home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Enable OIDC login for kitchenowl

Browse source
This commit is contained in:
Pim Kunis 2025-02-13 17:59:35 +01:00
parent 1210360509
commit d29332fd6d
2 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
modules/kitchenowl.nix
View file

@ -33,9 +33,16 @@
ports.web.containerPort = 8080; ports.web.containerPort = 8080;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";
env.JWT_SECRET_KEY.valueFrom.secretKeyRef = { env = {
name = "server"; FRONT_URL.value = "https://boodschappen.kun.is";
key = "jwtSecretKey"; OIDC_ISSUER.value = "https://authentik.kun.is/application/o/kitchenowl/";
OIDC_CLIENT_ID.value = "OptR5S9hPix9beuJWFdfNBWRBr2l0nPx7mj8FpB3";
OIDC_CLIENT_SECRET.value = "ref+sops://secrets.yml#/authentik/oauth2/kitchenowl/client_secret";
JWT_SECRET_KEY.valueFrom.secretKeyRef = {
name = "server";
key = "jwtSecretKey";
};
}; };
volumeMounts = [ volumeMounts = [

6
secrets.yml
View file

@ -50,6 +50,8 @@ authentik:
client_secret: ENC[AES256_GCM,data:KrsaLLsjfQsyNQzvQF/pCLj1dhi8tr/OdToY7WczvPUUQKMtSk//oxsiPike/HoVEuCUp+j7UlTfIRPF2xUcPPvw7pkcLhQhcot79aieI1ciIeLZ1Q5svsPrqDBmDY7g65jkzA9vjM9VLTsx4Dx/1vGHDqo7I12qadEQlKAuhhQ=,iv:3icAM7sVe2HlmosbP7VPbcF4SRz/mlbzdQ1gENR9TRs=,tag:O8TCN7NltNpDGoG3T8Ds1w==,type:str] client_secret: ENC[AES256_GCM,data:KrsaLLsjfQsyNQzvQF/pCLj1dhi8tr/OdToY7WczvPUUQKMtSk//oxsiPike/HoVEuCUp+j7UlTfIRPF2xUcPPvw7pkcLhQhcot79aieI1ciIeLZ1Q5svsPrqDBmDY7g65jkzA9vjM9VLTsx4Dx/1vGHDqo7I12qadEQlKAuhhQ=,iv:3icAM7sVe2HlmosbP7VPbcF4SRz/mlbzdQ1gENR9TRs=,tag:O8TCN7NltNpDGoG3T8Ds1w==,type:str]
nextcloud: nextcloud:
client_secret: ENC[AES256_GCM,data:zLejYbfudK/4OquLXPYTv9YOmFpCVfg0KLNkDSDCpFrxroDUAXBCLtYXiGuYkYrD/t7LAzRt+OTq70d7ciuHhBNSLclP2U97BQoXCWscWnxQauRZ+UCABvP+DB9VPQmCwU+uKPrKQ8l51baj+MkpIDdk2lwavpONMU57Zov6N2o=,iv:aQ4bsXUXn177tCxe1kAsSMP9ynEzvDwN0hwFhrT3Nko=,tag:EFcnf6VmyFt2i4+aL56sWw==,type:str] client_secret: ENC[AES256_GCM,data:zLejYbfudK/4OquLXPYTv9YOmFpCVfg0KLNkDSDCpFrxroDUAXBCLtYXiGuYkYrD/t7LAzRt+OTq70d7ciuHhBNSLclP2U97BQoXCWscWnxQauRZ+UCABvP+DB9VPQmCwU+uKPrKQ8l51baj+MkpIDdk2lwavpONMU57Zov6N2o=,iv:aQ4bsXUXn177tCxe1kAsSMP9ynEzvDwN0hwFhrT3Nko=,tag:EFcnf6VmyFt2i4+aL56sWw==,type:str]
kitchenowl:
client_secret: ENC[AES256_GCM,data:x4Xsd3d3El59HKBYNV56ah314hYSRhzt46upW34cOopXNHSB3zCDrD46LUa6i8g6V5GJyrMpMfO5mv+b80JrmfHkhGUXZXuTwDNu6ijnO6ZCvC2Bdlo+T0tlkJe25OMCBseJkkC++UBrpKQQTAhyVjnPSVrGVvtY4WtdAw+X/OY=,iv:pOowIhPD7kb2F3ylFzLwNW3BhPZyzoFCGRm2+KCmhno=,tag:GxFI0w06EyGxFwj6Fv4ZLQ==,type:str]
smtp2go: smtp2go:
username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str] username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str]
password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str] password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str]
@ -77,8 +79,8 @@ sops:
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-12T14:31:02Z" lastmodified: "2025-02-13T16:43:24Z"
mac: ENC[AES256_GCM,data:fURqCQvs849+xxfzzqRIwOcxJm2Grz2m3fPoF7/XNH1+HpuS7FlnU2gIZ2LH/hun5kUDD1x4BXH+hrM4nGzl+jI0ZUa9NBDxT69N2mAkFI7oqeWLVLdYfGyit64kwCe2aupW0kdtrW1OsxY2JzfqEqFykSW9oPld9tx+JMVOPQA=,iv:impIJ13OHqWto2U+HV6unGGQgtRmVQKl2L3ukEeb4cM=,tag:jaEhmbxxiHlC/4ifpYLoXA==,type:str] mac: ENC[AES256_GCM,data:EJ3TwNwTEsbA2Y/v7ZNgRq3ENgl1tyIzTbrW3x58p5MA6sPMCshVnu6cqrssn3l/cHZdGYxeyachVbqbaVC60Gbw1UiywkjAj5w5l92PMne142unjeLDsVgGv3ItalWLgmWBVp6B1YfxID9V5CxNZjSglVzH3o0bseqIGnvcDrQ=,iv:dK2QR6s5m9BCW+7ZXwE0Ksca0EAGtHtrTfigbUkY2AY=,tag:+HUoCt7tu5yDCG3LbwEq8w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4