fixes

2023-07-26 12:48:42 +02:00
parent e715cdf9af
commit 4a2e811efc
14 changed files with 715 additions and 194 deletions
--- a/apps/nextcloud/datas.tf
+++ b/apps/nextcloud/datas.tf
@@ -11,6 +11,20 @@ locals {
  }
 }

+data "kubernetes_secret_v1" "authentik" {
+  metadata {
+    name = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
+data "kubernetes_ingress_v1" "authentik" {
+  metadata {
+    name = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
 data "kustomization_overlay" "data" {
  namespace = var.namespace
  common_labels = local.common-labels
@@ -37,6 +51,9 @@ data "kustomization_overlay" "data" {
            - name: certs
              secret:
                secretName: "${var.instance}-cert"
+            - name: config
+              configMap:
+                name: ${kubectl_manifest.nextcloud-config.name}
            containers:
            - name: nextcloud
              image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}"
@@ -60,12 +77,30 @@ data "kustomization_overlay" "data" {
                value: "${var.instance}-${var.component}-redis.${var.namespace}.svc"
              - name: REDIS_HOST_PORT
                value: "6379"
+              - name: OAUTH2_CONNECTOR_NAME
+                value: "${var.openid-name}"
+              - name: OAUTH2_DISCOVER_URI
+                value: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/.well-known/openid-configuration"
+              - name: OAUTH2_CLIENT_ID
+                valueFrom:
+                  secretKeyRef:
+                    name: "${var.component}-${var.instance}-id"
+                    key: client-id
+              - name: OAUTH2_CLIENT_SECRET
+                valueFrom:
+                  secretKeyRef:
+                    name: "${var.component}-${var.instance}-secret"
+                    key: client-secret
+
              resources:
                {}
              volumeMounts:
              - name: certs
                mountPath: /etc/local-ca
                readOnly: true
+              - name: config
+                mountPath: "/docker-entrypoint-hooks.d/before-starting/autostart.sh"
+                subPath: "autostart.sh"
            - name: nextcloud-nginx
              image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}"
              imagePullPolicy: "${var.images.nginx.pullPolicy}"