apps: use backend admin password instead of individual ones

2025-05-26 10:04:14 +02:00 · 2025-05-26 10:04:14 +02:00 · 7fff2fbb74
commit 7fff2fbb74
parent 0fd89ae46e
10 changed files with 27 additions and 14 deletions
--- a/apps/board/openproject-kustomization.yaml
+++ b/apps/board/openproject-kustomization.yaml
@ -33,3 +33,6 @@ spec:
        name: stackspin-openproject-oauth-variables
      - kind: ConfigMap
        name: stackspin-single-sign-on-kustomization-variables
+      # For the admin password
+      - kind: Secret
+        name: stackspin-single-sign-on-variables
--- a/apps/board/openproject-secrets/openproject-variables.yaml
+++ b/apps/board/openproject-secrets/openproject-variables.yaml
@ -6,6 +6,6 @@ metadata:
  namespace: flux-system
 spec:
  fields:
-  - fieldName: admin_password
  - fieldName: postgresql_password
  - fieldName: postgresql_postgres_password
+  - fieldName: admin_password # FIXME delete
--- a/apps/board/openproject/openproject-values-configmap.yaml
+++ b/apps/board/openproject/openproject-values-configmap.yaml
@ -48,6 +48,7 @@ data:
          backup.velero.io/backup-volumes: "data"

    containerSecurityContext:
+      readOnlyRootFilesystem: false
      #enabled: true
      #runAsUser: 1000
      #runAsGroup: 1000
@ -57,12 +58,12 @@ data:
      #    - "ALL"
      #seccompProfile:
      #  type: "RuntimeDefault"
-      readOnlyRootFilesystem: false
      #runAsNonRoot: true

    openproject:
+      #useTmpVolumes: false
      admin_user:
-        password: "${admin_password}"
+        password: "${userbackend_admin_password}"
        password_reset: "false"
        name: "${org_name} Admin"
        mail: "${admin_email}"
--- a/apps/forge/forgejo-kustomization.yaml
+++ b/apps/forge/forgejo-kustomization.yaml
@ -33,4 +33,7 @@ spec:
      - kind: ConfigMap
        name: stackspin-single-sign-on-kustomization-variables
      - kind: ConfigMap
-        name: stackspin-dashboard-kustomization-variables
+        name: stackspin-dashboard-kustomization-variables # dashboard domain for icon
+      # For the admin password
+      - kind: Secret
+        name: stackspin-single-sign-on-variables
--- a/apps/forge/forgejo-secrets/forgejo-variables.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-variables.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: flux-system
 spec:
  fields:
-  - fieldName: forgejo_admin_password
+  - fieldName: forgejo_admin_password # FIXME delete
  - fieldName: lfs_jwt
  - fieldName: postgresql_password
  - fieldName: postgresql_admin_password
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
@ -26,7 +26,7 @@ data:
      admin:
        username: "forgejo"
        email: "${admin_email}"
-        password: "${forgejo_admin_password}"
+        password: "${userbackend_admin_password}"
      # https://codeberg.org/forgejo-contrib/forgejo-helm#oauth2-settings
      oauth:
        - name: Stackspin
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@ -9,6 +9,8 @@ resources:
  - meet-kustomization.yaml
  - status-kustomization.yaml
  - board-kustomization.yaml
-  #- design-kustomization.yaml #
+  - design-kustomization.yaml
+  #- sign-kustomization.yaml
+  #- stirling-kustomization.yaml
  #- sprint-kustomization.yaml #charts outdated
  #- video-kustomization.yaml #missing storage
--- a/apps/ninja/invoiceninja-kustomization.yaml
+++ b/apps/ninja/invoiceninja-kustomization.yaml
@ -27,9 +27,13 @@ spec:
        name: stackspin-invoiceninja-kustomization-variables
      - kind: Secret
        name: stackspin-invoiceninja-variables
+      # OIDC
+      # - kind: Secret
+      #   name: stackspin-invoiceninja-oauth-variables
+      #   optional: true
+      # - kind: ConfigMap
+      #   name: stackspin-single-sign-on-kustomization-variables
+      #   optional: true
+      # For the admin password
      - kind: Secret
-        name: stackspin-invoiceninja-oauth-variables
-        optional: true
-      - kind: ConfigMap
-        name: stackspin-single-sign-on-kustomization-variables
-        optional: true
+        name: stackspin-single-sign-on-variables
--- a/apps/ninja/invoiceninja-secrets/invoiceninja-variables.yaml
+++ b/apps/ninja/invoiceninja-secrets/invoiceninja-variables.yaml
@ -6,7 +6,7 @@ metadata:
 spec:
  fields:
  - fieldName: app_key
-  - fieldName: invoiceninja_admin_password
  - fieldName: redis_password
  - fieldName: mariadb_password
  - fieldName: mariadb_root_password
+  - fieldName: invoiceninja_admin_password # FIXME delete
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
@ -49,7 +49,7 @@ data:
    appKey: "${app_key}"
    appURL: "https://${invoiceninja_domain}"
    userEmail: "${admin_email}"
-    userPassword: "${invoiceninja_admin_password}"
+    userPassword: "${userbackend_admin_password}"
    mailer: "smtp" # FIXME use "${outgoing_mail_enabled}"
    # https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php#L36
    extraEnvVars: