From 32ba90b647d9f28c5ef83706e27a0fbd6a9dbe5d Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Thu, 30 Mar 2023 17:00:48 +0200
Subject: [PATCH] automatic wordpress configuration

---
 .env.sample           |   7 +++++++
 abra.sh               |   1 +
 compose.wordpress.yml |  26 +++++++++++++++++++++++++
 icons/wordpress.png   | Bin 0 -> 3113 bytes
 wordpress.yaml.tmpl   |  43 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 77 insertions(+)
 create mode 100644 compose.wordpress.yml
 create mode 100644 icons/wordpress.png
 create mode 100644 wordpress.yaml.tmpl

diff --git a/.env.sample b/.env.sample
index b442e7b..5c9b497 100644
--- a/.env.sample
+++ b/.env.sample
@@ -44,3 +44,10 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 # SECRET_NEXTCLOUD_ID_VERSION=v1
 # SECRET_NEXTCLOUD_SECRET_VERSION=v1
 # APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
+
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
+# WORDPRESS_DOMAIN=wordpress.example.com
+# SECRET_WORDPRESS_ID_VERSION=v1
+# SECRET_WORDPRESS_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
diff --git a/abra.sh b/abra.sh
index 5008f22..d489439 100644
--- a/abra.sh
+++ b/abra.sh
@@ -6,6 +6,7 @@ export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v1
 export SYSTEM_TENANT_VERSION=v1
 export NEXTCLOUD_CONFIG_VERSION=v1
+export WORDPRESS_CONFIG_VERSION=v1
 
 customize() {
     if [ -z "$1" ]
diff --git a/compose.wordpress.yml b/compose.wordpress.yml
new file mode 100644
index 0000000..6ccf043
--- /dev/null
+++ b/compose.wordpress.yml
@@ -0,0 +1,26 @@
+version: "3.8"
+services:
+  worker:
+    secrets:
+      - wordpress_id
+      - wordpress_secret
+    environment:
+      - WORDPRESS_DOMAIN
+    configs:
+      - source: wordpress
+        target: /blueprints/wordpress.yaml
+
+secrets:
+  wordpress_id:
+    external: true
+    name: ${STACK_NAME}_wordpress_id_${SECRET_WORDPRESS_ID_VERSION}
+  wordpress_secret:
+    external: true
+    name: ${STACK_NAME}_wordpress_secret_${SECRET_WORDPRESS_SECRET_VERSION}
+
+
+configs:
+  wordpress:
+    name: ${STACK_NAME}_wordpress_${WORDPRESS_CONFIG_VERSION}
+    file: wordpress.yaml.tmpl
+    template_driver: golang
diff --git a/icons/wordpress.png b/icons/wordpress.png
new file mode 100644
index 0000000000000000000000000000000000000000..11e550c74e07cdbae3192894aacdd5e3cb271def
GIT binary patch
literal 3113
zcmeHJ`8O1b7iY#UWH(AuCR>;xGGu2kH1_d^d7{C4F;m9&EG-6=eHmMlvdpB$KK8NA
z(AXwRj1tO7dMM&$DWR|TXME3j=iJZzoX`E?{_r{XbIwh1LE4FlD2nj#@Q69s+qfOE
z%fAo;9`*Jyz!M%Gz<`UBhwYK%i75ZC{&V2}+JPX%T*J{Ne~EBIy7TY?fPDM{f<nR~
zqQ}I<C5}r<Nz2H}$t!>qPn=XbrF>fD%vn|NIW=_+O|A3VIuNLy{sjX=Bbc$tB~vqV
z3rj0&8(X-Yy#vD0=`zyU#nsIn<@Fod+XwTzub=-_Y(UT-f8uY162c=Q|B8-@jk|g4
z_MP~I#H73T?kA_Drln_OW#^D`^YRM{9~3<-epK@KNoiSm1)1`+^4W80Rdr2mU3~+s
zv8lPGwXL1r(b?7A!(jIIy<qhZ3=Xqjj*O0tznbK{nSMJnJNNGWJa^&4;>V>=e=o1B
ze*Uty{&i#XpKn{+JG<Y1?ETz7IAoouJW8|>*uloqLjhF6%&_Kc^A2oYEJ@%J>{K5b
zx^{+}<w?}gnpml@5-8Kg;i>)zn$B(x2x(rzHAmEXV+-yrxxY%3aMcm5SqO4AylJ#?
z4GD%(a@)p~8#?B{?j8^X&9dv{3!#5{FU`<_lC0)0bv}(v5vRRI&BG%ra3ciT-Kt?)
zJHQm-n}ram^KsLA>a0k(cB?<{JX*ehL+_sMYt5B5K5rZHNuoT>@>@u`TXas=I=dEE
za0nY4v;F?}l%tw8I>LG85q2VEkq~o#-c_$AB5Yy1i;!{Wa<FEl$-VXL_n<WGkco;}
zadzbQcXoG{Sy9-UrkZ&6LwVOWnY7jqHK<5J_tUvF%7tqE#<r&FLb9is)V-QNU)kC`
z23aNC$ltmtPzdqMLOO$0zK1y#j{BM>C6Oj)@&|0iL_g>95V`~L^z>yta{|+O>iEYq
z@RD(qIl<OH(i$sCI9v->9Of4@DHB_<$O>G2S~*GF8VME&;|2D5f92iVw|=){d4<u4
z7K@3<X}0s3ATrD%=ZSxGS?n3E4VN|+HoXz#E9T%MFJiylq5i!R@E9q}lXx^Jo`eD_
z4bo(+&prfTzTKtQK#RrAUljpJ<h61A_)65f)&~JqO&O};5v3P5;%<rd*%v6GV6|Vc
zdr%jJT<zE|X~|OE!gnYhmBk+iPqRD>0{uN!wLidR<mBF8IybH>+P0ofz5xfq=7lqh
zTs-s|Lid-M?Ov8eI5RiAyO13+94Aw9U^lUOfxfCcYvh(O<)GY>{W_<5tlp>6v@WT~
zx#!jc39qb>x}L@N-fvHVhng8d+PxEt_1Dk5RYOFTtHI}^B8^DM`(OrMB+g#_71C`V
zp^-|M(j2lf#wm;6Bwv;C_2REr7sIx>btZhi4gN7d)n-`7_bC`iI9x{S2DCacwo^#9
z;gG!+tsxOiU2`;389yQr6s!dC8T$}xukmSNrdG9~7!vgi@XQrd?`_WCLWKd(mdcnA
zMm%Y|(ADj8p--ss@NNG2m}|zhu@rU2Al{ueWQ3#|NDF8lOWcCFoOv$bWv_9H*=#%1
zg6)7$sB*If^e%fca!E7)KmdqMaBVvRdXmlO(8EjhL{Q`aCbGNXm~8|>3x2(rq|K5d
zH7P~gJEE&n7$DZIbS<)s76I={+ik$*L?}F<8gQ<uW3<>p=>UpRQ6|)DXf$VBzuZVU
z9i=3gC%hOCbMnn~iaKk<F2CBG@Ryc9AEx5KW|a3Y_C&O7e<Gqm*eipSp}HOjma+7%
z=2zkmVn?aLyWMOip_+L(b*^bul2j>r`833*MHADJUwx|3oT_TZ^+gX8gUS*a7v6f)
zAg4TN$CZLPW%+H2=pev|l^yXaY@IdeMdMM@<oI9Aj`J-z+R^j~*sVK&!gO%T9;+Tc
z!)V3-3@8?AYOTLg1i@tP94d%%RQM#gGpcW#N>MG6*;PP}hEP}F`F@4txmp(e&rd*u
z2J;0EW&^+ViBYi`=Kyv~(`g}<>9Ojsm7$$AVf&)Lot}l3{uY9!-esUbScu%95K~d<
zYf6J<<^b^>tqZtsm7llD&n1A^P=Oa8g|b08PyJqIV*$qs7NLF_2+*^!cn7`ASV+_`
zN@5b+m9T)%Um^=yg*gEf^CbM2EMLcfa-njAatUIj?osCSX|^MyC-5iz;xU)AE)+CF
z4ip02Yhg<<=BaHl3W2nj@e5&{y!%d`7DZHIyWVIZmZMpAN;7YR7an9oz{55|U_rnW
zo&o`_a6P7c4peaQHaLlkM*|e5QsX4PTeawSF=rLGrCWWM7@DB3{#$r2O#GZ7S`)hN
zItSb^g`ohA%{fU|*LdLlACs4`90c|L51IjaVKCiZQG^|k#!obs&E*P*TyW9G3ilt7
ztX#AP_|k({!tF)bJ9?pw4`cn%WO-uF{NN_&C`%fQ_$b(8R-2u-cq==~jHk1lHGNYJ
zdzM%kIG51ixm|Ao57#|eBq`e~^0oko#g4#?tY-Kyx12J~{a<<tMX?Q(7Fm;~8~a`b
z*1lZ4X?o5Sxg%a9?9p<{*;Z|fZsX1r*G{=}!zezdSCYE5VQZiHtMjm${Wny|;`oEm
z04HM4@IQQ9(`O<i+@x~+*6*~g)Ex1+yZ{v?y>7SO4pZVE9>s7{f_}r9(qAg*a<4_j
z+JLxah^O$CPXKorkX0($__or<J89a>f$e0sx%et?!sSF_g8M^jwXv0o^L`v*@Xh4U
z;go1VUmVKK{rJY3r)){!mkGE8WGh=L!3eH3<u8#5BJC^zSA4bzy7a-2@zo2Z^Y>G$
zUTm5~>PgyVY$0{HF`j}y3B1g6H9I^j&JMx$eWaEvCDqIVY5bj+KynYY!cs?lnw)`t
zart^)KNeIuIvRv6nsu>%bR#V@^TU}0vAt#E546H3zeEevrdYW1=EJJj2Yr=}g}KIb
zM06%6aotUmJ64nF(OKfG$}NJqj>;m8bvQ2SRYp%;THH89@A>HJ;9rB*Iz+J)dNS^0
z;@Y}(a8X~NEH2kD<HhT$(3MX>y%~wF%}`fe9JUqF%pYMFlY3P+vp?T#xy8g0aT}sD
zF8xOP1f@^*T7)xdncP%yDK~9n^ex!n*M#Hl54pP(`|avW^kwrn>ncvu^jPbnhVQ)Q
zN~63S@>tN-Aw|O<%&9Ag)a&Xyq5L#9wU_qDBy5A*fI=%)4ew*xi4?~-oV6RS7&ejK
foKN|Infb*#*Sp&c!PU3@`|~^4B5i7|{1W~LxiNf@

literal 0
HcmV?d00001

diff --git a/wordpress.yaml.tmpl b/wordpress.yaml.tmpl
new file mode 100644
index 0000000..f871478
--- /dev/null
+++ b/wordpress.yaml.tmpl
@@ -0,0 +1,43 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+  name: Wordpress
+
+entries:
+
+- attrs:
+    access_code_validity: minutes=1
+    authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+    client_id: {{ secret  "wordpress_id" }}
+    client_secret: {{ secret  "wordpress_secret" }}
+    client_type: confidential
+    include_claims_in_id_token: true
+    issuer_mode: per_provider
+    name: Wordpress
+    property_mappings:
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+    signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+    sub_mode: user_username
+    token_validity: days=30
+  conditions: []
+  id: wordpress_provider
+  identifiers:
+    pk: 9998
+  model: authentik_providers_oauth2.oauth2provider
+  state: present
+
+- attrs:
+    meta_launch_url: https://{{ env  "WORDPRESS_DOMAIN" }}/wp-login.php
+    open_in_new_tab: true
+    policy_engine_mode: any
+    provider: !KeyOf wordpress_provider
+    slug: wordpress
+  conditions: []
+  id: wordpress_application
+  identifiers:
+    name: Wordpress
+  model: authentik_core.application
+  state: present