diff --git a/.env.sample b/.env.sample index d4372b0..50c183b 100644 --- a/.env.sample +++ b/.env.sample @@ -98,6 +98,10 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21 # SECRET_KIMAI_SECRET_VERSION=v1 # APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png" +# COMPOSE_FILE="$COMPOSE_FILE:compose.zammad.yml" +# ZAMMAD_DOMAIN=zammad.example.com +# APP_ICONS="$APP_ICONS zammad:~/.abra/recipes/authentik/icons/zammad.svg" + # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml" # MONITORING_DOMAIN=monitoring.example.com # SECRET_MONITORING_ID_VERSION=v1 diff --git a/abra.sh b/abra.sh index 3f484bb..6b2a0ba 100644 --- a/abra.sh +++ b/abra.sh @@ -12,6 +12,7 @@ export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 export OUTLINE_CONFIG_VERSION=v2 export KIMAI_CONFIG_VERSION=v1 +export ZAMMAD_CONFIG_VERSION=v1 export RALLLY_CONFIG_VERSION=v2 export HEDGEDOC_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v2 diff --git a/compose.zammad.yml b/compose.zammad.yml new file mode 100644 index 0000000..8274953 --- /dev/null +++ b/compose.zammad.yml @@ -0,0 +1,14 @@ +version: "3.8" +services: + worker: + environment: + - ZAMMAD_DOMAIN + configs: + - source: zammad + target: /blueprints/zammad.yaml + +configs: + zammad: + name: ${STACK_NAME}_zammad_${ZAMMAD_CONFIG_VERSION} + file: zammad.yaml.tmpl + template_driver: golang diff --git a/icons/zammad.svg b/icons/zammad.svg new file mode 100644 index 0000000..d539f52 --- /dev/null +++ b/icons/zammad.svg @@ -0,0 +1,30 @@ + + + + logo + Created with Sketch. + + + + + \ No newline at end of file diff --git a/zammad.yaml.tmpl b/zammad.yaml.tmpl new file mode 100644 index 0000000..9fc5c60 --- /dev/null +++ b/zammad.yaml.tmpl @@ -0,0 +1,67 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: zammad + +entries: +- attrs: + expression: return request.user.name + managed: null + name: 'Zammad SAML Mapping: name' + saml_name: name + conditions: [] + identifiers: + name: zammad_name_mapping + id: zammad_name_mapping + model: authentik_providers_saml.samlpropertymapping + state: present + +- attrs: + expression: return request.user.email + managed: null + name: 'Zammad SAML Mapping: email' + saml_name: email + conditions: [] + identifiers: + name: zammad_email_mapping + id: zammad_email_mapping + model: authentik_providers_saml.samlpropertymapping + state: present + +- attrs: + acs_url: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/callback + assertion_valid_not_before: minutes=-5 + assertion_valid_not_on_or_after: minutes=5 + audience: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/metadata + authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]] + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256 + issuer: https://{{ env "ZAMMAD_DOMAIN" }}/auth/saml/metadata + name: zammad + property_mappings: + - !KeyOf zammad_name_mapping + - !KeyOf zammad_email_mapping + session_valid_not_on_or_after: minutes=86400 + signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sp_binding: post + conditions: [] + id: zammad_provider + identifiers: + pk: 9989 + model: authentik_providers_saml.samlprovider + state: present + +- attrs: + meta_launch_url: https://{{ env "ZAMMAD_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf zammad_provider + slug: zammad + conditions: [] + id: zammad_application + identifiers: + name: Zammad + model: authentik_core.application + state: present