# services/comms/mas-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: matrix-authentication-service-config data: config.yaml: | http: public_base: "https://matrix.live.bstein.dev/" listeners: - name: web resources: - name: discovery - name: human - name: oauth - name: compat - name: graphql - name: assets binds: - address: "0.0.0.0:8080" - name: internal resources: - name: health - name: adminapi binds: - address: "0.0.0.0:8081" database: uri: "postgresql://mas:@@MAS_DB_PASSWORD@@@postgres-service.postgres.svc.cluster.local:5432/mas?sslmode=prefer" clients: - client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM client_auth_method: client_secret_basic client_secret_file: /vault/secrets/mas-admin-secret secrets: encryption_file: /vault/secrets/mas-encryption keys: - kid: "othrys-rsa-1" key_file: /vault/secrets/mas-rsa-key passwords: enabled: true schemes: - version: 1 algorithm: bcrypt matrix: kind: synapse homeserver: live.bstein.dev endpoint: "http://othrys-synapse-matrix-synapse:8008/" secret: "@@MATRIX_SHARED_SECRET@@" upstream_oauth2: providers: - id: 01KDTTKYCYTAAAQKMAKZZ5CPW3 synapse_idp_id: oidc-keycloak issuer: "https://sso.bstein.dev/realms/atlas" human_name: "Keycloak" brand_name: "keycloak" client_id: "othrys-mas" client_secret: "@@KEYCLOAK_CLIENT_SECRET@@" token_endpoint_auth_method: client_secret_post scope: "openid profile email" claims_imports: localpart: action: require template: "{{ user.preferred_username }}" on_conflict: add displayname: action: force template: "{{ user.name }}" email: action: force template: "{{ user.email }}" policy: data: admin_clients: - 01KDXMVQBQ5JNY6SEJPZW6Z8BM client_registration: allow_insecure_uris: true allow_host_mismatch: true allow_missing_client_uri: true