✨ enable oauth2

ocf · Apr 24, 2024 · fadc083 · fadc083
1 parent a6df597
commit fadc083
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/.transpire.py b/.transpire.py
@@ -174,6 +174,15 @@ def objects():
                 "kill-timeout": "1s",
                 "max-concurrency": 64,
             },
+            "oauth2": {
+                "enabled": True,
+                "autocreate": True,
+                "introspection-url": "https://idm.ocf.berkeley.edu/realms/ocf/protocol/openid-connect/token/introspect",
+                "introspection-timeout": "10s",
+                "client-id": "ergo",
+                # Set via ERGO__ACCOUNTS__OAUTH2__CLIENT_SECRET
+                # "client-secret": ""
+            }
         },
         "channels": {
             "default-modes": "+ntC",
@@ -318,6 +327,16 @@ def objects():
         },
     }
 
+    # Secrets
+    yield {
+        "apiVersion": "v1",
+        "kind": "Secret",
+        "metadata": {"name": "ircd-secrets"},
+        "stringData": {
+            "ERGO__ACCOUNTS__OAUTH2__CLIENT_SECRET": "",
+        },
+    }
+
     ircd_labels = {"k8s.ocf.io/app": name, "k8s.ocf.io/component": "ircd"}
     yield {
         "apiVersion": "apps/v1",
@@ -340,6 +359,7 @@ def objects():
                                 {"name": "ircd-config", "mountPath": "/ircd"},
                                 {"name": "ircd-tls", "mountPath": "/etc/ssl"},
                             ],
+                            "envFrom": [{"secretRef": {"name": "ircd-secrets"}}],
                         },
                         {
                             "name": "gamja",

diff --git a/gamja/config.json b/gamja/config.json
@@ -2,5 +2,9 @@
 	"server": {
 		"url": "wss://irc-dev.ocf.berkeley.edu:8097",
 		"autojoin": "#rebuild"
+	},
+	"oauth2": {
+		"url": "https://idm.ocf.berkeley.edu/realms/ocf",
+		"client_id": "ergo"
 	}
 }