From cb0eb2b6f95cba5018600cfca2e8f949697365f4 Mon Sep 17 00:00:00 2001
From: gitea-bot <gitea-bot@alexlebens.net>
Date: Mon, 29 Dec 2025 23:24:41 +0000
Subject: [PATCH] chore: Update manifests after change

---
 .../vaultwarden/Deployment-vaultwarden.yaml   | 16 +++++++++++
 ...xternalSecret-vaultwarden-oidc-secret.yaml | 28 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml

diff --git a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml
index 413fd3316..819ab61d5 100644
--- a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml
+++ b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml
@@ -46,6 +46,22 @@ spec:
                 secretKeyRef:
                   key: uri
                   name: vaultwarden-postgresql-18-cluster-app
+            - name: SSO_ENABLED
+              value: "true"
+            - name: SSO_SIGNUPS_MATCH_EMAIL
+              value: "true"
+            - name: SSO_AUTHORITY
+              value: https://auth.alexlebens.dev/application/o/vaultwarden/.well-known/openid-configuration
+            - name: SSO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  key: client
+                  name: vaultwarden-oidc-secret
+            - name: SSO_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: secret
+                  name: vaultwarden-oidc-secret
           image: vaultwarden/server:1.35.0
           imagePullPolicy: IfNotPresent
           name: main
diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml
new file mode 100644
index 000000000..42a89aa54
--- /dev/null
+++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml
@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: vaultwarden-oidc-secret
+  namespace: vaultwarden
+  labels:
+    app.kubernetes.io/name: vaultwarden-oidc-secret
+    app.kubernetes.io/instance: vaultwarden
+    app.kubernetes.io/part-of: vaultwarden
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/vaultwarden
+        metadataPolicy: None
+        property: client
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/vaultwarden
+        metadataPolicy: None
+        property: secret
-- 
2.49.1