diff --git a/.env.sample b/.env.sample index c46b54a..37ae296 100644 --- a/.env.sample +++ b/.env.sample @@ -78,6 +78,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/" # SECRET_VIKUNJA_SECRET_VERSION=v1 # APP_ICONS="$APP_ICONS vikunja:~/.abra/recipes/authentik/icons/vikunja.svg" +# COMPOSE_FILE="$COMPOSE_FILE:compose.outline.yml" +# OUTLINE_DOMAIN=outline.example.com +# SECRET_OUTLINE_ID_VERSION=v1 +# SECRET_OUTLINE_SECRET_VERSION=v1 +# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png" + # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml" # MONITORING_DOMAIN=monitoring.example.com # SECRET_MONITORING_ID_VERSION=v1 diff --git a/abra.sh b/abra.sh index 942cc15..0b32a42 100644 --- a/abra.sh +++ b/abra.sh @@ -10,6 +10,7 @@ export WORDPRESS_CONFIG_VERSION=v2 export MATRIX_CONFIG_VERSION=v1 export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 +export OUTLINE_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 diff --git a/compose.outline.yml b/compose.outline.yml new file mode 100644 index 0000000..27eb6aa --- /dev/null +++ b/compose.outline.yml @@ -0,0 +1,26 @@ +version: "3.8" +services: + worker: + secrets: + - outline_id + - outline_secret + environment: + - OUTLINE_DOMAIN + configs: + - source: outline + target: /blueprints/outline.yaml + +secrets: + outline_id: + external: true + name: ${STACK_NAME}_outline_id_${SECRET_OUTLINE_ID_VERSION} + outline_secret: + external: true + name: ${STACK_NAME}_outline_secret_${SECRET_OUTLINE_SECRET_VERSION} + + +configs: + outline: + name: ${STACK_NAME}_outline_${OUTLINE_CONFIG_VERSION} + file: outline.yaml.tmpl + template_driver: golang diff --git a/compose.yml b/compose.yml index 58c6f92..7ed057b 100644 --- a/compose.yml +++ b/compose.yml @@ -76,7 +76,7 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" - - "coop-cloud.${STACK_NAME}.version=4.0.0+2023.10.5" + - "coop-cloud.${STACK_NAME}.version=4.1.0+2023.10.5" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" worker: diff --git a/icons/outline.png b/icons/outline.png new file mode 100644 index 0000000..77997b1 Binary files /dev/null and b/icons/outline.png differ diff --git a/outline.yaml.tmpl b/outline.yaml.tmpl new file mode 100644 index 0000000..035bbcc --- /dev/null +++ b/outline.yaml.tmpl @@ -0,0 +1,43 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: outline + +entries: + +- attrs: + access_code_validity: minutes=1 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + client_id: {{ secret "outline_id" }} + client_secret: {{ secret "outline_secret" }} + client_type: confidential + include_claims_in_id_token: true + issuer_mode: per_provider + name: Outline + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + token_validity: days=30 + conditions: [] + id: outline_provider + identifiers: + pk: 9995 + model: authentik_providers_oauth2.oauth2provider + state: present + +- attrs: + meta_launch_url: https://{{ env "OUTLINE_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf outline_provider + slug: outline + conditions: [] + id: outline_application + identifiers: + name: Outline + model: authentik_core.application + state: present