Compare commits
74 Commits
3.1.0+2023
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | 0be7e95f48 | |
3wc | 4fe52c1e5f | |
3wc | 248a09c594 | |
Simon | b957425981 | |
Moritz | 20f99b13ad | |
Moritz | c42017839f | |
Moritz | cdabec1b18 | |
Moritz | a606a84a98 | |
Simon | a0505e0dec | |
Simon | 17d40711e0 | |
Moritz | fc33f285f4 | |
3wc | d1f091da62 | |
3wc | 3e339228f5 | |
3wc | c39b6ad25a | |
3wc | 1ffb62d74a | |
3wc | 03f8810462 | |
3wc | d19bf17781 | |
3wc | 5086df24fb | |
knoflook | e07d57718a | |
Simon | 553b97ba21 | |
Simon | 75f42db773 | |
Simon | d115d5ce38 | |
Simon | 68eda3e2d7 | |
Moritz | 91756202c2 | |
Moritz | bf2397b0e9 | |
Moritz | c3b01c1d27 | |
Simon | 8d32814219 | |
Simon | 78cfd95198 | |
Simon | 4593eb6340 | |
Simon | 0419ed279d | |
Simon | abb49e7019 | |
Simon | 74f654c192 | |
Simon | 7a4daaf475 | |
Simon | b7605f6a87 | |
3wc | 01ca1b4d5c | |
Simon | 287426b06a | |
iexos | b311cadc4c | |
Moritz | d01c539c4f | |
Moritz | 427644df38 | |
iexos | f4172f2a64 | |
iexos | 126b50d4bd | |
Moritz | 3e7ceaaf25 | |
Moritz | a0ee0a357d | |
Moritz | 1b74a88809 | |
Moritz | 905fbdb69a | |
Moritz | fcf76aeba0 | |
Moritz | 03743063df | |
Moritz | 080ccae2ab | |
Moritz | 7d17f104f1 | |
Moritz | dcf74287c5 | |
iexos | 4972e3b141 | |
Moritz | 566bffb7af | |
Philipp Rothmann | 3df66b1be7 | |
Moritz | 159f9d767d | |
Moritz | f20e087752 | |
Moritz | 3de29f0135 | |
Philipp Rothmann | b46f3ae4fc | |
Philipp Rothmann | 985ee49bed | |
Philipp Rothmann | cd6699c565 | |
Moritz | 8f6554b55b | |
Moritz | c0fda956be | |
Philipp Rothmann | eead1faa0d | |
Philipp Rothmann | 3e969b6b9e | |
Moritz | 6929236cca | |
Moritz | 97fde96300 | |
Moritz | 2937b6248c | |
Moritz | d6c74b8153 | |
Moritz | 07e2d7a247 | |
Moritz | 1aca4ba794 | |
Moritz | 9a9264cf61 | |
Moritz | e9588c76d5 | |
Moritz | 598807fe6d | |
Moritz | 3f6bfdb280 | |
Moritz | cb2d503b14 |
|
@ -23,13 +23,14 @@ steps:
|
|||
FLOW_INVALIDATION_VERSION: v1
|
||||
FLOW_RECOVERY_VERSION: v1
|
||||
FLOW_TRANSLATION_VERSION: v1
|
||||
SYSTEM_TENANT_VERSION: v1
|
||||
SYSTEM_BRAND_VERSION: v1
|
||||
NEXTCLOUD_CONFIG_VERSION: v1
|
||||
SECRET_SECRET_KEY_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_ADMIN_TOKEN_VERSION: v1
|
||||
SECRET_ADMIN_PASS_VERSION: v1
|
||||
SECRET_EMAIL_PASS_VERSION: v1
|
||||
DB_ENTRYPOINT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
|
|
69
.env.sample
|
@ -1,7 +1,12 @@
|
|||
TYPE=authentik
|
||||
TIMEOUT=900
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
# POST_DEPLOY_CMDS="worker set_admin_pass|worker apply_blueprints|worker add_applications"
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
DOMAIN=authentik.example.com
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.authentik.example.com`'
|
||||
COMPOSE_FILE="compose.yml"
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||
AUTHENTIK_LOG_LEVEL=info
|
||||
|
@ -9,6 +14,9 @@ AUTHENTIK_LOG_LEVEL=info
|
|||
# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||
# WORKERS=1
|
||||
|
||||
## Outpost Integration
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
|
||||
|
||||
## EMAIL
|
||||
AUTHENTIK_EMAIL__HOST=smtp
|
||||
AUTHENTIK_EMAIL__PORT=587
|
||||
|
@ -26,7 +34,6 @@ SECRET_ADMIN_PASS_VERSION=v1
|
|||
SECRET_EMAIL_PASS_VERSION=v1
|
||||
|
||||
# X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
|
||||
AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
|
||||
|
||||
## FLOW OPTIONS
|
||||
# WELCOME_MESSAGE="Welcome to Authentik"
|
||||
|
@ -39,15 +46,73 @@ COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
|
|||
COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
|
||||
COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||
|
||||
# Default CSS customisation, just background colour
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
|
||||
AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
|
||||
# Custommise the entire custom CSS file
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
|
||||
# NEXTCLOUD_DOMAIN=nextcloud.example.com
|
||||
# SECRET_NEXTCLOUD_ID_VERSION=v1
|
||||
# SECRET_NEXTCLOUD_SECRET_VERSION=v1
|
||||
# APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
|
||||
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
|
||||
# WORDPRESS_DOMAIN=wordpress.example.com
|
||||
# WORDPRESS_GROUP='wordpress Admins'
|
||||
# SECRET_WORDPRESS_ID_VERSION=v1
|
||||
# SECRET_WORDPRESS_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||
# ELEMENT_DOMAIN=element-web.example.com
|
||||
# SECRET_MATRIX_ID_VERSION=v1
|
||||
# SECRET_MATRIX_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS matrix:~/.abra/recipes/authentik/icons/matrix.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.wekan.yml"
|
||||
# WEKAN_DOMAIN=wekan.example.com
|
||||
# SECRET_WEKAN_ID_VERSION=v1
|
||||
# SECRET_WEKAN_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS wekan:~/.abra/recipes/authentik/icons/wekan.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.vikunja.yml"
|
||||
# VIKUNJA_DOMAIN=vikunja.example.com
|
||||
# SECRET_VIKUNJA_ID_VERSION=v1
|
||||
# SECRET_VIKUNJA_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS vikunja:~/.abra/recipes/authentik/icons/vikunja.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outline.yml"
|
||||
# OUTLINE_DOMAIN=outline.example.com
|
||||
# SECRET_OUTLINE_ID_VERSION=v1
|
||||
# SECRET_OUTLINE_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
|
||||
# KIMAI_DOMAIN=kimai.example.com
|
||||
# SECRET_KIMAI_ID_VERSION=v1
|
||||
# SECRET_KIMAI_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
|
||||
# MONITORING_DOMAIN=monitoring.example.com
|
||||
# SECRET_MONITORING_ID_VERSION=v1
|
||||
# SECRET_MONITORING_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
|
||||
# RALLLY_DOMAIN=rallly.example.com
|
||||
# SECRET_RALLLY_ID_VERSION=v1
|
||||
# SECRET_RALLLY_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.hedgedoc.yml"
|
||||
# HEDGEDOC_DOMAIN=hedgedoc.example.com
|
||||
# SECRET_HEDGEDOC_ID_VERSION=v1
|
||||
# SECRET_HEDGEDOC_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
|
||||
|
||||
# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
|
||||
# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
|
||||
# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.jpg"
|
||||
|
|
110
README.md
|
@ -25,8 +25,6 @@
|
|||
* `abra app secret insert <app_name> email_pass v1 <password>`
|
||||
* `abra app secret generate -a <app_name>`
|
||||
* `abra app deploy <app-name>`
|
||||
* `abra app cmd <app_name> app set_admin_pass`
|
||||
* `abra app cmd <app_name> worker apply_blueprints`
|
||||
|
||||
## Rotate Secrets
|
||||
|
||||
|
@ -56,6 +54,18 @@ Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
|||
|
||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||
|
||||
## Import User from CSV
|
||||
|
||||
Users can be imported from a CSV file of the following format:
|
||||
|
||||
`First and last name, username, email@example.com, group1;group2;group3`
|
||||
|
||||
Run the following command to import the file `users.csv`:
|
||||
|
||||
`abra app cmd -l <app_name> import_user users.csv`
|
||||
|
||||
Users will only be created if the username does not exits. I a group does not exists it will be created.
|
||||
|
||||
## Customization
|
||||
|
||||
Place the files you want to overwrite in a directory `<assets_path>`.
|
||||
|
@ -77,44 +87,112 @@ Run this command after every deploy/upgrade:
|
|||
|
||||
`abra app command --local <app-name> customize <assets_path>`
|
||||
|
||||
## Email templates
|
||||
|
||||
Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#custom-templates):
|
||||
|
||||
`abra app cmd -l <app_name> add_email_templates local/path/to/mail_template.html`
|
||||
|
||||
## Blueprints
|
||||
|
||||
Blueprint Dependency Requirements:
|
||||
These blueprints overwrite default blueprint values:
|
||||
|
||||
- flow_translation.yaml
|
||||
- flow_authentication.yaml
|
||||
|
||||
The following default blueprints will be overwritten by customizations:
|
||||
|
||||
- flow-password-change.yaml
|
||||
- flow-default-authentication-flow.yaml
|
||||
- flow-default-user-settings-flow.yaml
|
||||
- flow-default-source-enrollment.yaml
|
||||
|
||||
The `abra.sh` function `apply_blueprints` needs to be executed to deactivate these blueprints to ensure that the customizations won't be overwritten. It will further execute flow_translation.yaml and flow_authentication.yaml again.
|
||||
|
||||
|
||||
### Blueprint Overwrite/Use Dependencies
|
||||
|
||||
- Recovery with email verification
|
||||
- Default - Password change flow
|
||||
- USE:
|
||||
- `default-password-change-prompt`
|
||||
- `default-password-change-write`
|
||||
- Default - Authentication flow
|
||||
- USE:
|
||||
- `default-authentication-login`
|
||||
- Custom Authentication Flow
|
||||
- Default - Authentication flow
|
||||
- USE:
|
||||
- `default-authentication-password`
|
||||
- OVERWRITE:
|
||||
- `default-authentication-flow`
|
||||
- APPEND:
|
||||
- `default-authentication-identification`
|
||||
- `default-authentication-login`
|
||||
- REMOVE: `authentik_flows.flowstagebinding order:20`
|
||||
- Recovery with email verification
|
||||
- USE:
|
||||
- `default-recovery-flow`
|
||||
- Invitation Enrollment Flow
|
||||
- Default - User settings flow
|
||||
- USE:
|
||||
- `default-user-settings-field-name`
|
||||
- `default-user-settings-field-email`
|
||||
- Default - Password change flow
|
||||
- USE:
|
||||
- `default-password-change-field-password`
|
||||
- `default-password-change-field-password-repeat`
|
||||
- Default - Authentication flow
|
||||
- USE:
|
||||
- `default-authentication-login`
|
||||
- Default - Source enrollment flow
|
||||
- USE:
|
||||
- `default-source-enrollment-field-username`
|
||||
- `default-source-enrollment-write`
|
||||
- Custom Invalidation Flow
|
||||
- Default - Invalidation flow
|
||||
- APPEND_ATTR:
|
||||
- `authentik_flows.flowstagebinding order: 0`
|
||||
- Flow Translations
|
||||
- Recovery with email verification
|
||||
- APPEND: `default-recovery-flow`
|
||||
- Default - Password change flow
|
||||
- OVERWRITE:
|
||||
- `default-password-change-field-password`
|
||||
- `default-password-change-field-password-repeat`
|
||||
- Default - User settings flow
|
||||
- OVERWRITE:
|
||||
- `default-user-settings-field-username`
|
||||
- `default-user-settings-field-name`
|
||||
- Default - Source enrollment flow
|
||||
- Custom System Tenant
|
||||
- Default - Tenant
|
||||
- OVERWRITE:
|
||||
- `default-source-enrollment-field-username`
|
||||
- Custom System Brand
|
||||
- Default - Brand
|
||||
- APPEND: `authentik_brands.brand domain: authentik-default`
|
||||
- Recovery with email verification
|
||||
- USE:
|
||||
- `default-recovery-flow`
|
||||
|
||||
|
||||
Blueprint Dependency Graph:
|
||||
### Blueprint Dependency Execution Order
|
||||
|
||||
5. Custom System Tenant
|
||||
- Default - Tenant
|
||||
4. Invitation Enrollment Flow
|
||||
3. Flow Translations
|
||||
- Default - User settings flow
|
||||
- Default - Source enrollment flow
|
||||
2. Custom Authentication Flow
|
||||
1. Recovery with email verification
|
||||
- Default - Authentication flow
|
||||
- Default - Password change flow
|
||||
5. Custom System Brand
|
||||
- Default - Brand
|
||||
1. Recovery with email verification
|
||||
- Default - Authentication flow
|
||||
- Default - Password change flow
|
||||
4. Invitation Enrollment Flow
|
||||
3. Flow Translations
|
||||
- Default - User settings flow
|
||||
- Default - Source enrollment flow
|
||||
1. Recovery with email verification
|
||||
- Default - Authentication flow
|
||||
- Default - Password change flow
|
||||
2. Custom Authentication Flow
|
||||
1. Recovery with email verification
|
||||
- Default - Authentication flow
|
||||
- Default - Password change flow
|
||||
6. Custom Invalidation Flow
|
||||
- Default - Invalidation flow
|
||||
|
||||
|
|
173
abra.sh
|
@ -1,12 +1,21 @@
|
|||
export CUSTOM_CSS_VERSION=v2
|
||||
export FLOW_AUTHENTICATION_VERSION=v1
|
||||
export FLOW_INVITATION_VERSION=v1
|
||||
export FLOW_INVALIDATION_VERSION=v1
|
||||
export FLOW_AUTHENTICATION_VERSION=v4
|
||||
export FLOW_INVITATION_VERSION=v2
|
||||
export FLOW_INVALIDATION_VERSION=v2
|
||||
export FLOW_RECOVERY_VERSION=v1
|
||||
export FLOW_TRANSLATION_VERSION=v1
|
||||
export SYSTEM_TENANT_VERSION=v1
|
||||
export FLOW_TRANSLATION_VERSION=v3
|
||||
export SYSTEM_BRAND_VERSION=v3
|
||||
export NEXTCLOUD_CONFIG_VERSION=v1
|
||||
export WORDPRESS_CONFIG_VERSION=v1
|
||||
export WORDPRESS_CONFIG_VERSION=v2
|
||||
export MATRIX_CONFIG_VERSION=v1
|
||||
export WEKAN_CONFIG_VERSION=v3
|
||||
export VIKUNJA_CONFIG_VERSION=v1
|
||||
export OUTLINE_CONFIG_VERSION=v2
|
||||
export KIMAI_CONFIG_VERSION=v1
|
||||
export RALLLY_CONFIG_VERSION=v2
|
||||
export HEDGEDOC_CONFIG_VERSION=v1
|
||||
export MONITORING_CONFIG_VERSION=v1
|
||||
export DB_ENTRYPOINT_VERSION=v1
|
||||
|
||||
customize() {
|
||||
if [ -z "$1" ]
|
||||
|
@ -23,6 +32,46 @@ customize() {
|
|||
done
|
||||
}
|
||||
|
||||
import_user() {
|
||||
if [ -z "$1" ]
|
||||
then
|
||||
echo "Usage: ... import_user <users.csv>"
|
||||
exit 1
|
||||
fi
|
||||
source_file=$1
|
||||
filename=$(basename $source_file)
|
||||
abra app cp $APP_NAME $source_file worker:/tmp/
|
||||
abra app cmd -T $APP_NAME worker _import_user $filename
|
||||
}
|
||||
|
||||
_import_user() {
|
||||
/manage.py shell -c """
|
||||
import csv
|
||||
new_user = User()
|
||||
with open('/tmp/$1', newline='') as file:
|
||||
reader = csv.reader(file)
|
||||
for row in reader:
|
||||
name = row[0].strip()
|
||||
username = row[1].strip()
|
||||
email = row[2].strip()
|
||||
groups = row[3].split(';')
|
||||
if User.objects.filter(username=username):
|
||||
print(f'{username} already exists')
|
||||
continue
|
||||
new_user = User.objects.create(name=name, username=username, email=email)
|
||||
print(f'{username} created')
|
||||
for group_name in groups:
|
||||
group_name = group_name.strip()
|
||||
if Group.objects.filter(name=group_name):
|
||||
group = Group.objects.get(name=group_name)
|
||||
else:
|
||||
group = Group.objects.create(name=group_name)
|
||||
print(f'{group_name} created')
|
||||
group.users.add(new_user)
|
||||
print(f'add {username} to group {group_name}')
|
||||
""" 2>&1 | quieten
|
||||
}
|
||||
|
||||
set_admin_pass() {
|
||||
password=$(cat /run/secrets/admin_pass)
|
||||
token=$(cat /run/secrets/admin_token)
|
||||
|
@ -47,7 +96,7 @@ else:
|
|||
key=key,
|
||||
)
|
||||
print('Created authentik-bootstrap-token')
|
||||
"""
|
||||
""" 2>&1 | quieten
|
||||
}
|
||||
|
||||
rotate_db_pass() {
|
||||
|
@ -55,15 +104,24 @@ rotate_db_pass() {
|
|||
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
|
||||
}
|
||||
|
||||
# This function is for blueprints that are overwriting custom blueprints
|
||||
# It deactivates the affected custom blueprints to avoid changes to be reverted
|
||||
apply_blueprints() {
|
||||
enable_blueprint default/flow-default-authentication-flow.yaml
|
||||
enable_blueprint default/flow-default-user-settings-flow.yaml
|
||||
enable_blueprint default/flow-password-change.yaml
|
||||
ak apply_blueprint 6_flow_invalidation.yaml
|
||||
ak apply_blueprint 5_system_tenant.yaml
|
||||
disable_blueprint default/flow-default-authentication-flow.yaml
|
||||
disable_blueprint default/flow-default-user-settings-flow.yaml
|
||||
disable_blueprint default/flow-password-change.yaml
|
||||
update_and_disable_blueprint default/flow-password-change.yaml
|
||||
update_and_disable_blueprint default/flow-default-authentication-flow.yaml
|
||||
update_and_disable_blueprint default/flow-default-user-settings-flow.yaml
|
||||
update_and_disable_blueprint default/flow-default-source-enrollment.yaml
|
||||
|
||||
apply_blueprint 3_flow_translation.yaml
|
||||
apply_blueprint 2_flow_authentication.yaml
|
||||
}
|
||||
|
||||
update_and_disable_blueprint() {
|
||||
enable_blueprint $@ 2>&1 | quieten
|
||||
sleep 1
|
||||
apply_blueprint $@
|
||||
sleep 1
|
||||
disable_blueprint $@ 2>&1 | quieten
|
||||
}
|
||||
|
||||
disable_blueprint() {
|
||||
|
@ -74,30 +132,62 @@ enable_blueprint() {
|
|||
blueprint_state True $@
|
||||
}
|
||||
|
||||
apply_blueprint() {
|
||||
echo apply blueprint $@
|
||||
ak apply_blueprint $@ 2>&1 | quieten
|
||||
}
|
||||
|
||||
blueprint_state() {
|
||||
TOKEN=$(cat /run/secrets/admin_token)
|
||||
python -c """
|
||||
import requests
|
||||
session = requests.Session()
|
||||
my_token='$TOKEN'
|
||||
/manage.py shell -c """
|
||||
import time
|
||||
blueprint_state=$1
|
||||
blueprint_path='$2'
|
||||
resp = session.get(f'https://$DOMAIN/api/v3/managed/blueprints/?path={blueprint_path}', headers={'Authorization':f'Bearer {my_token}'})
|
||||
if not resp.ok:
|
||||
print(f'Error fetching blueprint: {resp.content}')
|
||||
exit()
|
||||
auth_flow_uuid = resp.json()['results'][0]['pk']
|
||||
blueprint_name = resp.json()['results'][0]['name']
|
||||
params = {'name': blueprint_name,'path': blueprint_path,'context':{},'enabled': blueprint_state}
|
||||
resp = session.put(f'https://$DOMAIN/api/v3/managed/blueprints/{auth_flow_uuid}/', json=params, headers={'Authorization':f'Bearer {my_token}'})
|
||||
if resp.ok:
|
||||
print(f'{blueprint_name} enabled: {blueprint_state}')
|
||||
else:
|
||||
print(f'Error changing blueprint state: {resp.content}')
|
||||
"""
|
||||
blueprint = BlueprintInstance.objects.filter(path=blueprint_path).first()
|
||||
blueprint.enabled = blueprint_state
|
||||
# Hacky workaround to reduce chance of a race condition
|
||||
blueprint.save()
|
||||
time.sleep(1)
|
||||
blueprint.save()
|
||||
time.sleep(1)
|
||||
blueprint.save()
|
||||
print(f'{blueprint.name} enabled: {blueprint.enabled}')
|
||||
""" 2>&1 | quieten
|
||||
|
||||
}
|
||||
|
||||
add_applications(){
|
||||
/manage.py shell -c """
|
||||
import json
|
||||
if '$APPLICATIONS' == '':
|
||||
exit()
|
||||
applications = json.loads('$APPLICATIONS')
|
||||
for name, url in applications.items():
|
||||
print(f'Add {name}: {url}')
|
||||
app = Application.objects.filter(name=name).first()
|
||||
if not app:
|
||||
app = Application()
|
||||
app.name = name
|
||||
app.slug = name.replace(' ', '-')
|
||||
app.meta_launch_url = url
|
||||
app.open_in_new_tab = True
|
||||
app.save()
|
||||
""" 2>&1 | quieten
|
||||
}
|
||||
|
||||
|
||||
quieten(){
|
||||
# 'SyntaxWarning|version_regex|"http\['
|
||||
# is a workaround to get rid of some verbose syntax warnings, this might be fixed with another version
|
||||
grep -Pv '"level": "(info|debug)"|SyntaxWarning|version_regex|"http\[|RuntimeWarning:'
|
||||
}
|
||||
|
||||
add_email_templates(){
|
||||
for file_path in "$@"; do
|
||||
echo copy template $file_path
|
||||
abra app cp $APP_NAME $file_path app:/templates/
|
||||
done
|
||||
}
|
||||
|
||||
set_icons(){
|
||||
for icon in $APP_ICONS; do
|
||||
app=$(echo $icon | cut -d ":" -f1)
|
||||
|
@ -135,7 +225,20 @@ delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invita
|
|||
Flow.objects.filter(slug__in=delete_flows).delete()
|
||||
Stage.objects.filter(flow=None).delete()
|
||||
Prompt.objects.filter(promptstage=None).delete()
|
||||
Tenant.objects.filter(default=True).delete()
|
||||
"""
|
||||
Brand.objects.filter(default=True).delete()
|
||||
""" 2>&1 | quieten
|
||||
apply_blueprints
|
||||
}
|
||||
|
||||
get_certificate() {
|
||||
/manage.py shell -c """
|
||||
provider_name='$1'
|
||||
if not provider_name:
|
||||
print('no Provider Name given')
|
||||
exit(1)
|
||||
provider = Provider.objects.filter(name=provider_name).first()
|
||||
saml = provider.samlprovider
|
||||
cert = saml.signing_kp
|
||||
print(''.join(cert.certificate_data.splitlines()[1:-1]))
|
||||
""" 2>&1 | quieten
|
||||
}
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
nextcloud:
|
||||
uncomment:
|
||||
- compose.nextcloud.yml
|
||||
- NEXTCLOUD_DOMAIN
|
||||
- SECRET_NEXTCLOUD_ID_VERSION
|
||||
- SECRET_NEXTCLOUD_SECRET_VERSION
|
||||
- nextcloud.png
|
||||
wordpress:
|
||||
uncomment:
|
||||
- compose.wordpress.yml
|
||||
- WORDPRESS_DOMAIN
|
||||
- WORDPRESS_GROUP
|
||||
- SECRET_WORDPRESS_ID_VERSION
|
||||
- SECRET_WORDPRESS_SECRET_VERSION
|
||||
- wordpress.png
|
||||
matrix-synapse:
|
||||
uncomment:
|
||||
- compose.matrix.yml
|
||||
- ELEMENT_DOMAIN
|
||||
- SECRET_MATRIX_ID_VERSION
|
||||
- SECRET_MATRIX_SECRET_VERSION
|
||||
- matrix.svg
|
||||
secrets:
|
||||
matrix_id: matrix
|
||||
wekan:
|
||||
uncomment:
|
||||
- compose.wekan.yml
|
||||
- WEKAN_DOMAIN
|
||||
- SECRET_WEKAN_ID_VERSION
|
||||
- SECRET_WEKAN_SECRET_VERSION
|
||||
- wekan.png
|
||||
secrets:
|
||||
wekan_id: wekan
|
||||
vikunja:
|
||||
uncomment:
|
||||
- compose.vikunja.yml
|
||||
- VIKUNJA_DOMAIN
|
||||
- SECRET_VIKUNJA_ID_VERSION
|
||||
- SECRET_VIKUNJA_SECRET_VERSION
|
||||
- vikunja.svg
|
||||
secrets:
|
||||
vikunja_id: vikunja
|
||||
monitoring:
|
||||
uncomment:
|
||||
- compose.monitoring.yml
|
||||
- MONITORING_DOMAIN
|
||||
- SECRET_MONITORING_ID_VERSION
|
||||
- SECRET_MONITORING_SECRET_VERSION
|
||||
- monitoring.png
|
||||
outline:
|
||||
uncomment:
|
||||
- compose.outline.yml
|
||||
- OUTLINE_DOMAIN
|
||||
- SECRET_OUTLINE_ID_VERSION
|
||||
- SECRET_OUTLINE_SECRET_VERSION
|
||||
- outline.png
|
||||
secrets:
|
||||
outline_id: outline
|
||||
rallly:
|
||||
uncomment:
|
||||
- compose.rallly.yml
|
||||
- RALLLY_DOMAIN
|
||||
- SECRET_RALLLY_ID_VERSION
|
||||
- SECRET_RALLLY_SECRET_VERSION
|
||||
- rallly.png
|
||||
secrets:
|
||||
rallly_id: rallly
|
||||
hedgedoc:
|
||||
uncomment:
|
||||
- compose.hedgedoc.yml
|
||||
- HEDGEDOC_DOMAIN
|
||||
- SECRET_HEDGEDOC_ID_VERSION
|
||||
- SECRET_HEDGEDOC_SECRET_VERSION
|
||||
- hedgedoc.png
|
||||
secrets:
|
||||
hedgedoc_id: hedgedoc
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
app:
|
||||
configs:
|
||||
- source: custom_css
|
||||
target: /web/dist/custom.css
|
||||
|
||||
configs:
|
||||
custom_css:
|
||||
name: ${STACK_NAME}_custom_css_${CUSTOM_CSS_VERSION}
|
||||
file: custom.css.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- hedgedoc_id
|
||||
- hedgedoc_secret
|
||||
environment:
|
||||
- HEDGEDOC_DOMAIN
|
||||
configs:
|
||||
- source: hedgedoc
|
||||
target: /blueprints/hedgedoc.yaml
|
||||
|
||||
secrets:
|
||||
hedgedoc_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_hedgedoc_id_${SECRET_HEDGEDOC_ID_VERSION}
|
||||
hedgedoc_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_hedgedoc_secret_${SECRET_HEDGEDOC_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
hedgedoc:
|
||||
name: ${STACK_NAME}_hedgedoc_${HEDGEDOC_CONFIG_VERSION}
|
||||
file: hedgedoc.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,14 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
environment:
|
||||
- KIMAI_DOMAIN
|
||||
configs:
|
||||
- source: kimai
|
||||
target: /blueprints/kimai.yaml
|
||||
|
||||
configs:
|
||||
kimai:
|
||||
name: ${STACK_NAME}_kimai_${KIMAI_CONFIG_VERSION}
|
||||
file: kimai.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- matrix_id
|
||||
- matrix_secret
|
||||
environment:
|
||||
- ELEMENT_DOMAIN
|
||||
configs:
|
||||
- source: matrix
|
||||
target: /blueprints/matrix.yaml
|
||||
|
||||
secrets:
|
||||
matrix_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_matrix_id_${SECRET_MATRIX_ID_VERSION}
|
||||
matrix_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_matrix_secret_${SECRET_MATRIX_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
matrix:
|
||||
name: ${STACK_NAME}_matrix_${MATRIX_CONFIG_VERSION}
|
||||
file: matrix.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- monitoring_id
|
||||
- monitoring_secret
|
||||
environment:
|
||||
- MONITORING_DOMAIN
|
||||
configs:
|
||||
- source: monitoring
|
||||
target: /blueprints/monitoring.yaml
|
||||
|
||||
secrets:
|
||||
monitoring_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_monitoring_id_${SECRET_MONITORING_ID_VERSION}
|
||||
monitoring_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_monitoring_secret_${SECRET_MONITORING_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
monitoring:
|
||||
name: ${STACK_NAME}_monitoring_${MONITORING_CONFIG_VERSION}
|
||||
file: monitoring.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- outline_id
|
||||
- outline_secret
|
||||
environment:
|
||||
- OUTLINE_DOMAIN
|
||||
configs:
|
||||
- source: outline
|
||||
target: /blueprints/outline.yaml
|
||||
|
||||
secrets:
|
||||
outline_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_outline_id_${SECRET_OUTLINE_ID_VERSION}
|
||||
outline_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_outline_secret_${SECRET_OUTLINE_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
outline:
|
||||
name: ${STACK_NAME}_outline_${OUTLINE_CONFIG_VERSION}
|
||||
file: outline.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,6 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
user: root
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- rallly_id
|
||||
- rallly_secret
|
||||
environment:
|
||||
- RALLLY_DOMAIN
|
||||
configs:
|
||||
- source: rallly
|
||||
target: /blueprints/rallly.yaml
|
||||
|
||||
secrets:
|
||||
rallly_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_rallly_id_${SECRET_RALLLY_ID_VERSION}
|
||||
rallly_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_rallly_secret_${SECRET_RALLLY_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
rallly:
|
||||
name: ${STACK_NAME}_rallly_${RALLLY_CONFIG_VERSION}
|
||||
file: rallly.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- vikunja_id
|
||||
- vikunja_secret
|
||||
environment:
|
||||
- VIKUNJA_DOMAIN
|
||||
configs:
|
||||
- source: vikunja
|
||||
target: /blueprints/vikunja.yaml
|
||||
|
||||
secrets:
|
||||
vikunja_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_vikunja_id_${SECRET_VIKUNJA_ID_VERSION}
|
||||
vikunja_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_vikunja_secret_${SECRET_VIKUNJA_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
vikunja:
|
||||
name: ${STACK_NAME}_vikunja_${VIKUNJA_CONFIG_VERSION}
|
||||
file: vikunja.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,26 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- wekan_id
|
||||
- wekan_secret
|
||||
environment:
|
||||
- WEKAN_DOMAIN
|
||||
configs:
|
||||
- source: wekan
|
||||
target: /blueprints/wekan.yaml
|
||||
|
||||
secrets:
|
||||
wekan_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_wekan_id_${SECRET_WEKAN_ID_VERSION}
|
||||
wekan_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_wekan_secret_${SECRET_WEKAN_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
wekan:
|
||||
name: ${STACK_NAME}_wekan_${WEKAN_CONFIG_VERSION}
|
||||
file: wekan.yaml.tmpl
|
||||
template_driver: golang
|
|
@ -6,6 +6,7 @@ services:
|
|||
- wordpress_secret
|
||||
environment:
|
||||
- WORDPRESS_DOMAIN
|
||||
- WORDPRESS_GROUP
|
||||
configs:
|
||||
- source: wordpress
|
||||
target: /blueprints/wordpress.yaml
|
||||
|
|
66
compose.yml
|
@ -27,12 +27,16 @@ x-env: &env
|
|||
- EMAIL_TOKEN_EXPIRY_MINUTES
|
||||
- DOMAIN
|
||||
- LOGOUT_REDIRECT
|
||||
- APPLICATIONS
|
||||
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2023.3.1
|
||||
image: ghcr.io/goauthentik/server:2024.4.2
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
secrets:
|
||||
- db_password
|
||||
- admin_pass
|
||||
|
@ -42,18 +46,16 @@ services:
|
|||
volumes:
|
||||
- media:/media
|
||||
- assets:/web/dist/assets
|
||||
configs:
|
||||
- source: custom_css
|
||||
target: /web/dist/custom.css
|
||||
- templates:/templates
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "localhost:9000/-/health/live/"]
|
||||
test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/9000; exit $$?;'"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
start_period: 5m
|
||||
environment: *env
|
||||
deploy:
|
||||
update_config:
|
||||
|
@ -63,7 +65,7 @@ services:
|
|||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions"
|
||||
|
@ -71,11 +73,15 @@ services:
|
|||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.1.0+2023.3.1"
|
||||
- "coop-cloud.${STACK_NAME}.version=6.1.1+2024.4.2"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2023.3.1
|
||||
image: ghcr.io/goauthentik/server:2024.4.2
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
secrets:
|
||||
- db_password
|
||||
- admin_pass
|
||||
|
@ -85,12 +91,11 @@ services:
|
|||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
user: root
|
||||
volumes:
|
||||
- backups:/backups
|
||||
- media:/media
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /dev/null:/blueprints/default/flow-oobe.yaml
|
||||
- templates:/templates
|
||||
configs:
|
||||
- source: flow_recovery
|
||||
target: /blueprints/1_flow_recovery.yaml
|
||||
|
@ -100,22 +105,28 @@ services:
|
|||
target: /blueprints/3_flow_translation.yaml
|
||||
- source: flow_invitation
|
||||
target: /blueprints/4_flow_invitation.yaml
|
||||
- source: system_tenant
|
||||
target: /blueprints/5_system_tenant.yaml
|
||||
- source: system_brand
|
||||
target: /blueprints/5_system_brand.yaml
|
||||
- source: flow_invalidation
|
||||
target: /blueprints/6_flow_invalidation.yaml
|
||||
environment: *env
|
||||
|
||||
db:
|
||||
image: postgres:12.14-alpine
|
||||
image: postgres:15.7
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
- source: db_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint:
|
||||
/docker-entrypoint.sh
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready"]
|
||||
test: ["CMD", "pg_isready", "-U", "authentik"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
@ -127,16 +138,16 @@ services:
|
|||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data"
|
||||
|
||||
redis:
|
||||
image: redis:7.0.10-alpine
|
||||
image: redis:7.2.4-alpine
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli","ping"]
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
|
@ -167,14 +178,11 @@ networks:
|
|||
volumes:
|
||||
backups:
|
||||
media:
|
||||
templates:
|
||||
assets:
|
||||
database:
|
||||
|
||||
configs:
|
||||
custom_css:
|
||||
name: ${STACK_NAME}_custom_css_${CUSTOM_CSS_VERSION}
|
||||
file: custom.css.tmpl
|
||||
template_driver: golang
|
||||
flow_authentication:
|
||||
name: ${STACK_NAME}_flow_authentication_${FLOW_AUTHENTICATION_VERSION}
|
||||
file: flow_authentication.yaml.tmpl
|
||||
|
@ -195,7 +203,11 @@ configs:
|
|||
name: ${STACK_NAME}_flow_translation_${FLOW_TRANSLATION_VERSION}
|
||||
file: flow_translation.yaml.tmpl
|
||||
template_driver: golang
|
||||
system_tenant:
|
||||
name: ${STACK_NAME}_system_tenant_${SYSTEM_TENANT_VERSION}
|
||||
file: system_tenant.yaml.tmpl
|
||||
system_brand:
|
||||
name: ${STACK_NAME}_system_brand_${SYSTEM_BRAND_VERSION}
|
||||
file: system_brand.yaml.tmpl
|
||||
template_driver: golang
|
||||
db_entrypoint:
|
||||
name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.postgres.sh.tmpl
|
||||
template_driver: golang
|
||||
|
|
|
@ -384,7 +384,7 @@ entries:
|
|||
enabled: {{ if eq (env "LOGOUT_REDIRECT") "" }} false {{ else }} true {{ end }}
|
||||
timeout: 30
|
||||
|
||||
######## System Tenant ##########
|
||||
######## System Brand ##########
|
||||
- attrs:
|
||||
attributes:
|
||||
settings:
|
||||
|
@ -401,5 +401,5 @@ entries:
|
|||
flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
|
||||
identifiers:
|
||||
pk: 047cce25-aae2-4b02-9f96-078e155f803d
|
||||
id: system_tenant
|
||||
model: authentik_tenants.tenant
|
||||
id: system_brand
|
||||
model: authentik_brands.brand
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
MIGRATION_MARKER=$PGDATA/migration_in_progress
|
||||
OLDDATA=$PGDATA/old_data
|
||||
NEWDATA=$PGDATA/new_data
|
||||
|
||||
if [ -e $MIGRATION_MARKER ]; then
|
||||
echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f $PGDATA/PG_VERSION ]; then
|
||||
DATA_VERSION=$(cat $PGDATA/PG_VERSION)
|
||||
|
||||
if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then
|
||||
echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration"
|
||||
echo "Installing postgres $DATA_VERSION"
|
||||
sed -i "s/$/ $DATA_VERSION/" /etc/apt/sources.list.d/pgdg.list
|
||||
apt-get update && apt-get install -y --no-install-recommends \
|
||||
postgresql-$DATA_VERSION \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
echo "shuffling around"
|
||||
chown -R postgres:postgres $PGDATA
|
||||
gosu postgres mkdir $OLDDATA $NEWDATA
|
||||
chmod 700 $OLDDATA $NEWDATA
|
||||
mv $PGDATA/* $OLDDATA/ || true
|
||||
touch $MIGRATION_MARKER
|
||||
echo "running initdb"
|
||||
# abuse entrypoint script for initdb by making server error out
|
||||
gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true"
|
||||
echo "running pg_upgrade"
|
||||
cd /tmp
|
||||
gosu postgres pg_upgrade --link -b /usr/lib/postgresql/$DATA_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER
|
||||
cp $OLDDATA/pg_hba.conf $NEWDATA/
|
||||
mv $NEWDATA/* $PGDATA
|
||||
rm -rf $OLDDATA
|
||||
rmdir $NEWDATA
|
||||
rm $MIGRATION_MARKER
|
||||
echo "migration complete"
|
||||
fi
|
||||
fi
|
||||
|
||||
/usr/local/bin/docker-entrypoint.sh postgres
|
|
@ -22,7 +22,6 @@ entries:
|
|||
attrs:
|
||||
name: !Context welcome_message
|
||||
title: !Context welcome_message
|
||||
|
||||
### STAGES
|
||||
- identifiers:
|
||||
name: default-authentication-identification
|
||||
|
@ -30,13 +29,17 @@ entries:
|
|||
attrs:
|
||||
password_stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
|
||||
recovery_flow: !Find [authentik_flows.flow, [slug, default-recovery-flow]]
|
||||
user_fields:
|
||||
- email
|
||||
- username
|
||||
|
||||
- identifiers:
|
||||
name: default-authentication-login
|
||||
model: authentik_stages_user_login.userloginstage
|
||||
attrs:
|
||||
session_duration: seconds=0
|
||||
session_duration: days=30
|
||||
|
||||
# After the first run this will produce a RelatedObjectDoesNotExist error
|
||||
- identifiers:
|
||||
order: 20
|
||||
stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
|
||||
|
|
|
@ -13,6 +13,7 @@ entries:
|
|||
|
||||
### STAGE BINDINGS
|
||||
|
||||
# This is specified only for setting an id (this stagebinding does not have an identifier)
|
||||
- identifiers:
|
||||
order: 0
|
||||
stage: !Find [authentik_stages_user_logout.userlogoutstage, [name, default-invalidation-logout]]
|
||||
|
|
|
@ -24,6 +24,18 @@ entries:
|
|||
id: invitation-enrollment-flow
|
||||
model: authentik_flows.flow
|
||||
|
||||
### POLICIES
|
||||
- attrs:
|
||||
expression: |
|
||||
if not regex_match(request.context.get('prompt_data').get('username'), '\s'):
|
||||
return True
|
||||
ak_message("Username must not contain any whitespace!")
|
||||
return False
|
||||
id: username-without-spaces-policy
|
||||
identifiers:
|
||||
name: username-without-spaces-policy
|
||||
model: authentik_policies_expression.expressionpolicy
|
||||
|
||||
### STAGES
|
||||
- identifiers:
|
||||
name: invitation-stage
|
||||
|
@ -41,6 +53,8 @@ entries:
|
|||
- !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-email]]
|
||||
- !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password]]
|
||||
- !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password-repeat]]
|
||||
validation_policies:
|
||||
- !Find [ authentik_policies_expression.expressionpolicy, [name, username-without-spaces-policy]]
|
||||
|
||||
### STAGE BINDINGS
|
||||
- identifiers:
|
||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
|||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: Flow Translations
|
||||
context:
|
||||
transl_recovery: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} "Passwort Zurücksetzen" {{ else }} "Reset your password" {{ end }}
|
||||
transl_recovery: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} "Passwort zurücksetzen" {{ else }} "Reset your password" {{ end }}
|
||||
transl_password: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} "Passwort" {{ else }} "Password" {{ end }}
|
||||
transl_password_repeat: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} "Passwort (wiederholen)" {{ else }} "Password (repeat)" {{ end }}
|
||||
transl_username: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} "Benutzername" {{ else }} "Username" {{ end }}
|
||||
|
@ -15,7 +15,7 @@ entries:
|
|||
- model: authentik_blueprints.metaapplyblueprint
|
||||
attrs:
|
||||
identifiers:
|
||||
name: Custom Authentication Flow
|
||||
name: Recovery with email verification
|
||||
required: true
|
||||
- model: authentik_blueprints.metaapplyblueprint
|
||||
attrs:
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: hedgedoc
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "hedgedoc_id" }}
|
||||
client_secret: {{ secret "hedgedoc_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Hedgedoc
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: hedgedoc_provider
|
||||
identifiers:
|
||||
pk: 9992
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "HEDGEDOC_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf hedgedoc_provider
|
||||
slug: hedgedoc
|
||||
conditions: []
|
||||
id: hedgedoc_application
|
||||
identifiers:
|
||||
name: Hedgedoc
|
||||
model: authentik_core.application
|
||||
state: present
|
After Width: | Height: | Size: 6.7 KiB |
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" version="1.1" xml:space="preserve" height="32" width="32" enable-background="new 0 0 595.275 311.111" y="0px" x="0px" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 32 32"><rect rx="5" ry="5" height="32" width="32" y="-.0000052588" x="0" fill="#0082c9"/><g transform="matrix(.89286 0 0 .89286 520.21 -.19331)"><path fill="#fff" d="m-572.71 3.5765c-1.108 0-2 0.892-2 2v4c0 1.108 0.892 2 2 2s2-0.892 2-2v-4c0-1.108-0.892-2-2-2zm16 0c-1.108 0-2 0.892-2 2v4c0 1.108 0.892 2 2 2s2-0.892 2-2v-4c0-1.108-0.892-2-2-2zm-13 4v2c0 1.662-1.338 3-3 3s-3-1.338-3-3v-1.875c-1.728 0.44254-3 2.0052-3 3.875v16c0 2.216 1.784 4 4 4h20c2.216 0 4-1.784 4-4v-16c0-1.8698-1.272-3.4325-3-3.875v1.875c0 1.662-1.338 3-3 3s-3-1.338-3-3v-2h-10zm-5.9062 9h21.812c0.0554 0 0.0937 0.03835 0.0937 0.09375v11.812c0 0.0554-0.0384 0.09375-0.0937 0.09375h-21.812c-0.0554 0-0.0937-0.03835-0.0937-0.09375v-11.812c0-0.0554 0.0384-0.09375 0.0937-0.09375z"/></g></svg>
|
After Width: | Height: | Size: 1.1 KiB |
After Width: | Height: | Size: 9.2 KiB |
After Width: | Height: | Size: 30 KiB |
|
@ -0,0 +1,7 @@
|
|||
<svg width="200" height="200" viewBox="0 0 200 200" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M100 200C155.228 200 200 155.228 200 100C200 44.7715 155.228 0 100 0C44.7715 0 0 44.7715 0 100C0 155.228 44.7715 200 100 200Z" fill="#0DBD8B"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M81.7169 46.5946C81.7169 42.5581 84.9959 39.2859 89.0408 39.2859C116.456 39.2859 138.681 61.4642 138.681 88.8225C138.681 92.859 135.401 96.1312 131.357 96.1312C127.312 96.1312 124.033 92.859 124.033 88.8225C124.033 69.5372 108.366 53.9033 89.0408 53.9033C84.9959 53.9033 81.7169 50.6311 81.7169 46.5946Z" fill="white"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M153.39 81.5137C157.435 81.5137 160.714 84.7859 160.714 88.8224C160.714 116.181 138.49 138.359 111.075 138.359C107.03 138.359 103.751 135.087 103.751 131.05C103.751 127.014 107.03 123.742 111.075 123.742C130.4 123.742 146.066 108.108 146.066 88.8224C146.066 84.7859 149.345 81.5137 153.39 81.5137Z" fill="white"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M118.398 153.405C118.398 157.442 115.119 160.714 111.074 160.714C83.6592 160.714 61.4347 138.536 61.4347 111.177C61.4347 107.141 64.7138 103.869 68.7587 103.869C72.8035 103.869 76.0826 107.141 76.0826 111.177C76.0826 130.463 91.7489 146.097 111.074 146.097C115.119 146.097 118.398 149.369 118.398 153.405Z" fill="white"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M46.6097 118.486C42.5648 118.486 39.2858 115.214 39.2858 111.178C39.2858 83.8193 61.5102 61.6409 88.9255 61.6409C92.9704 61.6409 96.2494 64.9132 96.2494 68.9497C96.2494 72.9862 92.9704 76.2584 88.9255 76.2584C69.6 76.2584 53.9337 91.8922 53.9337 111.178C53.9337 115.214 50.6546 118.486 46.6097 118.486Z" fill="white"/>
|
||||
</svg>
|
After Width: | Height: | Size: 1.7 KiB |
|
@ -0,0 +1,70 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 142.5 145.6" style="enable-background:new 0 0 142.5 145.6;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#565656;}
|
||||
.st1{fill:url(#SVGID_1_);}
|
||||
</style>
|
||||
<g>
|
||||
<path class="st0" d="M28.7,131.5c-0.3,7.9-6.6,14.1-14.4,14.1C6.1,145.6,0,139,0,130.9s6.6-14.7,14.7-14.7c3.6,0,7.2,1.6,10.2,4.4
|
||||
l-2.3,2.9c-2.3-2-5.1-3.4-7.9-3.4c-5.9,0-10.8,4.8-10.8,10.8c0,6.1,4.6,10.8,10.4,10.8c5.2,0,9.3-3.8,10.2-8.8H12.6v-3.5h16.1
|
||||
V131.5z"/>
|
||||
<path class="st0" d="M42.3,129.5h-2.2c-2.4,0-4.4,2-4.4,4.4v11.4h-3.9v-19.6H35v1.6c1.1-1.1,2.7-1.6,4.6-1.6h4.2L42.3,129.5z"/>
|
||||
<path class="st0" d="M63.7,145.3h-3.4v-2.5c-2.6,2.5-6.6,3.7-10.7,1.9c-3-1.3-5.3-4.1-5.9-7.4c-1.2-6.3,3.7-11.9,9.9-11.9
|
||||
c2.6,0,5,1.1,6.7,2.8v-2.5h3.4V145.3z M59.7,137c0.9-4-2.1-7.6-6-7.6c-3.4,0-6.1,2.8-6.1,6.1c0,3.8,3.3,6.7,7.2,6.1
|
||||
C57.1,141.2,59.1,139.3,59.7,137z"/>
|
||||
<path class="st0" d="M71.5,124.7v1.1h6.2v3.4h-6.2v16.1h-3.8v-20.5c0-4.3,3.1-6.8,7-6.8h4.7l-1.6,3.7h-3.1
|
||||
C72.9,121.6,71.5,123,71.5,124.7z"/>
|
||||
<path class="st0" d="M98.5,145.3h-3.3v-2.5c-2.6,2.5-6.6,3.7-10.7,1.9c-3-1.3-5.3-4.1-5.9-7.4c-1.2-6.3,3.7-11.9,9.9-11.9
|
||||
c2.6,0,5,1.1,6.7,2.8v-2.5h3.4v19.6H98.5z M94.5,137c0.9-4-2.1-7.6-6-7.6c-3.4,0-6.1,2.8-6.1,6.1c0,3.8,3.3,6.7,7.2,6.1
|
||||
C92,141.2,93.9,139.3,94.5,137z"/>
|
||||
<path class="st0" d="M119.4,133.8v11.5h-3.9v-11.6c0-2.4-2-4.4-4.4-4.4c-2.5,0-4.4,2-4.4,4.4v11.6h-3.9v-19.6h3.2v1.7
|
||||
c1.4-1.3,3.3-2,5.2-2C115.8,125.5,119.4,129.2,119.4,133.8z"/>
|
||||
<path class="st0" d="M142.4,145.3h-3.3v-2.5c-2.6,2.5-6.6,3.7-10.7,1.9c-3-1.3-5.3-4.1-5.9-7.4c-1.2-6.3,3.7-11.9,9.9-11.9
|
||||
c2.6,0,5,1.1,6.7,2.8v-2.5h3.4v19.6H142.4z M138.4,137c0.9-4-2.1-7.6-6-7.6c-3.4,0-6.1,2.8-6.1,6.1c0,3.8,3.3,6.7,7.2,6.1
|
||||
C135.9,141.2,137.8,139.3,138.4,137z"/>
|
||||
</g>
|
||||
<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="71.25" y1="10.4893" x2="71.25" y2="113.3415" gradientTransform="matrix(1 0 0 -1 0 148.6)">
|
||||
<stop offset="0" style="stop-color:#FCEE1F"/>
|
||||
<stop offset="1" style="stop-color:#F15B2A"/>
|
||||
</linearGradient>
|
||||
<path class="st1" d="M122.9,49.9c-0.2-1.9-0.5-4.1-1.1-6.5c-0.6-2.4-1.6-5-2.9-7.8c-1.4-2.7-3.1-5.6-5.4-8.3
|
||||
c-0.9-1.1-1.9-2.1-2.9-3.2c1.6-6.3-1.9-11.8-1.9-11.8c-6.1-0.4-9.9,1.9-11.3,2.9c-0.2-0.1-0.5-0.2-0.7-0.3c-1-0.4-2.1-0.8-3.2-1.2
|
||||
c-1.1-0.3-2.2-0.7-3.3-0.9c-1.1-0.3-2.3-0.5-3.5-0.7c-0.2,0-0.4-0.1-0.6-0.1C83.5,3.6,75.9,0,75.9,0c-8.7,5.6-10.4,13.1-10.4,13.1
|
||||
s0,0.2-0.1,0.4c-0.5,0.1-0.9,0.3-1.4,0.4c-0.6,0.2-1.3,0.4-1.9,0.7c-0.6,0.3-1.3,0.5-1.9,0.8c-1.3,0.6-2.5,1.2-3.8,1.9
|
||||
c-1.2,0.7-2.4,1.4-3.5,2.2c-0.2-0.1-0.3-0.2-0.3-0.2c-11.7-4.5-22.1,0.9-22.1,0.9c-0.9,12.5,4.7,20.3,5.8,21.7
|
||||
c-0.3,0.8-0.5,1.5-0.8,2.3c-0.9,2.8-1.5,5.7-1.9,8.7c-0.1,0.4-0.1,0.9-0.2,1.3c-10.8,5.3-14,16.3-14,16.3c9,10.4,19.6,11,19.6,11
|
||||
l0,0c1.3,2.4,2.9,4.7,4.6,6.8c0.7,0.9,1.5,1.7,2.3,2.6c-3.3,9.4,0.5,17.3,0.5,17.3c10.1,0.4,16.7-4.4,18.1-5.5c1,0.3,2,0.6,3,0.9
|
||||
c3.1,0.8,6.3,1.3,9.4,1.4c0.8,0,1.6,0,2.4,0h0.4H80h0.5H81l0,0c4.7,6.8,13.1,7.7,13.1,7.7c5.9-6.3,6.3-12.4,6.3-13.8l0,0
|
||||
c0,0,0,0,0-0.1s0-0.2,0-0.2l0,0c0-0.1,0-0.2,0-0.3c1.2-0.9,2.4-1.8,3.6-2.8c2.4-2.1,4.4-4.6,6.2-7.2c0.2-0.2,0.3-0.5,0.5-0.7
|
||||
c6.7,0.4,11.4-4.2,11.4-4.2c-1.1-7-5.1-10.4-5.9-11l0,0c0,0,0,0-0.1-0.1l-0.1-0.1l0,0l-0.1-0.1c0-0.4,0.1-0.8,0.1-1.3
|
||||
c0.1-0.8,0.1-1.5,0.1-2.3v-0.6v-0.3v-0.1c0-0.2,0-0.1,0-0.2v-0.5v-0.6c0-0.2,0-0.4,0-0.6s0-0.4-0.1-0.6l-0.1-0.6l-0.1-0.6
|
||||
c-0.1-0.8-0.3-1.5-0.4-2.3c-0.7-3-1.9-5.9-3.4-8.4c-1.6-2.6-3.5-4.8-5.7-6.8c-2.2-1.9-4.6-3.5-7.2-4.6c-2.6-1.2-5.2-1.9-7.9-2.2
|
||||
c-1.3-0.2-2.7-0.2-4-0.2h-0.5h-0.1h-0.2h-0.2h-0.5c-0.2,0-0.4,0-0.5,0c-0.7,0.1-1.4,0.2-2,0.3c-2.7,0.5-5.2,1.5-7.4,2.8
|
||||
c-2.2,1.3-4.1,3-5.7,4.9s-2.8,3.9-3.6,6.1c-0.8,2.1-1.3,4.4-1.4,6.5c0,0.5,0,1.1,0,1.6c0,0.1,0,0.3,0,0.4v0.4c0,0.3,0,0.5,0.1,0.8
|
||||
c0.1,1.1,0.3,2.1,0.6,3.1c0.6,2,1.5,3.8,2.7,5.4s2.5,2.8,4,3.8s3,1.7,4.6,2.2c1.6,0.5,3.1,0.7,4.5,0.6c0.2,0,0.4,0,0.5,0
|
||||
c0.1,0,0.2,0,0.3,0s0.2,0,0.3,0c0.2,0,0.3,0,0.5,0h0.1h0.1c0.1,0,0.2,0,0.3,0c0.2,0,0.4-0.1,0.5-0.1c0.2,0,0.3-0.1,0.5-0.1
|
||||
c0.3-0.1,0.7-0.2,1-0.3c0.6-0.2,1.2-0.5,1.8-0.7c0.6-0.3,1.1-0.6,1.5-0.9c0.1-0.1,0.3-0.2,0.4-0.3c0.5-0.4,0.6-1.1,0.2-1.6
|
||||
c-0.4-0.4-1-0.5-1.5-0.3C88,74,87.9,74,87.7,74.1c-0.4,0.2-0.9,0.4-1.3,0.5c-0.5,0.1-1,0.3-1.5,0.4c-0.3,0-0.5,0.1-0.8,0.1
|
||||
c-0.1,0-0.3,0-0.4,0c-0.1,0-0.3,0-0.4,0s-0.3,0-0.4,0c-0.2,0-0.3,0-0.5,0c0,0-0.1,0,0,0h-0.1h-0.1c-0.1,0-0.1,0-0.2,0
|
||||
s-0.3,0-0.4-0.1c-1.1-0.2-2.3-0.5-3.4-1c-1.1-0.5-2.2-1.2-3.1-2.1c-1-0.9-1.8-1.9-2.5-3.1c-0.7-1.2-1.1-2.5-1.3-3.8
|
||||
c-0.1-0.7-0.2-1.4-0.1-2.1c0-0.2,0-0.4,0-0.6c0,0.1,0,0,0,0v-0.1v-0.1c0-0.1,0-0.2,0-0.3c0-0.4,0.1-0.7,0.2-1.1c0.5-3,2-5.9,4.3-8.1
|
||||
c0.6-0.6,1.2-1.1,1.9-1.5c0.7-0.5,1.4-0.9,2.1-1.2c0.7-0.3,1.5-0.6,2.3-0.8s1.6-0.4,2.4-0.4c0.4,0,0.8-0.1,1.2-0.1
|
||||
c0.1,0,0.2,0,0.3,0h0.3h0.2c0.1,0,0,0,0,0h0.1h0.3c0.9,0.1,1.8,0.2,2.6,0.4c1.7,0.4,3.4,1,5,1.9c3.2,1.8,5.9,4.5,7.5,7.8
|
||||
c0.8,1.6,1.4,3.4,1.7,5.3c0.1,0.5,0.1,0.9,0.2,1.4v0.3V66c0,0.1,0,0.2,0,0.3c0,0.1,0,0.2,0,0.3v0.3v0.3c0,0.2,0,0.6,0,0.8
|
||||
c0,0.5-0.1,1-0.1,1.5c-0.1,0.5-0.1,1-0.2,1.5s-0.2,1-0.3,1.5c-0.2,1-0.6,1.9-0.9,2.9c-0.7,1.9-1.7,3.7-2.9,5.3
|
||||
c-2.4,3.3-5.7,6-9.4,7.7c-1.9,0.8-3.8,1.5-5.8,1.8c-1,0.2-2,0.3-3,0.3H81h-0.2h-0.3H80h-0.3c0.1,0,0,0,0,0h-0.1
|
||||
c-0.5,0-1.1,0-1.6-0.1c-2.2-0.2-4.3-0.6-6.4-1.2c-2.1-0.6-4.1-1.4-6-2.4c-3.8-2-7.2-4.9-9.9-8.2c-1.3-1.7-2.5-3.5-3.5-5.4
|
||||
s-1.7-3.9-2.3-5.9c-0.6-2-0.9-4.1-1-6.2v-0.4v-0.1v-0.1v-0.2V60v-0.1v-0.1v-0.2v-0.5V59l0,0v-0.2c0-0.3,0-0.5,0-0.8
|
||||
c0-1,0.1-2.1,0.3-3.2c0.1-1.1,0.3-2.1,0.5-3.2c0.2-1.1,0.5-2.1,0.8-3.2c0.6-2.1,1.3-4.1,2.2-6c1.8-3.8,4.1-7.2,6.8-9.9
|
||||
c0.7-0.7,1.4-1.3,2.2-1.9c0.3-0.3,1-0.9,1.8-1.4c0.8-0.5,1.6-1,2.5-1.4c0.4-0.2,0.8-0.4,1.3-0.6c0.2-0.1,0.4-0.2,0.7-0.3
|
||||
c0.2-0.1,0.4-0.2,0.7-0.3c0.9-0.4,1.8-0.7,2.7-1c0.2-0.1,0.5-0.1,0.7-0.2c0.2-0.1,0.5-0.1,0.7-0.2c0.5-0.1,0.9-0.2,1.4-0.4
|
||||
c0.2-0.1,0.5-0.1,0.7-0.2c0.2,0,0.5-0.1,0.7-0.1c0.2,0,0.5-0.1,0.7-0.1l0.4-0.1l0.4-0.1c0.2,0,0.5-0.1,0.7-0.1
|
||||
c0.3,0,0.5-0.1,0.8-0.1c0.2,0,0.6-0.1,0.8-0.1c0.2,0,0.3,0,0.5-0.1h0.3h0.2h0.2c0.3,0,0.5,0,0.8-0.1h0.4c0,0,0.1,0,0,0h0.1h0.2
|
||||
c0.2,0,0.5,0,0.7,0c0.9,0,1.8,0,2.7,0c1.8,0.1,3.6,0.3,5.3,0.6c3.4,0.6,6.7,1.7,9.6,3.2c2.9,1.4,5.6,3.2,7.8,5.1
|
||||
c0.1,0.1,0.3,0.2,0.4,0.4c0.1,0.1,0.3,0.2,0.4,0.4c0.3,0.2,0.5,0.5,0.8,0.7c0.3,0.2,0.5,0.5,0.8,0.7c0.2,0.3,0.5,0.5,0.7,0.8
|
||||
c1,1,1.9,2.1,2.7,3.1c1.6,2.1,2.9,4.2,3.9,6.2c0.1,0.1,0.1,0.2,0.2,0.4c0.1,0.1,0.1,0.2,0.2,0.4s0.2,0.5,0.4,0.7
|
||||
c0.1,0.2,0.2,0.5,0.3,0.7c0.1,0.2,0.2,0.5,0.3,0.7c0.4,0.9,0.7,1.8,1,2.7c0.5,1.4,0.8,2.6,1.1,3.6c0.1,0.4,0.5,0.7,0.9,0.7
|
||||
c0.5,0,0.8-0.4,0.8-0.9C123,52.7,123,51.4,122.9,49.9z"/>
|
||||
</svg>
|
After Width: | Height: | Size: 6.6 KiB |
After Width: | Height: | Size: 6.9 KiB |
After Width: | Height: | Size: 14 KiB |
|
@ -0,0 +1,12 @@
|
|||
<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" viewBox="0 0 256 256" width="256" height="256">
|
||||
<path d="M2268.2 2512.3a953.7 953.7 0 0 1-50 57c-180.5 189.5-426.2 294-691.6 294A953.7 953.7 0 0 1 847.8 2582a952.7 952.7 0 0 1-281.2-678.8 953.8 953.8 0 0 1 281.2-678.9 953.7 953.7 0 0 1 678.8-281.1 953.7 953.7 0 0 1 678.8 281.1 953.7 953.7 0 0 1 281.2 678.9c0 219.2-78.9 437.2-218.4 609" style="fill:#196aff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1823.7 1650.9c35.7 104.2 94.7 136.1 102 297 2.6 56.5-14.7 236-14.7 236s28 72-25.8 152.3c-83.5 124.3-255.4 132.8-345.7 132.8-90.3 0-260.2-8.5-343.7-132.8C1142 2256 1170 2184 1170 2184s-9.5-92.4-16.7-173.8c-1.7-19.1.1-94.7 2.4-113a453 453 0 0 1 25.8-96.2c14.4-39.6 36.8-79.9 54-120.5 51.8-122.8 8.4-274.9 11.1-407.3 2.2-94-20-189.3-28.7-281.2a960.4 960.4 0 0 1 308.7-50.6 958.6 958.6 0 0 1 344.9 63.6c-20.4 115-44.1 224.2-47.8 265.9-10.6 125.9-41.3 259.4 0 380" style="fill:#fff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36655635" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1162.9 2383.9c1.1-18.8 3-38 8.3-56.2 1.6-5.7 4-19.7 11.4-21.8 9-2.6 25.9 8.3 32.3 13 12.3 9 23.9 18.5 36.2 27.6 8 6 16.5 10.5 24.3 16.5 8.4 6.6 14.7 14.5 21.7 22.2 8.4 9.4 14.8 19 21.3 29.5 5.1 8.2 37.1 13.5 42.2 21 5.6 8.3 1 18.6 1 28.7 0 74.2 4.4 147.6 6.1 220.3 1.8 50 21.4 109.2-53.4 85.8-160.3-50-158.5-271.3-151.4-386.6M1869.1 2279.7c-1.6 1.8-4.2 3.2-6.3 4.8a208 208 0 0 0-25.1 21.5c-9.4 9.6-19.2 19-28.2 28.9-7.9 8.7-17.3 16.6-25 25.6-5.1 6-10 12.3-14.6 18.5-2.3 3.2-3.5 7-5.3 10.4-2.7 5-40 10.1-36.2 15 6.3 8.3 20.3 15.4 23.7 25 17.2 48.6 24.8 244.5 26.8 294.5 5.4 127.8 117.6-6.3 137.2-57.7 57-149.7 23.2-258.8-46.3-386.6" style="fill:#fff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1716.5 1787.9c-.1 73.8-9.3 103.6-50.4 139.7-25.8 22.6-55.9 31.2-103.8 30-47.9 1.2-82.4-13.4-107.3-39.2-37.5-39-47.4-62-47.5-135.9 0-39.9 43-128.1 55.7-148.5 21.3-36 60.6-48.9 99.1-46.2 38.6-2.7 77.9 10.3 99.1 46.2 12.8 20.4 55.1 107 55 153.9" style="fill:#f1e6d3;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1226.6 2316c-9.6 86.2-38.6 240 61.5 331.3 11 10.1 14-24.2 15.8-38 2.6-19 0-73.5.4-92.6.7-36.1 8.3-55 4.7-71.5-9.6-45-17.3-42.2-26.5-69.6-18.3-54.4-53.3-83-55.9-59.5M1851.7 2333c10.3-18.2 37 80.3 45.4 123.2 8 40.3 18 93.8 4 133.9-7.4 21.5-53 84.5-58.4 62.9-2-8.5-3.2-71.1-8.3-101.1-6.4-37.1-18-73.8-18-111.6-.2-84.5 25.3-88 35.3-107.2" style="fill:#f1d7d4;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1522 1319.7c-2.2-6.5-18.6-11.4-24.8-13.3-14.9-4.9-28.1 6.9-36.4 16.8-11.6 13.7-11.3 35.6-16.2 51.6-2.9 9.7-19.5 11-24.5 2-16.6-29.8-81.1 26.4-66.1 45.2 9.9 12.3-13.8 23.2-23.6 11-29-36.1 49-103.4 93.6-85.2 2-9 4-18 8-26.6 7.4-16.9 23.9-27.8 41-37 23.1-12.4 68.2 9.5 75 30.3 4.9 14.5-21.2 19.7-26 5.2M1727.6 1538.2c2.4-10 2.8-44-16-25.4-7.5 7.5-22.6 3-23.2-7-1.4-23.4-24.9-24-45.1-16.9-16 5.6-24.6-16.6-8.6-22.1 29.7-10.4 62-4.6 74.7 17.8 10.1-4.7 21.5-6 30.7 2.6 16 15 18.4 36.2 13.7 55.7-3.5 14.8-29.7 10.1-26.2-4.7M1775 1049.2c-7-14.3-19.8-13.4-33.6-7.4-10.1 4.4-22.6-2.8-19.6-13 6.2-20.6-19.7-26.6-37.3-19.3-15.4 6.5-28.8-13.8-13.2-20.3 31.6-13.2 71.7-1.6 77.5 26.2 20.4-3.3 39.8 2.4 49.4 22.3 6.7 13.6-16.4 25.4-23.2 11.5M1569.8 2153.3c-3.3-20.2-41.1 3.3-50.5 9.7-8.3 5.5-19 2.1-20-7.3-1.4-12.7-18.5-9-26.3-7.4-14.8 3-27.4 12.2-27.7 26-.4 13.6 8.2 27.7 12.6 40.4 2.9 8-8.7 17-17.2 11.5-15.2-9.7-88.7-18.5-59.4 13.6 9.3 10.2-7.1 24.8-16.6 14.5-13.5-14.8-22.6-48.7 6.6-56 15.5-3.7 37.8-3.5 56.8.8-8-25.5-9.6-48.8 23.2-65.1 22.1-11.1 52.5-11 65.4 6 27.2-14.5 69.7-28.7 75.6 7.8 2.1 13-20.4 18.5-22.5 5.5" style="fill:#faeee0;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1443 1685.6c39.4-3.4 78.8-12.3 118.5-10.9 25.4 1 51.7 4.5 76.8 8.2 18.2 2.7 40.5 6 52.7 19.4 1-45-92.6-59.1-128.9-60-42.1-1-89.5 17.2-119 43.3" style="fill:#494949;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1549.4 1779.5a353.5 353.5 0 0 1-2.7-87.3c.7-7.6-1.3-25.7 8.8-29.5 8.2-3 18.3 2.7 19.7 10.1 2.2 12.5-3 28.2-3.5 41-.5 14.9 0 29.8 1.6 44.7 1 8.8 5.9 20.7-4.2 27-7.4 4.5-18.3 2.8-19.7-6" style="fill:#494949;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1626 1849.7c-23.7-1-45.7-14.2-63.4-27-16.1 10.7-40.5 20.5-60.7 14.8-12-3.4-1.1-7.1 4-10.3 9.2-6.2 16.8-14.2 23.7-22.4 10.3-12.6 19.6-25.8 30.7-38 7.6 5.6 15 11.1 21.6 17.6 3.1 3 28.5 37 32.4 42.7 2.4 3.6 5 7.4 7.8 10.8 2.9 3.5 11 9 3.9 11.8" style="fill:#494949;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
<path d="M1326.5 2010c11.7 30.3 24.3 68.4 56.3 62.4 24.2-5.2 56.7-86.2 36-78.2-11.3 4.4-20.3 41.1-41.4 46-13.4 3-32-43.6-50-48.4-8.7-2.3-4.3 10.4-.9 18.2M1670.6 2010c11.7 30.3 24.2 68.4 56.3 62.4 24.2-5.2 56.7-86.2 35.9-78.2-11.3 4.4-20.2 41.1-41.3 46-13.5 3-32-43.6-50-48.4-8.7-2.3-4.4 10.4-1 18.2" style="fill:#2c3844;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:.36633128" transform="matrix(.13333 0 0 -.13333 -75.5 381.8)"/>
|
||||
</svg>
|
After Width: | Height: | Size: 5.4 KiB |
After Width: | Height: | Size: 4.0 KiB |
|
@ -0,0 +1,48 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: kimai
|
||||
|
||||
entries:
|
||||
- attrs:
|
||||
acs_url: https://{{ env "KIMAI_DOMAIN" }}/auth/saml/acs
|
||||
assertion_valid_not_before: minutes=-5
|
||||
assertion_valid_not_on_or_after: minutes=5
|
||||
audience: https://{{ env "KIMAI_DOMAIN" }}/auth/saml
|
||||
authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256
|
||||
issuer: https://{{ env "DOMAIN" }}
|
||||
name: Kimai
|
||||
name_id_mapping: !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Name"]]
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Email"]]
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: User ID"]]
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Groups"]]
|
||||
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: UPN"]]
|
||||
session_valid_not_on_or_after: minutes=86400
|
||||
signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
|
||||
signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sp_binding: post
|
||||
conditions: []
|
||||
id: kimai_provider
|
||||
identifiers:
|
||||
pk: 9991
|
||||
model: authentik_providers_saml.samlprovider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "KIMAI_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf kimai_provider
|
||||
slug: kimai
|
||||
conditions: []
|
||||
id: kimai_application
|
||||
identifiers:
|
||||
name: Kimai
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: matrix
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "matrix_id" }}
|
||||
client_secret: {{ secret "matrix_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Matrix
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: user_username
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: matrix_provider
|
||||
identifiers:
|
||||
pk: 9997
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "ELEMENT_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf matrix_provider
|
||||
slug: matrix
|
||||
conditions: []
|
||||
id: matrix_application
|
||||
identifiers:
|
||||
name: Matrix
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: monitoring
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "monitoring_id" }}
|
||||
client_secret: {{ secret "monitoring_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Monitoring
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: user_username
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: monitoring_provider
|
||||
identifiers:
|
||||
pk: 9994
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "MONITORING_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf monitoring_provider
|
||||
slug: monitoring
|
||||
conditions: []
|
||||
id: monitoring_application
|
||||
identifiers:
|
||||
name: Monitoring
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: outline
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "outline_id" }}
|
||||
client_secret: {{ secret "outline_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Outline
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: outline_provider
|
||||
identifiers:
|
||||
pk: 9994
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "OUTLINE_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf outline_provider
|
||||
slug: outline
|
||||
conditions: []
|
||||
id: outline_application
|
||||
identifiers:
|
||||
name: Outline
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: rallly
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "rallly_id" }}
|
||||
client_secret: {{ secret "rallly_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Rallly
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: rallly_provider
|
||||
identifiers:
|
||||
pk: 9993
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "RALLLY_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf rallly_provider
|
||||
slug: rallly
|
||||
conditions: []
|
||||
id: rallly_application
|
||||
identifiers:
|
||||
name: Rallly
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1 @@
|
|||
If you use your own outpost you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml" to expose the docker socket again.
|
|
@ -0,0 +1 @@
|
|||
It is only possible to upgrade to 2023.10 from 2023.8, you need to update to 2023.8.x before applying this update
|
|
@ -0,0 +1 @@
|
|||
Blueprint changes are applied and automatic migrations should work, however, manual action may be required: https://docs.goauthentik.io/docs/releases/2024.2
|
|
@ -0,0 +1 @@
|
|||
Due to blueprint changes, you need to run the following command after upgrading: abra app cmd -C <Domain> worker apply_blueprints
|
|
@ -0,0 +1 @@
|
|||
Alerta! ⚠️ If you are using AUTHENTIK_COLOR_BACKGROUND_LIGHT, you will need to set COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
|
|
@ -0,0 +1 @@
|
|||
Blueprint for Kimai SSO integration added
|
|
@ -2,26 +2,26 @@ version: 1
|
|||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: Custom System Tenant
|
||||
name: Custom System brand
|
||||
entries:
|
||||
### DEPENDENCIES
|
||||
- model: authentik_blueprints.metaapplyblueprint
|
||||
attrs:
|
||||
identifiers:
|
||||
name: Default - Tenant
|
||||
name: Default - Brand
|
||||
required: true
|
||||
- model: authentik_blueprints.metaapplyblueprint
|
||||
attrs:
|
||||
identifiers:
|
||||
name: Invitation Enrollment Flow
|
||||
name: Recovery with email verification
|
||||
required: true
|
||||
|
||||
|
||||
### SYSTEM TENANT
|
||||
# remove custom tenant from old recipe
|
||||
### SYSTEM BRAND
|
||||
# remove custom brand from old recipe
|
||||
- identifiers:
|
||||
domain: {{ env "DOMAIN" }}
|
||||
model: authentik_tenants.tenant
|
||||
model: authentik_brands.brand
|
||||
state: absent
|
||||
|
||||
- attrs:
|
||||
|
@ -32,4 +32,4 @@ entries:
|
|||
identifiers:
|
||||
default: true
|
||||
domain: authentik-default
|
||||
model: authentik_tenants.tenant
|
||||
model: authentik_brands.brand
|
|
@ -0,0 +1,43 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: vikunja
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "vikunja_id" }}
|
||||
client_secret: {{ secret "vikunja_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Vikunja
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: vikunja_provider
|
||||
identifiers:
|
||||
pk: 9995
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "VIKUNJA_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf vikunja_provider
|
||||
slug: vikunja
|
||||
conditions: []
|
||||
id: vikunja_application
|
||||
identifiers:
|
||||
name: Vikunja
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -0,0 +1,61 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: wekan
|
||||
|
||||
entries:
|
||||
- attrs:
|
||||
description: wekan
|
||||
expression: "groupsDict = {\"wekanGroups\": []}\nfor group in request.user.ak_groups.all():\n\
|
||||
\ my_attributes = group.attributes\n my_attributes[\"displayName\"] = group.name\n\
|
||||
\ my_attributes[\"isAdmin\"] = group.attributes[\"isAdmin\"] if 'isAdmin' in group.attributes else group.is_superuser\n\
|
||||
\ my_attributes[\"isActive\"] = group.attributes[\"\
|
||||
isActive\"] if 'isActive' in group.attributes else True\n my_attributes[\"\
|
||||
forceCreate\"] = group.attributes[\"forceCreate\"] if 'forceCreate' in group.attributes\
|
||||
\ else True\n groupsDict[\"wekanGroups\"].append(my_attributes)\nreturn groupsDict"
|
||||
managed: null
|
||||
scope_name: wekan
|
||||
conditions: []
|
||||
id: wekan_group_mapping
|
||||
identifiers:
|
||||
name: wekan
|
||||
model: authentik_providers_oauth2.scopemapping
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "wekan_id" }}
|
||||
client_secret: {{ secret "wekan_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Wekan
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
- !KeyOf wekan_group_mapping
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: wekan_provider
|
||||
identifiers:
|
||||
pk: 9996
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "WEKAN_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf wekan_provider
|
||||
slug: wekan
|
||||
conditions: []
|
||||
id: wekan_application
|
||||
identifiers:
|
||||
name: Wekan
|
||||
model: authentik_core.application
|
||||
state: present
|
|
@ -41,3 +41,19 @@ entries:
|
|||
name: Wordpress
|
||||
model: authentik_core.application
|
||||
state: present
|
||||
|
||||
{{ if ne (env "WORDPRESS_GROUP") "" }}
|
||||
- identifiers:
|
||||
name: {{ env "WORDPRESS_GROUP" }}
|
||||
attrs:
|
||||
users:
|
||||
- 1
|
||||
id: wordpress_group
|
||||
model: authentik_core.group
|
||||
|
||||
- identifiers:
|
||||
group: !KeyOf wordpress_group
|
||||
target: !KeyOf wordpress_application
|
||||
order: 0
|
||||
model: authentik_policies.policybinding
|
||||
{{ end }}
|
||||
|
|