c23ceacd0b
add new config entry "primary_domain" which is used to set the cookie domain
142 lines
4.8 KiB
YAML
142 lines
4.8 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ include "passbook.fullname" . }}-config
|
|
data:
|
|
config.yml: |
|
|
# Env for Docker images
|
|
databases:
|
|
default:
|
|
engine: django.db.backends.postgresql
|
|
name: {{ .Values.postgresql.postgresqlDatabase }}
|
|
user: postgres
|
|
password: {{ .Values.postgresql.postgresqlPassword }}
|
|
host: {{ .Release.Name }}-postgresql
|
|
port: ''
|
|
log:
|
|
level:
|
|
console: DEBUG
|
|
file: DEBUG
|
|
file: /dev/null
|
|
syslog:
|
|
host: 127.0.0.1
|
|
port: 514
|
|
email:
|
|
host: {{ .Values.config.email.host }}
|
|
port: 25
|
|
user: ''
|
|
password: ''
|
|
use_tls: false
|
|
use_ssl: false
|
|
from: passbook <passbook@domain.tld>
|
|
web:
|
|
listen: 0.0.0.0
|
|
port: 8000
|
|
threads: 30
|
|
debug: false
|
|
secure_proxy_header:
|
|
HTTP_X_FORWARDED_PROTO: https
|
|
rabbitmq: "user:{{ .Values.rabbitmq.rabbitmq.password }}@{{ .Release.Name }}-rabbitmq"
|
|
# Error reporting, sends stacktrace to sentry.services.beryju.org
|
|
error_report_enabled: {{ .Values.config.error_reporting }}
|
|
|
|
{{- if .Values.config.secret_key }}
|
|
secret_key: {{ .Values.config.secret_key }}
|
|
{{- else }}
|
|
secret_key: {{ randAlphaNum 50 }}
|
|
{{- end }}
|
|
|
|
primary_domain: {{ .Values.primary_domain }}
|
|
domains:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
- kubernetes-healthcheck-host
|
|
|
|
passbook:
|
|
sign_up:
|
|
# Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
|
|
enabled: true
|
|
password_reset:
|
|
# Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
|
|
enabled: true
|
|
# Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
|
|
verification:
|
|
- email
|
|
# Text used in title, on login page and multiple other places
|
|
branding: passbook
|
|
login:
|
|
# Override URL used for logo
|
|
logo_url: null
|
|
# Override URL used for Background on Login page
|
|
bg_url: null
|
|
# Optionally add a subtext, placed below logo on the login page
|
|
subtext: null
|
|
footer:
|
|
links:
|
|
# Optionally add links to the footer on the login page
|
|
# - name: test
|
|
# href: https://test
|
|
# Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
|
|
uid_fields:
|
|
- username
|
|
- email
|
|
session:
|
|
remember_age: 2592000 # 60 * 60 * 24 * 30, one month
|
|
# Provider-specific settings
|
|
ldap:
|
|
# # Completely enable or disable LDAP provider
|
|
# enabled: false
|
|
# # AD Domain, used to generate `userPrincipalName`
|
|
# domain: corp.contoso.com
|
|
# # Base DN in which passbook should look for users
|
|
# base_dn: dn=corp,dn=contoso,dn=com
|
|
# # LDAP field which is used to set the django username
|
|
# username_field: sAMAccountName
|
|
# # LDAP server to connect to, can be set to `<domain_name>`
|
|
# server:
|
|
# name: corp.contoso.com
|
|
# use_tls: false
|
|
# # Bind credentials, used for account creation
|
|
# bind:
|
|
# username: Administraotr@corp.contoso.com
|
|
# password: VerySecurePassword!
|
|
# Which field from `uid_fields` maps to which LDAP Attribute
|
|
login_field_map:
|
|
username: sAMAccountName
|
|
email: mail # or userPrincipalName
|
|
user_attribute_map:
|
|
active_directory:
|
|
username: "%(sAMAccountName)s"
|
|
email: "%(mail)s"
|
|
name: "%(displayName)"
|
|
# # Create new users in LDAP upon sign-up
|
|
# create_users: true
|
|
# # Reset LDAP password when user reset their password
|
|
# reset_password: true
|
|
oauth_client:
|
|
# List of python packages with sources types to load.
|
|
types:
|
|
- passbook.oauth_client.source_types.discord
|
|
- passbook.oauth_client.source_types.facebook
|
|
- passbook.oauth_client.source_types.github
|
|
- passbook.oauth_client.source_types.google
|
|
- passbook.oauth_client.source_types.reddit
|
|
- passbook.oauth_client.source_types.supervisr
|
|
- passbook.oauth_client.source_types.twitter
|
|
- passbook.oauth_client.source_types.azure_ad
|
|
saml_idp:
|
|
signing: true
|
|
autosubmit: false
|
|
issuer: passbook
|
|
assertion_valid_for: 86400
|
|
# List of python packages with provider types to load.
|
|
types:
|
|
- passbook.saml_idp.processors.generic
|
|
- passbook.saml_idp.processors.aws
|
|
- passbook.saml_idp.processors.gitlab
|
|
- passbook.saml_idp.processors.nextcloud
|
|
- passbook.saml_idp.processors.salesforce
|
|
- passbook.saml_idp.processors.shibboleth
|
|
- passbook.saml_idp.processors.wordpress_orange
|