feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates

- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS proxy, worker, DKIM config, and theme customization - Add Collabora deployment for document collaboration - Add Drive frontend nginx config and values - Add buildkitd namespace for in-cluster container builds - Add SeaweedFS remote sync and additional S3 buckets - Update vault secrets across namespaces (devtools, lasuite, media, monitoring, ory, storage) with expanded credential management - Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus remote write and additional scrape configs - Update local/production overlays with resource patches - Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
parent e5741c4df6
commit ccfe8b877a
50 changed files with 1885 additions and 236 deletions
--- a/base/lasuite/oidc-clients.yaml
+++ b/base/lasuite/oidc-clients.yaml
@@ -41,7 +41,9 @@ spec:
    - code
  scope: openid email profile
  redirectUris:
-    - https://drive.DOMAIN_SUFFIX/oidc/callback/
+    - https://drive.DOMAIN_SUFFIX/api/v1.0/callback/
+  postLogoutRedirectUris:
+    - https://drive.DOMAIN_SUFFIX/api/v1.0/logout-callback/
  tokenEndpointAuthMethod: client_secret_post
  secretName: oidc-drive
  skipConsent: true
@@ -68,25 +70,8 @@ spec:
  secretName: oidc-meet
  skipConsent: true
 ---
-# ── Conversations (chat) ──────────────────────────────────────────────────────
-apiVersion: hydra.ory.sh/v1alpha1
-kind: OAuth2Client
-metadata:
-  name: conversations
-  namespace: lasuite
-spec:
-  clientName: Chat
-  grantTypes:
-    - authorization_code
-    - refresh_token
-  responseTypes:
-    - code
-  scope: openid email profile
-  redirectUris:
-    - https://chat.DOMAIN_SUFFIX/oidc/callback/
-  tokenEndpointAuthMethod: client_secret_post
-  secretName: oidc-conversations
-  skipConsent: true
+# ── Conversations (chat) — replaced by Tuwunel in matrix namespace ───────────
+# OAuth2Client for tuwunel is in base/matrix/hydra-oauth2client.yaml
 ---
 # ── Messages (mail) ───────────────────────────────────────────────────────────
 apiVersion: hydra.ory.sh/v1alpha1
@@ -101,9 +86,11 @@ spec:
    - refresh_token
  responseTypes:
    - code
-  scope: openid email profile
+  scope: openid email profile offline_access
  redirectUris:
-    - https://mail.DOMAIN_SUFFIX/oidc/callback/
+    - https://mail.DOMAIN_SUFFIX/api/v1.0/callback/
+  postLogoutRedirectUris:
+    - https://mail.DOMAIN_SUFFIX/api/v1.0/logout-callback/
  tokenEndpointAuthMethod: client_secret_post
  secretName: oidc-messages
  skipConsent: true