bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/communication/mas-configmap.yaml

86 lines
2.4 KiB
YAML
Raw Blame History

# services/communication/mas-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-authentication-service-config
namespace: communication
data:
config.yaml: |
http:
public_base: "https://matrix.live.bstein.dev/"
listeners:
- name: web
resources:
- name: discovery
- name: human
- name: oauth
- name: compat
- name: graphql
- name: assets
binds:
- address: "0.0.0.0:8080"
- name: internal
resources:
- name: health
- name: adminapi
binds:
- address: "0.0.0.0:8081"
database:
uri: "postgresql://mas:@@MAS_DB_PASSWORD@@@postgres-service.postgres.svc.cluster.local:5432/mas?sslmode=prefer"
clients:
- client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
client_auth_method: client_secret_basic
client_secret_file: /etc/mas/admin-client/client_secret
secrets:
encryption_file: /etc/mas/secrets/encryption
keys:
- kid: "othrys-rsa-1"
key_file: /etc/mas/keys/rsa_key
passwords:
enabled: true
schemes:
- version: 1
algorithm: bcrypt
matrix:
kind: synapse
homeserver: live.bstein.dev
endpoint: "http://othrys-synapse-matrix-synapse:8008/"
secret: "@@MATRIX_SHARED_SECRET@@"
upstream_oauth2:
providers:
- id: 01KDTTKYCYTAAAQKMAKZZ5CPW3
synapse_idp_id: oidc-keycloak
issuer: "https://sso.bstein.dev/realms/atlas"
human_name: "Keycloak"
brand_name: "keycloak"
client_id: "othrys-mas"
client_secret: "@@KEYCLOAK_CLIENT_SECRET@@"
token_endpoint_auth_method: client_secret_post
scope: "openid profile email"
claims_imports:
localpart:
action: require
template: "{{ user.preferred_username }}"
on_conflict: add
displayname:
action: force
template: "{{ user.name }}"
email:
action: force
template: "{{ user.email }}"
policy:
data:
admin_clients:
- 01KDXMVQBQ5JNY6SEJPZW6Z8BM
client_registration:
allow_insecure_uris: true
allow_host_mismatch: true
allow_missing_client_uri: true
Reference in New Issue View Git Blame Copy Permalink