admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

using config file

Browse Source
This commit is contained in:
authentik Default Admin
2026-01-04 10:51:12 +01:00
parent bcfa7ceb00
commit bfdc1b3980
1 changed files with 42 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
opengist-system/opengist.yaml
+42 -22
View File
@@ -12,10 +12,13 @@
# 2. Create Application linked to this provider # 2. Create Application linked to this provider
# 3. Create secret with OIDC credentials: # 3. Create secret with OIDC credentials:
# kubectl create secret generic opengist-oidc \ # kubectl create secret generic opengist-oidc \
# --from-literal=client-id=YOUR_CLIENT_ID \ # --from-literal=client-key=YOUR_CLIENT_ID \
# --from-literal=client-secret=YOUR_CLIENT_SECRET \ # --from-literal=secret=YOUR_CLIENT_SECRET \
# -n opengist-system # -n opengist-system
# #
# IMPORTANT: If migrating from broken config, delete the old PVC first:
# kubectl delete pvc opengist-data -n opengist-system
#
# Features: # Features:
# - Anyone can VIEW public gists (no login required) # - Anyone can VIEW public gists (no login required)
# - Only authenticated users can CREATE gists # - Only authenticated users can CREATE gists
@@ -30,6 +33,31 @@ metadata:
labels: labels:
app.kubernetes.io/name: opengist app.kubernetes.io/name: opengist
--- ---
apiVersion: v1
kind: ConfigMap
metadata:
name: opengist-config
namespace: opengist-system
labels:
app.kubernetes.io/name: opengist
data:
config.yaml: |
log-level: info
external-url: https://paste.dooplex.hu
# Security - OIDC only, no local accounts
disable-signup: true
disable-login-form: true
# Allow anonymous viewing of public gists
require-login: false
# Branding
custom.name: Dooplex Paste
# Features
disable-gravatar: false
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -56,36 +84,22 @@ spec:
- name: opengist - name: opengist
image: ghcr.io/thomiceli/opengist:1.11.1 image: ghcr.io/thomiceli/opengist:1.11.1
env: env:
# Base configuration # Point to config file
- name: OG_EXTERNAL_URL - name: OG_CONFIG
value: "https://paste.dooplex.hu" value: "/config/config.yaml"
- name: OG_LOG_LEVEL # OIDC credentials from secret (these override config file)
value: "info"
# Security settings
- name: OG_DISABLE_SIGNUP
value: "true" # No local registration - OIDC only
- name: OG_REQUIRE_LOGIN
value: "false" # Anyone can VIEW gists
- name: OG_DISABLE_LOGIN_FORM
value: "true" # Hide local login, show only OIDC
- name: OG_DISABLE_GRAVATAR
value: "false"
# OIDC Configuration (Authentik)
- name: OG_OIDC_CLIENT_KEY - name: OG_OIDC_CLIENT_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: opengist-oidc name: opengist-oidc
key: client-id key: client-key
- name: OG_OIDC_SECRET - name: OG_OIDC_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: opengist-oidc name: opengist-oidc
key: client-secret key: secret
- name: OG_OIDC_DISCOVERY_URL - name: OG_OIDC_DISCOVERY_URL
value: "https://authentik.dooplex.hu/application/o/opengist/.well-known/openid-configuration" value: "https://authentik.dooplex.hu/application/o/opengist/.well-known/openid-configuration"
# Custom branding
- name: OG_CUSTOM_NAME
value: "Dooplex Paste"
ports: ports:
- containerPort: 6157 - containerPort: 6157
name: http name: http
@@ -101,6 +115,9 @@ spec:
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /opengist mountPath: /opengist
- name: config
mountPath: /config
readOnly: true
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthcheck path: /healthcheck
@@ -117,6 +134,9 @@ spec:
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: opengist-data claimName: opengist-data
- name: config
configMap:
name: opengist-config
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service