Change password

Add response headers to forward auth middleware
Specify argon max memory
2023-12-28 15:31:32 +00:00 · 2023-12-28 15:31:14 +00:00 · 2023-12-28 15:30:28 +00:00 · 2023-12-28 15:29:15 +00:00
4 changed files with 24 additions and 12 deletions
--- a/apps/gitea/gitea-values.yaml
+++ b/apps/gitea/gitea-values.yaml
@ -4,6 +4,8 @@ postgresql-ha:
  enabled: false
 postgresql:
  enabled: true
+  image:
+    tag: 15.3.0-debian-11-r24 
  primary:
    persistence:
      storageClass: retain-local-path
--- a/infra/authelia/forward-auth-middleware.yaml
+++ b/infra/authelia/forward-auth-middleware.yaml
@ -7,3 +7,8 @@ spec:
  forwardAuth:
    address: 'http://authelia.auth.svc.cluster.local/api/verify?rd=https://auth.namesny.com'
    trustForwardHeader: true
+    authResponseHeaders:
+    - "Remote-User"
+    - "Remote-Groups"
+    - "Remote-Email"
+    - "Remote-Name"
--- a/infra/authelia/users_database.enc.yaml
+++ b/infra/authelia/users_database.enc.yaml
@ -1,11 +1,11 @@
 users:
    matus:
-        displayname: ENC[AES256_GCM,data:mLFikpU=,iv:Iemii72kWnE1l0py/t+0656eT8Uq1gpngDbTMMeECh8=,tag:QM1/ZMz+2bhAfCn2yvjc/g==,type:str]
-        password: ENC[AES256_GCM,data:nrOc1JNEew5ucfkYAlx3IzS63BWVESLjZhZ/TZf0brsLNFVKvQ35RZX9RxEfy8BbJt/ELeNlv7UBJVXVCp994UjelG0rQGdGqVKdl4d/UJ8FaMVxCKYtmHuAT4yYC9xs9BHm,iv:a7PS17bCSakhDFINBpSePKvI0dDt8CDCn4QnGp4D1W4=,tag:IQyGAAKr4hjR2bQthlw1qQ==,type:str]
-        email: ENC[AES256_GCM,data:eRqp61nZzcnaIDHJAQsr1Wg=,iv:m9/LLx+nVpsukFvxUs+Xtxqrzm2Gg6NuU7vVDYSvORM=,tag:nGvy4YIHgQ/Q89BRVWD41Q==,type:str]
+        displayname: ENC[AES256_GCM,data:r4kM8Zo=,iv:lbc0NCHgmG/qJxevR/nt3gwU3Kf7XpxHyOE4cKGaMBU=,tag:SewJ4JOg2kpz8nhJlwaORQ==,type:str]
+        password: ENC[AES256_GCM,data:gkoeTLAr06IbgIFMUxIIlJ6TSxr9ZmdWhGbqGyjqwBjQ/fvLyM+b01LCUBOt7AJ3YPcHcHjD5qwZQYedaIlgpfdkIUqZYHl7or7HLAoxz8f8Ip/zQrsXKzBa5NhLaw==,iv:A/wQyj5IZE2VkTQooIOv9mqyj1IuOzW7jVAxUWKebac=,tag:OVOZXZfKFQhd9A35XFBG0Q==,type:str]
+        email: ENC[AES256_GCM,data:3yOqd71wYYKZEyck+/g4+7M=,iv:r7PYbEVqIRi2q/7vQ/hZNjcVREZBFZF39+sK7C/S53s=,tag:5x2XDZWsHQLN8J6h7g+/xg==,type:str]
        groups:
-            - ENC[AES256_GCM,data:WT3SDtr1,iv:HpPaH3bYt6nuUJX4ydm30ndDpzxzTCsJS+O1GqLcT5M=,tag:ZeI+K2re1K5DoZHxbD60GA==,type:str]
-            - ENC[AES256_GCM,data:Vh/i,iv:6Ds1PdJtivewRQvQpAqjtTQeKjhEUDifTWL8aCWaK4A=,tag:D4k6vVlFGCo8nYVeGhRDkA==,type:str]
+            - ENC[AES256_GCM,data:32ZZcHcg,iv:l9pN04fBz3VkSUt4UlpNF0q8V3CX/dxBQGaEEPgI+eA=,tag:kdKUKdgujVTqfnWiTGwxrg==,type:str]
+            - ENC[AES256_GCM,data:L24U,iv:n5IxTABmDCS28ZuScquR8Rg9a7zfXcRLaxrJLSOs4mQ=,tag:b+/4IYGy2fS/aKxeqTqzbw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -15,14 +15,14 @@ sops:
        - recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOHcvR296TFNDTlFUV2hS
-            UXdqZ0tFWkl5bVBBeGlFN1ZIVFBXQjk3KzBZCllhTXdhYXBJUG5NT1JyZDF2M0xs
-            eHZsbWFraGVwVmpWWlZWaEs5b1V2VlEKLS0tIGpNU0VZSXYxL0xGZmJ4TktzNGcw
-            aCs0NnhLQnF2bStEallaZFRkRTI1d3cKtcZJoDjv/+GLrx32GALmc3MuQGLoZ9iT
-            7y3kEdf+fNJGZG7zr9c2Tx8WpDzX2qb7C2VFneDp52p4OpYBIWmKCQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVkVHTTVQN1YzMFBpSURD
+            czAzOExvR2VIL2F1TCtmR3A4WjZ1QklNdjNrCnRVYnVHUjhMTkFEN0puNTNZdlcr
+            NGJ2WUlHQitaUHRnVW5UR1hnYjBtYU0KLS0tIGc5Q204azZ3Sm9CY2RncGIwajlB
+            UzRnOFpUdGwwaEMrRnVWUmI1R283RTQK69LpDO2BW33oJEeG10vS8f8lZ2En7+gn
+            XEKC87UpWf7mdBQZlIuzV5DPZxN6NvtQ8uZDw/IN9jXuSPE1YgMLzw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-28T20:30:26Z"
-    mac: ENC[AES256_GCM,data:uRvVIHdZ/fSi1dKGAn0QEfAwzEKw6cP4GMbpZz3DWMkHkxMnFkR2hcc4NGNg5oRAOxFP5dFTsXMkZCVNN/JiNsb6/Hji7G4YEM6wPWGy3PerWwIwipp+D9r3HvDpR6Viky/TJzCF5NsiVf+sNcN3cMZw8B/IqD0nH8/PXwg3Yvc=,iv:TCqZjgVVv/sMHEjzgFuMvHHs6hfxBgkvOx10MSna3rI=,tag:Tr+hCP5N1nf3lxuE2pfEDg==,type:str]
+    lastmodified: "2023-12-17T17:14:46Z"
+    mac: ENC[AES256_GCM,data:dPGWf7HTZ24W3CJ933fVPTDzuWsJo8sVvmYS/Y6CiwMa4UHKqRJ2YQrfYZ1pM5PTK+WDc3XS5GzXMNhE25yhTtqVfjwwHCVZZtz7/W+Y13YLobC6R8P+kwGvxvO1hkEZUHK2iM0SKtGUW2lnD33L+IEylgP1hCJB/FvycvkjOcM=,iv:KEHP44Mro+CHi4keUrORmq5KcaUHjO9+Y7CHZaL9RvM=,tag:eXGE3vUgSDiRD5i8zERWkQ==,type:str]
    pgp: []
    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
    version: 3.8.1
--- a/infra/authelia/values.yaml
+++ b/infra/authelia/values.yaml
@ -4,6 +4,11 @@ configMap:
    file:
      enabled: true
      path: /users/users_database.yaml
+      password:
+        algorithm: argon2
+        argon2:
+          variant: argon2id
+          memory: 65536
    ldap:
      enabled: false
  access_control:
Author	SHA1	Message	Date
Mathis	1f53a57d66	Change password	2023-12-28 15:31:32 +00:00
Mathis	b64f50a94d	Add response headers to forward auth middleware	2023-12-28 15:31:14 +00:00
Mathis	0cc071c982	Specify argon max memory	2023-12-28 15:30:28 +00:00
Mathis	ca1f139a55	Pin postgresql image tag	2023-12-28 15:29:15 +00:00