forked from coop-cloud/authentik
Compare commits
7 Commits
7.0.2+2025
...
main
Author | SHA1 | Date | |
---|---|---|---|
efd67032cf | |||
6b627c6db7 | |||
c90b3c6881 | |||
e7af2b541e | |||
ea9b0ebd55
|
|||
06aafce852
|
|||
3c2b248304 |
41
README.md
41
README.md
@ -52,6 +52,16 @@ APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
|
|||||||
|
|
||||||
Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
||||||
|
|
||||||
|
Generate OAuth client id and secret using `abra app secret generate <app_name> -a` (all secrets) or individually:
|
||||||
|
- `abra app secret generate <app_name> nextcloud_id`
|
||||||
|
- `abra app secret generate <app_name> nextcloud_secret`
|
||||||
|
|
||||||
|
Add the id and secret to nextcloud as secrets with:
|
||||||
|
- `abra app secret insert <nextcloud_app_name> authentik_id v1 <id>`
|
||||||
|
- `abra app secret insert <nextcloud_app_name> authentik_secret v1 <secret>`
|
||||||
|
|
||||||
|
Redeploy Authentik to enable the nextcloud client.
|
||||||
|
|
||||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||||
|
|
||||||
## Add LDAP outpost
|
## Add LDAP outpost
|
||||||
@ -95,6 +105,25 @@ Run this command after every deploy/upgrade:
|
|||||||
|
|
||||||
`abra app command --local <app-name> customize <assets_path>`
|
`abra app command --local <app-name> customize <assets_path>`
|
||||||
|
|
||||||
|
## Custom CSS
|
||||||
|
|
||||||
|
Uncomment the following env:
|
||||||
|
|
||||||
|
```
|
||||||
|
COMPOSE_FILE="$COMPOSE_FILE:compose.css-volume.yml"
|
||||||
|
```
|
||||||
|
|
||||||
|
Redeploy the app:
|
||||||
|
```
|
||||||
|
abra app deploy -f <app_name>
|
||||||
|
```
|
||||||
|
|
||||||
|
Copy the CSS and restart the container:
|
||||||
|
```
|
||||||
|
abra app cp <app_name> my_custom.css app:/web/dist/assets/custom.css
|
||||||
|
abra app restart <app_name> app
|
||||||
|
```
|
||||||
|
|
||||||
## Email templates
|
## Email templates
|
||||||
|
|
||||||
Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#custom-templates):
|
Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#custom-templates):
|
||||||
@ -105,15 +134,15 @@ Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#cust
|
|||||||
|
|
||||||
These blueprints overwrite default blueprint values:
|
These blueprints overwrite default blueprint values:
|
||||||
|
|
||||||
- flow_translation.yaml
|
- `flow_translation.yaml`
|
||||||
- flow_authentication.yaml
|
- `flow_authentication.yaml`
|
||||||
|
|
||||||
The following default blueprints will be overwritten by customizations:
|
The following default blueprints will be overwritten by customizations:
|
||||||
|
|
||||||
- flow-password-change.yaml
|
- `flow-password-change.yaml`
|
||||||
- flow-default-authentication-flow.yaml
|
- `flow-default-authentication-flow.yaml`
|
||||||
- flow-default-user-settings-flow.yaml
|
- `flow-default-user-settings-flow.yaml`
|
||||||
- flow-default-source-enrollment.yaml
|
- `flow-default-source-enrollment.yaml`
|
||||||
|
|
||||||
The `abra.sh` function `apply_blueprints` needs to be executed to deactivate these blueprints to ensure that the customizations won't be overwritten. It will further execute flow_translation.yaml and flow_authentication.yaml again.
|
The `abra.sh` function `apply_blueprints` needs to be executed to deactivate these blueprints to ensure that the customizations won't be overwritten. It will further execute flow_translation.yaml and flow_authentication.yaml again.
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
version: "3.8"
|
version: "3.8"
|
||||||
services:
|
services:
|
||||||
authentik_ldap:
|
authentik_ldap:
|
||||||
image: ghcr.io/goauthentik/ldap:2025.2.2
|
image: ghcr.io/goauthentik/ldap:2025.2.4
|
||||||
# Optionally specify which networks the container should be
|
# Optionally specify which networks the container should be
|
||||||
# might be needed to reach the core authentik server
|
# might be needed to reach the core authentik server
|
||||||
networks:
|
networks:
|
||||||
|
@ -34,7 +34,7 @@ x-env: &env
|
|||||||
version: '3.8'
|
version: '3.8'
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: ghcr.io/goauthentik/server:2025.2.2
|
image: ghcr.io/goauthentik/server:2025.2.4
|
||||||
command: server
|
command: server
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
@ -72,11 +72,11 @@ services:
|
|||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=7.0.2+2025.2.2"
|
- "coop-cloud.${STACK_NAME}.version=7.1.0+2025.2.4"
|
||||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ghcr.io/goauthentik/server:2025.2.2
|
image: ghcr.io/goauthentik/server:2025.2.4
|
||||||
command: worker
|
command: worker
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
|
Reference in New Issue
Block a user