From 1f4a7f83b52cd7e7fa4f5121d2b903d2c04a2f69 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Thu, 11 May 2023 13:52:26 +0200
Subject: [PATCH] add oidc to flux dashboard

---
 .../olympus/apps/flux-system/external-secret.yaml | 15 +++++++++++++++
 flux/olympus/apps/flux-system/kustomization.yaml  |  1 +
 .../apps/flux-system/weave-gitops-dashboard.yaml  |  7 +++++++
 nixos/hosts/olympus/default.nix                   |  1 +
 nixos/hosts/olympus/dex/configuration.nix         |  6 ++++++
 5 files changed, 30 insertions(+)
 create mode 100644 flux/olympus/apps/flux-system/external-secret.yaml

diff --git a/flux/olympus/apps/flux-system/external-secret.yaml b/flux/olympus/apps/flux-system/external-secret.yaml
new file mode 100644
index 0000000..c12fbe0
--- /dev/null
+++ b/flux/olympus/apps/flux-system/external-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: oidc-auth
+  dataFrom:
+    - extract:
+        key: flux-system/weave-gitops
diff --git a/flux/olympus/apps/flux-system/kustomization.yaml b/flux/olympus/apps/flux-system/kustomization.yaml
index bfccb3d..7fb77f6 100644
--- a/flux/olympus/apps/flux-system/kustomization.yaml
+++ b/flux/olympus/apps/flux-system/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - external-secret.yaml
   - weave-gitops-dashboard.yaml
diff --git a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml
index 5bf60b6..9be6ebf 100644
--- a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml
+++ b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml
@@ -34,6 +34,13 @@ spec:
         name: ww-gitops
   interval: 1h0m0s
   values:
+    ingress:
+      enabled: true
+      hosts:
+      - host: flux.0x76.dev
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
     adminUser:
       create: true
       passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC
diff --git a/nixos/hosts/olympus/default.nix b/nixos/hosts/olympus/default.nix
index 20937bd..8bce28e 100644
--- a/nixos/hosts/olympus/default.nix
+++ b/nixos/hosts/olympus/default.nix
@@ -52,6 +52,7 @@
     mac = "6E:A5:25:99:FE:68";
     exposes = {
       www.domain = "0x76.dev";
+      flux.domain = "flux.0x76.dev";
       internal.domain = "internal.xirion.net";
       blog.domain = "blog.xirion.net";
     };
diff --git a/nixos/hosts/olympus/dex/configuration.nix b/nixos/hosts/olympus/dex/configuration.nix
index 0c77f11..aa934bb 100644
--- a/nixos/hosts/olympus/dex/configuration.nix
+++ b/nixos/hosts/olympus/dex/configuration.nix
@@ -83,6 +83,12 @@ in {
           redirectURIs = [ "https://md.0x76.dev/auth/oauth2/callback" ];
           secretEnv = "HEDGEDOC_CLIENT_SECRET";
         }
+        {
+          id = "flux";
+          name = "Weave Gitops Flux Dashboard";
+          redirectURIs = [ "https://flux.0x76.dev/oauth2/callback" ];
+          secretEnv = "FLUX_CLIENT_SECRET";
+        }
       ];
     };