diff --git a/base/devtools/gitea-theme-cm.yaml b/base/devtools/gitea-theme-cm.yaml index d0ee75c..fa7b8ec 100644 --- a/base/devtools/gitea-theme-cm.yaml +++ b/base/devtools/gitea-theme-cm.yaml @@ -280,3 +280,6 @@ data: # fill rules don't apply. We mount a custom amber SVG instead. logo.svg: | +binaryData: + # Sunbeam studio icon (180x180 PNG) — replaces the default Gitea favicon. + favicon.png: iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAFKyjakAAAABGdBTUEAALGPC/xhBQAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAtKADAAQAAAABAAAAtAAAAABW1ZZ5AAABn2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMDI0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjEwMjQ8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KVYJjWAAANlZJREFUeAHtXQecJEXVf7uzOV7OOXOJO46kRFEUEAEliAjykUHypyTFBAgIRxBB8EBQVE6CxA9FRERA4EAucXBxb++4HPY23eb0vX/N9Ex1T3V190z37M4w73d7091V9arq9etXr169epXTw0ABQW5AeAXaPFfIe7qp+i9nUvP2pUTc0ZxQAQ077AYaMOt0bfEcHVlWPrSftjASuztbaMZlK5X5HMky/ZIl0YKF+fHZc/OKo+nWi/jcUo6CvBzpjmji+R+a7p1ubJF3tdZTKNeM3AmZNd0WeUPVq6a8uZacX79llSlddWMpEsvStOnd2A1fzf/L1ug9erR6S0v03u7CFnl7/adEElUeeXUHffzruQLP1IsWU/Vv59nhjD635fOutkZqbumKZsRFDle2aXebeNbS3m1KU93Ytrynp9OU/5MHw63+yo8+IeNaZlNT5siNLfLcUCEtWd8ULWO0VEa88qFwhdFMlgtb5KHCCpo9rjSa/aX39xBaarQWlTiJPFvk+RUjqbI0FEV+2qGDBDmqH50nKnDzCdgiLx4yk4VUFDet2NhMbR3d1NLWLSqZdnFMLMRyma9skZeMMLPaabevprlXLKMv/fBjgWF4/wK67anNZmyWO1vkRYNnmLKCDQGv/Tz8/PXbZtAf/rUr/NDmf1s+z8kNyVSJfkAGHqMy4171a4scmVsjH4rBIVYEb/6C34sGtMh7ujuiH4wGh22SdiSyLeUywfaFuiyvzRZYywNrtfZFGn2tW/ksbXvzVupuZwHGfF40YDJNPONFI1n5a0uKzqadtPYPxygLyQ/3uXixfBu9tiUFkB59Y/jTNnLvd+Uy49Lx1xYxSm6paSdDLykuyI1+QI5YOYMWMRAYInT8eR9SvkVf0VXgiFguvGZBTIU76HvL5aS4a1dcYZSCrAZAlmB0N4Y2I13+dWxxR5c0GnBJQ8PSIUUFjoiRaVttO34EQBcxBl/jmerXkRSd3GKMJAayq04cLvDM+O4SMej2XKxC67LF765qpKKIOnzhMcPolj9vFkiNylSoXZHiiJkVNIFVYbw09ODG00dFe6BCimeOpECm9s6eKCJjdNG1FmVctRgZf/XSNvxEKzjsuhXivqcr9mLFg8h/rhCjlQ/+dbtJW6pp6BAoujvDiqWMFNeuEBvdVo7WPWYt1qjAkcaYz8g0NgriNy+Uw9O9QvlR9FqLePVv9qNJF6jlbWlRSHBIbr56BmaLuHTUQdS0eVH0ZUWb4vLCdgRxWd42m6uXZ1takxBYizV1Jp0UGDWSbpkGgS3TacpEk1Y/elhYlYk+8XrRQ/u4mJhYsSZE6Y9/tQ/B+gLdy5CnVsTu7nNo5YNz3GWVciXUaENWGA02RnEJr+gM0nMN7UdOlK9zvDfBe4lIhSWFsaJWy9ElD1RFm9XdbVZToglJXMRqdomkeVt4cqyb2v97RYPA9thVk11i9ZbN84fYuP41bQ0hHsMMOGhqmXEpfs+cv4YWV4WNKMbgasrg8sYzpVt2mqcVqEdmgKkXhsfOmWNLTE246P4qXxoMpJ4p3dkctj50sEZmgHFtTGXw/KnrpxrJUQlTxoP++/fMjj5P9MJzo3siCldbZ8yS1x1h8C7+6D64Z18qLYq9QEPCwGAxqCI/2s4L7ltHAyvz6fazx0afub3w3GiKiKhGyTRpfJRQruUGoxFW3jU6gbRVbARMRLh4bnRufphXaxrMZs8int1O4ImoDC/+eB+aNLxIfkSHzaig31w2UTxLpMEo6LnReSWDCBbmKSPNyijsWVaq3vP8Vnr47ztEA6EZL79/TrTB4mGC/8WYzyWCwgFhKlkHFFXxq08aITqCzoB1wBoye0TLGPwVfaC/8EzpkuFzqfbjp5VYVQ0y+BYNx3CP+TXyweyAjgCwQmSwnRKx5aFnSpcMj9k4LLho/0nmwQTpry6tj2aDdME8CDAlIs9x3dMVngri2g14pnRe6RBbvI9/LzxsY/2nOyYRTfnRcANgmhKmEuWc08gV/+u50QYK2S6jYgsjn+63M9KBUGG5LltcWsKNBiartIjD7vDAGElNi10OZZDs6xyxq61BiMO22vXUUb+JOptrqKutnmCBz8nNp1BhJeVXjKCiQftQybB9Kbcg/htw0WZ/G+2mQj/y+EppPxrkBodnkecGadB5so0OmsIG/qREnoEEv217qqhm2eO0d+NbLDV2scRgLRDjiJh95QjJUTbmEBpy0OVU0M+7Di3XlfCH2Fj9Om16+XLKyVPbNOVKlNfsCjPh9OeosP94ZbLuYUKN/uSBmcLfRofYbZrd+peufEIfIhyEAP/3fi1B+U8GOvZu91zcc41gCwAMR9c+toGg6KvgygXV0TU7VbrxrHbFk8al61/Pjd656FcCOagM+MPr8b4BKze10D+W1NGBVzuvWu7d+LbA4+U/z41uq1kj8H//0Q3it67JPFfEw5NvDbsiPXrlJJFH919H4xZdsjLNc6NNlhklytjDmZLXTOyp+aq7o9n8wMWd90aH9KK9WDJMygq/XVuEPLdLtHnuudE5DqbZRasbo1UZc8DoA9WFx0ktUHhutJPCfvlD1aqmiWdYisUsR7Zn93jhtwjmBBpt2yaRsKs+PEk9ek4/U0aISCzzAtyYH0yFLTe+N9rAf/cF5uH589//yEjSOhNEM2kufG20/BHmWTDv2RsWjXCLSxYsqL2jy5eM6FjaNiBmKCCTq4zhwmHkS+Q36UYXSG6/dzwTHigOZSOjAVibgRsOYK3kzGKkJ/KbdKNVYu2Ry8P2PjRo3Lnhj++S44aR1bclkQajTNKNHtIvZih/47aZwmvHMCLJQ/zlXwu7sqBSaIYQfU6rdcirgqQbfdy8mGhDB2TLE8y7ABghDQA7GXZssdyRmsHFqD78e9wBA8wPpDusscAKZVD+PR4tJ0Vk9dc/N9DUQamY46VekXAsTjS0f5g94GaycWcbYVWrnddjVAQ89951AuNPzxhNpx02KIw9/DJc1BTLknSj8yKMOedy3vYgAUa9Fex/Ln+oWPGawZ0yt9N8J6GwvUyapw3MYINFd8+mSSPCayygPGzQR94Q9m9CPrwF7000aoj9+tZooCwvDtGLP9pH8PGGyMi3s65DSAo7cZfj0TaNenxtNBAa0BxxNP/8PmHb876XLaXbn95sJEu/3mkfWKONVj1yxSRaeO0Ucfs4zyfhLWiC3qY05O69L2ylNz6qN6mf+44vpSeuCTf8vF+uE45rsYZ7p3TS0sOoHA227hA65ZCBdNOZY0SWORNKafzQQqre0cZbCZaK5ehwWe+NToA9ZP3NaDKRPM0ynj7znxrTUP23n00XSU2t0iqS9zYn8CGqRg1uytyJpUZbTb/GaIiH8rWh0rKHoym/mxvPlO6xeGdiSwoAfbGqnusVG5rGDwvL8XOZtxMFzzzd090lFn2MCtdubaUDp4QXfCCLMchAIKATxv4PIy9+T/78QJr/7BZ66+Owy1CKJrZmnr6O7XlWsOEgke2P1i02ZnRWVMp7z5QOFZQLg/mVJ46gX7J42xEZ8ZTYNQ+jZgS2U3sFzzxdNGiaqOOiY4YKf3WvFSL/iQcPYGUq7ERo/Ubc4PNM6X7TT6aWnWEl6J+3znBThzKPwUIpkR79pp3Irg6t3JAEmFHR/Mqpxyue6h8ltHyhRMm82d6whdrrqqmtbgN1Nm4XS8xd2AvEAFdPeOUU9p9AxUNnk+HsosTl8NC/RjtU5Gey5w/Rz8oTxZWWjU5L9kj0DfVmubTkjt4kWKJ1ZwmdKOU8lssS2iPBEs3uWcNLtCK7cs1b/8uOLX8gBLlAuIgcXljNyUWzvM8b7erAFKqnm1cickJUNvZwGn74Dyi/fIRt9iASUjoYtrIfwPqFX0/cEcdnCmB1e/Sx91L5+KN8xhyPLmWErlp4knDmlJsAnsVChmGAkNNSdY3NtdMvjRmig6o3JTIazhxttdVxfdiHl7Zg+MNU3isYq09ey1nzwxGrseo162Pf71NC6B1v38FyNxY2BrYO2UH88ofWC2uUU+9gkcVWepTFksgdf/HuQqSqo27Ni6rHvj5LCaHr1/412miIC8Mfy3gIpzJjccx4pvo95561phU+hOLxY8hs3fmJqjpfn6WE0F3tsdUVrIaDQDLALSvPIXrHqs0t9GbEvmqUheOcH4aiztawZ6GBN4jfwAkNq2JYXYs034YFdRZTyOMz7gx7LspEwGKlH9DTGXZC8QOXHY7ACd3BNr2cHEldt2FB3RIiON66knDsvP4Jey7EEUP3luMyJ/YgcEK31azliYING7ts880c9sUKvzhnrPWR8h4BhW5auIlqIw5qqkyJLPWo8OieSaymy5Z4WlttbH9+Ilgg0594w+yVDZ8zaCA6l1s4hR74v8tpdyRmzJ/f3E3wAvTDqS6RfgTO0e280ywZWF4dXjqQcdx57jgtkTftahOOrAaRUVY4SUWCT8m4UnUdOEd3Npm50bZjCukCd6iLpYgVRtlj9+8fJ7ONNES1+MqPzeraLWeNoW/wynBvQuCExp5JN6ASAw3NXbS91jxrvO+i8bZExouZfqnZSe3KE4b3OpHR/8AJ3d1hDi0re3gYLwAyt8sSHQvj5+l3xKt0X2X/SpVtBFFCEC1Ehj+zp9RsdjzqCxA4oXu6zIHLZG9ZgwDGorhxj98C9mtfvx1r1zGYf964OCLjhVzwqyp62zKZWXTXbCov8UfPjrUg8asUEDrs9280URVbHMTifyb4LcdFluEq9iU5jmWzDPBdnXrREtPACFxVj8yzFS+oByofXEhTCcETmpydZOZxjAcjmoDR+TO/MJjwp4N/La83EfmH3xxF3z5ysJLICLGAsMSy2MELCd8HT/TACW31kVGJiW8art46qirSDpleIfzQonEqFHkQRecg1qetcMOpo2JED57OwQ+GJJlH0VnouFaYNd4cUcqa7nSvkvvLNzTR6b8wD47AA++uO86x6OFWueVUYQLpwXN0bniHs9G2mkazzMbz0sLYoIWZoLF1xChj/MID+Pb/GSvCITnJ2BIJJ8r/+pIJdOTsSoFKpUoadQT1Gzihcy0b9SdE/GDtOgTj0T85YPrRHGLfGlJvKUfLP0aajFSyVvHcjdNo5MBCk6wGbsSmch/QJXiWDp7QlmCs/aQA/XbEHj6ggFY8EHbeRB5oErBdQN376RObon6/9TyhOeoHsYB353xpCIcHHh2TvXYVWJ5bxxFLsi+3gRMaEXRkKOFNW14BAyjkMF6AETENOLDVTt7r+thrOwl/AMwgj57bz7QiIxJU/+FNBgzBE7q4n6kLfnapX2meEA+Yej/5Vg395E+fRuu64jfV4vrsLw6h608Z6bAS42erok0wXQRuvdOFGzO1JIkbTOtPPXSgIPoLvD1Mht//cydhtT1Xx7VM50QiGMj1OF0HztH5ZbHds06NkdPBY1jxVtlGkO/J66ayHaMkTjRM5s2DGAQff30nb2GLrZJP44MU8BKQHg85gtCmJbf4TEk9CZyj88tHem4g7MjgQjsiA+E3f7FaxHnGxlwVfOeoISK8oZx24s0rbQZKfq2IsRQgBE7oAg4lF8d2Dh0aWB7eTOyQTSRDC7GTCti/+8sLx5vQ7H/V8vjzMiA6Al43DJzQkNFOnTCi4hoUAeHcHK5VyYPh66xzq6b1Bq7jDzRvW8dkxWrpE+qdDomBLInfwGW0iEYqNvvZq3W1PFvEXn0ZoM5B1mKmiMVVRHVClN9po4rFNvgjZ1UKMeA0Q4TRCNvmn3prdxQ9NsSu5vgWsQiT0aTALgInNFoufDs0Xfi/D2oJcTJUgJnitSePFH9yumyFk5+rrqEGygDZLzMwTLeyy5qc169rcwv8wmrBI/t1gAPBmfLGXxyjAjVs+pgSmshT9FGDCmgoh9ToX5bHR73lEVZgwNlY+ca+2xALPITpR5QN7N6XZTSIiKk7dphiM/1rS+towSvbLS1imzQXjsVgCB9LGZfJxwcpIXR++TARcxXthoz86IG5cYYjrA++xxvz8Rc0YB3RZPHjgdAI7xdU3SkhdNmYw6hu1fPRPkAcQP6CKwt5tUMVawKc2cVcidAlbR09Qh63Rn7xrJO1sS58//wPHA23May4gPNx6E0ZfzXFbMEDfs4i5LGd1S6RzbDRzri8SAmhB807n3DcGwtCU7Pwibe0gwxqAAEhLgqFtmceLNUlzE+d8Bu5rfYY47mfvynz+I82mj/Tll2fiD0rzVs/ZAf1KiFWjE3EOQi7gBDg/FLENRObb6LFk7rgL0Comnz6KX7zigZQ/1nf4sCvlyWF1k3h1BPaTasyMI/5W87ADvaVLmUJnaI3kSV0igidldEpInSWo7OEThEFUlRNlqOzhE4RBVJUTZajs4ROEQVSVE2Wo1NE6JRY77z0pau1jlp3raTmbYuF8am97lPqaqkhREjAmXfhPYFh82gUb8TwhIMfcNB4qKiSCipGUTGfLVY6+mA+Y2w/ERAumr8XLnp1woKNRLUfP8Mm1Oc4Yt6G8PoSItBwpBg/AbE+EZcDCxCDD7iE+s84zU/0rnClnNDY07LlHzdQ/bpXmPvyfSeqm17DJFs5+Vga9ZW73GT3JU9KCb3x+XOpacsHgsC+tN4HJIkchZVItSkbDNc+/mVq3r60TxEZBKtf/VIidPNcJiWExqeqOo8MK9HwBO1NqFvzckqqTwmh93C4NasDITb4TOZwPb9XHHOWkp5HKmmNBA8Ous6UEBpahQxYdDUCndzPPh3ReNJyJs211/waVAR1MhWQEkLjiHEZGtmHwzhcAdvTCvLdyQ/kwj6Wg7+3nH4X8eyX8SZynQpXA7QrJYS2OjlewUc2ygCPIjfw7xUN4ktAkBNECIP4SRbESnuySFyUT76lDpVgoiDLZzi4WL2RaiLBS3SosK34Ug7bJsO22nb5NrFr3gcZtLc/GhY4odsbNpsmJaoIMHsUew9VVIPnkgzwzUsaeMDobt+bNBonBIET2hpT6b/r4ju1dY8zZz79do2pL3ABcxMrz1RIcQPR0ZUJhG7dw8GrJFjGg5kVqizhIqzpEBs//uOnpsfj+Awd60Z9Uwa3NzzCdnOU36AhcI5ut8QkxSZMK9Q0OO8fibnYhktPHlFs8nG24nR/z6KjI/7luy/vLmfghO5oMB8WrdIUnGT0+m3mACno2gGTwyftuOumPld3Rzx+fQnvqYETurMltqUBzYNTuRXgmK4Da6hM5D1oqo+EtkTJ0bUl0TR9DxPFKpVDlHMZVOGIofLp4GXeemGFaaOSCz0h44MKGjToe+hD7T2d8fE54tCatTZTMpzLVbHvTJmSvQl4jyGaFzyhu83h1FQ0sfPER17YNeD9LwN2v8Lr3w3s5Sn+dY9t1NpTrDNXN3i95gme0C42SuqO61RFSz/ugP6uNI5POdoNwma+9P4e2qbT1V200SthrfkDJ7QbihgnHFobh3scoGmFr1k2aVrTcY8Y1XIQFWyxswfLJ2OfMeGU4AntwjCnEx3Pv7cnrnPjhqg2zseyQec+7fbVsQd8pd2XGDydg5fRbvaf2PUTnP7ftfFTdtiz7QBazSHXfBSXfNnxmigLGnxxiBJ8EDhHuwmjgym2CkA064xwKm9R1g2EO9iiBxu3DIhGo/tq5LxBXQdOaLEJ0KH1FTYh5HfVx2ss5395qK3YB6dfeH98vGpnma5+0Q7N9pQcPKFdbF0b0s8css3oAc41toI1bKacDlUQJ2DIcOUJI8y7ZOXEFF4HS2ioTRZmscbqR1+H8b5vK2B1HFFkrKCylSAPuPnsu82WQjy/6kSNbEYGAZZGGo99/A2U0OH1OHMndissdQPK4w342DFrjR09gzflt9lMVLC8ZaxDGvRBdF7Tnm8joRd+AyU0sc+bFeRw8EZascLQhE34Vrj6pBFK+YyXcvh15vOuMMCe9LmBVhS9dh8oocNTWzNHq0JmqtQ1VaykI2ZWKAmFEBRW7QSBqtojp60rC5ke2imYpkxJ3QRKaF71NDUOBIXtwQrd5mwi+fl34ycqIVb3rIAniFAjw9ghhSLuh/xMf53mhBZBuS20Uemz1hik0B6sNuj92dBvHUgxoYGPhxXeuG2mJ71ZFTzcijPZ+2A52kWQbnTAyqlwqGlqjXE+Ji4Lr5kS19f31+wl69LYg9+dqB0AgQt/JhAxn0xPfL+JH+79rIK/SDczwwEWtwG4JCy/fw5hiWvYgHyx2m0NUoWgKlcsWG9q7ciBBfTFOZVx8trIBEPTd+5iFZDp/O78WSIWCNJ6VLLLKOTTb8Ac7a6VqsPFwHVDWL8GDaxEBlaIDeui7tt3zFISGfwLUykMTa08QEIEXfPoxljjOH5H0NAnCO10xJ6KCB2sT+NFAMp4Cr/yoblKkYGJzyN8MAOM/zLMmxg7NiQVnkrBig6wkiXOrVUNEzkUWodMFNU1Vl3+c+cswfHQZlR4C1nWX/ZgNf3tw3hb9EUc/s0YXNOf0CwMoTgJeuOXKVLXFBvkQECICJUmgjQn0AUIxGr7vCuXkUpvX8XcbxAZdfR0BS86guXoKInDJMNn3NBs7hQIYl0TdCKwUzpmhTiTViXbl/1qTlx94sxwJ6RJpgdKaOz7k1kahLZ2HkYiWY+FDv0h++ch0hq0iGH986mQ84B7VeJB1X/45FnrgZZS9fB+SjmO/YtBQ6CEdmOLtuq0dz23VRl5ES/kYparWCnRLksxxRBHD/YPI9/gynxadPdsJZFB4FQQOlCtI7wxE1I6DBAR1oVYq52jdq+au2CFu+f5reIc8et/t1EEEjTwWn/B+QhgeMohA+nH3xpN7/CgKctka/70d6BB/DoJIA5UOrOUhW47eywdz+4EOnhx0R4RcnP+c/Ze/+Dmm84cQ6cfPkgZKVLGnwoZbaaEXLsP1/Ec3UMVDieyQbbece44cbAYwst//XMD4qfMkbY9+upOGn/eh/QH3tkFUZEopELrSLx1bnplDIZSXic/OyMrOHLWuBL6+XfG0koWA2s43vPNZ41R7lu57enNNO2ixSK6rlHey2/6iw7R25iMFqLDgaNVBMLgBrl7Mh9nuoxtIO/cOZt3cpl5BHn2v2oZ3fvCVhEMVoXH7lmPC7c1u7Jun5tb67aUp3wxQqPY2MGFnkpbM4Pg/cpCtIq5/KsKWb7glR3itDe3Xw7wp73WIYhkprPQja3ES+QexiGsCb5684y44pgN4mAz6O1uICM42nq4OWI7+wUQRYiejgMgVYMhDoqE268TZAZHO/XSh3QMnLBfGNY8GeV0Ps/FSYykwqiUchktE8HPa0xo3ps/m0bwwWUyQF08/7512klqZhDaIqNlIjhd46Nf+O/ddCdvR37ijV3imD0ct2cnDCC33+ZZIM45lOH1ZfW0w3K+uJyeCkIHa+tAb6xzbLmHNtcYxOY/u1UY7FVZDuWzZh//3mTltBpT7aVsocNERoZjfvIJH+IwR332SgrWDAMXHTpvfpkQ8jU212NVxA7e/qRBaBV26RAjMCLJgBdQpdhGhzwIbhU0BE5o6wEKTpIEZtJrH9vgqt8z+XQ4uxAU8FA93OJwc/EDVeoPLCM4OtfiwOhAaRxmU29ZhbGjOqyBdXvV3Ihq7jpvnKnohh1t4khV00O+yYjNQjkWQlv1amunYeCHjcMt4MXYgeoUOSwqxIHFoyou3YcHmmb6gJ1R5FoO98UkQ4a4e05ceO1UOYv2uqLEfjyHFnLQ1HJT+V++uM10L26sjYjPkfSTFBBaz52q9UJoHT/79hjHzj3PR1Ubqyh2mXGysgxvfdwQN4t0+srk8oleB07oUKHZA9TC0GFCKVTA0w4bSFd8zd6J/IffHEVTRhY79vvgaWaORgGrr58jEh8y2H93PiAHilCR+RRlK1rEUwIHW1078DVjjfCEgwfQpQ+uF15JWKw9dEY5YR+LyrZhxY176+QFzxAAa8ZY+UuzmwIhtz8QOKHzSgeZWmrtEvRbENoOMKWGiADTY8yyfhF25aLPFbhfWVxnIrRYrY8WCOYicNGRVzrU1HLrqjcSrd6kpgJ8A+6GD55nIlsRRe5XbW42p/gc3deMPHwXOKGtx1WrAk7t5m1uCjGtaq/nZ7vrzQ47QNBlkVM5HEo5aAi8hvxy84A2d0LMudDo3AFXL6dJw4vE4IZYScP7F9Ag9sXoVxoSq+Ywc8KYBNsyvghxOiezCA5Vl1+Q4Hz+D4TEpk9MfE64aaVRTfQXYYJkyM01W/zkNL+ugyd0GYsOUCBCkQl81KkK1rEdAn+pgJN4gJUhJ1/dJjlPsteBi468ksEsW2PfKgw+1586Ktl2J1V+ruSyC0ShgngVMKkKFIUD5+hQEevRGMlCMRvx/3xxMHvxE93y5GZFk4J5BHFx3peH0GmHDoozr4aK9Q47frQocELDaTd8XHXMuITZ4BlHDqZzWR/G5EE1O8RqN/4w82tj+we2srXysanY0Gk4PBoSCVKpgN8cZDgCYZXwWbNwTodshy0EESDhjoD8mJZbIb98hPWR7/cpILR9m3X+cCiFgS+Pv4T44dMep5zidp9h4YCJcrFArgOX0Wh1XlHwn2bC1GE2Lx4yM+HibgumhNBjT3xYxPYXB/imwCTptvPI193ZQgWVY7wUSShvSk+tQAs7m3eLkyuatyyilh0fU0fjFkJsvB6xMwp6Mb97HFwjfjF/VsyhE+oqF+KXjPECS1c5HM64eMgsGnn07ZlJaDc0Aucj1HBXSy11cmj4rpY9/DLqOUx8vXgOLuzmeHo9nA8OisYKCV4OFhpy8grZDl5CocJyNmr1p7ySQXzYzXDKLxsmrq3La27alGyelHN0sg1O1/IpkdHpShw/250ltJ/U1ODKElpDHD+TsoT2k5oaXFlCa4jjZ1KW0H5SU4Mrq95piJNNSj8KZCVH+r2zbIs1FMgytIY42aT0o0CWodPvnWVbrKFAlqE1xMkmpR8Fsgydfu8s22INBbIMrSFONin9KNCrLkrpRy5Fi9nzBsv1Pbwk39XexMd8Nof/ePleXIs0Xs7HL4e4wYbzcPAmw5++h30q2CExN49X5fMoN1RAObyFLTeP//DLnpehgjL+LRHXWNbPzQve7VXR07R4lGVo6TWBATsat1J73QZq27OOWvdUUUfDFups2sn+JA0RpuSdAxGvSrG/HQ4+fAJWeK87O/kIPx8fnX1E+5j5Bf/DQZOdM1E/nIAibtDiQ8gvZV+VwVTYbxwVDZlOxUNnUdGgaWH/FamPmX75mVtY6Wjcxp5oi2jvxrfYE20FM+sOPrykjfmQGRNSMuqBlgGvHkyPUYE/gLzigVQ25hDqP+NUKhkxLwM6p+5CRjM0Xmb9mpdpz/InqHUXbxXiF5wTYjd4IVXVBMn8p1CR2ii/dDANO/xGqph4dEZ1OSMZumnzItr86jXCLzirb9rzKz74/PKRNOGUJyhUbN6eZl+qb6dknJVj1/u/pg3PnS18p7PMrGc++I+312+kXR8+rM+YRqkZxdDN25bQ7g8XxAW6sb4PTNkQjP0+DkDzc97eiF118u5ma/5MvgdT7/30P2LCmwn9zCgrR83i34pJUE7IPlgyDgtZt7WVzrhzDeEcT8CqzS30p+/jmLNUhPkRVfaZ/7BNqqNhE7XVrBWWkT7TsAQbkjESuo1NbE1b3uf5nn0MCJwp8qd/7aJjOV6mwcygG2KyvfFRfVxY9QRpGlfMiHeBc1837mzjuBe+7uKLq8/bgxwhnVt2ms+O9Yaj7+TOGAm9d+ObvLDRKBYkVOQVzMwRen/6xCZVMj33bg0dPVcfWEtZUPMQjIyYqnfzoT3yyUYItPXU9VNp+phidRBaDc5gknLCVqBgkKcUa8ZI6L2b3g2vuCnIhziyCGZz61ObFanhR8s3NPMBoB3aAGW2hS0JxrLKqbetptuf3mJiZmSFzn7D7zdyJAysEloK98ItbO/t9Z/2Qs3+V5kRDN3ZUsMre2vF0rGKRJCUv2VJidCFdgAVZA/H6UUYrGShiA8KfOy1nbSEwxbawfY97XySY6cIt2WXJ2XPeekdoQ+6O1pSVmVQFWUEQ7fXVlMnhztQLZhAOm9gvfXlD+LPPpWJitA3CLaXLD+jvs272ulhPmVHB5d9bbg45SHRo0h1uL2mYdkeS/v4S3fICIZurVkjYnSoXgak8zsrG6mxRR0lXS5TvaOVA1slLqFREm4W//tItZC+Mm75emB5Hh2zXz8RgEt+3mvXzNCIc9LdYT+i9FrbPFacEQwNC4et3YC57NNdba7I4jafHTJEelvw9+30wVpFJHup0ESOBDqwAufIC48jKaX3LrFq2M3RldIdMoKhMaERTkW2b8Md4zQ2O0txuyowudvDevjTb9XYZYk+nz6mxNWxaNECgV+whObQXVkdOnBCO1cAP+OOvayv2jkcMS8jVqYbQCRaqAyJAGJzLq1qok27nUeDw2dUcDzQBCtKpHFuyrDjVndXasIau2lOonnSXkJ3I+Ydx8DTSWjYoN1AZSncR93kjM+Dcn/nMwKcYAwf+TqHg5LLdmmnMqlJ51VSjhWY7uDuTffhXna21lIXO+YnzIlS33SnPknZ4i6x8reNzXCvLXNmaJz7juMM+pqAxgaCVJz8Gkc8nx+k/UohzHU9cNC3HHGWCJ2sZ1a4xVHI6sbry+t5YSb+HAwZB44vPmZeP9+lM2znedCqmCnRh8RMgSyhU3B6o0yPIK7TnqERblccFODDWJOoXtvGK34vvMftcIBDppfT2CGFvFLoj/6MJfStPDJcuaCaFkfOCDyFDyr4xdljPJsERYtScEqmA4mSTk57hhYSGjtRkiZF2KXUKxp47y2rbqIlPCF0glMOGchZ0NLkGBoH/GAV8orfrKctNWa995m3d9NRsyvoK/v1F0vsTm0ypyfXLjOu3rlLe4bu4gmhL9ycIP3zeLh/aRHr8Q42ZdiecSAoTo9KFPDxrN/eSmffvY6215oZWcb537VNdOy8BM6oSH9+pgxgaCzX+iGfWXPx+EKxqLiLXUJfXaxfVgezgcEqSkLUovEnkZnSeg1LzT3Pb6X7XlKcimvJ/AWW0E4fmKVIxtymPUPj+Aq/wOtnUcBD/1vsI7KttkPbBDDjCQf1T9hVFCuQP/rjp/RH9uXWAQ7ZXXjNFHE+VUJmQa8E0DWml9LSn6HZ/yAcEyN5CsIK4QVwmNlz7zpPBo8/cABN4tPlnM7+UtWNjwE+1U7MPINXH5+8forwRUlcOqc/R/tgG1C9htQ9Q3AYv1SOAew05Bbg9PRftiy8s1LvoQaGPJ+PScSJgF4BVoxXebHmVodjHXFK92NXTxKH4fU5+7bXTieZP/0ZmmNMODG0W914aD92GPLAdw//nYPUOOQ/9bBB4khirwwNZv7PJw30XT5aXlcF2ozdL5UlecJ6mRw/pL+Edi+SkqNUIKWxECCWa3XvgdPgSO8EWLoezOdfu7FFQzq/v2Yv/YsXU3QA6Xwmn+eKc1m9AMo9804NXfPbDdpiowYV0NM3TKMBvPKYuJqhrSLtEtOaoZmbeXULzGrP0RiC4bjvBFjtq+TD3N0M2dDZf/fPnY55scw9eUQRwenJLUAyY3vWn9/crS3y+X3K6dGrJnP/cZi8tw9GizjNE9OaoYWEZj9eHcDneHeDs4QOicOYcWq2Dlv40OaqbS301gq97gxpf+Gxw1wvbmCEwMno2Ie4uEpvuTnx4AF09/njXePW90hOdei8nLWPXqc1QzML8D/4MKslNJ5iuHejciCgoVZZjbxABKj524d1jlIXTDesf74ru7NYMOFNvKffEYsVYscvF3xlKP3gtFGO9duVz/Tn6c3QzIQivKyanwWfYzLmxlyGURuOPZCUdoA0bOVy2p8IteEbnx/oSneGvryA9x/e9vRmu2rFc+B86LIJdPiMyuCYmV0I0h3SmqHDsZIT32UivzwIaKcJIZz431lZT2u26HdH33PBOJrKixwIV6ADTC4ve2i94weCBZMnr5tKxYU5jjh19TmliVHKKVMfT09rhhY6AnOiRqi6Jn9pUS6V8cIKGNsOMPnCBteZY0tEBCTkKy8OEezAs8aV0Jc5UM3+k8uog0cFJ2aGxL364WpHZj7+gP50z4XjhbSHju0F8MGgLdXb26iGY44MLM8n+JSAcZXzyKy3nRfyBpA3qvYmz9IjBhQIx3udlIb6Amn59A1To/E0rMzhZskZjPbBmkZ2arJfZQTDP/jdCXTk7EpXKpNMXagxL72/h37w+Ke0V7Hb/bpTRtJFPGE1q2JQ3/wZ7eS2pPo6zSU0yKURqR6oCfNaMQeIMb9kNQJI8S6dKFcXMz0Vujq+Q0Xzv3PUYPrxt0YLqeymPUAMfPgIfs/mRERU1S3kLKtujh+JIByECdTUzLS7yQCGTl46463NGlfqi+rihgMgxedNKqOffXsM7xLfTfAhgaryVVYvpo4K695uJD3qymOrC0yT85/dKnw+nOqHx9813xiptF1nGdqJekGns1jCIgcPlrbMCLPd3lZn5XMaM1IqFyjAsHD4P5X/ZCHtViLDA+8jjsd33WMbRDhgN6SG5L/x9NGin0oJ3uVsr3dTT2/myWgJncvMXsexNuoicaDtCA1VAwshie4ptMPr5rnMzG7yQ/9+nrd7/eRPm6ip1Z3O+2WO0nT3eeMJ9m4lI0cqRrCZdIe0ZujwiVXsXwWuUGge2I2NZe+mNv2LL2FpV8JMrWMu6KhYVBEjAuvPUKFhKRCTSP7VlfWLSTDZu+XJTRx4cqcjSvT9qhNH0MU8+RM6PzdWOwJx/7K7vh3JGnAGDi6DCPR2ACZsYnXDaf6GyRQknyojYt0hUPmVv6kW7qJGXdBd8REglsfgijwawaa7cUOKhO8G9ODRHH8DHwrMZjqpaOBz+zuIQ4jpAB/dj3hCeeYXBlMb+5B4qTsroXWUTUUac6w4hdVGPoKRYV8GY+uYGtLMbpMA0q7/3UYTM6NrYJQGVmfwt4lj5y222SSLCd+X5lTSWcxgCDADSe7V+84gJZycsPSNj+jmhZtMK4aHcTQm6MdTIs5QbnVxAzeGuEwINJPmKgdLZz4s0w6wEAGnfQzVutjQduXxHB/C9aeOoqrt62irZYe1rpyRBj0XIQ6MMAfQ17/+uYF0zpeG0CRe5PAqwTGZPIn9RE49dKCwhcPCgbgc2HyLtnrx7DPaaPx2Z0DkJHtuMHrZl385UDeOBWa2U7YSix4wU0GiNbfZ75JWFo48hCQeP7SQ3rhtppD0763aS0+xqe2DtY20ow6ntOpKx6dhk+wTfDQG/gCIogTmhIowehBidnCMORc4w1I+kpHb6AdkdWg/qJgEjhzWBwRD27xPPIZ0xpJ2smDoovMmlbINuVQERhcupywdUQ+clqo5xAAc/99k11LE6nATkxonB8A5CX+AfceX0ve/MYIOmV4hVBPtRE6U8Oc/1sp4YSVr5fCHmgljYR06D0e42XA0p8B0V1iA1+UvCAsHD/8sowViTMawLI4/SFtMJg1finVbW3gpulZsqNXF0wAifAhn3bVW4JwysohuOHU0HTGrgs9jcSe5RcGE/oMOnWXohEjnZ6FczZmEUAcK83NoKNuYU31oGSRrS3uY2ccNLaLL+QgKmNEKuD1vf9wg7MgIGqODNVta6Zx7w8yNlcWbzhxN00eXJKUn29aHiXMGSGiew6c3CAmtUWShFoCh+gIIJmcdGsz5yk3Tac2C/ejW74wlJ1Mc2o6zFL/605U06YLFYokbIwIPAj5CZlg50p6hc/OKedC3VzmQNIjtxH0NoJPj76TPDaB375pFKx6YKywfTu3ER4FzDydfuFhIeTC1X4ydCSpH+jN0frETDyR1EJAjch8ywGIBe/e1J4+k6kfn0YOXThQbdp1QP8nWlmkXL2EPu11i8uuUX5/OEjoDvO3Sn6ELyvg9aSS0/i32qVT0Ama9I2ZW0JL75tBzP5wmjn5zaiS2bx1yzUe0k5f5sYKZEAgdmp2T0twnOgMYurTX+BmsA4cfmAaxYBL943ssp4O5sEqZCGClD0vob985i567cRoN4YmtDhAn+sjrV9DCfycqrbmhLKHFtjZdRX08re8plx4JFiooVzomeUTjOjv0VTDqv9nWvOCV7YTQtXa2YpjtRg4spAPg63xgfzpoSjmXJU8R/AVjsylw0T2z6a8cGBLbtnS+0vDC+2RTC93Gk81Whz2N1k6LHStYXk1jMZf2DJ0rVI4ExaD1jTrcQxrf/OdN9DjrrG4AjIfDPPH3FAciB0ByX3LcMOEFRzm8t8/ZVVuUgypy1L6V9PGDc+n7HFHJWEoXiZb/nuQgNdDL7zx3nOPeRrkodGhukcpxUc7Wp6/T+FsM0zVUWMHDevDdgFQ+5951rpnZ7q1jafveF7byZG4x3fHMFk/nFcI6CUa994Lx9Gveb6izbjzLocTmP7vFw2QRKgd/XWkeyiB4TrB7sz49DxWWR/w57BFqzNT2haQUqA5L+QgIBE/0Ex79x066+IEqT0yN+uGAdAwHUL//kgna5jz41+30r4/qxaigzYhE5mehciRLLMeKgs2Q9gydCx1a46AE8iVrA8EyN5ycEP/Ob/hwXRPtZCcneMx5AejWYGoEtNEBNsxi57erySlL53SfFPr/hnTUDSAtVFjG/Mz+HBrJkmwAFSyAwEfjxtNH+d6Dg6aW0ZD+BWKjq1fkUD+uOGG4+NjsylZxiLE/smcf9iDqQHxOQt1I9vPX1RJ8mr6XwdefdA25+ez55rRa6FALJLDmexClIRERTRS2Ya+R/u2q329iKc0/D0FkXM4MLYhgXcExcd/mkL06eJRPANjGvtz6UQBegyCEDlPfT8sAhi4mYenQcKTTO+pkSSdMbw6jPqwW2B2+7P45wlKR6OvFBPO+iybQX34wTUzsNE13rAJtgtqB7WB2UMMHgi5kywcctZzBiVrOGHozhz0VerNVHurOYW+7UFE/liwaKefwjjDJgs2Wl0EcawYquHJiqK96ZB5L2HGunIuAGMFs7uWwXqsfmktH87asZHaXGA3FOS/jWErD4UkHiP8hdHXHLjpm0FXT62lpb4cGBfOKB2h1BqcJEbZn4VjjkRwOTL8/PPa+IFVhgjtu//58wtUAsdiCyVcT4wIUsmUEK4g4KQvzPag1xjapNpaqfgLs44i39xa7pdrBdp54vra0nr51xCBldKhwbBOWb+nNz+m8JhR7dXmlQ1j1s5fQdhtgDQxQNzB5gqtpIoBJI3RsqBKV2PLFf5iEgW3B9JDE+E1GtdC1C/XoVA6j7H/4gCNtG+AhleYskfYqB15WftlQ450pf4tc6I6vLqnTv2wl5r7xEOshiKLkBLtYSuPjUwI/xg56bGtLZ8gIlSO/fDiPlOoXAek7fpizg/8/mKHv/MsWOovDZSFEruFcJMzDhuDmlw52gJQzLALh6zALyNLPSEcKymjBLoNRr6UwHmPUgSoFteaBl7cRPkgn6McbckNMJnWEKA6nFioQTO2Epy+nZwZDlzFD88sIs46ZC2CrRSBExG92kmIP/W074c8LgOFhDoO6gX2EWHvBPa4h7HAWOFQZMBL2Nxq/SANTcnJYbRW/4bYbHwP4HLo3QhXgw+xkBR8SFro4rBtiMsvqjFs4lDfeol3qTyzM0JSr9+pzW1dv5csIhs4rHcqmu1ISxyRDbEkApsB2pV+ydeEbP1/t6rwVqbjjpWA4ZjLbodwRQ2oyTOBRCvE8bD3weHjJzS9hlSP5HfKp6ZG6FpYT6Q95JWxlKBnEqoBaWoHZhrMF4727Z9MZDosQ6U8Ncw8G8vazS786nF5gn2ps0JXVIlNOThDmT9PD9LvJCAkNdaOg3xhqq+Ed0jaRlPAisQT+I16+vuWsMbSdHeLfWdVISziE17badrYtQ5brAYEZEekIakwb58fQj48F9/jtFGoB1IOwmiCkN/+HX9Qt2qCvQqRCK4DagsEGKgL+MMpgYQTWE+jN8C2p4NNjB1fiL1/sbMHRGDiJAPdYzUR5tE0sGjFm1G8HUHPyS/UrjnZl+9LzjGBoELRo8HRqWPcPRzMqXipMbJggwYaMP68glBrxX7hk7D62NCNrPrH0iL6sqTDKc/gIIvkMRhQfheWZHSqYCT0BV1JQOcZTkb6YOWMYumT4vMjEMHgyC0YzuI2ri91LD4Nvhq81YJQrGryPrzh7A1lG6NAgXMnw/ah46MzwxNAQab1B0TSsEztVClk6Fw2ZkYatNzc5h4ex9BUr5r5E79rrqql52xJq3r5M6NUdjduoq62eejrbWI/koZj1gWiwdFzDhi3rBVFMGXzBdDCOlsZK6+jj7qOSYXPSvsMZydBu3wpCX3V3NFNXa4Ng+K6WWupsraWulj38V8fXddTNH0JXWyNL/ibeFN3M+Vt4pz9/GBwHDuXFPrzo1iUsbxvyIfJr3EZ17uiFaGZM69a3Wtimo1kYqQKvWOLHah/+Qvkc96+IQmzODBVWUqhkIGEBqrByLBX0H0+F/fiICr5nO10UayZcfKYZOhNeYLYPZgpk1udp7lv27jNIgSxDfwZfeiZ3OcvQmfx2P4N9yzL0Z/ClZ3KXswydyW/3M9i3LEN/Bl96Jnc5y9CZ/HY/g337f+Tt4/OCJArEAAAAAElFTkSuQmCC diff --git a/base/devtools/gitea-values.yaml b/base/devtools/gitea-values.yaml index 5524797..ec28c3e 100644 --- a/base/devtools/gitea-values.yaml +++ b/base/devtools/gitea-values.yaml @@ -19,6 +19,9 @@ gitea: email: gitea@local.domain config: + DEFAULT: + APP_NAME: "Sunbeam Studios Version Control" + ui: DEFAULT_THEME: sunbeam THEMES: sunbeam @@ -56,11 +59,24 @@ gitea: TYPE: redis CONN_STR: redis://valkey.data.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s + service: + # Only allow registration through OIDC (Hydra/Kratos), not local accounts. + DISABLE_REGISTRATION: "false" + ALLOW_ONLY_EXTERNAL_REGISTRATION: "true" + # Hide the password login form — show only the OIDC button. + ENABLE_PASSWORD_SIGNIN_FORM: "false" + + openid: + ENABLE_OPENID_SIGNIN: "false" + ENABLE_OPENID_SIGNUP: "false" + oauth2_client: # Auto-redirect to Hydra OIDC on login — makes OIDC the primary auth method. OAUTH2_AUTO_REDIRECT_TO_PROVIDER: Sunbeam # Register new OIDC users automatically. ENABLE_AUTO_REGISTRATION: "true" + ACCOUNT_LINKING: auto + USERNAME: preferred_username storage: STORAGE_TYPE: minio @@ -112,6 +128,10 @@ extraContainerVolumeMounts: mountPath: /data/gitea/public/assets/img/logo.svg subPath: logo.svg readOnly: true + - name: custom-theme + mountPath: /data/gitea/public/assets/img/favicon.png + subPath: favicon.png + readOnly: true - name: mkcert-ca mountPath: /run/ca/ca.crt subPath: ca.crt diff --git a/base/lasuite/messages-mta-in-deployment.yaml b/base/lasuite/messages-mta-in-deployment.yaml index f302ba5..40832d2 100644 --- a/base/lasuite/messages-mta-in-deployment.yaml +++ b/base/lasuite/messages-mta-in-deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: lasuite spec: replicas: 1 + # Recreate: hostPort 25 blocks RollingUpdate — the new pod can't + # schedule while the old one still holds the port. + strategy: + type: Recreate selector: matchLabels: app: messages-mta-in @@ -31,6 +35,26 @@ spec: key: MDA_API_SECRET - name: MAX_INCOMING_EMAIL_SIZE value: "30000000" + # Liveness: verify the delivery milter process is running and the + # unix socket exists. The milter is a long-lived Python process that + # can hang silently after days of uptime (COE-2026-002 addendum). + # Without this probe, postfix returns 451 to all inbound mail and + # nobody notices until senders complain. + livenessProbe: + exec: + command: + - sh + - -c + - "test -S /var/spool/postfix/milter/delivery.sock && kill -0 $(cat /var/run/milter.pid 2>/dev/null || pgrep -f delivery_milter.py)" + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + tcpSocket: + port: 25 + initialDelaySeconds: 10 + periodSeconds: 15 securityContext: capabilities: add: ["NET_BIND_SERVICE"] diff --git a/base/ory/kratos-values.yaml b/base/ory/kratos-values.yaml index 6d3cb2f..9ad2e15 100644 --- a/base/ory/kratos-values.yaml +++ b/base/ory/kratos-values.yaml @@ -46,6 +46,25 @@ kratos: - https://auth.DOMAIN_SUFFIX lookup_secret: enabled: true + oidc: + enabled: true + config: + providers: + - id: discord + provider: discord + client_id: $DISCORD_CLIENT_ID + client_secret: $DISCORD_CLIENT_SECRET + scope: + - identify + - email + mapper_url: "base64://eyJpZCI6ICJ7eyBpZiAucHJvdmlkZXJfaWQgfX17eyAucHJvdmlkZXJfaWQgfX17eyBlbHNlIH19e3sgLnByb3ZpZGVyIH19e3sgZW5kIH19Ont7IC5zdWIgfX0iLCAidHJhaXRzIjogeyJlbWFpbCI6ICJ7eyAuZW1haWwgfX0iLCAibmlja25hbWUiOiAie3sgLnVzZXJuYW1lIH19IiwgInBpY3R1cmUiOiAie3sgaWYgLmF2YXRhciB9fWh0dHBzOi8vY2RuLmRpc2NvcmRhcHAuY29tL2F2YXRhcnMve3sgLnN1YiB9fS97eyAuYXZhdGFyIH19LnBuZ3t7IGVuZCB9fSJ9LCAibWV0YWRhdGFfcHVibGljIjogeyJwcm92aWRlciI6ICJkaXNjb3JkIn19" + - id: github + provider: github + client_id: $GITHUB_CLIENT_ID + client_secret: $GITHUB_CLIENT_SECRET + scope: + - user:email + mapper_url: "base64://eyJpZCI6ICJ7eyBpZiAucHJvdmlkZXJfaWQgfX17eyAucHJvdmlkZXJfaWQgfX17eyBlbHNlIH19e3sgLnByb3ZpZGVyIH19e3sgZW5kIH19Ont7IC5zdWIgfX0iLCAidHJhaXRzIjogeyJlbWFpbCI6ICJ7eyAuZW1haWwgfX0iLCAibmlja25hbWUiOiAie3sgLmxvZ2luIH19IiwgImdpdmVuX25hbWUiOiAie3sgLm5hbWUgfX0iLCAicGljdHVyZSI6ICJ7eyAuYXZhdGFyX3VybCB9fSJ9LCAibWV0YWRhdGFfcHVibGljIjogeyJwcm92aWRlciI6ICJnaXRodWIifX0=" flows: error: ui_url: https://auth.DOMAIN_SUFFIX/error @@ -78,6 +97,8 @@ kratos: url: base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLnN1bmJlYW0uc3R1ZGlvL2lkZW50aXR5Lmpzb24iLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAidGl0bGUiOiAiUGVyc29uIChsZWdhY3kpIiwKICAicHJvcGVydGllcyI6IHsKICAgICJ0cmFpdHMiOiB7CiAgICAgICJ0eXBlIjogIm9iamVjdCIsCiAgICAgICJwcm9wZXJ0aWVzIjogewogICAgICAgICJlbWFpbCI6IHsKICAgICAgICAgICJ0eXBlIjogInN0cmluZyIsCiAgICAgICAgICAiZm9ybWF0IjogImVtYWlsIiwKICAgICAgICAgICJ0aXRsZSI6ICJFbWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSwKICAgICAgICAgICAgInJlY292ZXJ5IjogewogICAgICAgICAgICAgICJ2aWEiOiAiZW1haWwiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJ2ZXJpZmljYXRpb24iOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgIm5hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgICAgICJmaXJzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgICAgICJ0aXRsZSI6ICJGaXJzdCBuYW1lIgogICAgICAgICAgICB9LAogICAgICAgICAgICAibGFzdCI6IHsKICAgICAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgICAgICJ0aXRsZSI6ICJMYXN0IG5hbWUiCiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIH0sCiAgICAgICJyZXF1aXJlZCI6IFsKICAgICAgICAiZW1haWwiCiAgICAgIF0sCiAgICAgICJhZGRpdGlvbmFsUHJvcGVydGllcyI6IGZhbHNlCiAgICB9CiAgfQp9Cg== - id: external url: base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLnN1bmJlYW0uc3R1ZGlvL2V4dGVybmFsLmpzb24iLAogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAidGl0bGUiOiAiRXh0ZXJuYWwgVXNlciIsCiAgInByb3BlcnRpZXMiOiB7CiAgICAidHJhaXRzIjogewogICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAicHJvcGVydGllcyI6IHsKICAgICAgICAiZW1haWwiOiB7CiAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgImZvcm1hdCI6ICJlbWFpbCIsCiAgICAgICAgICAidGl0bGUiOiAiRW1haWwiLAogICAgICAgICAgIm9yeS5zaC9rcmF0b3MiOiB7CiAgICAgICAgICAgICJjcmVkZW50aWFscyI6IHsKICAgICAgICAgICAgICAicGFzc3dvcmQiOiB7CiAgICAgICAgICAgICAgICAiaWRlbnRpZmllciI6IHRydWUKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJyZWNvdmVyeSI6IHsKICAgICAgICAgICAgICAidmlhIjogImVtYWlsIgogICAgICAgICAgICB9LAogICAgICAgICAgICAidmVyaWZpY2F0aW9uIjogewogICAgICAgICAgICAgICJ2aWEiOiAiZW1haWwiCiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICB9LAogICAgICAgICJnaXZlbl9uYW1lIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJGaXJzdCBuYW1lIgogICAgICAgIH0sCiAgICAgICAgImZhbWlseV9uYW1lIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJMYXN0IG5hbWUiCiAgICAgICAgfSwKICAgICAgICAibmlja25hbWUiOiB7CiAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgInRpdGxlIjogIk5pY2tuYW1lIgogICAgICAgIH0sCiAgICAgICAgInBpY3R1cmUiOiB7CiAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgImZvcm1hdCI6ICJ1cmkiLAogICAgICAgICAgInRpdGxlIjogIlByb2ZpbGUgcGljdHVyZSIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJyZXF1aXJlZCI6IFsKICAgICAgICAiZW1haWwiCiAgICAgIF0sCiAgICAgICJhZGRpdGlvbmFsUHJvcGVydGllcyI6IGZhbHNlCiAgICB9CiAgfQp9Cg== + - id: community + url: base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLnN1bmJlYW0uc3R1ZGlvL2NvbW11bml0eS5qc29uIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0eXBlIjogIm9iamVjdCIsCiAgInRpdGxlIjogIkNvbW11bml0eSBNZW1iZXIiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJmb3JtYXQiOiAiZW1haWwiLAogICAgICAgICAgInRpdGxlIjogIkVtYWlsIiwKICAgICAgICAgICJvcnkuc2gva3JhdG9zIjogewogICAgICAgICAgICAiY3JlZGVudGlhbHMiOiB7CiAgICAgICAgICAgICAgInBhc3N3b3JkIjogewogICAgICAgICAgICAgICAgImlkZW50aWZpZXIiOiB0cnVlCiAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAidG90cCI6IHsKICAgICAgICAgICAgICAgICJhY2NvdW50X25hbWUiOiB0cnVlCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAicmVjb3ZlcnkiOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInZlcmlmaWNhdGlvbiI6IHsKICAgICAgICAgICAgICAidmlhIjogImVtYWlsIgogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgfSwKICAgICAgICAiZ2l2ZW5fbmFtZSI6IHsKICAgICAgICAgICJ0eXBlIjogInN0cmluZyIsCiAgICAgICAgICAidGl0bGUiOiAiRmlyc3QgbmFtZSIKICAgICAgICB9LAogICAgICAgICJmYW1pbHlfbmFtZSI6IHsKICAgICAgICAgICJ0eXBlIjogInN0cmluZyIsCiAgICAgICAgICAidGl0bGUiOiAiTGFzdCBuYW1lIgogICAgICAgIH0sCiAgICAgICAgIm5pY2tuYW1lIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJ0aXRsZSI6ICJOaWNrbmFtZSIKICAgICAgICB9LAogICAgICAgICJwaWN0dXJlIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJmb3JtYXQiOiAidXJpIiwKICAgICAgICAgICJ0aXRsZSI6ICJQcm9maWxlIHBpY3R1cmUiCiAgICAgICAgfQogICAgICB9LAogICAgICAicmVxdWlyZWQiOiBbCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiBmYWxzZQogICAgfQogIH0KfQo= courier: smtp: @@ -133,6 +154,26 @@ deployment: secretKeyRef: name: kratos-db-creds key: dsn + - name: DISCORD_CLIENT_ID + valueFrom: + secretKeyRef: + name: kratos-social-discord + key: client-id + - name: DISCORD_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: kratos-social-discord + key: client-secret + - name: GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: kratos-social-github + key: client-id + - name: GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: kratos-social-github + key: client-secret resources: limits: memory: 256Mi diff --git a/base/ory/vault-secrets.yaml b/base/ory/vault-secrets.yaml index 3d4fa4b..5a44a64 100644 --- a/base/ory/vault-secrets.yaml +++ b/base/ory/vault-secrets.yaml @@ -157,3 +157,51 @@ spec: text: "{{ index .Secrets \"s3-access-key\" }}" s3-secret-key: text: "{{ index .Secrets \"s3-secret-key\" }}" +--- +# Discord OAuth2 credentials for Kratos social sign-in. +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: kratos-social-discord + namespace: ory +spec: + vaultAuthRef: vso-auth + mount: secret + type: kv-v2 + path: kratos-social-discord + refreshAfter: 30s + destination: + name: kratos-social-discord + create: true + overwrite: true + transformation: + excludeRaw: true + templates: + client-id: + text: "{{ index .Secrets \"client-id\" }}" + client-secret: + text: "{{ index .Secrets \"client-secret\" }}" +--- +# GitHub OAuth2 credentials for Kratos social sign-in. +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: kratos-social-github + namespace: ory +spec: + vaultAuthRef: vso-auth + mount: secret + type: kv-v2 + path: kratos-social-github + refreshAfter: 30s + destination: + name: kratos-social-github + create: true + overwrite: true + transformation: + excludeRaw: true + templates: + client-id: + text: "{{ index .Secrets \"client-id\" }}" + client-secret: + text: "{{ index .Secrets \"client-secret\" }}"