authentik/helm/passbook/templates/passbook-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "passbook.fullname" . }}-config
data:
  config.yml: |
    # Env for Docker images
    databases:
      default:
        engine: django.db.backends.postgresql
        name: {{ .Values.postgresql.postgresqlDatabase }}
        user: postgres
        password: {{ .Values.postgresql.postgresqlPassword }}
        host: {{ .Release.Name }}-postgresql
        port: ''
    log:
      level:
        console: DEBUG
        file: DEBUG
      file: /dev/null
      syslog:
        host: 127.0.0.1
        port: 514
    email:
      host: localhost
      port: 25
      user: ''
      password: ''
      use_tls: false
      use_ssl: false
      from: passbook <passbook@domain.tld>
    web:
      listen: 0.0.0.0
      port: 8000
      threads: 30
    debug: false
    secure_proxy_header:
      HTTP_X_FORWARDED_PROTO: https
    redis: {{ .Release.Name }}-redis
    # Error reporting, sends stacktrace to sentry.services.beryju.org
    error_report_enabled: {{ .Values.config.error_reporting }}

    {{- if .Values.config.secret_key }}
    secret_key: {{ .Values.config.secret_key }}
    {{- else }}
    secret_key: {{ randAlphaNum 50 }}
    {{- end }}

    domains:
        {{- range .Values.ingress.hosts }}
        - {{ . | quote }}
        {{- end }}

    passbook:
      sign_up:
        # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
        enabled: true
      password_reset:
        # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
        enabled: true
        # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
        verification:
          - email
      # Text used in title, on login page and multiple other places
      branding: passbook
      login:
        # Override URL used for logo
        logo_url: null
        # Override URL used for Background on Login page
        bg_url: null
        # Optionally add a subtext, placed below logo on the login page
        subtext: null
      footer:
        links:
          # Optionally add links to the footer on the login page
          #  - name: test
          #    href: https://test
      # Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
      uid_fields:
        - username
        - email
      session:
        remember_age: 2592000 # 60 * 60 * 24 * 30, one month
    # Provider-specific settings
    ldap:
      # # Completely enable or disable LDAP provider
      # enabled: false
      # # AD Domain, used to generate `userPrincipalName`
      # domain: corp.contoso.com
      # # Base DN in which passbook should look for users
      # base_dn: dn=corp,dn=contoso,dn=com
      # # LDAP field which is used to set the django username
      # username_field: sAMAccountName
      # # LDAP server to connect to, can be set to `<domain_name>`
      # server:
      #   name: corp.contoso.com
      #   use_tls: false
      # # Bind credentials, used for account creation
      # bind:
      #   username: Administraotr@corp.contoso.com
      #   password: VerySecurePassword!
      # Which field from `uid_fields` maps to which LDAP Attribute
      login_field_map:
        username: sAMAccountName
        email: mail # or userPrincipalName
      user_attribute_map:
        active_directory:
          sAMAccountName: username
          mail: email
          given_name: first_name
          name: last_name
      # # Create new users in LDAP upon sign-up
      # create_users: true
      # # Reset LDAP password when user reset their password
      # reset_password: true
    oauth_client:
      # List of python packages with sources types to load.
      types:
        - passbook.oauth_client.source_types.discord
        - passbook.oauth_client.source_types.facebook
        - passbook.oauth_client.source_types.github
        - passbook.oauth_client.source_types.google
        - passbook.oauth_client.source_types.reddit
        - passbook.oauth_client.source_types.supervisr
        - passbook.oauth_client.source_types.twitter
    saml_idp:
      signing: true
      autosubmit: false
      issuer: passbook
      assertion_valid_for: 86400
      # List of python packages with provider types to load.
      types:
        - passbook.saml_idp.processors.generic
        - passbook.saml_idp.processors.gitlab
        - passbook.saml_idp.processors.nextcloud
        - passbook.saml_idp.processors.salesforce
        - passbook.saml_idp.processors.shibboleth
        - passbook.saml_idp.processors.wordpress_orange
add helm chart 2019-02-08 13:57:16 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: {{ include "passbook.fullname" . }}-config`
			`data:`
			`config.yml: \|`
			`# Env for Docker images`
			`databases:`
			`default:`
			`engine: django.db.backends.postgresql`
			`name: {{ .Values.postgresql.postgresqlDatabase }}`
			`user: postgres`
			`password: {{ .Values.postgresql.postgresqlPassword }}`
			`host: {{ .Release.Name }}-postgresql`
			`port: ''`
			`log:`
			`level:`
			`console: DEBUG`
			`file: DEBUG`
			`file: /dev/null`
			`syslog:`
			`host: 127.0.0.1`
			`port: 514`
			`email:`
			`host: localhost`
			`port: 25`
			`user: ''`
			`password: ''`
			`use_tls: false`
			`use_ssl: false`
			`from: passbook <passbook@domain.tld>`
			`web:`
			`listen: 0.0.0.0`
			`port: 8000`
			`threads: 30`
			`debug: false`
			`secure_proxy_header:`
			`HTTP_X_FORWARDED_PROTO: https`
			`redis: {{ .Release.Name }}-redis`
			`# Error reporting, sends stacktrace to sentry.services.beryju.org`
			`error_report_enabled: {{ .Values.config.error_reporting }}`

			`{{- if .Values.config.secret_key }}`
			`secret_key: {{ .Values.config.secret_key }}`
			`{{- else }}`
			`secret_key: {{ randAlphaNum 50 }}`
			`{{- end }}`

			`domains:`
			`{{- range .Values.ingress.hosts }}`
			`- {{ . \| quote }}`
			`{{- end }}`

			`passbook:`
			`sign_up:`
			`# Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true`
			`enabled: true`
			`password_reset:`
			`# Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true`
			`enabled: true`
			# Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
			`verification:`
			`- email`
			`# Text used in title, on login page and multiple other places`
			`branding: passbook`
			`login:`
			`# Override URL used for logo`
			`logo_url: null`
			`# Override URL used for Background on Login page`
			`bg_url: null`
			`# Optionally add a subtext, placed below logo on the login page`
			`subtext: null`
			`footer:`
			`links:`
			`# Optionally add links to the footer on the login page`
			`# - name: test`
			`# href: https://test`
			# Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
			`uid_fields:`
			`- username`
			`- email`
			`session:`
			`remember_age: 2592000 # 60 * 60 * 24 * 30, one month`
			`# Provider-specific settings`
			`ldap:`
			`# # Completely enable or disable LDAP provider`
			`# enabled: false`
			# # AD Domain, used to generate `userPrincipalName`
			`# domain: corp.contoso.com`
			`# # Base DN in which passbook should look for users`
			`# base_dn: dn=corp,dn=contoso,dn=com`
			`# # LDAP field which is used to set the django username`
			`# username_field: sAMAccountName`
			# # LDAP server to connect to, can be set to `<domain_name>`
			`# server:`
			`# name: corp.contoso.com`
			`# use_tls: false`
			`# # Bind credentials, used for account creation`
			`# bind:`
			`# username: Administraotr@corp.contoso.com`
			`# password: VerySecurePassword!`
			# Which field from `uid_fields` maps to which LDAP Attribute
			`login_field_map:`
			`username: sAMAccountName`
			`email: mail # or userPrincipalName`
			`user_attribute_map:`
			`active_directory:`
			`sAMAccountName: username`
			`mail: email`
			`given_name: first_name`
			`name: last_name`
			`# # Create new users in LDAP upon sign-up`
			`# create_users: true`
			`# # Reset LDAP password when user reset their password`
			`# reset_password: true`
			`oauth_client:`
			`# List of python packages with sources types to load.`
			`types:`
			`- passbook.oauth_client.source_types.discord`
			`- passbook.oauth_client.source_types.facebook`
			`- passbook.oauth_client.source_types.github`
			`- passbook.oauth_client.source_types.google`
			`- passbook.oauth_client.source_types.reddit`
			`- passbook.oauth_client.source_types.supervisr`
			`- passbook.oauth_client.source_types.twitter`
			`saml_idp:`
			`signing: true`
			`autosubmit: false`
			`issuer: passbook`
			`assertion_valid_for: 86400`
			`# List of python packages with provider types to load.`
			`types:`
			`- passbook.saml_idp.processors.generic`
			`- passbook.saml_idp.processors.gitlab`
			`- passbook.saml_idp.processors.nextcloud`
			`- passbook.saml_idp.processors.salesforce`
			`- passbook.saml_idp.processors.shibboleth`
			`- passbook.saml_idp.processors.wordpress_orange`