From e787cf0323d687fb9bd1c7de88b53593f8bf4b61 Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Sun, 4 Jan 2026 11:20:44 +0100
Subject: [PATCH] config changed to config file

---
 opengist-system/opengist.yaml | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/opengist-system/opengist.yaml b/opengist-system/opengist.yaml
index 9b85f3d..fbe899f 100644
--- a/opengist-system/opengist.yaml
+++ b/opengist-system/opengist.yaml
@@ -22,8 +22,9 @@ spec:
   resources:
     requests:
       storage: 5Gi
+
 ---
-# 3. CONFIGMAP
+# 3. CONFIGMAP (UPDATED: Security settings moved here)
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -39,10 +40,13 @@ data:
     # Branding
     custom.name: Dooplex Paste
     
-    # Features
+    # Security Features
+    # We set these here to ensure they override defaults
+    disable-signup: true
+    disable-login-form: true
+    require-login: false
     disable-gravatar: false
-    
-    # NOTE: Security settings here are backed up by Env Vars in the Deployment below
+
 ---
 # 4. DEPLOYMENT
 apiVersion: apps/v1
@@ -70,7 +74,6 @@ spec:
       containers:
       - name: opengist
         image: ghcr.io/thomiceli/opengist:1.11.1
-        # CRITICAL FIX: Explicitly tell Opengist where the config file is
         args: ["--config", "/config/config.yaml"]
         env:
         # --- OIDC CONFIGURATION ---
@@ -78,25 +81,14 @@ spec:
           valueFrom:
             secretKeyRef:
               name: opengist-oidc
-              key: client-id     # Updated to match your new secret key
+              key: client-id
         - name: OG_OIDC_SECRET
           valueFrom:
             secretKeyRef:
               name: opengist-oidc
-              key: client-secret # Updated to match your new secret key
+              key: client-secret
         - name: OG_OIDC_DISCOVERY_URL
           value: "https://authentik.dooplex.hu/application/o/opengist/.well-known/openid-configuration"
-        
-        # --- SECURITY OVERRIDES (Enforced via Env Vars) ---
-        - name: OG_DISABLE_SIGNUP
-          value: "true"
-        - name: OG_DISABLE_LOGIN_FORM
-          value: "true"
-        - name: OG_REQUIRE_LOGIN
-          value: "false" # Ensures public links are viewable by anon users
-        - name: OG_CUSTOM_NAME
-          value: "Dooplex Paste"
-
         ports:
         - containerPort: 6157
           name: http
@@ -134,6 +126,7 @@ spec:
       - name: config
         configMap:
           name: opengist-config
+
 ---
 # 5. SERVICE
 apiVersion: v1