authentik/README.md

# authentik

[authentik](https://goauthentik.io/) is an open-source Identity Provider focused on flexibility and versatility


[List of all possible environment variables](https://goauthentik.io/docs/installation/configuration)

<!-- metadata -->

* **Category**: Apps
* **Status**: 0, work-in-progress
* **Image**: [ghcr/goauthentik/server](https://ghcr.io/goauthentik/server), 4, upstream
* **Healthcheck**: Yes
* **Backups**: Yes
* **Email**: Yes
* **Tests**: No
* **SSO**: Yes

<!-- endmetadata -->

## Quick start

* `abra app new authentik`
* `abra app config <app-name>`
* `abra app secret insert <app_name> email_pass v1 <password>`
* `abra app secret generate -a <app_name>`
* `abra app deploy <app-name>`

## Rotate Secrets

Increment the secret versions using `abra app config <app_name>`

```
abra app secret generate -a <app_name>
abra app undeploy <app_name>
abra app deploy <app_name>
abra app cmd <app_name> db rotate_db_pass
abra app cmd <app_name> app set_admin_pass
```

## Add SSO for Nextcloud

Uncomment Nextcloud configuration and set `NEXTCLOUD_DOMAIN` the using `abra app config <app_name>`:

```
COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
NEXTCLOUD_DOMAIN=nextcloud.example.com
SECRET_NEXTCLOUD_ID_VERSION=v1
SECRET_NEXTCLOUD_SECRET_VERSION=v1
APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
```

Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`

The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)

## Import User from CSV

Users can be imported from a CSV file of the following format:

`First and last name, username, email@example.com, group1;group2;group3`

Run the following command to import the file `users.csv`:

`abra app cmd -l <app_name> import_user users.csv`

Users will only be created if the username does not exits. I a group does not exists it will be created.

## Customization

Place the files you want to overwrite in a directory `<assets_path>`.
Run `abra app config <app_name>` and define the env variable `COPY_ASSETS` in the following format:

```
"<source_file1>|<service>:<target_directory1> <source_file2>|<service>:<target_directory2> ...
```

For example:

```
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/
COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
```

Run this command after every deploy/upgrade:

`abra app command --local <app-name> customize <assets_path>`

## Blueprints

Blueprint Dependency Requirements:

- Recovery with email verification
    - Default - Password change flow
    - Default - Authentication flow
- Custom Authentication Flow
    - Default - Authentication flow
    - Recovery with email verification
- Invitation Enrollment Flow
    - Default - User settings flow
    - Default - Authentication flow
    - Default - Source enrollment flow
- Custom Invalidation Flow
    - Default - Invalidation flow
- Flow Translations
    - Recovery with email verification
    - Default - Password change flow
    - Default - User settings flow
    - Default - Source enrollment flow
- Custom System Tenant
    - Default - Tenant
    - Recovery with email verification


Blueprint Dependency Graph:

5. Custom System Tenant
    - Default - Tenant
    4. Invitation Enrollment Flow
        3. Flow Translations
            - Default - User settings flow
            - Default - Source enrollment flow
            2. Custom Authentication Flow
                1. Recovery with email verification
                    - Default - Authentication flow
                        - Default - Password change flow
6. Custom Invalidation Flow
    - Default - Invalidation flow


For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).