2022-10-19 11:32:27 +00:00
|
|
|
export CUSTOM_CSS_VERSION=v2
|
2023-03-22 16:26:25 +00:00
|
|
|
export FLOW_AUTHENTICATION_VERSION=v1
|
|
|
|
export FLOW_INVITATION_VERSION=v1
|
|
|
|
export FLOW_INVALIDATION_VERSION=v1
|
|
|
|
export FLOW_RECOVERY_VERSION=v1
|
|
|
|
export FLOW_TRANSLATION_VERSION=v1
|
|
|
|
export SYSTEM_TENANT_VERSION=v1
|
2023-03-22 16:29:34 +00:00
|
|
|
export NEXTCLOUD_CONFIG_VERSION=v1
|
2023-03-30 15:00:48 +00:00
|
|
|
export WORDPRESS_CONFIG_VERSION=v1
|
2023-04-05 19:40:32 +00:00
|
|
|
export MATRIX_CONFIG_VERSION=v1
|
2022-10-25 15:47:21 +00:00
|
|
|
|
|
|
|
customize() {
|
|
|
|
if [ -z "$1" ]
|
|
|
|
then
|
|
|
|
echo "Usage: ... customize <assets_path>"
|
|
|
|
exit 1
|
|
|
|
fi
|
2022-11-16 15:15:00 +00:00
|
|
|
asset_dir=$1
|
|
|
|
for asset in $COPY_ASSETS; do
|
|
|
|
source=$(echo $asset | cut -d "|" -f1)
|
|
|
|
target=$(echo $asset | cut -d "|" -f2)
|
|
|
|
echo copy $source to $target
|
|
|
|
abra app cp $APP_NAME $asset_dir/$source $target
|
|
|
|
done
|
2022-10-25 15:47:21 +00:00
|
|
|
}
|
2022-11-17 18:34:20 +00:00
|
|
|
|
|
|
|
set_admin_pass() {
|
|
|
|
password=$(cat /run/secrets/admin_pass)
|
|
|
|
token=$(cat /run/secrets/admin_token)
|
|
|
|
/manage.py shell -c """
|
|
|
|
akadmin = User.objects.get(username='akadmin')
|
|
|
|
akadmin.set_password('$password')
|
|
|
|
akadmin.save()
|
|
|
|
print('Changed akadmin password')
|
|
|
|
|
|
|
|
from authentik.core.models import TokenIntents
|
|
|
|
key='$token'
|
|
|
|
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
|
|
|
|
token.key=key
|
|
|
|
token.save()
|
|
|
|
print('Changed authentik-bootstrap-token')
|
2022-12-20 19:39:04 +00:00
|
|
|
else:
|
2022-11-17 18:34:20 +00:00
|
|
|
Token.objects.create(
|
|
|
|
identifier='authentik-bootstrap-token',
|
|
|
|
user=akadmin,
|
|
|
|
intent=TokenIntents.INTENT_API,
|
|
|
|
expiring=False,
|
|
|
|
key=key,
|
|
|
|
)
|
|
|
|
print('Created authentik-bootstrap-token')
|
|
|
|
"""
|
|
|
|
}
|
|
|
|
|
|
|
|
rotate_db_pass() {
|
|
|
|
db_password=$(cat /run/secrets/db_password)
|
|
|
|
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
|
|
|
|
}
|
2023-03-22 16:26:25 +00:00
|
|
|
|
|
|
|
apply_blueprints() {
|
|
|
|
enable_blueprint default/flow-default-authentication-flow.yaml
|
|
|
|
enable_blueprint default/flow-default-user-settings-flow.yaml
|
|
|
|
enable_blueprint default/flow-password-change.yaml
|
|
|
|
ak apply_blueprint 6_flow_invalidation.yaml
|
|
|
|
ak apply_blueprint 5_system_tenant.yaml
|
|
|
|
disable_blueprint default/flow-default-authentication-flow.yaml
|
|
|
|
disable_blueprint default/flow-default-user-settings-flow.yaml
|
|
|
|
disable_blueprint default/flow-password-change.yaml
|
|
|
|
}
|
|
|
|
|
|
|
|
disable_blueprint() {
|
|
|
|
blueprint_state False $@
|
|
|
|
}
|
|
|
|
|
|
|
|
enable_blueprint() {
|
|
|
|
blueprint_state True $@
|
|
|
|
}
|
|
|
|
|
|
|
|
blueprint_state() {
|
|
|
|
TOKEN=$(cat /run/secrets/admin_token)
|
|
|
|
python -c """
|
|
|
|
import requests
|
|
|
|
session = requests.Session()
|
|
|
|
my_token='$TOKEN'
|
|
|
|
blueprint_state=$1
|
|
|
|
blueprint_path='$2'
|
|
|
|
resp = session.get(f'https://$DOMAIN/api/v3/managed/blueprints/?path={blueprint_path}', headers={'Authorization':f'Bearer {my_token}'})
|
|
|
|
if not resp.ok:
|
|
|
|
print(f'Error fetching blueprint: {resp.content}')
|
|
|
|
exit()
|
|
|
|
auth_flow_uuid = resp.json()['results'][0]['pk']
|
|
|
|
blueprint_name = resp.json()['results'][0]['name']
|
|
|
|
params = {'name': blueprint_name,'path': blueprint_path,'context':{},'enabled': blueprint_state}
|
|
|
|
resp = session.put(f'https://$DOMAIN/api/v3/managed/blueprints/{auth_flow_uuid}/', json=params, headers={'Authorization':f'Bearer {my_token}'})
|
|
|
|
if resp.ok:
|
|
|
|
print(f'{blueprint_name} enabled: {blueprint_state}')
|
|
|
|
else:
|
|
|
|
print(f'Error changing blueprint state: {resp.content}')
|
|
|
|
"""
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-03-29 16:10:29 +00:00
|
|
|
set_icons(){
|
|
|
|
for icon in $APP_ICONS; do
|
|
|
|
app=$(echo $icon | cut -d ":" -f1)
|
|
|
|
file_path=$(eval echo $(echo $icon | cut -d ":" -f2))
|
|
|
|
file=$(basename $file_path)
|
|
|
|
echo copy icon $file_path for $app
|
|
|
|
abra app cp $APP_NAME $file_path app:/media/
|
|
|
|
abra app cmd -T $APP_NAME app set_app_icon $app /media/$file
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
set_app_icon() {
|
|
|
|
TOKEN=$(cat /run/secrets/admin_token)
|
|
|
|
python -c """
|
|
|
|
import requests
|
|
|
|
import os
|
|
|
|
my_token = '$TOKEN'
|
|
|
|
application = '$1'
|
|
|
|
icon_path = '$2'
|
|
|
|
url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/'
|
|
|
|
headers = {'Authorization':f'Bearer {my_token}'}
|
|
|
|
with open(icon_path, 'rb') as img:
|
|
|
|
name_img = os.path.basename(icon_path)
|
|
|
|
files= {'file': (name_img,img,'image/png') }
|
|
|
|
with requests.Session() as s:
|
|
|
|
r = s.post(url,files=files,headers=headers)
|
|
|
|
print(r.status_code)
|
|
|
|
"""
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-03-22 16:26:25 +00:00
|
|
|
blueprint_cleanup() {
|
|
|
|
/manage.py shell -c """
|
|
|
|
delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup']
|
|
|
|
Flow.objects.filter(slug__in=delete_flows).delete()
|
|
|
|
Stage.objects.filter(flow=None).delete()
|
|
|
|
Prompt.objects.filter(promptstage=None).delete()
|
2023-03-22 16:29:34 +00:00
|
|
|
Tenant.objects.filter(default=True).delete()
|
2023-03-22 16:26:25 +00:00
|
|
|
"""
|
|
|
|
apply_blueprints
|
|
|
|
}
|