fix

share/dataset-pg/directus.tf

@@ -44,11 +44,13 @@ resource "kubectl_manifest" "directus_config" {
       STORAGE_LOCATIONS: "local"
       STORAGE_LOCAL_ROOT: "/var/store"
       ADMIN_EMAIL: "admin@${var.domain-name}"
+      NODE_EXTRA_CA_CERTS: "/etc/local-ca/ca.crt"
       TELEMETRY: "false"
-      AUTH_PROVIDERS: "vynil"
+      AUTH_PROVIDERS: "VYNIL"
-      AUTH_VYNIL_DRIVER: "oauth2"
+      AUTH_VYNIL_DRIVER: "openid"
+      AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true"
       AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub-domain, ".", "-")}-${var.instance}/.well-known/openid-configuration"
-      AUTH_VYNIL_IDENTIFIER_KEY: "nickname"
+      AUTH_VYNIL_IDENTIFIER_KEY: "email"
       PUBLIC_URL: "https://${local.directus-dns-name}"
   EOF
 }
@@ -177,7 +179,14 @@ resource "kubectl_manifest" "directus_deploy" {
             volumeMounts:
             - name: store
               mountPath: /var/store
+            - name: certs
+              mountPath: /etc/local-ca
+              readOnly: true
           volumes:
+          - name: certs
+            secret:
+              secretName: "${var.instance}-directus-cert"
+              defaultMode: 0444
           - name: store
             persistentVolumeClaim:
               claimName: "${var.component}-${var.instance}-directus"

share/dataset-pg/index.yaml

@@ -6,70 +6,39 @@ metadata:
   name: dataset-pg
   description: null
 options:
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      retention:
-        default:
-          db: 30d
-        properties:
-          db:
-            default: 30d
-            type: string
-        type: object
-      schedule:
-        default:
-          db: 0 3 * * *
-        properties:
-          db:
-            default: 0 3 * * *
-            type: string
-        type: object
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
   storage:
     default: 8Gi
     examples:
     - 8Gi
     type: string
+  databases:
+    default: []
+    items:
+      properties:
+        name:
+          default: db
+          type: string
+      type: object
+    type: array
+  roles:
+    default: []
+    items:
+      properties:
+        name:
+          default: alt-account
+          type: string
+      type: object
+    type: array
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
   extentions:
     default:
       directus:
@@ -251,54 +220,85 @@ options:
             type: object
         type: object
     type: object
-  databases:
+  domain-name:
-    default: []
+    default: your_company.com
-    items:
-      properties:
-        name:
-          default: db
-          type: string
-      type: object
-    type: array
-  domain:
-    default: your-company
     examples:
-    - your-company
+    - your_company.com
     type: string
   sub-domain:
     default: dataset-pg
     examples:
     - dataset-pg
     type: string
-  app-group:
-    default: api
-    examples:
-    - api
-    type: string
-  replicas:
-    default: 1
-    examples:
-    - 1
-    type: integer
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  roles:
-    default: []
-    items:
-      properties:
-        name:
-          default: alt-account
-          type: string
-      type: object
-    type: array
   ingress-class:
     default: traefik
     examples:
     - traefik
     type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  app-group:
+    default: api
+    examples:
+    - api
+    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      retention:
+        default:
+          db: 30d
+        properties:
+          db:
+            default: 30d
+            type: string
+        type: object
+      schedule:
+        default:
+          db: 0 3 * * *
+        properties:
+          db:
+            default: 0 3 * * *
+            type: string
+        type: object
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
 dependencies:
 - dist: null
   category: dbo