diff --git a/cluster/apps/management/guacamole/guacamole.sops.yaml b/cluster/apps/management/guacamole/guacamole.sops.yaml index c29d3a3..1fa6618 100644 --- a/cluster/apps/management/guacamole/guacamole.sops.yaml +++ b/cluster/apps/management/guacamole/guacamole.sops.yaml @@ -1,60 +1,20 @@ apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: guacamole-secret - namespace: management + name: guacamole-properties + namespace: management stringData: - OPENID_CLIENT_ID: ENC[AES256_GCM,data:rIJWHZ9rJQ1jwXL3+Mg00ZrcUwu4CevdOHRuP/EYjbUR5cKccvgwMg==,iv:NU7HCctec1PJeE9RAi7PhSpsNR9jxSTqh/7IJgKm9aw=,tag:vAPLHnK8HbsTaisLPY/vfQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-04-11T04:35:01Z" - mac: ENC[AES256_GCM,data:Q+i2p15dIYxhSIfTxXOJF81GZEUaxBNko++GgP8mZolS4FxlRxRzfN7vTbXcjuUtHvXqhaLj5nkHr3D+DHEkQONdX+iGlQ57P69r54+YooxqN+k8xH0itbhkJOBQXsCWy7/du5O5hcaPKosD1mB8h/t4G6l0hmco6/teIr/H1fU=,iv:huBC55AnGpZZa8DLZrGjrialg4DQs41EvxrDFuUdvGo=,tag:qXsUyu9Rj2jNNJUP3EMA8g==,type:str] - pgp: - - created_at: "2023-06-19T18:35:41Z" - enc: | - -----BEGIN PGP MESSAGE----- + guacamole.properties: | + postgresql-hostname: postgresql.database + postgresql-port: 5432 + postgresql-database: guacamole + postgresql-username: guacamole + postgresql-password: EypqWCBj7KvzqwWT8N2rNHofYVam - hQIMAzKleRwoSoixARAAls4GtR9VbIW6MStf+SKBGybWAtexoVH7hrrg/qAbk0tv - WwnOmPgaPllMBW9NPTPZK0nYH7OEi++VbrBdZ0Ol69d2pA8SM3mpqg7a8zRKpg1q - loXNMsej0S+hMwqyYWc/WJnTqugQNo1UWO2RATFylsBPabaDVV77wU8Sgi6O71kO - 55LYsB8y8HLbNFCeRafUutEyCbxyfFPXmBvYgy43JND82pfNRe0o3s+ZsTc/gSTd - CYoXlvYOMm6J0s/U/rP8L1JU1zC5f9RmvWpM2yKjs4HBB+WQ8zWMZfHyuXfbv8Yw - J/fJgpQor+BTWLLh+7E6JAqT0pJUMd31P290M0zfR7OyNIgFPfxinxzldheWziHQ - fU9YsPZaYHQoFGlYnUf8Ayb6l2aAl11yUPHcN135kBD6S54Ulm+5GLofS9TMPii3 - WvDqZzvZo3wQSt/G88m5yNuImXfx/GGaCZUC3uv+ea5byZ9Zt5DtQiSwZ9rtIg49 - JOCdn6ojdgiv8prFJuKNF55XQvtQZvwRQU8wlY9dOLnMPl/lfxU3cfOw7bZSCMI3 - SA4XXOBdDOlKDLHI1BtIGm9aFlsItqt2Y7gMskGBBY43FJFlrEuNKKeZXxrlOofH - S/eHUK32z8NTor/2jyPF1MwfG458qDHZ99HxgF2fJ/fd3xj8MftWbHT2hqwDKjvU - aAEJAhCIQrI1FHAMlo9yFu80xKKfYvaUaUYpd8VL7YugtPjepy9+HIbHhpWISaze - oc1cYlQixHUPnLN9Bh2uD8qIx6YN+rocucP37IgYYMweELZg434wMbLFvLhGY+Mz - IQm/8YSSAZcK - =zmEF - -----END PGP MESSAGE----- - fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-06-19T18:35:41Z" - enc: | - -----BEGIN PGP MESSAGE----- + enable-clipboard-integration: true - hQIMAy5t8IMoPu4VARAAr06Bw3F9BG6WGrGDlI80snvLqG45nfeBfWS8MmAvWLf6 - cbLoj1lp55VrGhfD0Rcl1oYdAaz9dJrhjxBojSbw2Xda8J/Lj9ogftOV5n/vo4Sn - nWHj/cCweg4mTu4h4zN4eYc5VhZySftJr6OI/58ba+jELOHpBnFD6ZqRWCZQYeqQ - /xgb3LviC7fXD27DD72r5YMqHlvPLThk5VD6bCG6DtWV0bZIp3nr4lCB0nUXIoNN - +a5dMsazVvqDY1hXckhRMBujyyo65zLWmo2nywb2BvGRwKiIwStUlKXrTCj0ALiU - +hBcie6Q6JrMdnuPqFygqn4JR0a5OF7rxBiQ1epuB4Un2zafgwNQppOuVILbXWss - lh9RJD9scauhlEI92S7IJ4YrgaoWHWERIPPABxJinge55+pP4KZqN5IrP5z0KQr2 - ELfLPBtM5Tj0WbAs2OfcJuSZtybiLPVZ+351EPe03UVEdjK3DKp/cQ1TpO5HdKVy - dFndTHwGhAMLoRx2m4WYNb0HUwoRzSfiX7gXaHssjViBEJri34DfIR+Zt5Zvuv9w - 1ySBIPmbaTC4uh7GtE3m86Dg+q9R69X5wmJOZe0nB96gmBQrMSWGtNOhLtssILwy - iQPn7VGRuDn6rAcASNtOO7zL+N9CIm8/kuNkEUUTvjsBNjXjf5JTFmE8htcYzM7U - aAEJAhCD6jX/IRbgbamJre1yKjBIzDkHgct4pDMgOMVZCc2c2lWvdheMGmjArCHC - D4pzkkocXtIcvBf9L5LeXqDlqlmr9vi5afeBH8me8saPHURPKw19w+1me6Hu1jZb - C6AWGnYRFlBW - =/Jg7 - -----END PGP MESSAGE----- - fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 + openid-authorization-endpoint=https://auth.seanomik.net/application/o/authorize/ + openid-client-id=8ab8a779ce0eaf204750855a24bb7698845aeb4a + openid-issuer=https://auth.seanomik.net/application/o/apache-guacamole/ + openid-jwks-endpoint=https://auth.seanomik.net/application/o/apache-guacamole/jwks/ + openid-redirect-uri=https://remote.seanomik.net/ # This must match the redirect URI in Authentik \ No newline at end of file diff --git a/cluster/apps/management/guacamole/helm-release.yaml b/cluster/apps/management/guacamole/helm-release.yaml index 10d29c9..c62c289 100644 --- a/cluster/apps/management/guacamole/helm-release.yaml +++ b/cluster/apps/management/guacamole/helm-release.yaml @@ -16,20 +16,23 @@ spec: values: image: - repository: abesnier/guacamole - tag: 1.5.0-alpine + repository: git.seanomik.net/seanomik/guacamole-sso-openid + tag: 1.5.0 + + sidecars: + guacd: + image: guacamole/guacd:1.5.0 + imagePullPolicy: Always env: + GUACD_HOSTNAME: "localhost" + GUACD_PORT: "4822" EXTENSIONS: "auth-openid" OPENID_AUTHORIZATION_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/authorize/" OPENID_ISSUER: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/" OPENID_JWKS_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/jwks/" OPENID_REDIRECT_URI: "https://remote.${SECRET_NEW_DOMAIN}/" - envFrom: - - secretRef: - name: guacamole-secret - service: main: ports: @@ -59,9 +62,13 @@ spec: persistence: config: enabled: true - type: hostPath + type: configMap hostPath: /mnt/MainPool/Kubernetes/guacamole mountPath: /config +# config: +# enabled: true +# type: configMap +# name: guacamole-properties resources: requests: diff --git a/cluster/secrets/gitea-registry-puller.sops.yaml b/cluster/secrets/gitea-registry-puller.sops.yaml new file mode 100644 index 0000000..c6b8ec3 --- /dev/null +++ b/cluster/secrets/gitea-registry-puller.sops.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-puller + namespace: default + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replication-allowed-namespaces: '*' +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: eyJhdXRocyI6eyJnaXQuc2Vhbm9taWsubmV0Ijp7InVzZXJuYW1lIjoiZ2l0ZWEtcHVsbGVyLnN2YyIsInBhc3N3b3JkIjoiYTM5NWI1NmJjMWNmMzA2ZjBlZWY4ZDZhZTVkNmQwZmJkYjM0ZDQxYiIsImF1dGgiOiJaMmwwWldFdGNIVnNiR1Z5TG5OMll6cGhNemsxWWpVMlltTXhZMll6TURabU1HVmxaamhrTm1GbE5XUTJaREJtWW1SaU16UmtOREZpIn19fQ== \ No newline at end of file