vikunja: create subdirectory with ConfigMap and OAuth2Client

basic/apps/stackspout/do/vikunja-oauth-client.yaml

+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: vikunja-oauth-client
+  # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-vikunja-oauth-variables
+  redirectUris:
+    - https://do.${domain}/oauth/openid/
+  tokenEndpointAuthMethod: client_secret_post

basic/apps/stackspout/do/vikunja-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: vikunja
+  namespace: stackspout
+spec:
+  releaseName: vikunja
+  chart:
+    spec:
+      chart: vikunja
+      version: 5.5.3
+      sourceRef:
+        kind: HelmRepository
+        name: k8s-at-home
+        namespace: stackspout
+  interval: 10m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-vikunja-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-vikunja-override
+      optional: true
+    - kind: Secret
+      name: stackspin-vikunja-override
+      optional: true

basic/apps/stackspout/vikunja-release.yaml → basic/apps/stackspout/do/vikunja-values-configmap.yaml

-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
+---
+apiVersion: v1
+kind: ConfigMap
 metadata:
-  name: vikunja
+  name: stackspin-vikunja-values
   namespace: stackspout
-spec:
-  releaseName: vikunja
-  chart:
-    spec:
-      chart: vikunja
-      version: 5.5.3
-      sourceRef:
-        kind: HelmRepository
-        name: k8s-at-home
-        namespace: stackspout
-  interval: 10m
-  values:
-    # https://github.com/k8s-at-home/charts/blob/master/charts/stable/vikunja/values.yaml
+data:
+  # Defaults: https://github.com/k8s-at-home/charts/blob/master/charts/stable/vikunja/values.yaml
+  # Inherits: https://github.com/k8s-at-home/library-charts/blob/main/charts/stable/common/values.yaml
+  values.yaml: |
     vikunja:
-      # TODO https://vikunja.io/docs/config-options/#openid
       config: |-
         auth:
-          local:
-            enabled: true
           openid:
+            # https://vikunja.io/docs/config-options/#openid
+            # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312
             enabled: true
             providers:
               - name: Stackspin
                 authurl: "https://sso.${domain}"
                 clientid: vikunja
                 clientsecret: "${client_secret}"
+          local:
+            enabled: false
     ingress:
       main:
         enabled: true
         primary: false
         hosts:
-          - host: do.ftt.gmbh
+          - host: "https://do.${domain}"
             paths:
                - path: /
                  pathType: Prefix
         tls:
           - secretName: vikunja
             hosts:
-              - do.ftt.gmbh
+              - "https://do.${domain}"

basic/install.sh

@@ -16,3 +16,6 @@ flux create kustomization stackspout \
   --path="./basic/clusters/production/" \
   --prune=true \
   --interval=10m
+
+python ../../stackspin/install/generate_secrets.py vikunja
+python ../../stackspin/install/generate_secrets.py gitea