73 lines
2.7 KiB
YAML
73 lines
2.7 KiB
YAML
{{ $name := printf "%s-forgejo" .Release.Name }}
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: {{ .Release.Name }}-auth
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: "wrenix-helm-charts"
|
|
namespace: "flux-system"
|
|
chart: "./authentik-application"
|
|
reconcileStrategy: "Revision"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
{{- $host := .Values.ingress.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
|
|
blueprint:
|
|
authentik:
|
|
domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
|
|
provider:
|
|
type: "oidc"
|
|
name: {{ $name }}
|
|
oidc:
|
|
clientType: "confidential"
|
|
redirectURL: "https://{{ $host }}/user/oauth2/authentik/callback"
|
|
clientID: {{ .Values.auth.clientID | default $name | quote }}
|
|
clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "git-forgejo" "auth.clientSecret") | quote }}
|
|
signingKey: "authentik Self-signed Certificate"
|
|
scopes:
|
|
- name: "authentik default OAuth Mapping: OpenID 'openid'"
|
|
- name: "authentik default OAuth Mapping: OpenID 'email'"
|
|
- name: "authentik gitea OAuth Mapping: OpenID 'gitea'"
|
|
scope_name: gitea
|
|
expression: |-
|
|
groups = [group.name for group in user.ak_groups.all()]
|
|
gitea = {}
|
|
if user.is_superuser:
|
|
gitea = "admin"
|
|
if "admin" not in groups:
|
|
groups.append("admin")
|
|
else:
|
|
gitea = "user"
|
|
|
|
return {
|
|
"nickname": request.user.username,
|
|
"groups": groups,
|
|
"gitea": gitea
|
|
}
|
|
|
|
groups:
|
|
- slug: "mycloud - users"
|
|
bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"
|
|
|
|
application:
|
|
policyEngineMode: "any"
|
|
openInNewTab: true
|
|
publisher: "WrenIX's myCloud"
|
|
slug: {{ $name }}
|
|
group: "Communication"
|
|
name: "Forgejo"
|
|
launchURL: "https://{{ $host }}"
|
|
icon: "https://{{ $host }}/assets/img/logo.png"
|
|
description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!"
|