From 6d1f2e7948ffe16963cb6f82f57788da77300dda Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Thu, 9 Dec 2021 09:55:12 +0100
Subject: [PATCH] apply suggested kratos config

---
 .../single-sign-on-values-configmap.yaml             | 12 ++++++++++++
 .../stackspin-single-sign-on-variables.yaml.jinja    |  9 +++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
index 5f1c178a4..5c3093301 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -59,6 +59,16 @@ data:
       kratos:
         config:
           dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+        courier:
+          smtp:
+            connection_uri: smtp://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}/
+            from_address: ${outgoing_mail_from_address}
+        serve:
+          public:
+            base_url: https://sso.${domain}/api/
+        secrets:
+          session:
+            - "${kratos_session_secret}"
         selfservice:
           flows:
             recovery:
@@ -69,6 +79,8 @@ data:
               ui_url: https://sso.${domain}/login/settings
             registration:
               ui_url: https://sso.${domain}/login/registration
+        default_browser_return_url: https://dashboard.${domain}/
+
 
     oAuthClients:
     - clientName: nextcloud
diff --git a/install/templates/stackspin-single-sign-on-variables.yaml.jinja b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
index 31502141f..56ccc93f9 100644
--- a/install/templates/stackspin-single-sign-on-variables.yaml.jinja
+++ b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
@@ -4,9 +4,10 @@ kind: Secret
 metadata:
   name: stackspin-single-sign-on-variables
 data:
-  userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
-  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
-  hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
+  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"
   hydra_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  hydra_system_secret: "{{ 32 | generate_password | b64encode }}"
   kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
-  dashboard_postgresql_password: "{{ 32 | generate_password | b64encode }}"
+  kratos_session_secret: "{{ 32 | generate_password | b64encode }}"
+  userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
+  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
-- 
GitLab