From b7605f6a87c878a20cd50673e191347cc6ebf5a5 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 13 Feb 2024 15:58:58 +0100 Subject: [PATCH] add rallly oidc --- .env.sample | 9 +++++++-- abra.sh | 1 + compose.rallly.yml | 26 ++++++++++++++++++++++++++ rallly.yaml.tmpl | 43 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 compose.rallly.yml create mode 100644 rallly.yaml.tmpl diff --git a/.env.sample b/.env.sample index 37ae296..6bd28c6 100644 --- a/.env.sample +++ b/.env.sample @@ -90,7 +90,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/" # SECRET_MONITORING_SECRET_VERSION=v1 # APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png" -# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/", "Rallly":"https://rallly.example.cloud/"}' +# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml" +# RALLLY_DOMAIN=rallly.example.com +# SECRET_RALLLY_ID_VERSION=v1 +# SECRET_RALLLY_SECRET_VERSION=v1 +# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png" + +# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}' # APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg" -# APP_ICONS="$APP_ICONS Rallly:~/.abra/recipes/authentik/icons/rallly.png" # APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.jpg" diff --git a/abra.sh b/abra.sh index 0b32a42..20fb25d 100644 --- a/abra.sh +++ b/abra.sh @@ -11,6 +11,7 @@ export MATRIX_CONFIG_VERSION=v1 export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 export OUTLINE_CONFIG_VERSION=v1 +export RALLLY_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 diff --git a/compose.rallly.yml b/compose.rallly.yml new file mode 100644 index 0000000..56ff556 --- /dev/null +++ b/compose.rallly.yml @@ -0,0 +1,26 @@ +version: "3.8" +services: + worker: + secrets: + - rallly_id + - rallly_secret + environment: + - RALLLY_DOMAIN + configs: + - source: rallly + target: /blueprints/rallly.yaml + +secrets: + rallly_id: + external: true + name: ${STACK_NAME}_rallly_id_${SECRET_RALLLY_ID_VERSION} + rallly_secret: + external: true + name: ${STACK_NAME}_rallly_secret_${SECRET_RALLLY_SECRET_VERSION} + + +configs: + rallly: + name: ${STACK_NAME}_rallly_${RALLLY_CONFIG_VERSION} + file: rallly.yaml.tmpl + template_driver: golang diff --git a/rallly.yaml.tmpl b/rallly.yaml.tmpl new file mode 100644 index 0000000..a68e70c --- /dev/null +++ b/rallly.yaml.tmpl @@ -0,0 +1,43 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: rallly + +entries: + +- attrs: + access_code_validity: minutes=1 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + client_id: {{ secret "rallly_id" }} + client_secret: {{ secret "rallly_secret" }} + client_type: confidential + include_claims_in_id_token: true + issuer_mode: per_provider + name: Rallly + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + token_validity: days=30 + conditions: [] + id: rallly_provider + identifiers: + pk: 9995 + model: authentik_providers_oauth2.oauth2provider + state: present + +- attrs: + meta_launch_url: https://{{ env "RALLLY_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf rallly_provider + slug: rallly + conditions: [] + id: rallly_application + identifiers: + name: Rallly + model: authentik_core.application + state: present