shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-10-02 16:51:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

authelia oidc

Browse Source
This commit is contained in:
auricom
2022-09-13 01:50:32 +02:00
parent a349490a03
commit 4f937581f6
2 changed files with 53 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
cluster/apps/networking/authelia/helm-release.yaml
View File

@@ -125,7 +125,16 @@ spec:
session:
redis:
enabled: false
high_availability:
enabled: true
sentinel_name: redis-master
nodes:
- host: redis-node-0.redis-headless.default.svc.cluster.local
port: 26379
- host: redis-node-1.redis-headless.default.svc.cluster.local
port: 26379
- host: redis-node-2.redis-headless.default.svc.cluster.local
port: 26379
storage:
postgres:
enabled: true
@@ -143,6 +152,44 @@ spec:
sender: ${SECRET_AUTHELIA_SMTP_EMAIL}
identifier: ${SECRET_CLUSTER_DOMAIN}
identity_providers:
oidc:
enabled: true
cors:
endpoints: ["authorization", "token", "revocation", "introspection"]
allowed_origins_from_client_redirect_uris: true
clients:
- id: gitea
secret: "${SECRET_GITEA_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: one_factor
scopes: ["openid", "profile", "groups", "email"]
redirect_uris:
[
"https://gitea.${SECRET_CLUSTER_DOMAIN}/user/oauth2/authelia/callback",
]
userinfo_signing_algorithm: none
- id: grafana
description: Grafana
secret: "${SECRET_GRAFANA_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: one_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "groups", "email"]
redirect_uris:
["https://grafana.${SECRET_CLUSTER_DOMAIN}/login/generic_oauth"]
userinfo_signing_algorithm: none
- id: outline
description: Outline
secret: "${SECRET_OUTLINE_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: one_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "email", "offline_access"]
redirect_uris:
["https://docs.${SECRET_CLUSTER_DOMAIN}/auth/oidc.callback"]
userinfo_signing_algorithm: none
secret:
storage:
key: STORAGE_PASSWORD

7
cluster/configuration/cluster-secrets.sops.yaml
View File

@@ -75,6 +75,9 @@ stringData:
SECRET_WALLABAG_DB_PASSWORD: ENC[AES256_GCM,data:6kI1fYuCEZzgNSqJ0vE=,iv:QMzl/GI5Wmudv7kp4y5PtyiCygAQDJHfVzLquMkjLsY=,tag:6Dr9lwtxKL1hlskTtcyKBg==,type:str]
SECRET_WIFI_SSID: ENC[AES256_GCM,data:ChUJY7mgQSZ1IQ==,iv:uJ8FasEK+ZvxLMulSp7l9wXOjb3Ojnnt31sfekPRm9s=,tag:QBwdk4qtLCwG7G0AqdOoQA==,type:str]
SECRET_WIFI_PASSWORD: ENC[AES256_GCM,data:pE7jOD2WNVw6+KmyRzlXgwErVbVCSpx4p9AL3kyv,iv:51HVZpqSMVt10b96Ugx9ZDOG0Eh47QR9gypCr2s/FCc=,tag:hxhk8vuVBSZeihZoF2nwsA==,type:str]
SECRET_OUTLINE_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:BB/eZQ/oLQ09AxGwKRddbiyiRMA=,iv:dhiyOUP3GyvHXUdPYqQKPQCMmqornj6WVWtfreq9T6A=,tag:WijFyu8XGk3dklYJR4/81A==,type:str]
SECRET_GRAFANA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:3igfeqGHygjnmJXnoiKV7W8Tm2M=,iv:Hrjh38GuRvzS4Hi69QftBhaAJ02is5B0E5h23XICpUc=,tag:O4JFVSaoTQDhf3QZPLbn1Q==,type:str]
SECRET_GITEA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:VWetZHP8haXPy1r20RMJvECxEWw=,iv:B3+rjPXWSbyCdi4KAy/FeMbtNUv40UIWN462OWfv9Ww=,tag:5wK7nUGu7HmdC90d2jllwQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -90,8 +93,8 @@ sops:
WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-14T20:30:12Z"
mac: ENC[AES256_GCM,data:mgfG9ZEjVUdFd3DzzAl4NF/y15fX+T/XtndvmHUW/NBS5RcSJSn/EcotmOFwga9fgGb9PbcmkcUpHcp/didQWzA4qcKiEH7zYiLkwUR/yjh1i3FEGTPMMgDKWFgkZRYbV2FvknALkY7YgVgkVyYsXkbVzJ/13s1hR13XIzy1dPQ=,iv:6GBccklvwx2CwMtvgCAvipKQXT3SMH8vCMLtrUvcFtA=,tag:v9fjgZjt8lYmxKrLmQbgjw==,type:str]
lastmodified: "2022-09-12T23:49:49Z"
mac: ENC[AES256_GCM,data:/QABokir5gHB14+iJ8TJ/vemuXDcbQQj41ivyy+a9bW3uwHTvf7Xqgjx9XTWVlSpamVZFQ7u/pTiXuenAo+w0q6SqAgeUquguO/kG9TPNF/RKPJlCvkimr6N5HvS+M3ELaWMTkrssaYwOe9fI42hJ1+ztVyXnngoSdhrGagAClI=,iv:PuozwGBadG35RmUfENBZ2QMMB1GJ/mgkFGsHwmNu9OY=,tag:/gB58YNWvPLxBAU4VNt4XA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3