fix: add eli and hansi to ocenographers acl

nix/sources.json

@@ -16,8 +16,8 @@
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre937085.6308c3b21396/nixexprs.tar.xz",
-      "hash": "sha256-RuGWBqXVEsZwwBvRGS/nRrA6PQyOQwVaAu139Z853Bk="
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre930822.ed142ab1b3a0/nixexprs.tar.xz",
+      "hash": "sha256-XH6awru9NnBc/m+2YhRNT8r1PAKEiPGF3gs//F3ods0="
     }
   },
   "version": 7

values/argo/manifests/sys-project.yaml

@@ -95,6 +95,7 @@ spec:
   sourceRepos:
   - https://argoproj.github.io/argo-helm
   - https://kubernetes-sigs.github.io/metrics-server/
+  - https://git.oceanbox.io/oceanbox/manifests
   - https://gitlab.com/oceanbox/manifests.git
   - https://kubernetes.github.io/ingress-nginx
   - https://cloudnative-pg.github.io/charts

values/attic/manifests/attic.yaml

@@ -4,15 +4,15 @@ metadata:
   name: attic
   namespace: argocd
   finalizers:
-  - resources-finalizer.argocd.argoproj.io
+    - resources-finalizer.argocd.argoproj.io
 spec:
   destination:
     namespace: attic
-    server: 'https://kubernetes.default.svc'
+    server: "https://kubernetes.default.svc"
   sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: HEAD
-    path: values/attic/manifests
+    - repoURL: https://git.oceanbox.io/oceanbox/manifests.git
+      targetRevision: HEAD
+      path: values/attic/manifests
   project: aux
   syncPolicy:
     managedNamespaceMetadata:

values/env-rossby.yaml

@@ -1,5 +1,5 @@
 clusterConfig:
-  manifests: https://gitlab.com/oceanbox/manifests.git
+  manifests: https://git.oceanbox.io/oceanbox/manifests.git
   cilium:
     enabled: false
   env: "prod"

values/gitea/values/values.yaml

@@ -71,16 +71,14 @@ gitea:
     oauth2_client:
       REGISTER_EMAIL_CONFIRM: false
       ENABLE_AUTO_REGISTRATION: true
-      UPDATE_AVATAR: true
-      ACCOUNT_LINKING: auto
-    # mailer:
-    # ENABLED: true
-    # FROM: "noreply@oceanbox.io"
-    # PROTOCOL: "smtp+startls"
-    # SMTP_ADDR: "smtp.office365.com"
-    # SMTP_PORT: 587
-    # USER: "noreply@oceanbox.io"
-    # PASSWD:
+      ACCOUNT_LINKING: "login"
+      USERNAME: "nickname"
+    mailer:
+      ENABLED: true
+      FROM: "gitea@oceanbox.io"
+      PROTOCOL: "smtp"
+      SMTP_ADDR: "postfix-mail.postfix.svc.cluster.local"
+      SMTP_PORT: 587
     database:
       DB_TYPE: postgres
       MAX_OPEN_CONNS: 90
@@ -93,9 +91,6 @@ gitea:
       existingSecret: gitea-oauth-oceanbox
       autoDiscoverUrl: "https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/.well-known/openid-configuration"
       scopes: "openid profile email groups"
-      groupClaimName: "groups"
-      adminGroup: "/oceanbox/devel"
-      restrictedGroup: ""
   additionalConfigFromEnvs:
     - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID
       valueFrom:
@@ -148,7 +143,7 @@ ingress:
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12,185.125.160.4/32,37.27.203.38/32
   hosts:
     - host: git.oceanbox.io
       paths:

values/headscale/values/values.yaml

@@ -115,6 +115,8 @@ configMaps:
               "isa.rosso@oceanbox.io",
               "jonathan.lilly@oceanbox.io",
               "faith.iha@oceanbox.io",
+              "elianne.ersdal@oceanbox.io",                                                                              │
+              "hanskristian.djuve@oceanbox.io",
             ],
             "group:manager": [
               "svenn.hanssen@oceanbox.io",
@@ -213,9 +215,10 @@ configMaps:
               ],
               "dst": [
                  "tag:mumindalen:*",
+                 "tag:hel1:*",
                  "tag:hpc:22,80,443",
                  "dc.tos.net:22,80,443",
-                 "dc.hel1.net:443",
+                 "dc.hel1.net:22,443",
               ]
             },
             {

values/postfix/values/values.yaml

@@ -27,16 +27,17 @@ config:
     LOG_FORMAT: "json"
     ALLOW_EMPTY_SENDER_DOMAINS: "true"
     ALLOWED_SENDER_DOMAINS: "oceanbox.io"
-    RELAYHOST: "smtp.office365.com:587"
-    RELAYHOST_USERNAME: "noreply@oceanbox.io"
-    RELAYHOST_PASSWORD: "00c73c4a-1ad5-477d-b773-d5d63986061e"
+    RELAYHOST: "[smtp.office365.com]:587"
+    RELAYHOST_USERNAME: "gitea@oceanbox.io"
+    XOAUTH2_CLIENT_ID: "00c73c4a-1ad5-477d-b773-d5d63986061e"
+    XOAUTH2_SECRET: "3E18Q~ONNftFcCmHIHZmPbLtVqwLDBSCwI9hGagV"
+    XOAUTH2_TOKEN_ENDPOINT: https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/oauth2/v2.0/token
+    # XOAUTH2_INITIAL_ACCESS_TOKEN: ""
+    # XOAUTH2_INITIAL_REFRESH_TOKEN: ""
+    XOAUTH2_SYSLOG_ON_FAILURE: "no"
+    XOAUTH2_FULL_TRACE: "no"
   postfix:
-    myhostname: "oceanbox.io"
-    # mynetworks: "127.0.0.0/8, 10.1.0.0/24"
-    smtp_tls_security_level: "may"
-    # To reduce log noise, only try authentication mechanisms supported by Zoho.com
-    smtpd_sasl_auth_enable: "no"
-    smtp_sasl_mechanism_filter: "plain, login"
+    smtp_tls_security_level: "encrypt"
 
 resources:
   limits: