chore: publish 1.3.0+2022.12.2 release

.env.sample

@@ -1,7 +1,7 @@
 TYPE=authentik
 LETS_ENCRYPT_ENV=production
 
-DOMAIN={{ .Domain }}
+DOMAIN=authentik.example.com
 AUTHENTIK_POSTGRESQL__USER=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__HOST=db
@@ -21,15 +21,20 @@ AUTHENTIK_LOG_LEVEL=info
 
 # Secret Versions
 SECRET_SECRET_KEY_VERSION=v1
-SECRET_DB_PASSWORD_VERSION=V1
+SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_TOKEN_VERSION=v1
 SECRET_ADMIN_PASS_VERSION=v1
 SECRET_EMAIL_PASS_VERSION=v1
 
 # X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
 AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
+AUTHENTIK_IMPERSONATION=true
 
 ## FLOW OPTIONS
 WELCOME_MESSAGE="Welcome to Authentik"
 DEFAULT_LANGUAGE=en
 AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
+COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
+
+EMAIL_SUBJECT="Account Recovery"
+EMAIL_TOKEN_EXPIRY_MINUTES=30

README.md

@@ -9,7 +9,7 @@
 
 * **Category**: Apps
 * **Status**: 0, work-in-progress
-* **Image**: [ghcr/goauthentik/server](https://ghcr.io/goauthentik/server)
+* **Image**: [ghcr/goauthentik/server](https://ghcr.io/goauthentik/server), 4, upstream
 * **Healthcheck**: Yes
 * **Backups**: Yes
 * **Email**: Yes
@@ -20,15 +20,17 @@
 
 ## Quick start
 
-* `abra app new authentik --secrets`
+* `abra app new authentik`
 * `abra app config <app-name>`
 * `abra app secret insert <app_name> email_pass v1 <password>`
-* `abra app secret generate -a <app_name>
+* `abra app secret generate -a <app_name>`
 * `abra app deploy <app-name>`
 * `abra app cmd <app_name> app set_admin_pass`
 
 ## Rotate Secrets
 
+Increment the secret versions using `abra app config <app_name>`
+
 ```
 abra app secret generate -a <app_name>
 abra app undeploy <app_name>
@@ -39,14 +41,21 @@ abra app cmd <app_name> app set_admin_pass
 
 ## Customization
 
+Place the files you want to overwrite in a directory `<assets_path>`.
+Run `abra app config <app_name>` and define the env variable `COPY_ASSETS` in the following format:
+
+```
+"<source_file1>|<service>:<target_directory1> <source_file2>|<service>:<target_directory2> ...
+```
+
+For example:
+
+```
+COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
+```
+
 Run this command after every deploy/upgrade:
 
 `abra app command --local <app-name> customize <assets_path>`
 
-This command replaces the background image, the logo and the favicon with the following files placed in the `<assets_path>` directory:
-* `flow_background.jpg`
-* `icon_left_brand.svg`
-* `icon.png`
-
-
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).

abra.sh

@@ -1,6 +1,5 @@
 export CUSTOM_CSS_VERSION=v2
-export CUSTOM_FLOWS_VERSION=v2
-export RECOVERY_TEMPLATE_DE_VERSION=v1
+export CUSTOM_FLOWS_VERSION=v3
 
 customize() {
     if [ -z "$1" ]
@@ -8,22 +7,13 @@ customize() {
             echo "Usage: ... customize <assets_path>"
             exit 1
     fi
-    # TODO: use env to specify source and target files
-    if [ -e $1/flow_background.jpg ]
-    then
-        echo copy flow_background.jpg
-        abra app cp $APP_NAME $1/flow_background.jpg app:/web/dist/assets/images/
-    fi
-    if [ -e $1/icon_left_brand.svg ]
-    then
-        echo copy icon_left_brand.svg
-        abra app cp $APP_NAME $1/icon_left_brand.svg app:/web/dist/assets/icons/
-    fi
-    if [ -e $1/icon.png ]
-    then
-        echo copy icon.png
-        abra app cp $APP_NAME $1/icon.png app:/web/dist/assets/icons/
-    fi
+    asset_dir=$1
+    for asset in $COPY_ASSETS; do
+        source=$(echo $asset | cut -d "|" -f1)
+        target=$(echo $asset | cut -d "|" -f2)
+        echo copy $source to $target
+        abra app cp $APP_NAME $asset_dir/$source $target
+    done
 }
 
 set_admin_pass() {
@@ -41,7 +31,7 @@ if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()
     token.key=key
     token.save()
     print('Changed authentik-bootstrap-token')
-else: 
+else:
     Token.objects.create(
         identifier='authentik-bootstrap-token',
         user=akadmin,

compose.yml

@@ -20,14 +20,17 @@ x-env: &env
     - AUTHENTIK_SETTINGS__THEME__BACKGROUND
     - AUTHENTIK_COLOR_BACKGROUND_LIGHT
     - AUTHENTIK_FOOTER_LINKS
+    - AUTHENTIK_IMPERSONATION
     - WELCOME_MESSAGE
     - DEFAULT_LANGUAGE
+    - EMAIL_SUBJECT
+    - EMAIL_TOKEN_EXPIRY_MINUTES
     - DOMAIN
 
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2022.11.1
+    image: ghcr.io/goauthentik/server:2022.12.2
     command: server
     secrets:
       - db_password
@@ -41,8 +44,6 @@ services:
     configs:
       - source: custom_css
         target: /web/dist/custom.css
-      - source: recovery_template_de
-        target: /templates/password_reset_de.html
     networks:
       - internal
       - proxy
@@ -69,10 +70,10 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=1.1.0+2022.11.1"
+        - "coop-cloud.${STACK_NAME}.version=1.3.0+2022.12.2"
 
   worker:
-    image: ghcr.io/goauthentik/server:2022.11.1
+    image: ghcr.io/goauthentik/server:2022.12.2
     command: worker
     secrets:
       - db_password
@@ -96,7 +97,7 @@ services:
     environment: *env
 
   db:
-    image: postgres:12.12-alpine
+    image: postgres:12.13-alpine
     secrets:
       - db_password
     volumes:
@@ -164,9 +165,6 @@ configs:
     name: ${STACK_NAME}_custom_css_${CUSTOM_CSS_VERSION}
     file: custom.css.tmpl
     template_driver: golang
-  recovery_template_de:
-    name: ${STACK_NAME}_recovery_template_de_${RECOVERY_TEMPLATE_DE_VERSION}
-    file: password_reset_de.html
   custom_flows:
     name: ${STACK_NAME}_custom_flows_${CUSTOM_FLOWS_VERSION}
     file: custom_flows.yaml.tmpl

custom_flows.yaml.tmpl

@@ -10,10 +10,9 @@ context:
   transl_password_repeat: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} Passwort (wiederholen) {{ else }} Password (repeat) {{ end }}
   transl_username: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} Benutzername {{ else }} Username {{ end }}
   transl_name: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} Vor- und Nachname {{ else }} Full name {{ end }}
-  transl_template_recovery: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} password_reset_de.html {{ else }} email/password_reset.html {{ end }}
 
 entries:
-######## Email Recovery Flow ######## 
+######## Email Recovery Flow ########
 - identifiers:
     slug: default-recovery-flow
   id: recovery_flow
@@ -55,9 +54,9 @@ entries:
   model: authentik_stages_email.emailstage
   attrs:
     use_global_settings: true
-    token_expiry: 30
-    subject: authentik
-    template: !Context transl_template_recovery
+    token_expiry: {{ env "EMAIL_TOKEN_EXPIRY_MINUTES" }}
+    subject: "{{ env "EMAIL_SUBJECT" }}"
+    template: email/password_reset.html
     activate_user_on_success: true
 - identifiers:
     name: default-recovery-user-write
@@ -175,7 +174,7 @@ entries:
 
 
 
-######## Authentication Flow ######## 
+######## Authentication Flow ########
 - attrs:
     designation: authentication
     name: custom-authentication-flow
@@ -237,7 +236,7 @@ entries:
     target: !KeyOf authentication_flow
   model: authentik_flows.flowstagebinding
 
-######## Invitation Enrollment Flow ######## 
+######## Invitation Enrollment Flow ########
 - attrs:
     designation: enrollment
     name: invitation-enrollment-flow
@@ -337,7 +336,7 @@ entries:
 
 ######## System Tenant ##########
 - attrs:
-    attributes: 
+    attributes:
       settings:
         locale: {{ env "DEFAULT_LANGUAGE" }}
     # branding_favicon: /static/dist/assets/icons/icon.png