From f025eda69efae05d83c899f38fb64ba152a64893 Mon Sep 17 00:00:00 2001 From: Simon Date: Wed, 10 Dec 2025 21:18:10 +0100 Subject: [PATCH 1/2] add mila blueprint --- .env.sample | 7 +++++++ .gitignore | 1 + abra.sh | 1 + alaconnect.yml | 9 +++++++++ compose.mila.yml | 27 ++++++++++++++++++++++++++ icons/mila.svg | 5 +++++ mila.yaml.tmpl | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 99 insertions(+) create mode 100644 compose.mila.yml create mode 100644 icons/mila.svg create mode 100644 mila.yaml.tmpl diff --git a/.env.sample b/.env.sample index 9fb8575..a1717b4 100644 --- a/.env.sample +++ b/.env.sample @@ -156,5 +156,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/" # APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png" # HEDGEDOC_APPGROUP="$GROUP_DOCUMENTATION" +# COMPOSE_FILE="$COMPOSE_FILE:compose.mila.yml" +# MILA_DOMAIN=mila.example.com +# SECRET_MILA_ID_VERSION=v1 +# SECRET_MILA_SECRET_VERSION=v1 +# APP_ICONS="$APP_ICONS mila:~/.abra/recipes/authentik/icons/mila.svg" +# MILA_APPGROUP="" + # APPLICATIONS='{"Calendar": {"url":"https://nextcloud.example.com/apps/calendar/", "group": ""}, "BBB": {"url":"https://nextcloud.example.com/apps/bbb/", "group":""}, "Pretix": {"url":"https://pretix.example.com/control/", "group":""}}' # EXTRA_ICONS={"Calendar": "~/.abra/recipes/authentik/icons/calendar.svg", "BBB": "~/.abra/recipes/authentik/icons/bbb.png", "Pretix": "~/.abra/recipes/authentik/icons/pretix.svg"} diff --git a/.gitignore b/.gitignore index 7a6353d..5648586 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .envrc +.cursorignore diff --git a/abra.sh b/abra.sh index 86b74fe..360a8fa 100644 --- a/abra.sh +++ b/abra.sh @@ -16,6 +16,7 @@ export ZAMMAD_CONFIG_VERSION=v4 export RALLLY_CONFIG_VERSION=v4 export HEDGEDOC_CONFIG_VERSION=v3 export MONITORING_CONFIG_VERSION=v4 +export MILA_CONFIG_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 export PG_BACKUP_VERSION=v2 export ENTRYPOINT_CSS_VERSION=v1 diff --git a/alaconnect.yml b/alaconnect.yml index f0ef05a..c36af10 100644 --- a/alaconnect.yml +++ b/alaconnect.yml @@ -87,3 +87,12 @@ hedgedoc: - hedgedoc.png secrets: hedgedoc_id: hedgedoc +mila: + uncomment: + - compose.mila.yml + - MILA_DOMAIN + - SECRET_MILA_ID_VERSION + - SECRET_MILA_SECRET_VERSION + - mila.svg + secrets: + mila_id: mila diff --git a/compose.mila.yml b/compose.mila.yml new file mode 100644 index 0000000..83703d5 --- /dev/null +++ b/compose.mila.yml @@ -0,0 +1,27 @@ +version: "3.8" +services: + worker: + secrets: + - mila_id + - mila_secret + environment: + - MILA_DOMAIN + configs: + - source: mila + target: /blueprints/mila.yaml + +secrets: + mila_id: + external: true + name: ${STACK_NAME}_mila_id_${SECRET_MILA_ID_VERSION} + mila_secret: + external: true + name: ${STACK_NAME}_mila_secret_${SECRET_MILA_SECRET_VERSION} + + +configs: + mila: + name: ${STACK_NAME}_mila_${MILA_CONFIG_VERSION} + file: mila.yaml.tmpl + template_driver: golang + diff --git a/icons/mila.svg b/icons/mila.svg new file mode 100644 index 0000000..2709ce8 --- /dev/null +++ b/icons/mila.svg @@ -0,0 +1,5 @@ + + + M + + diff --git a/mila.yaml.tmpl b/mila.yaml.tmpl new file mode 100644 index 0000000..961248e --- /dev/null +++ b/mila.yaml.tmpl @@ -0,0 +1,49 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: mila + +entries: + +- attrs: + access_code_validity: minutes=1 + authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]] + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] + client_id: {{ secret "mila_id" }} + client_secret: {{ secret "mila_secret" }} + client_type: confidential + include_claims_in_id_token: true + issuer_mode: per_provider + redirect_uris: + - matching_mode: strict + url: https://{{ env "MILA_DOMAIN" }}/auth/user/rauthy/callback + name: Mila + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + token_validity: days=30 + conditions: [] + id: mila_provider + identifiers: + pk: 9990 + model: authentik_providers_oauth2.oauth2provider + state: present + +- attrs: + meta_launch_url: https://{{ env "MILA_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf mila_provider + slug: mila + conditions: [] + id: mila_application + identifiers: + name: Mila + model: authentik_core.application + state: present + From 721164a2f26c0dfdd331792d0ac227b66138b50a Mon Sep 17 00:00:00 2001 From: Simon Date: Wed, 10 Dec 2025 22:03:54 +0100 Subject: [PATCH 2/2] chore: publish 9.1.0+2025.10.2 release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index d434e7e..a1de6ec 100644 --- a/compose.yml +++ b/compose.yml @@ -69,7 +69,7 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" - - "coop-cloud.${STACK_NAME}.version=10.0.0+2025.10.2" + - "coop-cloud.${STACK_NAME}.version=10.1.0+2025.10.2" - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)" - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}" - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"