob7HOc9T9Tw==,iv:YoK+RSBsONPNzzyC6hJDTboz+MpoSv+nmjuypUyYVhk=,tag:UdUlrEe9yoOnFKBP1eSCXg==,type:str]",
-    "sops": {
-        "kms": null,
-        "gcp_kms": null,
-        "azure_kv": null,
-        "hc_vault": null,
-        "age": [
-            {
-                "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg",
-                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZFcremxrOFJCbU12ektL\na0kwajkzRDVkQlQ3ODN2R01LNDhONVRMcDFFCnI1Mk1EWGszSm4rU0Nra0J2VUFq\nTVc3UGU1NHpQZCtTdEI5OFpIVnNKRG8KLS0tIFg4WHNUVS9pTXQxb1k3V0xsd0lL\nV09lKy9nTzBBZ3QyRDByOUhYOUd5bUkK4IEvbv8gyFv3v40Iz6Gso7M1rTWBNKBW\nGJM4LaUoAM5gCSSjPeSB1ZLn7j226Qr2M65GxQiA/4xPpBaOgzguow==\n-----END AGE ENCRYPTED FILE-----\n"
-            }
-        ],
-        "lastmodified": "2022-09-18T16:37:58Z",
-        "mac": "ENC[AES256_GCM,data:T0DB0qKA9BLT6pSud+WLeCTaYltvA19Uf2Klm/vsqCOXvtAVJVTWRMvE3OzcwTieJgBn4UOEaoUUEkpOo6T9ZKyqVzJ+Ir+RmYBkZZs08g86wPsUoMzEwmxQwz7rhaR/dqiNiWp7L0wE1ZbBg5gFpSj5WE8Hs0YJI4VZLFwVwfw=,iv:vSE1TboA1VknRr057d7ESWV8SvGGuNTbQnapieZvy7o=,tag:f2DSJqiBsjzBmexNo9U+ZA==,type:str]",
-        "pgp": null,
-        "unencrypted_suffix": "_unencrypted",
-        "version": "3.7.3"
-    }
-}
--- a/kubernetes/apps/default/glauth/app/config/server.sops.toml
+++ b/kubernetes/apps/default/glauth/app/config/server.sops.toml
@@ -1,20 +0,0 @@
-{
-    "data": "ENC[AES256_GCM,data:sD10DQPlSAMLFCyAUDpn/fDyZbDNenO9s0O+vqZ98JNJjfaP60vn6xHo0IbokHrqylq18L5TE1nJpNbqbmC0ZDNDtBeUaQ3rqxOB4vPCNHg/KVGQHR9MUhe+Eb0m6UuA8XGmv5Fuu0MZijrEL3UHPpB/FJWfLfu4TFzNQa/11FFC3g/wrFZhREH5M1a+LbG/bnCtIQg2PoOiUExyHOff6N9vncGIYX/KfV/HMY5Vg2LnMCdmaGM0Z4WShna2tUNBqD0s0ae0B0ag/qzAWYNgwudHwtHFzI1SZ6kqJgND1LkgfdasDJg=,iv:OJXBftveCPwQ376LaSvKyn9OY5YQYa1DZmSv8jmwQTo=,tag:OvtUyIFaPIz/kEOB3z7XoQ==,type:str]",
-    "sops": {
-        "kms": null,
-        "gcp_kms": null,
-        "azure_kv": null,
-        "hc_vault": null,
-        "age": [
-            {
-                "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg",
-                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cy9WRWtkWGd0MjM4Mkpr\naFJTV1I3aDlqL201NU1TaXlTSldkT1ZVcUFvCnNWWi9JL0c0ZUpoTHhHaUNoVzNu\ndmhGK2lkTkNyc3NOb0M0ek5yKytYV00KLS0tIEcycXRqT2c0UUZaQUdraWJaS2Ey\nOG1HR1l0dUpuMXFvdVpocDJIOTV2N2MKZQckWtH/fmuoJMX7pcDqo3DAhm4JK5gG\n51+E61yqa285DwXlvDQoWyvyBewsgWjgcaA6dP9iIfkvY0eieICdIg==\n-----END AGE ENCRYPTED FILE-----\n"
-            }
-        ],
-        "lastmodified": "2022-12-19T21:22:57Z",
-        "mac": "ENC[AES256_GCM,data:7GtQ6VvSqoy14uhsvlEW13+75N02w09E7DktEkqlHpYv0NF7f9VyMZoNdsbk6h0BaUExNqycFRqv2Z+IjpVsBWSfVh3H5vOabhh/32U/NsxrXxU7L8IUi+U5a0MeelxeisNMc3PrWaHf+4nuRb7DfE4AsTcgi3AQB5URcr4sTYk=,iv:nxnGvnQCSvVMygJ4eWV33FscIptorIR24CXBP1FPPlU=,tag:zYf9Y494p2tjpfAZg4vXVQ==,type:str]",
-        "pgp": null,
-        "unencrypted_suffix": "_unencrypted",
-        "version": "3.7.3"
-    }
-}
--- a/kubernetes/apps/default/glauth/app/config/users.sops.toml
+++ b/kubernetes/apps/default/glauth/app/config/users.sops.toml
@@ -1,20 +0,0 @@
-{
-    "data": "ENC[AES256_GCM,data:q7pZXn6YGFKwKlEX+Iax8ZWoRkuK3a0HZlbKn/aDHpf9DCOpaJuxXpFL6hlkoKb3eoFBdjLHV2Yh+y6u+v/aPnLA9yaMuhZ9MDC0I6KF+5onRermWvtadiW/pmLLBd9fFBTxvKPni3sgHpZoZ7VZMRe6YZ88StsGJBX/cXjEZkOIO9S3GC28f3iNDKH5HGsYHUWyTn2osmOfrLahG5We3P9GeVTKgbnB6/OWC0lSRR+mmPc0yAjAXklTrGuk4zRV54qDoS8HdCO0FTq3Z83f6Qa3eoFDiOrm8yLCmXRqNGSoHoFrp7dnPzCna2SMAX7RBRCrOBRw+mijaxBrbMSp/2/5MqnJyJDz53ozUZog88Ywu595vfo3lEyJ7Qu/O1DX5aJTXKCPAvOIvAwSSFXfdKGmUAQrQvEP3VgpYnzGbuhnfPTJivXKpgc4vutvOH98itTquOq9KJdCOKcsd8gmBtOpPcMrUwA7jP1TV7eJIKhSN9YFt6jflTtqxfa9a4hB6FKXkXqJOrs9b4sT1iGi1bk9uVBF+3Ccc5X/JNRZ6Q6DSLYE5SkOZGOylsS4cjzjUcFSsnyNSfTwjca8SKLlc8bnPU0qFCOIVARIjKw8vMwedYKk0aiNTEa6vqShsGTUHVV/Lx7KqaVgayX+OjhUTzK4Wtrml2dvfoO4TePRmlg0AyeeqvJiIA+Fq9kaxsDkx63HSeK+0wjFH5HWThElycxVWozN6BAQ6EK4sPqrCdjfOpIAnv2YAazY647N8gcKd/OjvYM9lo0d3X0j/EiiFo3nq7ldggMJJRt9MmXVK3Ep31jjkqaeX9nljvMWsnFWwzXq/itPheEaKT3ch44PLPSFZu8NTMn0Xe4SoDaItbCAlXWjfGaLqBSGhVXCgXlzwx9ks75HntQ1zZMR151lU1RpnrZxB0g96uRAdkNBxYtxGkfqr/L4FjbDZSbLSm6JzV6hFgZZmfK4wsDJVG8dzT5/+1XNDfu9Ih2HCbh+upoNSQVzQhcHgtawpESP1v8OQr+t8KMmtVQGKLkCJAufabTI7Q==,iv:Y5jO9xDZwhvBfMUImMz6d9IksMpPCLKhzzrecbahp2Y=,tag:Bha5EyxQ3a7l+x/i0DsiaQ==,type:str]",
-    "sops": {
-        "kms": null,
-        "gcp_kms": null,
-        "azure_kv": null,
-        "hc_vault": null,
-        "age": [
-            {
-                "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg",
-                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeDRMTnBlWXhEbXIrR0Fh\naFJXTEdWS0V3TCtmNFN1UFhGSXFLSExwNFRrCngzdVRhTG5LK2FWV2d3WTNvTTY5\nV0JrNWh0bGFaK0wvanZmL2dBSENkQkEKLS0tIHlVY2daMlVwNW8wMDRNNHN1RzdP\nRmsyY2NublJsWTRsRUJqYVlZTlRJS28Ky5QoK04bIpqAiHepeIS0FBVU+Kqn9IvY\nQ3yJxfye9EO1XJ60goxur9yzq3TNyGFykhvqVsizVBVuir1Ow3sLoQ==\n-----END AGE ENCRYPTED FILE-----\n"
-            }
-        ],
-        "lastmodified": "2022-09-18T16:27:14Z",
-        "mac": "ENC[AES256_GCM,data:W77zbh5xtZPJC7nAuJ3LyZUlfQM9cmNJo6rBGnp34vxfA/H7m0OExHTaJkW+o0Zajk/3/zC9jwhmNRJdiQzd/k1M+a3q+DGOU2vt+On7Mo8mDfyuPOA6DvQnXf9ouwBPPkFjtn8t2Hb1cKvCLVdeMqRgz+x3MwJRbB2rB5YEY4o=,iv:+figksDMN3AP5+dD/gn9cE18HlgU8BOHtMtvaDEQUzs=,tag:9eo27jDtrFrqXWef5/T2nQ==,type:str]",
-        "pgp": null,
-        "unencrypted_suffix": "_unencrypted",
-        "version": "3.7.3"
-    }
-}
--- a/kubernetes/apps/default/glauth/app/helmrelease.yaml
+++ b/kubernetes/apps/default/glauth/app/helmrelease.yaml
@@ -1,69 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: &app glauth
-  namespace: default
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.5.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 3
-  install:
-    createNamespace: true
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  values:
-    controller:
-      replicas: 1
-      strategy: RollingUpdate
-      annotations:
-        reloader.stakater.com/auto: "true"
-    image:
-      repository: docker.io/glauth/glauth
-      tag: v2.2.0
-    command: ["/app/glauth", "-c", "/config"]
-    service:
-      main:
-        ports:
-          http:
-            port: 5555
-          ldap:
-            enabled: true
-            port: 8389
-    podSecurityContext:
-      runAsUser: 1000
-      runAsGroup: 1000
-      fsGroup: 1000
-      fsGroupChangePolicy: "OnRootMismatch"
-    persistence:
-      config:
-        enabled: true
-        type: secret
-        name: glauth-secret
-        items:
-          - key: server.toml
-            path: server.toml
-          - key: groups.toml
-            path: groups.toml
-          - key: users.toml
-            path: users.toml
-    resources:
-      requests:
-        cpu: 15m
-        memory: 105Mi
-      limits:
-        memory: 105Mi
--- a/kubernetes/apps/default/glauth/app/kustomization.yaml
+++ b/kubernetes/apps/default/glauth/app/kustomization.yaml
@@ -1,15 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
-  - ./helmrelease.yaml
-secretGenerator:
-  - name: glauth-secret
-    files:
-      - server.toml=./config/server.sops.toml
-      - groups.toml=./config/groups.sops.toml
-      - users.toml=./config/users.sops.toml
-generatorOptions:
-  disableNameSuffixHash: true
--- a/kubernetes/apps/default/glauth/ks.yaml
+++ b/kubernetes/apps/default/glauth/ks.yaml
@@ -1,23 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: cluster-apps-glauth
-  namespace: flux-system
-  labels:
-    substitution.flux.home.arpa/enabled: "true"
-spec:
-  path: ./kubernetes/apps/default/glauth/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-ops-kubernetes
-  healthChecks:
-    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
-      kind: HelmRelease
-      name: glauth
-      namespace: default
-  interval: 30m
-  retryInterval: 1m
-  timeout: 3m
--- a/kubernetes/apps/default/glauth/readme.md
+++ b/kubernetes/apps/default/glauth/readme.md
@@ -1,88 +0,0 @@
-# glAuth
-
-## Repo configuration
-
-1. Add/Update `.vscode/extensions.json`
-
-    ```json
-    {
-        "files.associations": {
-            "**/cluster/**/*.sops.toml": "plaintext"
-        }
-    }
-    ```
-
-2. Add/Update `.gitattributes`
-
-    ```text
-    *.sops.toml linguist-language=JSON
-    ```
-
-3. Add/Update `.sops.yaml`
-
-    ```yaml
-    - path_regex: cluster/.*\.sops\.toml
-        key_groups:
-        - age:
-            - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-    ```
-
-## App Configuration
-
-Below are the decrypted versions of the sops encrypted toml files.
-
-> `passbcrypt` can be generated [on CyberChef](https://gchq.github.io/CyberChef/#recipe=Bcrypt(12)To_Hex(%27None%27,0))
-
-1. `server.sops.toml`
-
-    ```toml
-    debug = true
-    [ldap]
-        enabled = true
-        listen = "0.0.0.0:389"
-    [ldaps]
-        enabled = false
-    [api]
-        enabled = true
-        tls = false
-        listen = "0.0.0.0:5555"
-    [backend]
-        datastore = "config"
-        baseDN = "dc=home,dc=arpa"
-    ```
-
-2. `groups.sops.toml`
-
-    ```toml
-    [[groups]]
-        name = "svcaccts"
-        gidnumber = 6500
-    [[groups]]
-        name = "admins"
-        gidnumber = 6501
-    [[groups]]
-        name = "people"
-        gidnumber = 6502
-    ```
-
-3. `users.sops.toml`
-
-    ```toml
-    [[users]]
-        name = "search"
-        uidnumber = 5000
-        primarygroup = 6500
-        passbcrypt = ""
-        [[users.capabilities]]
-            action = "search"
-            object = "*"
-    [[users]]
-        name = "<name>"
-        mail = ""
-        givenname = "<Name>"
-        sn = "<sn>"
-        uidnumber = <uid>
-        primarygroup = <gid>
-        othergroups = [ <gid> ]
-        passbcrypt = ""
-    ```
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -19,7 +19,6 @@ resources:
  - ./freshrss/ks.yaml
  - ./ghostfolio/ks.yaml
  - ./gitea/ks.yaml
-  - ./glauth/ks.yaml
  - ./hajimari/ks.yaml
  - ./home-assistant/ks.yaml
  - ./immich/ks.yaml