89 lines
2.1 KiB
YAML
89 lines
2.1 KiB
YAML
http:
|
|
listeners:
|
|
- name: web
|
|
resources:
|
|
- name: discovery
|
|
- name: human
|
|
- name: oauth
|
|
- name: compat
|
|
- name: graphql
|
|
- name: assets
|
|
binds:
|
|
- address: "[::]:8080"
|
|
proxy_protocol: false
|
|
- name: internal
|
|
resources:
|
|
- name: health
|
|
binds:
|
|
- host: "0.0.0.0"
|
|
port: 8081
|
|
proxy_protocol: false
|
|
trusted_proxies:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/10
|
|
- 127.0.0.1/8
|
|
- fd00::/8
|
|
- ::1/128
|
|
public_base: https://matrix-auth.janky.solutions/
|
|
# issuer: http://[::]:8080/
|
|
database:
|
|
uri: postgresql://mas@janky-solutions-homeserver-database.matrix.svc.cluster.local/mas
|
|
max_connections: 10
|
|
min_connections: 0
|
|
connect_timeout: 30
|
|
idle_timeout: 600
|
|
max_lifetime: 1800
|
|
email:
|
|
from: '"Matrix Authentication Service" <matrix@janky.solutions>'
|
|
reply_to: '"Matrix Authentication Service" <matrix@janky.solutions>'
|
|
transport: blackhole
|
|
secrets:
|
|
encryption: SECRET_ENCRYPTION
|
|
keys:
|
|
- kid: fjm6GxWLms
|
|
key: |
|
|
SECRET_KEY_0
|
|
- kid: SszPRpg6Lm
|
|
key: |
|
|
SECRET_KEY_1
|
|
- kid: f3dAhzd5lq
|
|
key: |
|
|
SECRET_KEY_2
|
|
- kid: yLREYJJQV4
|
|
key: |
|
|
SECRET_KEY_3
|
|
passwords:
|
|
enabled: false
|
|
matrix:
|
|
homeserver: janky.solutions
|
|
secret: SECRET_ADMIN_SECRET
|
|
endpoint: http://homeserver-janky-solutions:8008/
|
|
clients:
|
|
- client_id: 01J5VH0VE08DMM5TMNSS9A4J31
|
|
client_auth_method: client_secret_basic
|
|
client_secret: SECRET_CLIENT_SECRET
|
|
metrics:
|
|
exporter: prometheus
|
|
upstream_oauth2:
|
|
providers:
|
|
- id: 01J5VF4J9NQQP1E2MAWQFHPMG8
|
|
human_name: Janky Solutions
|
|
issuer: https://auth.janky.solutions/realms/janky.solutions
|
|
token_endpoint_auth_method: client_secret_basic
|
|
client_id: matrix
|
|
client_secret: "SECRET_oidc_secret"
|
|
scope: "openid profile email"
|
|
claims_imports:
|
|
localpart:
|
|
action: require
|
|
template: "{{ user.preferred_username }}"
|
|
displayname:
|
|
action: suggest
|
|
template: "{{ user.name }}"
|
|
email:
|
|
action: suggest
|
|
template: "{{ user.email }}"
|
|
set_email_verification: always
|
|
account:
|
|
email_change_allowed: false
|