app/matrix enable cas proxy for matrix.0x3c.pl

Change-Id: I63c8172dbc93b9f6781aa03f7924be944b8f1846

app/matrix/lib/matrix.libsonnet

@@ -51,6 +51,8 @@ local postgres = import "../../../kube/postgres.libsonnet";
             appserviceTelegram: "dock.mau.dev/tulir/mautrix-telegram@sha256:9e68eaa80c9e4a75d9a09ec92dc4898b12d48390e01efa4de40ce882a6f7e330",
         },
 
+        # Central Authentication Scheme, a single-sign-on system. Note: this flow is now called 'SSO' in Matrix, we keep this name for legacy reasons.
+        # Refer to https://matrix.org/docs/spec/client_server/r0.6.1#sso-client-login
         cas: {
             # whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
             enable: false,

app/matrix/matrix.0x3c.pl.jsonnet

@@ -9,11 +9,16 @@ matrix {
         namespace: "matrix-0x3c",
         webDomain: "matrix.0x3c.pl",
         serverName: "0x3c.pl",
+        cas: {
+            enable: true,
+            oauth2: {
+                clientID: "YCWg1Qor9YstKn_yAHB_NT3GFAGqbnDFzIwyI_fCUWI",
+                clientSecret: (std.split(importstr "secrets/cipher/cas-proxy-0x3c-0auth2-secret", "\n"))[0],
+                scope: "read:accounts",
+                authorizeURL: "https://0x3c.pl/oauth/authorize",
+                tokenURL: "https://0x3c.pl/oauth/token",
+                userinfoURL: "https://0x3c.pl/api/v1/accounts/verify_credentials",
             },
-
-    synapseConfig+:: {
-        password_config: {
-            enabled: true,
         },
     },
 

app/matrix/secrets/cipher/cas-proxy-0x3c-0auth2-secret

@@ -0,0 +1,40 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf+MKcSbBwjRm7i8kmSBCB/uJTCpfOVMFW6Bj6LFJs3TsGA
+KSASy7hjPsWKwFSknBZkA2MjKU+otu1vpH8MeKcmo0lFLDmQZB5cTduHkJKt0WIQ
+JZhc6lOSYoiKB5spliJbdtbRrMYt3QX3niy7KDMQawZRDjAfYmJLcfYVcQBqrL+7
+KXZnBTlzUdd4XUD4z5FJb3NfwVXG1BLlpsebvJ2qDC3C6XJ1W+1zw7xN4GiM4rhy
+V5rMOwAJQNi7dYfCNQlTOVEPGSCJsoS85J65CSij7SfsT3yrV0YnwrKMXhlW7b0K
+MHCG16nrGeKMmUCXe3dPZ+EAzNw5HibAnU65wCs7ZYUBDANcG2tp6fXqvgEIALXi
+lX4YIYO/x6sFFJSeHX4209D3mzbevXUnyhm60ldzqRLTlODAGe+3hVOUWfbJTNSN
+l4Pl7ndQlVU/kdW7mwCP2iDrLA+Ez2E3F+LijR6xLtfJ8UmdD6ebEJrUuSot+h5b
+DIDFxLlnDP89JpstlcmuwzjyNoPDa1YfYkhE/owMe5VBBqDWlcPRY9spyLrq3D9a
+M5D7PaoDE7NRSnhkdJDbr6ME3hF0bcxd5pI3YNTKRGyqy/AS3idvKU2vvxkPHEXU
+QtkNthcGHlg5LBFYuqUI/+CsG3SUnNGlyfcZa8rFCfa4lFmc3X1kaiUZPa9YOZ+x
+VEFt0psxuhEC9i9hroGFAgwDodoT8VqRl4UBD/9CltJg6H+u9ItbyfNaqL7BFEPv
+0PFMWMhn2BUkLqxonwaneJn2m3t/EcOW+7RZ6NfmQoYYNivqfI2VfG4lVUvGCQlr
+Y8E8qKBF5WEJl2v8/m7VPx3w7oleVCZyS7I4QZoXRkoCmVbarzmCw5bc7+OGvKeu
+TKrufPUNVuMWjBJMsgM7JHuPefCN1JyvMY5GCoYjOViQ6X8I9GuEc9YPsTkboLm9
+9UcJlWisxO+RHipvkhtDTPiATSAXE/0y2q9fuYMWymphyCH+uFE9s83wGwFyYd/H
+j/6CCcQ0emIdD62I0xU4UOwJeACXwXAmJGDl29W+l3v4teDYHN4uSn6otcmoUVRK
+h2EsDCqMYre6eNsa6ti051GqtZroopI5vr2Z90//2r4LWjCscBOo0EV+HvkOWGwa
+1fI6kyi0SH8edRdrfcNaw7DHAHulHzZPtsBi4S4IhC5NuO7SzOe5Ff8MDaMINLF/
+F8Nmpiz10rHZjGgLLGrxWcmF/Xxt09WW6Y5R1giwno8mumDHJNr7QYtwtajuXS3s
+O0OczCJ3lE6EK9+isAmmBbOb/ifKVuE4oV0HRNPMi7TR95eHjHrjtagz247DsH1c
+rAq8E/HiegkzKFNtZf5KNHl8vjV5TO7P7bnJ92wAxk9gmC0iNzsD9knM/R41mxM4
+r2A+wiN8GC2XBr2WOIUCDAPiA8lOXOuz7wEP/1ymG4vINQJBGKFjuTmerQDYQLVF
+24PerzrlgCi07tNg7+BnEBdknWihAetmuUbD+zWbJOzehmrsyIU+azKScJOA7Ia8
+KFtKenIMWnt4II53g5KKKP8oIi6XUT4j/k2JxFBRcAv0O677gPbBxCd8M3aE7+zn
+9M3BpBbZZyPqUFcR7xsyMKvZIm6kzvuR9MBjESmo5c5AQQ1EgpPyJ3AgF6zPiAsB
+SaL/dmSG1zu6ywbp6kFBz81lOBAUclu0M9+H67s7gB8oVZSifrSxppU36Z9K+8L1
+ykcBv1C5niufZY7EGpdTwMhPAA6PtPQg91LG8JQv0GGuoqCC5flPxmCFEZr2+rw8
+IxOwN9eyyvCyHIy0AQCP5EfoPXYlRIaDB6RDde7utUf+Pz71kbWdXKXDICsIscAv
+YhNgT8hRmpMHNMvVjOrRffr0FRafNxw60nAiw1EY3eTim2cMcGi9zouGPDUucPV1
+nkAl27sm8Nnb2e0wkWTbRZTAVXYLQemiCtRhzbHS8BcPzReux8X1/CS3bTav+2h7
+RZvEDetEdKFPOVdVaoxhzF/jm4dcaxwfrHfCJGvFS2TEKvdgT/TJAfVltYsNjH0+
+0gIKOGSPJqsBcn0GJfrNeEKu/eWFeCdfp7n4nbCp18XQEU5CkxJtK9i73NEEzr2r
+mHqfnMpdNIJRKhmw0oIBjaGwldQi29p0MJx0quO/SdDJ3MZ7SnmDWZ110axEVWLP
+5V+ekuq5/qjsNNWsN8esCIUkN+q/zi7hBDTiLK+MaxwCFAauSetPqzl285mE5Wot
++vSqsmmF/zUOCr+0n5Ro1C2OadkzRMGX65YqY3oi/nBTBloEiBjNEs0bKWzyVDXA
+=lLbb
+-----END PGP MESSAGE-----