diff --git a/modules/kitchenowl.nix b/modules/kitchenowl.nix index 1042468..d2bbf15 100644 --- a/modules/kitchenowl.nix +++ b/modules/kitchenowl.nix @@ -33,9 +33,16 @@ ports.web.containerPort = 8080; imagePullPolicy = "IfNotPresent"; - env.JWT_SECRET_KEY.valueFrom.secretKeyRef = { - name = "server"; - key = "jwtSecretKey"; + env = { + FRONT_URL.value = "https://boodschappen.kun.is"; + OIDC_ISSUER.value = "https://authentik.kun.is/application/o/kitchenowl/"; + OIDC_CLIENT_ID.value = "OptR5S9hPix9beuJWFdfNBWRBr2l0nPx7mj8FpB3"; + OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/kitchenowl/client_secret"; + + JWT_SECRET_KEY.valueFrom.secretKeyRef = { + name = "server"; + key = "jwtSecretKey"; + }; }; volumeMounts = [ diff --git a/secrets.yml b/secrets.yml index 2034a8c..33ad123 100644 --- a/secrets.yml +++ b/secrets.yml @@ -50,6 +50,8 @@ authentik: client_secret: ENC[AES256_GCM,data:KrsaLLsjfQsyNQzvQF/pCLj1dhi8tr/OdToY7WczvPUUQKMtSk//oxsiPike/HoVEuCUp+j7UlTfIRPF2xUcPPvw7pkcLhQhcot79aieI1ciIeLZ1Q5svsPrqDBmDY7g65jkzA9vjM9VLTsx4Dx/1vGHDqo7I12qadEQlKAuhhQ=,iv:3icAM7sVe2HlmosbP7VPbcF4SRz/mlbzdQ1gENR9TRs=,tag:O8TCN7NltNpDGoG3T8Ds1w==,type:str] nextcloud: client_secret: ENC[AES256_GCM,data:zLejYbfudK/4OquLXPYTv9YOmFpCVfg0KLNkDSDCpFrxroDUAXBCLtYXiGuYkYrD/t7LAzRt+OTq70d7ciuHhBNSLclP2U97BQoXCWscWnxQauRZ+UCABvP+DB9VPQmCwU+uKPrKQ8l51baj+MkpIDdk2lwavpONMU57Zov6N2o=,iv:aQ4bsXUXn177tCxe1kAsSMP9ynEzvDwN0hwFhrT3Nko=,tag:EFcnf6VmyFt2i4+aL56sWw==,type:str] + kitchenowl: + client_secret: ENC[AES256_GCM,data:x4Xsd3d3El59HKBYNV56ah314hYSRhzt46upW34cOopXNHSB3zCDrD46LUa6i8g6V5GJyrMpMfO5mv+b80JrmfHkhGUXZXuTwDNu6ijnO6ZCvC2Bdlo+T0tlkJe25OMCBseJkkC++UBrpKQQTAhyVjnPSVrGVvtY4WtdAw+X/OY=,iv:pOowIhPD7kb2F3ylFzLwNW3BhPZyzoFCGRm2+KCmhno=,tag:GxFI0w06EyGxFwj6Fv4ZLQ==,type:str] smtp2go: username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str] password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str] @@ -77,8 +79,8 @@ sops: azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-12T14:31:02Z" - mac: ENC[AES256_GCM,data:fURqCQvs849+xxfzzqRIwOcxJm2Grz2m3fPoF7/XNH1+HpuS7FlnU2gIZ2LH/hun5kUDD1x4BXH+hrM4nGzl+jI0ZUa9NBDxT69N2mAkFI7oqeWLVLdYfGyit64kwCe2aupW0kdtrW1OsxY2JzfqEqFykSW9oPld9tx+JMVOPQA=,iv:impIJ13OHqWto2U+HV6unGGQgtRmVQKl2L3ukEeb4cM=,tag:jaEhmbxxiHlC/4ifpYLoXA==,type:str] + lastmodified: "2025-02-13T16:43:24Z" + mac: ENC[AES256_GCM,data:EJ3TwNwTEsbA2Y/v7ZNgRq3ENgl1tyIzTbrW3x58p5MA6sPMCshVnu6cqrssn3l/cHZdGYxeyachVbqbaVC60Gbw1UiywkjAj5w5l92PMne142unjeLDsVgGv3ItalWLgmWBVp6B1YfxID9V5CxNZjSglVzH3o0bseqIGnvcDrQ=,iv:dK2QR6s5m9BCW+7ZXwE0Ksca0EAGtHtrTfigbUkY2AY=,tag:+HUoCt7tu5yDCG3LbwEq8w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4