From bfdc1b3980a87c94facc27bd2f57d4fd848ad15f Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Sun, 4 Jan 2026 10:51:12 +0100
Subject: [PATCH] using config file

---
 opengist-system/opengist.yaml | 64 +++++++++++++++++++++++------------
 1 file changed, 42 insertions(+), 22 deletions(-)

diff --git a/opengist-system/opengist.yaml b/opengist-system/opengist.yaml
index f7ee188..f6706a2 100644
--- a/opengist-system/opengist.yaml
+++ b/opengist-system/opengist.yaml
@@ -12,10 +12,13 @@
 # 2. Create Application linked to this provider
 # 3. Create secret with OIDC credentials:
 #    kubectl create secret generic opengist-oidc \
-#      --from-literal=client-id=YOUR_CLIENT_ID \
-#      --from-literal=client-secret=YOUR_CLIENT_SECRET \
+#      --from-literal=client-key=YOUR_CLIENT_ID \
+#      --from-literal=secret=YOUR_CLIENT_SECRET \
 #      -n opengist-system
 #
+# IMPORTANT: If migrating from broken config, delete the old PVC first:
+#   kubectl delete pvc opengist-data -n opengist-system
+#
 # Features:
 # - Anyone can VIEW public gists (no login required)
 # - Only authenticated users can CREATE gists
@@ -30,6 +33,31 @@ metadata:
   labels:
     app.kubernetes.io/name: opengist
 ---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: opengist-config
+  namespace: opengist-system
+  labels:
+    app.kubernetes.io/name: opengist
+data:
+  config.yaml: |
+    log-level: info
+    external-url: https://paste.dooplex.hu
+    
+    # Security - OIDC only, no local accounts
+    disable-signup: true
+    disable-login-form: true
+    
+    # Allow anonymous viewing of public gists
+    require-login: false
+    
+    # Branding
+    custom.name: Dooplex Paste
+    
+    # Features
+    disable-gravatar: false
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -56,36 +84,22 @@ spec:
       - name: opengist
         image: ghcr.io/thomiceli/opengist:1.11.1
         env:
-        # Base configuration
-        - name: OG_EXTERNAL_URL
-          value: "https://paste.dooplex.hu"
-        - name: OG_LOG_LEVEL
-          value: "info"
-        # Security settings
-        - name: OG_DISABLE_SIGNUP
-          value: "true"           # No local registration - OIDC only
-        - name: OG_REQUIRE_LOGIN
-          value: "false"          # Anyone can VIEW gists
-        - name: OG_DISABLE_LOGIN_FORM
-          value: "true"           # Hide local login, show only OIDC
-        - name: OG_DISABLE_GRAVATAR
-          value: "false"
-        # OIDC Configuration (Authentik)
+        # Point to config file
+        - name: OG_CONFIG
+          value: "/config/config.yaml"
+        # OIDC credentials from secret (these override config file)
         - name: OG_OIDC_CLIENT_KEY
           valueFrom:
             secretKeyRef:
               name: opengist-oidc
-              key: client-id
+              key: client-key
         - name: OG_OIDC_SECRET
           valueFrom:
             secretKeyRef:
               name: opengist-oidc
-              key: client-secret
+              key: secret
         - name: OG_OIDC_DISCOVERY_URL
           value: "https://authentik.dooplex.hu/application/o/opengist/.well-known/openid-configuration"
-        # Custom branding
-        - name: OG_CUSTOM_NAME
-          value: "Dooplex Paste"
         ports:
         - containerPort: 6157
           name: http
@@ -101,6 +115,9 @@ spec:
         volumeMounts:
         - name: data
           mountPath: /opengist
+        - name: config
+          mountPath: /config
+          readOnly: true
         livenessProbe:
           httpGet:
             path: /healthcheck
@@ -117,6 +134,9 @@ spec:
       - name: data
         persistentVolumeClaim:
           claimName: opengist-data
+      - name: config
+        configMap:
+          name: opengist-config
 ---
 apiVersion: v1
 kind: Service