Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0c6b324af80de6ccca61675e2fbfff304f26767b^! / . / core / installer / values-tmpl / headscale.cue
commit0c6b324af80de6ccca61675e2fbfff304f26767b[log] [tgz]
authorGiorgi Lekveishvili <giolekva@gmail.com>Thu Mar 14 15:31:08 2024 +0400
committerGitHub <noreply@github.com>Thu Mar 14 15:31:08 2024 +0400
treef9680131f783932af086629c0816bd045ff2ec18
parent024757cc787b7d33ff039d42599810a64b7dc365 [diff] [blame]
oauth2-client: migrate apps to use oauth2-client helm chart (#90)

* headscale: use oauth2-client helm chart

* pihole: use oauth2-client helm chart

* matrix: use oauth2-client helm chart

* oauth2: pass issuer address to pihole, headscale and matrix apps

* pihole: fix secret name

* matrix: fix version to v1.98.0

* headscale: make oauth2-client depend on auth release

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/core/installer/values-tmpl/headscale.cue b/core/installer/values-tmpl/headscale.cue
index e3453ba..1db5eb8 100644
--- a/core/installer/values-tmpl/headscale.cue
+++ b/core/installer/values-tmpl/headscale.cue

@@ -22,6 +22,14 @@
 }
 
 charts: {
+	oauth2Client: {
+		chart: "charts/oauth2-client"
+		sourceRef: {
+			kind: "GitRepository"
+			name: "pcloud"
+			namespace: global.id
+		}
+	}
 	headscale: {
 		chart: "charts/headscale"
 		sourceRef: {
@@ -32,7 +40,27 @@
 	}
 }
 
+_domain: "\(input.subdomain).\(global.domain)"
+_oauth2ClientSecretName: "oauth2-client"
+
 helm: {
+	"oauth2-client": {
+		chart: charts.oauth2Client
+		// TODO(gio): remove once hydra maester is installed as part of dodo itself
+		dependsOnExternal: [{
+			name: "auth"
+			namespace: "\(global.namespacePrefix)core-auth"
+		}]
+		values: {
+			name: "oauth2-client"
+			secretName: _oauth2ClientSecretName
+			grantTypes: ["authorization_code"]
+			responseTypes: ["code"]
+			scope: "openid profile email"
+			redirectUris: ["https://\(_domain)/oidc/callback"]
+			hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+		}
+	}
 	headscale: {
 		chart: charts.headscale
 		dependsOnExternal: [{
@@ -48,15 +76,13 @@
 			storage: size: "5Gi"
 			ingressClassName: _ingressPublic
 			certificateIssuer: _issuerPublic
-			domain: "\(input.subdomain).\(global.domain)"
+			domain: _domain
 			publicBaseDomain: global.domain
-			oauth2: {
-				hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
-				hydraPublic: "https://hydra.\(global.domain)"
-				clientId: "headscale"
-				secretName: "oauth2-client-headscale"
-			}
 			ipAddressPool: "\(global.id)-headscale"
+			oauth2: {
+				secretName: _oauth2ClientSecretName
+				issuer: "https://hydra.\(global.domain)"
+			}
 			api: {
 				port: 8585
 				ipSubnet: input.ipSubnet