cheshire/hscloud
1
0
Fork 0
forked from hswaw/hscloud
Code Pull requests Activity

app/matrix: bump oauth2-cas-proxy for service_url security

Browse source
This commit is contained in:
informatic 2019-05-17 12:55:48 +02:00
parent 9ab9f61a67
commit aa0e755389
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/matrix/prod.jsonnet
View file

@ -3,6 +3,7 @@
# kubectl -n matrix create secret generic synapse --from-literal=postgres_password=$(pwgen 24 1)
# kubectl -n matrix create secret generic oauth2-cas-proxy --from-literal=oauth2_secret=...
# kubectl -n matrix create secret generic appservice-irc-freenode-registration --from-file=registration.yaml=<(kubectl logs -n matrix $(kubectl get pods -n matrix --selector=job-name=appservice-irc-freenode-bootstrap --output=jsonpath='{.items[*].metadata.name}') | tail -n +4)
# TODO: /appservices/*/registration.yaml needs to be copied into /data/appservices/*.yaml manually
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
@ -18,7 +19,7 @@ local postgres = import "../../kube/postgres.libsonnet";
synapseImage: "matrixdotorg/synapse:v0.99.4",
riotImage: "bubuntux/riot-web:v1.1.2",
casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.3"
casProxyImage: "registry.k0.hswaw.net/informatic/oauth2-cas-proxy:0.1.4"
},
metadata(component):: {
@ -76,6 +77,7 @@ local postgres = import "../../kube/postgres.libsonnet";
},
env_: {
BASE_URL: "https://matrix.hackerspace.pl",
SERVICE_URL: "https://matrix.hackerspace.pl",
OAUTH2_CLIENT: "matrix",
OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
},