From f0c5e491e0054f7e6da677757c6c8af7729b260a Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Thu, 8 Jun 2023 18:36:23 -0400 Subject: [PATCH] use external auth for fireflyiii --- .../apps/default/fireflyiii/env-secret.sops.yaml | 8 ++++---- cluster/apps/default/fireflyiii/helm-release.yaml | 13 +++++++------ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/cluster/apps/default/fireflyiii/env-secret.sops.yaml b/cluster/apps/default/fireflyiii/env-secret.sops.yaml index 068d068..8479b82 100644 --- a/cluster/apps/default/fireflyiii/env-secret.sops.yaml +++ b/cluster/apps/default/fireflyiii/env-secret.sops.yaml @@ -12,8 +12,8 @@ stringData: APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str] APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str] AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str] - AUTHENTICATION_GUARD: ENC[AES256_GCM,data:GodJ,iv:5VBM+DywcKMgc4D4zdhItqb7susxTYWp/T3vjysOiHA=,tag:u75H74ev2Jdgfdtc8bMATw==,type:str] - AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:PI++XaLAVagcKPA=,iv:KDXYnU8jQ3jbfj3TnEdyrlC1KOec9XFi7BG+BZbFhf0=,tag:FvMIy1wCV05W8rneaX4yFA==,type:str] + AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str] + AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:LDb92+KAQCzwLeQNbzrSHGI=,iv:cvn3vhrbz1zcOjjhUXxoKkLb5eIvn4gMEYOzUcTaQ+k=,tag:k7Kh+KvgUFqKxER4cB6mJw==,type:str] BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str] CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str] CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str] @@ -73,8 +73,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-22T06:58:04Z" - mac: ENC[AES256_GCM,data:/rwjyeSoSNzgrBa+vDL1u7xUbimDYg5G/6faE2wNtD87GhTs1xyzG91/GmolOutbB/8shxIiV5EA1uhjqjRIBdww/vkE6eY4oqqBb45OwpFzpvpas44KzXKOcA2UuH3uTMkdfGGQN4FSfCs5Ku2T0UhjNu4qhQMAxZYxtjCaDOc=,iv:JK11VmLn5fZdsx2AM0VMH0rwrHYr/Bx5mZ2BKVJgKOA=,tag:vMOs1mlQT1FA/212SyujIQ==,type:str] + lastmodified: "2023-06-08T22:36:00Z" + mac: ENC[AES256_GCM,data:+vZFvzdAzFR+9Wx4aHcRSAApAFSQ5SWT+MERYVU8GcjXmWAOMP/XxtS8V06j9W8X3mWjQZTQmQORpMejiUsZD1gZgk4wBcAqN+nXtVe70YOhRzHVzNwUOpXA87i/9xLs8MgmDqljlAZqQ//6Ba+fsWbNhf+96iZY4ONtDPzCrwo=,iv:78mTYesvFBehLsQXBe2bSGoOVjDrf3cpRS1+XrVC/jU=,tag:WCFWDoDunNf+5n/X0bW8jQ==,type:str] pgp: - created_at: "2023-04-22T06:45:59Z" enc: | diff --git a/cluster/apps/default/fireflyiii/helm-release.yaml b/cluster/apps/default/fireflyiii/helm-release.yaml index cbf22c9..e90b581 100644 --- a/cluster/apps/default/fireflyiii/helm-release.yaml +++ b/cluster/apps/default/fireflyiii/helm-release.yaml @@ -39,6 +39,7 @@ spec: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "budget.${SECRET_NEW_DOMAIN}" paths: @@ -57,12 +58,12 @@ spec: size: 8Gi mountPath: /var/www/html/storage/upload - podSecurityContext: - runAsNonRoot: true - runAsUser: 10000 - runAsGroup: 10000 - fsGroup: 10000 - fsGroupChangePolicy: OnRootMismatch +# podSecurityContext: +# runAsNonRoot: true +# runAsUser: 10000 +# runAsGroup: 10000 +# fsGroup: 10000 +# fsGroupChangePolicy: OnRootMismatch # resources: # requests: