From bf2397b0e9ab8e26cb0f669db26d073ae38ba3e5 Mon Sep 17 00:00:00 2001 From: Moritz Date: Mon, 1 Apr 2024 16:39:38 +0200 Subject: [PATCH] add hedgedoc --- .env.sample | 6 ++++++ abra.sh | 1 + compose.hedgedoc.yml | 26 ++++++++++++++++++++++++++ hedgedoc.yaml.tmpl | 43 +++++++++++++++++++++++++++++++++++++++++++ icons/hedgedoc.png | Bin 0 -> 9405 bytes 5 files changed, 76 insertions(+) create mode 100644 compose.hedgedoc.yml create mode 100644 hedgedoc.yaml.tmpl create mode 100644 icons/hedgedoc.png diff --git a/.env.sample b/.env.sample index 6bd28c6..1468df1 100644 --- a/.env.sample +++ b/.env.sample @@ -96,6 +96,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/" # SECRET_RALLLY_SECRET_VERSION=v1 # APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png" +# COMPOSE_FILE="$COMPOSE_FILE:compose.hedgedoc.yml" +# HEDGEDOC_DOMAIN=hedgedoc.example.com +# SECRET_HEDGEDOC_ID_VERSION=v1 +# SECRET_HEDGEDOC_SECRET_VERSION=v1 +# APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png" + # APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}' # APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg" # APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.jpg" diff --git a/abra.sh b/abra.sh index 838e0b0..86ee41d 100644 --- a/abra.sh +++ b/abra.sh @@ -12,6 +12,7 @@ export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 export OUTLINE_CONFIG_VERSION=v1 export RALLLY_CONFIG_VERSION=v1 +export HEDGEDOC_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 diff --git a/compose.hedgedoc.yml b/compose.hedgedoc.yml new file mode 100644 index 0000000..21f6ae0 --- /dev/null +++ b/compose.hedgedoc.yml @@ -0,0 +1,26 @@ +version: "3.8" +services: + worker: + secrets: + - hedgedoc_id + - hedgedoc_secret + environment: + - HEDGEDOC_DOMAIN + configs: + - source: hedgedoc + target: /blueprints/hedgedoc.yaml + +secrets: + hedgedoc_id: + external: true + name: ${STACK_NAME}_hedgedoc_id_${SECRET_hedgedoc_ID_VERSION} + hedgedoc_secret: + external: true + name: ${STACK_NAME}_hedgedoc_secret_${SECRET_HEDGEDOC_SECRET_VERSION} + + +configs: + hedgedoc: + name: ${STACK_NAME}_hedgedoc_${HEDGEDOC_CONFIG_VERSION} + file: hedgedoc.yaml.tmpl + template_driver: golang diff --git a/hedgedoc.yaml.tmpl b/hedgedoc.yaml.tmpl new file mode 100644 index 0000000..33bf308 --- /dev/null +++ b/hedgedoc.yaml.tmpl @@ -0,0 +1,43 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: hedgedoc + +entries: + +- attrs: + access_code_validity: minutes=1 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + client_id: {{ secret "hedgedoc_id" }} + client_secret: {{ secret "hedgedoc_secret" }} + client_type: confidential + include_claims_in_id_token: true + issuer_mode: per_provider + name: Hedgedoc + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] + - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + token_validity: days=30 + conditions: [] + id: hedgedoc_provider + identifiers: + pk: 9992 + model: authentik_providers_oauth2.oauth2provider + state: present + +- attrs: + meta_launch_url: https://{{ env "HEDGEDOC_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf hedgedoc_provider + slug: hedgedoc + conditions: [] + id: hedgedoc_application + identifiers: + name: Hedgedoc + model: authentik_core.application + state: present diff --git a/icons/hedgedoc.png b/icons/hedgedoc.png new file mode 100644 index 0000000000000000000000000000000000000000..1eedb77affb7f1ef0d3268b220886e12dd780693 GIT binary patch literal 9405 zcmb_?XH*ki*Y=roNFbp|krtYA3qnAeh%huM(nJtckk}9vG%8I%Gohn2D+nk-5wTK4 zr4yQnBE&{hB#H$Qq)0EBm-}7Mv)1?L{r9akXU?^+J=fm*%sR8y%$bwy?rJY4x>^(f zAm->`>j3~}1!4dRyV5lkYP?wKaEGj1tNAuh`Hj4|{9ys6+ABiXp;s*m(*7 zyzIXXy8Yb6Z-umWclNY%K73;7Rq9iD%;$Ws`?8oaIcP=tRQ^B5M0Lbe0~>;%`R55= z@A&;HJv{o9_2a?*&b=l=;e3dnZCP3A$AOr|m1v?N9=~9 z+FE%=^o{tPzgVC}GqUgLhyXJ6qy7c`CB8KvSVqMt!+zR4`nI057UJTNjv(7r)eB%HN?-BgdT}q{}qE&3^`otlF z*gbQ_^6sIJyqk!HT40OT=81v%U>YY*4IGjhf9}5*{-E?EwI~V?cMmDeZRI{y)=MB2 z`~=+rELouxcKFe!CVfv)3FNfer(`q-^7=i$D-Kfq7&+L#Z4=ute6ap^R22z5b@`0n z&spOq2Ms{;ua)s1{VgHD*2BokFo+6D3Q`Hn@AF zhHrnQq`N27SlsjAKCfQ>7)|j;&Pe;!5|>o)@b%2z0CSbm2OHfp+q_0&E%x0?Evwdv z$9hH1-LLIW5Z*^78{W8Eqou@^3pL9se5h ztm31uZ10bTg@}3*9`~ne6WtLNUHbKg$&T8s_U<4M)ZTM4h}UeObj=>ywW-;f9^ZJ8 z9*jo_H18GXi51}fU+}+7znt6&#>Bs;(Rf%##2Vs4?!aj^zix*0#AQ?%ms%D_(7Nm3 zXEJ&;ai`GmLhB}NsUzobMM@PYzalVqEObq|v z_FWTZTTp2rysKY-eay;Ser;!=qoDT1Y7Y*BfCHKHP2PX304?R3T5!Q8;0nBgk%u+N{|4C{&Vfl?qXTyU6Z@_R_X@TXGq;*hv}a~ z-fpDDfUo+11m6H8j6>_n2u@?@B5K#MswBEHmQLa-V-fIP1kp$e6OW@K5fp&QSPNpn zTm6;Oe}oP(4nJWMrs!XF=!*L0f7A&0_OCGH{}EoK|8K_Oe>3I)qXZ=6IkI{v77OP^ zDu##=kN8rqF^JhO!nj8e3qNsi=A|N7C|Iu=q;l{-#%22^QS|{m7B^hO(pvSr7mH%eR#XU$!>cS|HUY6)Wh zkv9E+E0Glt?==jjuR(gLQmXAL?eqXk=QswN5&M6&h^03;rZ6eTD$DX~0B!MXn^)>o zVi=LJFa;YvlUxy+Zc66=6AN* zviZ8pHoQUNVf)SKbe8l~^qh9ebn&6&39f6T_KUv~eY`yZ4Oy6-QRJzU%gG0P_-mrq zkBE=oc8&Vkxu_NPJ_9Fm&vO==GQ#SgtV_GuW%G zbg@QZ$>C>xsaQ&lskg~VuG5$;?*-&`x2(8heI*EfPH zR4F71J4AF`?ZC31E642NDOCwUx)Y~ld;o^>E~&~cz%qB$PD4AIi?+t|ezSVK)M(A~ z{`Q=S;v~;>eO0KUotUmi@hzLQmd;KMjOz(b$)t;{J;>D3eHdX-GF!&; zQKOsYZQ@O7YFq7k2Y>p~>8U0HC9T2S!l5yinXj2Cx*27Q{`lB`Nbmy&^SS>ojFgyK z80YfMfv6N7=i|Pdin+)0V+O(tRiKlI9F$fw9YDO_psw(~7tOnIkH3&+A@^vBs< zv%h3N{eufy)>gzDG@@GwwmkIj`1y2d$vv>$47$|EyG@CZ#vdlcQIS1v=#s2|-N+tT zK?LhT&-sad#~l}m+b8I3d4|=ofO~R~Dj!}}mzdfHy3*45uP3nB#=*|!XKTcDq-hq{ zc->gv0!+Hv?P0w`a2y_}$`G_td5^ zkuGGnHoC|4^Q^TW%|Pc>n3G5HpW4#4;g#FIs5FuKJ>oc_)_-F=o+cMRaJul^7l74|lP1U#? z=r0fRgvrqZIfCvQ-evKPWvZcL?imq`^Fo!Ql6*NDp55gp%HMRExefZL#;NhuIj%-6 z!Z;54OPd>GzvdFoS_+SkN9D-oZsJWYRTo+x#2!XU8Hqv_H=GQixgl?M*&AA@#82%I zkGKXEcH+z(s1C}g+{o$h-Iu)5XU`zr%NadRP~jbns;lGyKC1o{p<>ng2@^*E z8UM|g?mSTvF3YD%U;kv2+w@mujMsA>x-hP?=$33ptn=f&C6{}`K95yLedl|x@84*S zPVC}cf`Xd~CGPN1PeYh(_Kw;MA2Uu1($9G+hNG2-%wtZR0OV5h8z#sKoz{KJ zB2|NbPNW%$k2v;f0=z0=l?B+4(kcf8{Cl`bQ@Y~fi#xsUqhKl143>~Wxs(Va#AG3M8~*Bnz#TE4jU+{T zNxNpn9v-{?cLa-f5ewY6hy2`vPbG*J1;9>;k?$VqpONWVE%NPg%Z>H)JL2Pd>x7Uz z!&#J(RgDZ2mBQR-FpX!qN&hrtJl#>TN^F(%Zdhvi2=7EhS0gwt%XbirWBSxC^hje? zUKIN*vbGaRVXj5VQ5!Wb2~fncClM2>!TQ+n`nGl9nBpa|25JZbA7(1dNAmTA8_4Z@ zU@a-m73}bh3&DEaU&u+N(=$r+6hiq0y(Fc23}ZWQ9j>uh>;YAJXR#c!F#5%Hu~qL4 zxv6LD7*U+DZv2l1_am6v&?i3nu{lm9Ri`_gIW=ay`k^@@6SfQm@z62R_M^BoCZZrG zkP~^oJ8AUP-W@otuY>FxP?IN_s9`hYfytz?HY$3^lHytup!>9MA0XEpP`tJ2<6j#A zrM>`)EtY3RK!2Vk`lJ&p??LANm?ZMJWg9SVLL1obp}b1C#Evta04+N3a!p*uokhmO z@xq^Sd}<^)D^&0i5OQQ0DY)8E*2J*qubEZYbxY=3F}ZIMC6(202qj>HSY+^;p?>QU zMXj#VXR3^r3B&^ zi=H5)Ec`vL*06&?-|;2m`++Yrf2;~yG1)TTwjix`b1DHqA!s%82-qC}m&Pe{yUd4j zKKy8CC%OB^quU7PoU`U^d8anwvnu4N6W#YZ@6arLuuuN)=|!ehBTkWr3f2#hj?MKLWWK`_z8@-n>adv1ip;^TM7 z{=+lPKdxp~9~NUQs&#tu z3-2FwC)e3fSyLS)wQ8*Krdz!@RCX~DT0Xlu2ymhl>^{SPaQlNx$+x=z*J+_YHwfIZT5 zAM%TaB3wBtBJK`M?WU)yA01;p_}QF|O6uPluj3|STBrElRu(B+g7uzpDv4QDyvW-x zy6|zIa8C;x59$hXWK(Hs$TL#;A<}p-l)XwW=q$6=`5O&WTDu?7KICX_QJ5kL^%Y6* zoDmV>_j!{iz-aYUJ~Cc^u#u%%8~j^N6BCgD`N`kJI#+Dn!n;5jy^T~k_b8a8Jov*k zdJ1{qhQ6Bdiir{Jgk*F|(q1Hpj6|%oJi&Q-{Pf^P0Z$aIJC1y;<6CYkJxF zm`(}q`E}s8I5&*b8br`(K!)+gGh(Ol*uu`ji~rCaP9wn*rfY#HlrV2{1+!AY>!dTY zVr>eEBigvLSfw^SgPC;p+kCqbivDi?~3%m;^ zL|>06*FJ7(sLf>_pT)e*FWVc{#C!f_-?BzStGJ{F;)io3!#mHRz14lkytgSwmRH^L zcrY3vME$S7lU=1M;)x|aYmfYM{pYLl`@P=|9$LH9yAz?ynWZX^B#8fo&Ij;Zsh>l7 zX-01EbJ}>8Bw$D?Uqs(+K5(`lk~H?a0E*>sg0H-#1gb$dAlURxJ0^Y+s31Q|*} z0Q*L0{*~fYCuUn9l8%xhFB@b~*MDPh)e?*|){TItaXa$XIEn-FO-%}V@`Ax66AXYX@9^#ljdHlnX%LeKZEZF%~ISr~dhQgu)pYiI&n!HJwBXWGf_ zI;w}!OlrlOGipTCjr}}J5%l$C(nqf2>wJ+Pgpzx#;In436-Vs8Oox=_=46Y;^zU0d zehk{_gPZ%xnZMXjz3&XbL_G7M61cMN2W{A(q!-;u{?sMMrNu zQ%;yQM0&Xc_X+`i7Qz1zo0TwkT{LCK#~R57h0@gMLx41bsd>p+vz9;NiYYYYBgk#X z9{FX++Q!`Xc;@*_55R_!lB>2S1B`?IE2>t4bS?Obwhl0S$-;T55KS* zVwgoDbWv3a`uu)J!k9Ho8%kMYWv|`Jb>K$CoZl_Zczg7xaVdxtXH_b7LFFGh>rQ=c z#yfIyU9*<=8Ori-1$vgO{M5gjwp(E>Y*_sSWE-|uGs!|{Zh9b>Vo^bNl=FXFJLkS( zQXDV)*0g?|tf|0kGT2-&)+e;8;O#E?cARZ6XJDBI8L9Q)3tpJZyP`s&Filk6xpv!= ze?+3K1!Hle#D44=c9dq5iIp|)eM(R0x5ASnU&FRUzKZ+awehS2SY+3%ty`W?CLoLN zrX=04X0?Xp$w{wEtuyxs?yEQ)Qy=IjQ}9TXEr{+A75^#*iF^SLga8SBE9#MNg8tXW z!|$X4PA;2cl?6-0E${!Rz+x--XM8~ZQToj~7s1~eb3Z3|%>>E7w;h8BGmMx`1Y~`V z+8$DtFUX~2)mmHWH}7&3$YB5c@a!FjKvk?Q;-cYRLt<2e_e-m36dGx(-Q3*ZHyP;B zx5e*@F&PsX;)ot0Xjt^MF7qXUA{UYsL~zWeh#&AJV`cIQ( zA)zmF`6<0bMtta`>Tma6{>BRM?Mt5~O?uIf_lqlzXcK}w3BI>|e?k#wmf-FCGFXSKHoe-!3g6V!j~rD;&7@C z5~Z<`?xT`nx?`EzMh&H-oh5Ql&#i`j>~cR+knt6(VMT#Y@C>#B^KH04%F&l>5}&f4 zp+5)Yv8G*HME()cgYObQr0M%fdYGN8QZy}F4qpqZ_k&lW^Bzu)5m1dIQv>(I6nb*< z<)jQJCPOwWm1-hFo2J)>vmUB#QPDCp23az(CKuF^G|)meH4>rs z^N;X)%8nl3t~ehp7n@rOZ^-eUS}$loBp}Dl#s%0R7H%70s;pkSdnOK;JyK!YZ!Ouo zC|+xr?qhWB2LqOkzeJ>U?Y#*pYrn7L-0I5<)}C64F{^YVwh^Z(SW*o8i}3g!884I1Gz5<^lytZs!M8Fq&T4lT z&er!DDK(~Z)?!3=YcR@V8$)O56Om7ZDf3?dkBurM^wN(}YN7!J%3u1zRs20Zn~ba5 z%XHsuw{ZYXIBH`XdaQCo!@iSPhja&r5;fL)+DC7S;v4MvXLQDQnW4OcGPPZe6bn0u zFln7MEIrPx_ASF`C(_a~SI^7M{SyOW6c@Q$?exC&ZWha}2>}l20yd6?We87SZb?cJUA@G$IQvB|%SQ z?3g($bCkjq8|-`^doG&RXOnA(>TO#M&qC{PL(v%?)T-lh5yC5WXuXpnIAv7v99hVe zGO@i!?8Y}xVs)l0PXOLVv#w%a;4UWp=b}X9@5>fW8S%nm*Q*5HP528>{H!Z=*d-=O z74b&HT~z=X)3t}`h`*cPNbM54J0%z#)0wJY3Gz@zPxK|(;elF@GqtV;mRUg899#{o zfdH?V;Al}m^xsB5Kc8nz1`lZ5D5z|A4M#cmIxO>dr2xU+WBjFu+@O*k7piVlk{w~z zQc~*MK{j%1v4#8qE{Up$$d8}QLLVAHut;swv4U89Cu`#OHx@bwxVp>g@ExMpH20`k z;9b#E73hg9x}Jiqz#MLzVp_Reu1vf9edR(LbOV4boJM96SrWV2#P&_>#!sjz2z<#R zW$e1dY!T;FA{#bmH7%z%;hr3ne@`6Jgx;+2+|POFc6o)g!OdZT44$rs3=t0n!0JgZ zdKoJ;7Ad2oflJEeN0MA9f%8o9SxZqV&nx=0k|O)y)%$LGRm8ymauNbrfWt7vPH@Ds z_MhW$!FUw9f2H>QbmlpzFrjA{qL_>~TFcB@5~Mjj|>42>K%jz`9 zMP3SWDt0(3Suv93z6>kRq{Fy5B7%qTZ#C#`&~}52#AS8BU9Yarbi|GNVS)zS<)}2C zP$CJT0oDZcBYI<-_%K<^Zbb=@vXpd?{7-8}3Jm6%$}`kXoY$xX&0WhY|KmAmw9Nxm zre`dF)XL^oS(vzd+>(yz&}Hs1D2d<{j1D|?IrZqb&!(6V4cm6CXr)IwZHl`9Uzoaq zi!4K}M#NRWw5Q`taP0*d`EuM$e&GQ$vA@&4y!uckzj_mhm!qF32_brvpnLVAwaQ*> z6fJ5-;+1oUIk=I5rGm%~&Mo9Q#b>A?Q`Uip=GB9hWm}e*K8Az)%B})Mv4>)Y3`MfV z*JPj{+A!R8x9IS&3q}$D*%}-Y`k#SHT8Kasx=hw^M{kqC=L9SC@an*;IQTw;vta4B zxZxS)**7TCAP^SJ%^a@>J<9lYyY~yxr!h zO3U{&XK_^VVA{axvrNYP6FkH`p`x&UTZ&e%Mw^Y!2XZc+rWKNYBvjdmN<44f<5dUiL zBB-A^E=5Fsx)_}KGvk&^7_WCK>ii^Z!}1o5D|dfhp@@_9ZU$x4@ndN7;gxxmqE)XNUGjo@cc~VMBdBX01d-7Ecc$`-itDr znUD2f7N-qNL-#!aHbQ?intHsu#O=Otu`jpw5dY2r^vBUtXP=k2C86_MfJ!6BLVod? z|M{q23bV;Qr~(unnz~>(f~JBS`;c%Pqj!Z`ay4{_ls+5TR=LA z`4~09%%wn|X}mk=+!j!*&y&K)OX(-RqBA(2pkA?*uD)Qot5EGv)9mA^NP# zw7^T970xFNekK}T|5J8+V|EL#sMiKdxPVdAFr%ByVyDy%JO0VshTK2 z<+NE|x}BggIKdB#*(;Z_P;+O!GUinRUW`Ai!5_%I{OUN8h1P6H_%0!j9MNYjAFSXO zpwd-a0uTv@IW*1BhBt4mYQ#$lCV~-JjOD2BUomd-GcmwTtKIf(Zs1n#ailj<5E{Pr z{-A^5R*?)_u^rV{W_TY`KOT^$dl24$-y@vg%zzE>8zvTb_F_#=_I|^`8ODK#ku@(^ zY3p@az%d{JPZEb$`{@7y4Bles#UW%Rrz;BJ9rXl&`(Ggr|7_@mcyo;QtyiIm?j74< zbUu})jU0*Ok~1wuaFQQ7GOZE`KC-yCsm`n3tSk#d$UQo2mR^-2-2MXqFDoQMb^F1o z`a}Rq-0o;(b2*R3EVg_?^~aPkrb7El!=PO}ZkNhNJZpja6AG>&r@U$PLKRwmIfLr_ zy1A9jI^L02gl0rJMLrd$W+pBiR?;ZfF zPS)K|mQt76dPy29MYlx^n+{;rAA8bY^}K)4+}^C%Ok5ch*GU%)%SwbyS{q$iNdX+~ LTx}m&Gh_Y-uw_kB literal 0 HcmV?d00001