argocd: Configure SSO for CLI

The `argocd` command needs to have its own OIDC client configuration, since it works like a "public" client. To log in, run ```sh argocd login argocd.pyrocufflink.blue --sso ```
2023-10-14 11:11:54 -05:00 · 2023-10-14 11:11:54 -05:00 · 629d1bb93a
parent e6f0261a44
commit 629d1bb93a
3 changed files with 14 additions and 7 deletions
--- a/argocd/argocd-cm.yml
+++ b/argocd/argocd-cm.yml
@ -1,7 +0,0 @@
-url: https://argocd.pyrocufflink.blue
-
-oidc.config: |
-  name: Authelia
-  issuer: https://auth.pyrocufflink.blue
-  clientID: argocd
-  clientSecret: $oidc.authelia.clientSecret
--- a/argocd/oidc.config
+++ b/argocd/oidc.config
@ -2,3 +2,4 @@ name: Authelia
 issuer: https://auth.pyrocufflink.blue
 clientID: argocd
 clientSecret: $oidc.authelia.clientSecret
+cliClientID: argocd-cli
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@ -67,10 +67,23 @@ identity_providers:
      pre_configured_consent_duration: 7d
    - id: argocd
      description: Argo CD
+      pre_configured_consent_duration: 7d
      redirect_uris:
      - https://argocd.pyrocufflink.blue/auth/callback
      secret: >-
        $pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw
+    - id: argocd-cli
+      description: argocd CLI
+      public: true
+      pre_configured_consent_duration: 7d
+      redirect_uris:
+      - http://localhost:8085/auth/callback
+      scopes:
+      - openid
+      - profile
+      - email
+      - groups
+      - offline_access

 log:
  level: trace