summaryrefslogtreecommitdiff
path: root/src/main/resources/application.properties
blob: 107d1b6eabdc0a83084de7e9f39af6b5eaefd7c6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
quarkus.log.level = INFO
#quarkus.log.category."org.hibernate".level = INFO
#quarkus.log.category."io.quarkus.oidc".level = FINEST
#quarkus.log.category."io.quarkus.vertx".level = FINEST
#quarkus.log.category."io.vertx.ext.auth.oauth2".level = FINEST
#quarkus.log.category."io.vertx.ext.jwt".level = FINEST

mulkcms.tag-base = hub.benkard.de
mulkcms.posts.default-max-results = 25
mulkcms.newsletter.time-zone = Europe/Vienna

quarkus.datasource.db-kind = postgresql
quarkus.datasource.jdbc.driver = org.postgresql.Driver
quarkus.datasource.jdbc.max-size = 8
quarkus.datasource.jdbc.min-size = 0

quarkus.hibernate-orm.validate-in-dev-mode = false

quarkus.liquibase.migrate-at-start = true

%dev.quarkus.datasource.jdbc.url = jdbc:postgresql://localhost:5432/mulkcms
%dev.quarkus.datasource.username = mulk
%dev.quarkus.datasource.password =
%dev.quarkus.hibernate-orm.log.sql = true

%prod.quarkus.datasource.jdbc.url = jdbc:postgresql://postgresql.system:5432/mulkcms
%prod.quarkus.datasource.username = mulkcms
%prod.quarkus.datasource.password =
%prod.quarkus.hibernate-orm.log.sql = false

# Authentication
quarkus.http.auth.proactive = true

quarkus.oidc.auth-server-url = https://login.benkard.de/auth/realms/master
quarkus.oidc.authentication.force-redirect-https-scheme = true
quarkus.oidc.client-id = mulkcms
quarkus.oidc.application-type = web-app
quarkus.oidc.token.principal-claim = preferred_username
quarkus.oidc.authentication.cookie-path = /
quarkus.oidc.authentication.redirect-path = /posts
quarkus.oidc.authentication.restore-path-after-redirect = true

quarkus.security.users.file.enabled = false
quarkus.security.users.embedded.enabled = false

# Authentication (dev)
%dev.quarkus.oidc.enabled = false
%dev.quarkus.security.users.embedded.enabled = true
%dev.quarkus.security.users.embedded.plain-text = true
%dev.quarkus.security.users.embedded.users.mulk = mulk
%dev.quarkus.security.users.embedded.roles.mulk = Admin

# Session cookies
quarkus.smallrye-jwt.enabled = false
mp.jwt.verify.publickey.location = META-INF/resources/jwt-signing-public-key.pem
mp.jwt.verify.issuer = https://matthias.benkard.de
smallrye.jwt.token.header = Cookie
smallrye.jwt.token.cookie = Bearer
smallrye.jwt.require.named-principal = true
%dev.mulkcms.jwt.keystore.file = example-keys.p12
%prod.mulkcms.jwt.keystore.file = /secrets/keys.p12
mulkcms.jwt.keystore.passphrase = 123456
mulkcms.jwt.signing-key = MulkCMS-IdP
mulkcms.jwt.issuer = https://matthias.benkard.de
mulkcms.jwt.validity = P1D

# E-mail settings
quarkus.mailer.from = MulkCMS <mulkcms@benkard.de>
quarkus.mailer.host = mail.benkard.de
quarkus.mailer.port = 587
quarkus.mailer.start-tls = REQUIRED
quarkus.mailer.username = mulkcms@benkard.de
mulkcms.imap.port = 993

%dev.quarkus.mailer.host = mail.benkard.de
%dev.quarkus.mailer.from = MulkCMS <test@benkard.de>
%dev.quarkus.mailer.username = test@benkard.de
%dev.quarkus.mailer.password = test

# Deployment
docker.registry = docker.benkard.de

quarkus.container-image.build = false
quarkus.container-image.push = false
quarkus.container-image.group = mulk
quarkus.container-image.name = mulkcms2
quarkus.container-image.registry = docker.benkard.de

quarkus.jib.base-jvm-image = docker.benkard.de/mulk/openjdk-runtime:latest
quarkus.jib.jvm-arguments = -XX:G1PeriodicGCInterval=300000,-XX:G1PeriodicGCSystemLoadThreshold=0

quarkus.native.container-runtime = docker

kubernetes.deployment.target = kubernetes
kubernetes.group = mulk
kubernetes.name = mulkcms2
kubernetes.namespace = mulk
kubernetes.service-type = ClusterIP
kubernetes.image-pull-policy = Always
kubernetes.headless = true
kubernetes.service-account = default
kubernetes.env-vars[0].name = QUARKUS_DATASOURCE_PASSWORD
kubernetes.env-vars[0].secret = mulkcms2-secrets
kubernetes.env-vars[0].value = database-password
kubernetes.env-vars[1].name = QUARKUS_OIDC_CREDENTIALS_SECRET
kubernetes.env-vars[1].secret = mulkcms2-secrets
kubernetes.env-vars[1].value = keycloak-secret
kubernetes.env-vars[2].name = QUARKUS_MAILER_PASSWORD
kubernetes.env-vars[2].secret = mulkcms2-secrets
kubernetes.env-vars[2].value = email-password
kubernetes.secret-volumes[0].volume-name = secrets
kubernetes.secret-volumes[0].secret-name = mulkcms2-secrets
kubernetes.secret-volumes[0].default-mode = 0444
kubernetes.mounts[0].name = secrets
kubernetes.mounts[0].path = /secrets
kubernetes.mounts[0].read-only = true