oauth2-client: migrate apps to use oauth2-client helm chart (#90) * headscale: use oauth2-client helm chart * pihole: use oauth2-client helm chart * matrix: use oauth2-client helm chart * oauth2: pass issuer address to pihole, headscale and matrix apps * pihole: fix secret name * matrix: fix version to v1.98.0 * headscale: make oauth2-client depend on auth release --------- Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>

commit: 0c6b324af80de6ccca61675e2fbfff304f26767b [log] [tgz]
author: Giorgi Lekveishvili <giolekva@gmail.com> Thu Mar 14 15:31:08 2024 +0400
committer: GitHub <noreply@github.com> Thu Mar 14 15:31:08 2024 +0400
tree: f9680131f783932af086629c0816bd045ff2ec18
parent: 024757cc787b7d33ff039d42599810a64b7dc365 [diff]
diff --git a/core/installer/values-tmpl/headscale.cue b/core/installer/values-tmpl/headscale.cue
index e3453ba..1db5eb8 100644
--- a/core/installer/values-tmpl/headscale.cue
+++ b/core/installer/values-tmpl/headscale.cue

@@ -22,6 +22,14 @@
 }
 
 charts: {
+	oauth2Client: {
+		chart: "charts/oauth2-client"
+		sourceRef: {
+			kind: "GitRepository"
+			name: "pcloud"
+			namespace: global.id
+		}
+	}
 	headscale: {
 		chart: "charts/headscale"
 		sourceRef: {
@@ -32,7 +40,27 @@
 	}
 }
 
+_domain: "\(input.subdomain).\(global.domain)"
+_oauth2ClientSecretName: "oauth2-client"
+
 helm: {
+	"oauth2-client": {
+		chart: charts.oauth2Client
+		// TODO(gio): remove once hydra maester is installed as part of dodo itself
+		dependsOnExternal: [{
+			name: "auth"
+			namespace: "\(global.namespacePrefix)core-auth"
+		}]
+		values: {
+			name: "oauth2-client"
+			secretName: _oauth2ClientSecretName
+			grantTypes: ["authorization_code"]
+			responseTypes: ["code"]
+			scope: "openid profile email"
+			redirectUris: ["https://\(_domain)/oidc/callback"]
+			hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+		}
+	}
 	headscale: {
 		chart: charts.headscale
 		dependsOnExternal: [{
@@ -48,15 +76,13 @@
 			storage: size: "5Gi"
 			ingressClassName: _ingressPublic
 			certificateIssuer: _issuerPublic
-			domain: "\(input.subdomain).\(global.domain)"
+			domain: _domain
 			publicBaseDomain: global.domain
-			oauth2: {
-				hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
-				hydraPublic: "https://hydra.\(global.domain)"
-				clientId: "headscale"
-				secretName: "oauth2-client-headscale"
-			}
 			ipAddressPool: "\(global.id)-headscale"
+			oauth2: {
+				secretName: _oauth2ClientSecretName
+				issuer: "https://hydra.\(global.domain)"
+			}
 			api: {
 				port: 8585
 				ipSubnet: input.ipSubnet

diff --git a/core/installer/values-tmpl/matrix.cue b/core/installer/values-tmpl/matrix.cue
index f516244..9daf2eb 100644
--- a/core/installer/values-tmpl/matrix.cue
+++ b/core/installer/values-tmpl/matrix.cue

@@ -15,7 +15,7 @@
 	matrix: {
 		repository: "matrixdotorg"
 		name: "synapse"
-		tag: "latest"
+		tag: "v1.98.0"
 		pullPolicy: "IfNotPresent"
 	}
 	postgres: {
@@ -27,6 +27,14 @@
 }
 
 charts: {
+	oauth2Client: {
+		chart: "charts/oauth2-client"
+		sourceRef: {
+			kind: "GitRepository"
+			name: "pcloud"
+			namespace: global.id
+		}
+	}
 	matrix: {
 		chart: "charts/matrix"
 		sourceRef: {
@@ -45,7 +53,21 @@
 	}
 }
 
+_oauth2ClientSecretName: "oauth2-client"
+
 helm: {
+	"oauth2-client": {
+		chart: charts.oauth2Client
+		values: {
+			name: "oauth2-client"
+			secretName: _oauth2ClientSecretName
+			grantTypes: ["authorization_code"]
+			responseTypes: ["code"]
+			scope: "openid profile"
+			redirectUris: ["https://\(_domain)/_synapse/client/oidc/callback"]
+			hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+		}
+	}
 	matrix: {
 		dependsOn: [
 			postgres
@@ -55,9 +77,8 @@
 			domain: global.domain
 			subdomain: input.subdomain
 			oauth2: {
-				hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
-				hydraPublic: "https://hydra.\(global.domain)"
 				secretName: "oauth2-client"
+				issuer: "https://hydra.\(global.domain)"
 			}
 			postgresql: {
 				host: "postgres"

diff --git a/core/installer/values-tmpl/pihole.cue b/core/installer/values-tmpl/pihole.cue
index c9cc61d..a1ec66a 100644
--- a/core/installer/values-tmpl/pihole.cue
+++ b/core/installer/values-tmpl/pihole.cue

@@ -21,6 +21,14 @@
 }
 
 charts: {
+	oauth2Client: {
+		chart: "charts/oauth2-client"
+		sourceRef: {
+			kind: "GitRepository"
+			name: "pcloud"
+			namespace: global.id
+		}
+	}
 	pihole: {
 		chart: "charts/pihole"
 		sourceRef: {
@@ -31,7 +39,21 @@
 	}
 }
 
+_oauth2ClientSecretName: "oauth2-client"
+
 helm: {
+	"oauth2-client": {
+		chart: charts.oauth2Client
+		values: {
+			name: "oauth2-client"
+			secretName: _oauth2ClientSecretName
+			grantTypes: ["authorization_code"]
+			responseTypes: ["code"]
+			scope: "openid profile email"
+			redirectUris: ["https://\(_domain)/oauth2/callback"]
+			hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+		}
+	}
 	pihole: {
 		chart: charts.pihole
 		values: {
@@ -81,11 +103,11 @@
 				}
 			}
 			oauth2: {
-				secretName: "oauth2-secret"
-				configName: "oauth2-proxy"
-				hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc"
+				cookieSecret: "1234123443214321"
+				secretName: _oauth2ClientSecretName
+				issuer: "https://hydra.\(global.domain)"
 			}
-			hydraPublic: "https://hydra.\(global.domain)"
+			configName: "oauth2-proxy"
 			profileUrl: "https://accounts-ui.\(global.domain)"
 			ingressClassName: input.network.ingressClass
 			certificateIssuer: input.network.certificateIssuer
commit	0c6b324af80de6ccca61675e2fbfff304f26767b	[log] [tgz]
author	Giorgi Lekveishvili <giolekva@gmail.com>	Thu Mar 14 15:31:08 2024 +0400
committer	GitHub <noreply@github.com>	Thu Mar 14 15:31:08 2024 +0400
tree	f9680131f783932af086629c0816bd045ff2ec18
parent	024757cc787b7d33ff039d42599810a64b7dc365 [diff]