From 03797a34dbe885678865018eef991d3f3e66d01b Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Mon, 18 Nov 2024 15:59:07 -0500
Subject: [PATCH 01/10] Work towards custom CSS in volume

---
 abra.sh                  |  1 +
 compose.css-volume.yml   | 21 +++++++++++++++++++++
 entrypoint-css-volume.sh |  5 +++++
 3 files changed, 27 insertions(+)
 create mode 100644 compose.css-volume.yml
 create mode 100644 entrypoint-css-volume.sh

diff --git a/abra.sh b/abra.sh
index d8805ff..a614e3f 100644
--- a/abra.sh
+++ b/abra.sh
@@ -18,6 +18,7 @@ export HEDGEDOC_CONFIG_VERSION=v1
 export MONITORING_CONFIG_VERSION=v2
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
+export ENTRYPOINT_CSS_VERSION=v1
 
 customize() {
     if [ -z "$1" ]
diff --git a/compose.css-volume.yml b/compose.css-volume.yml
new file mode 100644
index 0000000..b2eaf47
--- /dev/null
+++ b/compose.css-volume.yml
@@ -0,0 +1,21 @@
+---
+version: "3.8"
+
+services:
+  app:
+    user: root
+    volumes:
+      - "custom_css:/css"
+    entrypoint: /docker-entrypoint.sh
+    configs:
+      - source: entrypoint_css
+        target: /docker-entrypoint.sh
+        mode: 0555
+
+volumes:
+  custom_css:
+
+configs:
+  entrypoint_css:
+    name: ${STACK_NAME}_entrypoint_css_${ENTRYPOINT_CSS_VERSION}
+    file: entrypoint-css-volume.sh
diff --git a/entrypoint-css-volume.sh b/entrypoint-css-volume.sh
new file mode 100644
index 0000000..fa7897b
--- /dev/null
+++ b/entrypoint-css-volume.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+cp -f /css/custom.css /web/dist/
+
+su $(id -un 1000) -s /bin/bash -c 'dumb-init -- ak server'

From fc846af1e3dbd6667547f9e9684fa2ad8c804793 Mon Sep 17 00:00:00 2001
From: knoflook <knoflook@disroot.org>
Date: Tue, 3 Dec 2024 16:39:32 +0100
Subject: [PATCH 02/10] don't create a new volume

---
 compose.css-volume.yml   | 2 --
 entrypoint-css-volume.sh | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/compose.css-volume.yml b/compose.css-volume.yml
index b2eaf47..ff9307f 100644
--- a/compose.css-volume.yml
+++ b/compose.css-volume.yml
@@ -4,8 +4,6 @@ version: "3.8"
 services:
   app:
     user: root
-    volumes:
-      - "custom_css:/css"
     entrypoint: /docker-entrypoint.sh
     configs:
       - source: entrypoint_css
diff --git a/entrypoint-css-volume.sh b/entrypoint-css-volume.sh
index fa7897b..cf0afce 100644
--- a/entrypoint-css-volume.sh
+++ b/entrypoint-css-volume.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
 
-cp -f /css/custom.css /web/dist/
+cp -f /web/dist/assets/custom.css /web/dist/custom.css
 
 su $(id -un 1000) -s /bin/bash -c 'dumb-init -- ak server'

From e2a8f2340f5769857a7797bd0ffd60869388fafa Mon Sep 17 00:00:00 2001
From: knoflook <knoflook@disroot.org>
Date: Tue, 3 Dec 2024 17:06:22 +0100
Subject: [PATCH 03/10] update .env.sample and drop unused volume

---
 .env.sample            | 8 +++++---
 compose.css-volume.yml | 3 ---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.env.sample b/.env.sample
index 8cfd635..56c1781 100644
--- a/.env.sample
+++ b/.env.sample
@@ -47,9 +47,11 @@ SECRET_EMAIL_PASS_VERSION=v1
 # EMAIL_SUBJECT="Account Recovery"
 # EMAIL_TOKEN_EXPIRY_MINUTES=30
 
-COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
-COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
-COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
+## custom css and assets
+#COMPOSE_FILE="$COMPOSE_FILE:compose.css-volume.yml"
+#COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
+#COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
+#COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 
 # Default CSS customisation
 # COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
diff --git a/compose.css-volume.yml b/compose.css-volume.yml
index ff9307f..5e72a99 100644
--- a/compose.css-volume.yml
+++ b/compose.css-volume.yml
@@ -10,9 +10,6 @@ services:
         target: /docker-entrypoint.sh
         mode: 0555
 
-volumes:
-  custom_css:
-
 configs:
   entrypoint_css:
     name: ${STACK_NAME}_entrypoint_css_${ENTRYPOINT_CSS_VERSION}

From 40e613f861b3d016147bf1f16a22cc8b8e1ce180 Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Tue, 7 Jan 2025 10:15:53 -0500
Subject: [PATCH 04/10] Updates in response to PR feedback

---
 .env.sample | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.env.sample b/.env.sample
index 56c1781..43ee9a7 100644
--- a/.env.sample
+++ b/.env.sample
@@ -47,11 +47,14 @@ SECRET_EMAIL_PASS_VERSION=v1
 # EMAIL_SUBJECT="Account Recovery"
 # EMAIL_TOKEN_EXPIRY_MINUTES=30
 
-## custom css and assets
+## assets
+COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
+COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
+COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
+
+# store custom CSS in a css-volume
 #COMPOSE_FILE="$COMPOSE_FILE:compose.css-volume.yml"
-#COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
-#COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
-#COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
+# NOTE: this causes the authentik container to run as `root` initially; it uses `su` to drop privileges but technically could introduce a security risk. proceed with caution!
 
 # Default CSS customisation
 # COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"

From d494d3ea5f2b876e89ca4a85283dc1c701a9df2e Mon Sep 17 00:00:00 2001
From: Cassowary <cassowary@aldercone.studio>
Date: Wed, 8 Jan 2025 10:09:12 -0800
Subject: [PATCH 05/10] Update .drone.yml

---
 .drone.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 22dfa43..753aedc 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -47,7 +47,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

From 6abe8e67d4a9fe41a4e2116a7f489fce74b90746 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 14 Jan 2025 19:56:17 +0100
Subject: [PATCH 06/10] add set_extra_icons function

---
 .env.sample       |  3 +--
 abra.sh           | 20 ++++++++++++++++++++
 icons/help.svg    |  8 ++++++++
 icons/support.svg | 12 ++++++++++++
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 icons/help.svg
 create mode 100644 icons/support.svg

diff --git a/.env.sample b/.env.sample
index e4e4609..f7b279f 100644
--- a/.env.sample
+++ b/.env.sample
@@ -131,5 +131,4 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 # APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
 
 # APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
-# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
-# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"
+# EXTRA_ICONS={"Calendar": "~/.abra/recipes/authentik/icons/calendar.svg", "BBB": "~/.abra/recipes/authentik/icons/bbb.png"}
diff --git a/abra.sh b/abra.sh
index ddcb3df..7233976 100644
--- a/abra.sh
+++ b/abra.sh
@@ -192,6 +192,10 @@ done
 }
 
 set_icons(){
+if [ -n "$1" ]
+then
+APP_ICONS="$1"
+fi
 for icon in $APP_ICONS; do
     app=$(echo $icon | cut -d ":" -f1)
     file_path=$(eval echo $(echo $icon | cut -d ":" -f2))
@@ -202,6 +206,22 @@ for icon in $APP_ICONS; do
 done
 }
 
+set_extra_icons(){
+    if [ -z "$EXTRA_ICONS" ]
+    then
+        echo "Variable EXTRA_ICONS is not set"
+        exit 1
+    fi
+    export EXTRA_ICONS
+    icon_key_values=$(python3 -c "
+import json
+import os
+for key, value in json.loads(os.environ['EXTRA_ICONS']).items():
+    print(f'{key}:{value}')
+")
+    set_icons "$icon_key_values"
+}
+
 set_app_icon() {
 TOKEN=$(cat /run/secrets/admin_token)
 python -c """
diff --git a/icons/help.svg b/icons/help.svg
new file mode 100644
index 0000000..c1bcccf
--- /dev/null
+++ b/icons/help.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="48" height="48" fill="white" fill-opacity="0.01"/>
+<path d="M24 44C29.5228 44 34.5228 41.7614 38.1421 38.1421C41.7614 34.5228 44 29.5228 44 24C44 18.4772 41.7614 13.4772 38.1421 9.85786C34.5228 6.23858 29.5228 4 24 4C18.4772 4 13.4772 6.23858 9.85786 9.85786C6.23858 13.4772 4 18.4772 4 24C4 29.5228 6.23858 34.5228 9.85786 38.1421C13.4772 41.7614 18.4772 44 24 44Z" fill="#2F88FF" stroke="#000000" stroke-width="4" stroke-linejoin="round"/>
+<path d="M24 28.6249V24.6249C27.3137 24.6249 30 21.9386 30 18.6249C30 15.3112 27.3137 12.6249 24 12.6249C20.6863 12.6249 18 15.3112 18 18.6249" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M24 37.6249C25.3807 37.6249 26.5 36.5056 26.5 35.1249C26.5 33.7442 25.3807 32.6249 24 32.6249C22.6193 32.6249 21.5 33.7442 21.5 35.1249C21.5 36.5056 22.6193 37.6249 24 37.6249Z" fill="white"/>
+</svg>
\ No newline at end of file
diff --git a/icons/support.svg b/icons/support.svg
new file mode 100644
index 0000000..e54440a
--- /dev/null
+++ b/icons/support.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 512 512" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>support</title>
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+        <g id="support" fill="#000000" transform="translate(42.666667, 42.666667)">
+            <path d="M379.734355,174.506667 C373.121022,106.666667 333.014355,-2.13162821e-14 209.067688,-2.13162821e-14 C85.1210217,-2.13162821e-14 45.014355,106.666667 38.4010217,174.506667 C15.2012632,183.311569 -0.101643453,205.585799 0.000508304259,230.4 L0.000508304259,260.266667 C0.000508304259,293.256475 26.7445463,320 59.734355,320 C92.7241638,320 119.467688,293.256475 119.467688,260.266667 L119.467688,230.4 C119.360431,206.121456 104.619564,184.304973 82.134355,175.146667 C86.4010217,135.893333 107.307688,42.6666667 209.067688,42.6666667 C310.827688,42.6666667 331.521022,135.893333 335.787688,175.146667 C313.347976,184.324806 298.68156,206.155851 298.667688,230.4 L298.667688,260.266667 C298.760356,283.199651 311.928618,304.070103 332.587688,314.026667 C323.627688,330.88 300.801022,353.706667 244.694355,360.533333 C233.478863,343.50282 211.780225,336.789048 192.906491,344.509658 C174.032757,352.230268 163.260418,372.226826 167.196286,392.235189 C171.132153,412.243552 188.675885,426.666667 209.067688,426.666667 C225.181549,426.577424 239.870491,417.417465 247.041022,402.986667 C338.561022,392.533333 367.787688,345.386667 376.961022,317.653333 C401.778455,309.61433 418.468885,286.351502 418.134355,260.266667 L418.134355,230.4 C418.23702,205.585799 402.934114,183.311569 379.734355,174.506667 Z M76.8010217,260.266667 C76.8010217,269.692326 69.1600148,277.333333 59.734355,277.333333 C50.3086953,277.333333 42.6676884,269.692326 42.6676884,260.266667 L42.6676884,230.4 C42.6676884,224.302667 45.9205765,218.668499 51.2010216,215.619833 C56.4814667,212.571166 62.9872434,212.571166 68.2676885,215.619833 C73.5481336,218.668499 76.8010217,224.302667 76.8010217,230.4 L76.8010217,260.266667 Z M341.334355,230.4 C341.334355,220.97434 348.975362,213.333333 358.401022,213.333333 C367.826681,213.333333 375.467688,220.97434 375.467688,230.4 L375.467688,260.266667 C375.467688,269.692326 367.826681,277.333333 358.401022,277.333333 C348.975362,277.333333 341.334355,269.692326 341.334355,260.266667 L341.334355,230.4 Z">
+
+</path>
+        </g>
+    </g>
+</svg>
\ No newline at end of file

From fa854f64904042139b8a3d411676fe3f0732571a Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 14 Jan 2025 20:06:27 +0100
Subject: [PATCH 07/10] fix add_applications

---
 abra.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/abra.sh b/abra.sh
index 7233976..e61cd95 100644
--- a/abra.sh
+++ b/abra.sh
@@ -159,11 +159,13 @@ print(f'{blueprint.name} enabled: {blueprint.enabled}')
 }
 
 add_applications(){
+export APPLICATIONS
 /manage.py shell -c """
 import json
-if '$APPLICATIONS' == '':
+import os
+if os.environ['APPLICATIONS'] == '':
     exit()
-applications = json.loads('$APPLICATIONS')
+applications = json.loads(os.environ['APPLICATIONS'])
 for name, url in applications.items():
     print(f'Add {name}: {url}')
     app = Application.objects.filter(name=name).first()

From bc62831e58a2c7521db14b9601727216292d19e9 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Thu, 16 Jan 2025 17:33:14 +0100
Subject: [PATCH 08/10] fix blueprints: add redirect_uris

---
 abra.sh              | 22 +++++++++++-----------
 compose.matrix.yml   |  1 +
 hedgedoc.yaml.tmpl   |  5 ++++-
 kimai.yaml.tmpl      |  2 +-
 matrix.yaml.tmpl     |  3 +++
 monitoring.yaml.tmpl |  3 +++
 nextcloud.yaml.tmpl  |  3 +++
 outline.yaml.tmpl    |  5 ++++-
 rallly.yaml.tmpl     |  3 +++
 vikunja.yaml.tmpl    |  3 +++
 wekan.yaml.tmpl      |  3 +++
 wordpress.yaml.tmpl  |  3 +++
 12 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/abra.sh b/abra.sh
index e61cd95..2687a5c 100644
--- a/abra.sh
+++ b/abra.sh
@@ -5,17 +5,17 @@ export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v3
 export SYSTEM_BRAND_VERSION=v4
-export NEXTCLOUD_CONFIG_VERSION=v2
-export WORDPRESS_CONFIG_VERSION=v3
-export MATRIX_CONFIG_VERSION=v2
-export WEKAN_CONFIG_VERSION=v4
-export VIKUNJA_CONFIG_VERSION=v2
-export OUTLINE_CONFIG_VERSION=v3
-export KIMAI_CONFIG_VERSION=v2
-export ZAMMAD_CONFIG_VERSION=v3
-export RALLLY_CONFIG_VERSION=v3
-export HEDGEDOC_CONFIG_VERSION=v2
-export MONITORING_CONFIG_VERSION=v3
+export NEXTCLOUD_CONFIG_VERSION=v3
+export WORDPRESS_CONFIG_VERSION=v4
+export MATRIX_CONFIG_VERSION=v3
+export WEKAN_CONFIG_VERSION=v5
+export VIKUNJA_CONFIG_VERSION=v3
+export OUTLINE_CONFIG_VERSION=v4
+export KIMAI_CONFIG_VERSION=v3
+export ZAMMAD_CONFIG_VERSION=v4
+export RALLLY_CONFIG_VERSION=v4
+export HEDGEDOC_CONFIG_VERSION=v3
+export MONITORING_CONFIG_VERSION=v4
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
 export ENTRYPOINT_CSS_VERSION=v1
diff --git a/compose.matrix.yml b/compose.matrix.yml
index 79233b1..dd2075f 100644
--- a/compose.matrix.yml
+++ b/compose.matrix.yml
@@ -12,6 +12,7 @@ services:
       - matrix_secret
     environment:
       - ELEMENT_DOMAIN
+      - MATRIX_DOMAIN
     configs:
       - source: matrix
         target: /blueprints/matrix.yaml
diff --git a/hedgedoc.yaml.tmpl b/hedgedoc.yaml.tmpl
index eafa124..10b6007 100644
--- a/hedgedoc.yaml.tmpl
+++ b/hedgedoc.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2/callback
     name: Hedgedoc
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@@ -32,7 +35,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}
+    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf hedgedoc_provider
diff --git a/kimai.yaml.tmpl b/kimai.yaml.tmpl
index ccc016d..844e852 100644
--- a/kimai.yaml.tmpl
+++ b/kimai.yaml.tmpl
@@ -37,7 +37,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}
+    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml/login
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf kimai_provider
diff --git a/matrix.yaml.tmpl b/matrix.yaml.tmpl
index aa4e2ae..1d6717e 100644
--- a/matrix.yaml.tmpl
+++ b/matrix.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MATRIX_DOMAIN" }}/_synapse/client/oidc/callback
     name: Matrix
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/monitoring.yaml.tmpl b/monitoring.yaml.tmpl
index 7c1942b..3c88d6a 100644
--- a/monitoring.yaml.tmpl
+++ b/monitoring.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MONITORING_DOMAIN" }}/login/generic_oauth
     name: Monitoring
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/nextcloud.yaml.tmpl b/nextcloud.yaml.tmpl
index af62a9e..33bdb68 100644
--- a/nextcloud.yaml.tmpl
+++ b/nextcloud.yaml.tmpl
@@ -28,6 +28,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "NEXTCLOUD_DOMAIN" }}/apps/sociallogin/custom_oidc/authentik
     name: Nextcloud
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/outline.yaml.tmpl b/outline.yaml.tmpl
index ec72b2e..a388a16 100644
--- a/outline.yaml.tmpl
+++ b/outline.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc.callback
     name: Outline
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@@ -32,7 +35,7 @@ entries:
   state: present
 
 - attrs:
-    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}
+    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf outline_provider
diff --git a/rallly.yaml.tmpl b/rallly.yaml.tmpl
index 8e26c40..a1a649a 100644
--- a/rallly.yaml.tmpl
+++ b/rallly.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "RALLLY_DOMAIN" }}/api/auth/callback/oidc
     name: Rallly
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/vikunja.yaml.tmpl b/vikunja.yaml.tmpl
index ab7af08..5267035 100644
--- a/vikunja.yaml.tmpl
+++ b/vikunja.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "VIKUNJA_DOMAIN" }}/auth/openid/authentik
     name: Vikunja
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/wekan.yaml.tmpl b/wekan.yaml.tmpl
index a9549f8..a2c70de 100644
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@@ -33,6 +33,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WEKAN_DOMAIN" }}/_oauth/oidc
     name: Wekan
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
diff --git a/wordpress.yaml.tmpl b/wordpress.yaml.tmpl
index 7624908..91c8c2c 100644
--- a/wordpress.yaml.tmpl
+++ b/wordpress.yaml.tmpl
@@ -16,6 +16,9 @@ entries:
     client_type: confidential
     include_claims_in_id_token: true
     issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WORDPRESS_DOMAIN" }}/openid-connect-authorize
     name: Wordpress
     property_mappings:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]

From 5df1f34cd76e52239b932e71a5a50947e6e6316d Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Mon, 20 Jan 2025 21:04:46 +0100
Subject: [PATCH 09/10] UX: rename matrix to element

---
 matrix.yaml.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/matrix.yaml.tmpl b/matrix.yaml.tmpl
index 1d6717e..d5195d6 100644
--- a/matrix.yaml.tmpl
+++ b/matrix.yaml.tmpl
@@ -39,10 +39,10 @@ entries:
     open_in_new_tab: true
     policy_engine_mode: any
     provider: !KeyOf matrix_provider
-    slug: matrix
+    name: Element
   conditions: []
   id: matrix_application
   identifiers:
-    name: Matrix
+    slug: matrix
   model: authentik_core.application
   state: present

From d0c924a864178868ae6a02a4cbec528369bbbe43 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Mon, 20 Jan 2025 21:32:38 +0100
Subject: [PATCH 10/10] chore: publish 6.11.1+2024.10.5 release

---
 compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yml b/compose.yml
index 391365f..0f08c9e 100644
--- a/compose.yml
+++ b/compose.yml
@@ -72,7 +72,7 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=6.11.0+2024.10.5"
+        - "coop-cloud.${STACK_NAME}.version=6.11.1+2024.10.5"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   worker: