shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: freshrss sso

Browse Source
This commit is contained in:
auricom
2024-06-14 11:09:58 +02:00
parent c0af3863e7
commit daf03459c5
3 changed files with 30 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
kubernetes/apps/default/authelia/app/config/configuration.yaml
View File

@@ -39,28 +39,26 @@ access_control:
identity_providers:
oidc:
cors:
endpoints: ["authorization", "token", "revocation", "introspection"]
endpoints: [authorization, token, revocation, introspection]
allowed_origins_from_client_redirect_uris: true
clients:
- id: gitea
secret: "${GITEA_OAUTH_CLIENT_SECRET}"
- client_id: freshrss
client_name: freshrss
client_secret:
public: false
authorization_policy: two_factor
scopes: ["openid", "profile", "groups", "email"]
redirect_uris:
[
"https://gitea.${SECRET_PUBLIC_DOMAIN}/user/oauth2/authelia/callback",
]
userinfo_signing_algorithm: none
- id: grafana
description: Grafana
secret: "${GRAFANA_OAUTH_CLIENT_SECRET}"
redirect_uris: ["https://freshrss.${SECRET_PUBLIC_DOMAIN}/i/oidc/"]
scopes: [openid, profile, groups, email]
userinfo_signed_response_alg: none
token_endpoint_auth_method: client_secret_basic
- client_name: grafana
client_id: grafana
client_secret: "${GRAFANA_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: two_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "groups", "email"]
redirect_uris:
["https://grafana.${SECRET_PUBLIC_DOMAIN}/login/generic_oauth"]
scopes: [openid, profile, groups, email]
redirect_uris: ["https://grafana.${SECRET_PUBLIC_DOMAIN}/login/generic_oauth"]
userinfo_signing_algorithm: none
- id: outline
description: Outline
@@ -68,24 +66,14 @@ identity_providers:
public: false
authorization_policy: two_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "email", "offline_access"]
redirect_uris:
["https://docs.${SECRET_PUBLIC_DOMAIN}/auth/oidc.callback"]
scopes: [openid, profile, email, offline_access]
redirect_uris: ["https://docs.${SECRET_PUBLIC_DOMAIN}/auth/oidc.callback"]
userinfo_signing_algorithm: none
- id: immich
description: Immich
secret: "${IMMICH_OAUTH_CLIENT_SECRET}"
- client_name: jellyfin
client_id: jellyfin
client_secret: "${JELLYFIN_OAUTH_CLIENT_SECRET}"
public: false
authorization_policy: one_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "email"]
redirect_uris: ["https://photos.${SECRET_PUBLIC_DOMAIN}/auth/login", "app.immich:/"]
userinfo_signing_algorithm: none
- id: jellyfin
description: jellyfin
public: false
secret: "${JELLYFIN_OAUTH_CLIENT_SECRET}"
authorization_policy: two_factor
pre_configured_consent_duration: 1y
scopes: ["openid", "profile", "groups", "email"]
scopes: [openid, profile, groups, email]
redirect_uris: [ "https://jellyfin.${SECRET_PUBLIC_DOMAIN}/sso/OID/redirect/authelia" ]

4
kubernetes/apps/default/freshrss/app/externalsecret.yaml
View File

@@ -14,6 +14,8 @@ spec:
template:
engineVersion: v2
data:
# App
OIDC_CLIENT_CRYPTO_KEY: "{{ .FRESHRSS_OAUTH_CLIENT_SECRET }}"
# Postgres Init
INIT_POSTGRES_DBNAME: freshrss
INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
@@ -21,6 +23,8 @@ spec:
INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
dataFrom:
- extract:
key: autthelia
- extract:
key: cloudnative-pg
- extract:

7
kubernetes/apps/default/freshrss/app/helmrelease.yaml
View File

@@ -49,6 +49,13 @@ spec:
TZ: ${TIMEZONE}
CRON_MIN: 18,48
DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
OIDC_ENABLED: 1
OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration
OIDC_CLIENT_ID: freshrss
OIDC_CLIENT_SECRET: insecure_secret
OIDC_REMOTE_USER_CLAIM: preferred_username
OIDC_SCOPES: openid groups email profile
OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
resources:
requests:
cpu: 50m