studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8662c792124576a3200ba4232f0f7d31291c39bf
sbbb/base/stalwart/oidc-client-bulwark.yaml

31 lines
1013 B
YAML
Raw Normal View History

checkpoint: stalwart deploy, beam-design, migration scripts, config tweaks Stalwart + Bulwark mail server deployment with OIDC, TLS cert, vault secrets. Beam design service. Pingora config cleanup. SeaweedFS replication fix. Kratos values tweak. Migration scripts for mbox/messages /calendars from La Suite to Stalwart.
2026-04-06 17:52:30 +01:00
# Bulwark webmail OIDC client — authenticates directly with Hydra.
# Hydra Maester creates K8s Secret "oidc-bulwark" with CLIENT_ID/CLIENT_SECRET.
# DOMAIN_SUFFIX is replaced by sed at deploy time.
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
name: bulwark
namespace: stalwart
spec:
clientName: Webmail
grantTypes:
- authorization_code
- refresh_token
responseTypes:
- code
scope: openid email profile offline_access
redirectUris:
- https://mail.DOMAIN_SUFFIX/en/auth/callback
- https://mail.DOMAIN_SUFFIX/auth/callback
- https://mail.DOMAIN_SUFFIX/api/auth/callback
postLogoutRedirectUris:
- https://mail.DOMAIN_SUFFIX
tokenEndpointAuthMethod: client_secret_post
secretName: oidc-bulwark
skipConsent: true
tokenLifespans:
authorization_code_grant_access_token_lifespan: 24h
authorization_code_grant_refresh_token_lifespan: 720h
refresh_token_grant_access_token_lifespan: 24h
refresh_token_grant_refresh_token_lifespan: 720h
Reference in New Issue Copy Permalink