23 Commits

Author SHA1 Message Date
74355d4276 upgrade authentik and nextcloud 2025-07-09 18:23:20 -07:00
0ed7fb459f change email sender in auth to be besties 2025-06-26 18:39:02 -07:00
ec61474031 set default_phone_region config 2025-06-26 18:14:36 -07:00
125fdbfc2d add add-missing-indices occ command 2025-06-26 18:03:41 -07:00
fdaff599f2 upgrade nextcloud and enable HSTS 2025-06-18 18:05:31 -07:00
9b4c642eeb Merge pull request 'maintenance:repair --include-expensive' () from ammar into main
Reviewed-on: 
2025-06-03 03:16:55 +00:00
d20db90af5 maintenance:repair --include-expensive 2025-06-02 20:16:29 -07:00
2c16a516f9 Merge pull request 'Add a file that contains occ commands' () from ammar into main
Reviewed-on: 
2025-06-03 02:57:06 +00:00
a13fe0ae2c Add a file that contains occ commands 2025-06-02 19:55:08 -07:00
b4eaadec56 Merge pull request 'add loomio' () from loomio into main
Reviewed-on: 
Reviewed-by: ammaratef45 <ammaratef45@proton.me>
2025-05-28 22:01:15 +00:00
e3692dc0d4 Merge branch 'main' into loomio 2025-05-28 22:00:45 +00:00
2fd32525a7 Merge pull request 'added authentik integration' () from authentik into main
Reviewed-on: 
2025-05-28 22:00:35 +00:00
ad3591ff3f Merge branch 'main' into authentik 2025-05-28 22:00:25 +00:00
d9cbfaedf1 add website config 2025-05-27 21:10:31 -07:00
33a92a08fc add loomio 2025-05-06 17:36:09 -07:00
7271576c9f Merge branch 'main' of ssh://git.coopcloud.tech:2222/RTM/sootie-config 2025-04-24 19:57:23 -07:00
b8653d3155 add focalboard and collabora 2025-04-24 19:55:58 -07:00
dd118d726f Merge pull request 'add shlink' () from shlink into main
Reviewed-on: 
2025-03-30 04:57:22 +00:00
7d72756260 add shlink 2025-03-29 21:56:43 -07:00
25d554e672 add calibre and radicale 2025-02-07 22:19:10 -08:00
3003ca2c44 Merge pull request 'enable file provider' () from traefik into main
Reviewed-on: 
2025-02-08 05:55:34 +00:00
018153e06b Merge branch 'main' into authentik 2025-02-04 02:56:04 +00:00
375b02a713 added authentik integration 2025-01-13 20:02:48 -08:00
11 changed files with 309 additions and 10 deletions

1
.gitignore vendored Normal file

@ -0,0 +1 @@
*~

@ -0,0 +1,130 @@
TYPE=authentik:7.4.0+2025.6.3
TIMEOUT=900
ENABLE_AUTO_UPDATE=true
POST_DEPLOY_CMDS="worker set_admin_pass"
# Example values for post deploy cmds: "worker set_admin_pass|worker apply_blueprints|worker add_applications"
LETS_ENCRYPT_ENV=production
ENABLE_BACKUPS=true
DOMAIN=auth.resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.auth.resisttechmonopolies.online`'
COMPOSE_FILE="compose.yml"
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
AUTHENTIK_LOG_LEVEL=info
# AUTHENTIK_IMPERSONATION=true
# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
# WORKERS=1
## Outpost Integration
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
# SECRET_LDAP_TOKEN_VERSION=v1
## ADMIN
AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
## EMAIL
AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
AUTHENTIK_EMAIL__PORT=587
AUTHENTIK_EMAIL__USERNAME="besties@resisttechmonopolies.online"
AUTHENTIK_EMAIL__USE_TLS=true
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
AUTHENTIK_EMAIL__FROM=besties@resisttechmonopolies.online
## Secret Versions
SECRET_SECRET_KEY_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
SECRET_ADMIN_TOKEN_VERSION=v1
SECRET_ADMIN_PASS_VERSION=v1
SECRET_EMAIL_PASS_VERSION=v2
# X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
## FLOW OPTIONS
# WELCOME_MESSAGE="Welcome to Authentik"
# DEFAULT_LANGUAGE=en
# LOGOUT_REDIRECT="https://$DOMAIN"
# EMAIL_SUBJECT="Account Recovery"
# EMAIL_TOKEN_EXPIRY_MINUTES=30
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
# Default CSS customisation
# COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
# BACKGROUND_FONT_COLOR=white
# BACKGROUND_BOX_COLOR='#eaeaeacf'
# THEME_BACKGROUND="url('https://auth.resisttechmonopolies.online/static/dist/assets/images/flow_background.jpg'); background-position: center; background-repeat: no-repeat; background-size: cover;"
COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
SECRET_NEXTCLOUD_ID_VERSION=v1
SECRET_NEXTCLOUD_SECRET_VERSION=v1
APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
# WORDPRESS_DOMAIN=wordpress.example.com
# WORDPRESS_GROUP='wordpress Admins'
# SECRET_WORDPRESS_ID_VERSION=v1
# SECRET_WORDPRESS_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
# ELEMENT_DOMAIN=element-web.example.com
# MATRIX_DOMAIN=matrix-synapse.example.com
# SECRET_MATRIX_ID_VERSION=v1
# SECRET_MATRIX_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS matrix:~/.abra/recipes/authentik/icons/matrix.svg"
# COMPOSE_FILE="$COMPOSE_FILE:compose.wekan.yml"
# WEKAN_DOMAIN=wekan.example.com
# SECRET_WEKAN_ID_VERSION=v1
# SECRET_WEKAN_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS wekan:~/.abra/recipes/authentik/icons/wekan.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.vikunja.yml"
# VIKUNJA_DOMAIN=vikunja.example.com
# SECRET_VIKUNJA_ID_VERSION=v1
# SECRET_VIKUNJA_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS vikunja:~/.abra/recipes/authentik/icons/vikunja.svg"
# COMPOSE_FILE="$COMPOSE_FILE:compose.outline.yml"
# OUTLINE_DOMAIN=outline.example.com
# SECRET_OUTLINE_ID_VERSION=v1
# SECRET_OUTLINE_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
# KIMAI_DOMAIN=kimai.example.com
# SECRET_KIMAI_ID_VERSION=v1
# SECRET_KIMAI_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.zammad.yml"
# ZAMMAD_DOMAIN=zammad.example.com
# APP_ICONS="$APP_ICONS zammad:~/.abra/recipes/authentik/icons/zammad.svg"
# COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
# MONITORING_DOMAIN=monitoring.example.com
# SECRET_MONITORING_ID_VERSION=v1
# SECRET_MONITORING_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg"
# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
# RALLLY_DOMAIN=rallly.example.com
# SECRET_RALLLY_ID_VERSION=v1
# SECRET_RALLLY_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.hedgedoc.yml"
# HEDGEDOC_DOMAIN=hedgedoc.example.com
# SECRET_HEDGEDOC_ID_VERSION=v1
# SECRET_HEDGEDOC_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"

@ -0,0 +1,13 @@
TYPE=calibre-web
DOMAIN=calibre.resisttechmonopolies.online
LETS_ENCRYPT_ENV=production
DOCKER_MODS="linuxserver/calibre-web:calibre"
OAUTHLIB_RELAX_TOKEN_SCOPE=1
TZ="America/Los_Angeles"
DEBUG=False
# oauth2 support
COMPOSE_FILE="compose.yml:compose.oauth2.yml"

@ -0,0 +1,7 @@
TYPE=collabora
DOMAIN=collabora.resisttechmonopolies.online
LETS_ENCRYPT_ENV=production
NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
ADMIN_USERNAME=admin
SECRET_ADMIN_PASSWORD_VERSION=v1
FRAME_ANCESTORS=

@ -0,0 +1,7 @@
TYPE=focalboard
DOMAIN=focalboard.resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.focalboard.resisttechmonopolies.online`'
LETS_ENCRYPT_ENV=production

@ -0,0 +1,93 @@
TYPE=loomio:4.0.2+v2.25.4
COMPOSE_FILE="compose.yml"
DOMAIN=loomio.resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.loomio.resisttechmonopolies.online`'
LETS_ENCRYPT_ENV=production
# mail setup
COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
SUPPORT_EMAIL=besties@resisttechmonopolies.online
SMTP_AUTH=plain
SMTP_DOMAIN=smtp.protonmail.ch
SMTP_SERVER=smtp.protonmail.ch
SMTP_PORT=587
SMTP_USERNAME=besties@resisttechmonopolies.online
# SMTP_USE_SSL=1
# to disable SSL comment out line rather than changing to 0
SECRET_SMTP_PASSWORD_VERSION=v2
# From field for notification e-mails
NOTIFICATIONS_EMAIL_ADDRESS=besties@resisttechmonopolies.online
# reply-to in email notifications
REPLY_HOSTNAME=$DOMAIN
RAILS_ENV=production
# Number of webserver processes and threads
# threads are per worker. See https://github.com/puma/puma
PUMA_WORKERS=2
MIN_THREADS=12
MAX_THREADS=12
# Force all connections to be https
FORCE_SSL=1
# Enable rate limiting on group creation, other POST actions
USE_RACK_ATTACK=1
SECRET_DEVISE_SECRET_VERSION=v1 #length=64
SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
SECRET_DB_PASSWORD_VERSION=v1
# Send catch up email (missed yesterday) weekly
# EMAIL_CATCH_UP_WEEKLY=1
# TODO 3wc: settings from here on aren't yet included in compose.yml
# subscribe on participation default for new users
# uncomment this to change "subscribe on participation" to be false for new users
# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
# Uncomment these to disable features
# FEATURES_DISABLE_CREATE_USER=1 # users must be invited
# FEATURES_DISABLE_CREATE_GROUP=1 # users cannot create groups
# FEATURES_DISABLE_PUBLIC_GROUPS=1 # disable /explore
# FEATURES_DISABLE_HELP_LINK=1 # disable the help link
# MAX_PENDING_INVITATIONS=100 # maximum unaccepted invitations a group have have
# Enable search engines to index public content
# ALLOW_ROBOTS=1
# Uncomment to enable SAML SSO
# SAML_APP_KEY=1 # just a flag, keep value as 1
# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
#
# Disable login via email (usually when you have enabled SSO of some kind)
# FEATURES_DISABLE_EMAIL_LOGIN=1
# oauth providers, to let your users login using external accounts
# FACEBOOK_APP_KEY=REPLACE
# FACEBOOK_APP_SECRET=REPLACE
# TWITTER_APP_KEY=REPLACE
# TWITTER_APP_SECRET=REPLACE
# GOOGLE_APP_KEY=REPLACE
# GOOGLE_APP_SECRET=REPLACE
# SLACK_APP_KEY
# SLACK_APP_SECRET
# Theme images
# images should be a multiple of 32px tall.
# THEME_ICON_SRC=/files/icon.png
# THEME_APP_LOGO_SRC=/files/logo.svg
# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
# used in emails. use rgb or hsl values, not hex
# THEME_PRIMARY_COLOR=rgb(255,167,38)
# THEME_ACCENT_COLOR=rgb(0,188,212)
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)

@ -1,4 +1,4 @@
TYPE=nextcloud
TYPE=nextcloud:12.0.1+31.0.6-fpm
TIMEOUT=900
ENABLE_AUTO_UPDATE=true
ENABLE_BACKUPS=true
@ -65,15 +65,20 @@ DEFAULT_QUOTA="10 GB"
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
# APPS="$APPS sociallogin"
# AUTHENTIK_USER_PREFIX=authentik
# AUTHENTIK_DOMAIN=authentik.example.com
# SECRET_AUTHENTIK_SECRET_VERSION=v1
# SECRET_AUTHENTIK_ID_VERSION=v1
# OCC_CMDS="app:disable dashboard"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
APPS="$APPS sociallogin"
AUTHENTIK_USER_PREFIX=ak
AUTHENTIK_DOMAIN=auth.resisttechmonopolies.online
SECRET_AUTHENTIK_SECRET_VERSION=v1
SECRET_AUTHENTIK_ID_VERSION=v1
OCC_CMDS="app:disable dashboard"
OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
# This will change the nginx configuration to add the header Strict-Transport-Security.
# You can read more about it here: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
# And you can check out the changes made to the recipe to allow for this here: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/48
HSTS_ENABLED=1

@ -0,0 +1,21 @@
#!/bin/bash
# This is a script to run after a clean installation to restore all settings done over time.
# The script is not supposed to be needed since a fresh installation is unlikely (even if migrating,
# a backup will be used and should maintain it's configs).
# This script is more of a living documentation of configuration and what commands has been used to set them.
# See: https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set maintenance_window_start --type=integer --value=1'"
# The paragraph below shows as a warning to an admin user sometimes.
# "One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types.
# Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades.
# Use the command `occ maintenance:repair --include-expensive` to perform the migrations."
abra app command nextcloud.resisttechmonopolies.online app run_occ "'maintenance:repair --include-expensive'"
# Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them.
abra app command nextcloud.resisttechmonopolies.online app run_occ "'db:add-missing-indices'"
# Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
# Solution found at: https://help.nextcloud.com/t/your-installation-has-no-default-phone-region-set/153632/3
abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set default_phone_region --value=\"us\"'"

@ -0,0 +1,6 @@
TYPE=radicale
DOMAIN=radicale.resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.radicale.resisttechmonopolies.online`'
LETS_ENCRYPT_ENV=production

@ -0,0 +1,8 @@
TYPE=rtm-astro-recipe:02a95e68
DOMAIN=resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
LETS_ENCRYPT_ENV=production

@ -0,0 +1,8 @@
TYPE=shlink
DOMAIN=shlink.resisttechmonopolies.online
## Domain aliases
#EXTRA_DOMAINS=', `www.shlink.resisttechmonopolies.online`'
LETS_ENCRYPT_ENV=production