From c6ce64ea1d65e7d6882dcbf40724eebba8fb57e5 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Mon, 30 Oct 2023 15:58:16 +0000
Subject: [PATCH] Groundwork for OIDC with FreshRSS

It's broken on ARM though
---
 homelab/freshrss-config.yml | 12 ++++++++++++
 homelab/freshrss.yaml       | 10 ++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 homelab/freshrss-config.yml

diff --git a/homelab/freshrss-config.yml b/homelab/freshrss-config.yml
new file mode 100644
index 0000000..9d6855f
--- /dev/null
+++ b/homelab/freshrss-config.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: freshrss-config
+data:
+  CRON_MIN: "*/15"
+  # OIDC_ENABLED: "1"
+  OIDC_PROVIDER_METADATA_URL: https://authentik.gmem.ca/application/o/freshrss/.well-known/openid-configuration
+  OIDC_REMOTE_USER_CLAIM: preferred_username
+  OIDC_CLIENT_ID: WSZI1tVeDE5FhC6XF3nbmjNh3UhCcpNXll7Zf4bJ
+  OIDC_SCOPES: "openid profile"
+  OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
diff --git a/homelab/freshrss.yaml b/homelab/freshrss.yaml
index 5c17e79..df5102c 100644
--- a/homelab/freshrss.yaml
+++ b/homelab/freshrss.yaml
@@ -17,13 +17,15 @@ spec:
         image: freshrss/freshrss:arm
         resources:
           limits:
-            memory: "128Mi"
+            memory: "256Mi"
             cpu: "500m"
         ports:
         - containerPort: 80
-        env:
-          - name: CRON_MIN
-            value: 1,31
+        envFrom:
+          - configMapRef:
+              name: freshrss-config
+          - secretRef:
+              name: freshrss-secrets
         volumeMounts:
         - name: data
           mountPath: /var/www/FreshRSS/data