karaolidis/veil
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-07-31. You can view files and clone it, but cannot push or open issues or pull requests.
Files
1aa2852885cdddbe746a71e60cbf7719d4237605
veil/manifest.yaml
Nikolaos Karaolidis 1aa2852885 feat: add Wireguard interface model 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-29 11:56:35 +00:00

222 lines
6.3 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Pod
metadata:
name: veil
spec:
containers:
- name: veil
image: registry.karaolidis.com/karaolidis/veil:latest
volumeMounts:
- name: veil-config
mountPath: /etc/veil
command:
[
"veil",
"--config",
"/etc/veil/default.yml",
--log-config,
"/etc/veil/log4rs.yml",
]
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- name: postgresql
image: docker.io/library/postgres:latest
env:
- name: POSTGRES_DB
value: veil
- name: POSTGRES_USER
value: veil
- name: POSTGRES_PASSWORD
value: veil
ports:
- containerPort: 5432
hostPort: 5432
- name: authelia
image: docker.io/authelia/authelia:latest
volumeMounts:
- name: authelia-config
mountPath: /config
- name: traefik
image: docker.io/library/traefik:latest
args:
- "--api.insecure=true"
- "--providers.file.directory=/etc/traefik/dynamic"
- "--providers.file.watch=true"
- "--entrypoints.websecure.address=:443"
ports:
- containerPort: 8080
hostPort: 8080
- containerPort: 443
hostPort: 443
volumeMounts:
- name: traefik-config
mountPath: /etc/traefik/dynamic
volumes:
- name: veil-config
configMap:
name: veil-config
- name: authelia-config
configMap:
name: authelia-config
- name: traefik-config
configMap:
name: traefik-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: veil-config
data:
default.yml: |
server:
host: https://app.veil.local
database:
host: postgresql
port: 5432
user: veil
password: veil
database: veil
oauth:
issuer_url: "https://id.veil.local"
client_id: "veil"
client_secret: "insecure_secret"
admin_group: "admins"
insecure: true
log4rs.yml: |
appenders:
stdout:
kind: console
encoder:
pattern: "{d} {h({l})} {M}::{L} - {m}{n}"
root:
level: info
appenders:
- stdout
---
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-config
data:
configuration.yml: |
log:
level: "debug"
identity_validation:
reset_password:
jwt_secret: "jwt_secret"
authentication_backend:
file:
path: "/config/users.yml"
session:
secret: "session_secret"
cookies:
- domain: "veil.local"
authelia_url: "https://id.veil.local"
storage:
encryption_key: "very_very_very_long_encryption_key"
local:
path: "/config/db.sqlite3"
notifier:
filesystem:
filename: "/config/notification.txt"
access_control:
default_policy: "one_factor"
identity_providers:
oidc:
hmac_secret: "this_is_a_secret_abc123abc123abc"
jwks:
- key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5T/dW/Sd2xhkM
viVbr1SeNHWq2VdioIbWSwn3rX3O3qJ/QhyXF7rRKW1iGkocPgl+IPxhabW7GbUx
3J35i9q9m8g+hk0M5Ob5eSHD7LX1VJ2arTSpYyjS70ZrSKbeAmgrMeCVkX1cqdD2
qPTXii4/fhQ0MLazh1Donrdi4dq8GUETu6eHTJ3oeWuAxNSxTlQmBrK+/k43oSYY
wq2WSQmzHHequVsP6UXKvbkX688FobrKfnwTZ+vzIUF3JvfYNKweaEDYaZebcCbe
qpiIAcVBzNuZQZkV+gtlVqPSjWsN05O4NWi7xME/NwJmfyesA2VZ3Nf5VtaYdc8S
/TPSC/+3AgMBAAECggEAFhmce1IsoIRxMgJZQo0Z5SuHdEKATUGsuFDHAF6UmD/C
lwpY44dlHxMMOadopY6bzjV73oLfX/q/D70U//uhsNGBI5JxDPPIPKypY2F5tSeM
C4l9iXf1w0Ddn+d7CGi2vfQFqdYUjSEEIUPhaJ/Q8n8u71HMmtjX7tjC28w+AbGN
X1KrYk36cqFpZSQATdbkDYfQJWxBhsgEb1VpzwdmhZC5MERhZ/uK6Xykxt0MTAhx
ITSxW4wBKYDEMXkOQUuVqirNDdkYA/Eue7HTFsN9Xxl79p/qaP60BOiFJ8Tmq9cc
RzZW0dkBeuOyyQOWOEX7XNivGrN44I4l9AYHsFYMpQKBgQD/36d5Ur/vTwpP+/pZ
gU1W+KwQuEnodlF03t4kR75uMHGt+D38m1WxiCRO6kf6VEa4aVtNFwUuTUCbGHIs
c2XuuZ5pTQyhKlt3U+YDoQXbEVrjOOZhyZ93AwG1hksYs5n6xXAn5RVCa0UHrgLQ
pLJxgc7f9uE9aGx735PGLK/EywKBgQC5Z2RgnVQmtzkSzIlc0DmGpJaqTiOSXs6+
V/MTERDySbHEX/59Eu7V1pSDzXgOJtCFG1mRzAM09EmdWWtR3AE1qefw7ejhpEkH
cm639mtmTV8pcZ2+Zo8NFaGnsrIH/5R1bUtFUd5DTQfw0QcyzT9luXMp+WOzgpNj
bia5Jfo/RQKBgQD6jVkC9kK35R/l/onBB1piJZLntG260dElre68e/w/DfTjM8gP
CVQ6SWO0WrksqUWu4oviyv3pvv/aX2+9kypnPx+dYTNSxZVXHbKILy76ut3Szi7Z
5oLeGPWdeOkkQQowgxE2H55XsY6g3IYpJH0PpNqceLVKWmyQR/f+AFgFTQKBgQCw
AvjnQ9Uk4CK9txHc3A0QxuYGDiJ1Da6GQ6aO/k+xRMcP3/YQtU2qEolxyzljbfPd
ucZBxIVy20ubps1crFk1ofSA5MuGk1mFSVzVJop1V5S1Gpifrmu2B0gtlVawgzFk
fXrM91jjWZjlRPvpfbLnFrS/L3Q4cgkMhwEaGnTFZQKBgCXvH8sKsGPH0LpCJimL
Z6MrWcdbCBBKwYucAYb11FphmoEY7DOUZwtyABOotkg0k7cLdIMCyKlCOz/2PMZX
WW298aPi6K4zL1CnDUcIb8tS6j5IeHcCOa1pjBO+DfIqv8vK2YG/887alRnzvf6y
zzwIoNbKdEh838UReLyyMT6j
-----END PRIVATE KEY-----
clients:
- client_id: "veil"
client_secret: "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng" # The digest of 'insecure_secret'.
redirect_uris:
- "https://app.veil.local/api/auth/callback"
authorization_policy: "one_factor"
users.yml: |
users:
veil:
displayname: "veil"
password: "$argon2id$v=19$m=65536,t=3,p=4$Ei7nv1Nl5hZ7sVBYQXJHNA$e8DIs8UM2SSNofsaq5gtXULP2bB6xiE9EVFtlcFqmNk" # The digest of 'veil'.
groups:
- "admins"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
data:
traefik.yml: |
http:
routers:
authelia:
rule: "Host(`id.veil.local`)"
entryPoints:
- websecure
service: authelia-service
tls: {}
veil:
rule: "Host(`app.veil.local`)"
entryPoints:
- websecure
service: veil-service
tls: {}
services:
authelia-service:
loadBalancer:
servers:
- url: "http://authelia:9091"
veil-service:
loadBalancer:
servers:
- url: "http://veil:51821"
Reference in New Issue View Git Blame Copy Permalink