Compare commits
16 Commits
7.0.0+2025
...
feature/53
| Author | SHA1 | Date | |
|---|---|---|---|
| f47da0c1b8 | |||
| c15f2adcba | |||
| 08118088a8 | |||
| 14e1d61343 | |||
| 04a370699d | |||
| efd67032cf | |||
| 6b627c6db7 | |||
| c90b3c6881 | |||
| e7af2b541e | |||
ea9b0ebd55
|
|||
|
06aafce852
|
|||
| 3c2b248304 | |||
| bda409290e | |||
| 77d79b3a07 | |||
| ac7192e6ab | |||
| d6bd030880 |
@ -62,7 +62,7 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
|
||||
# BACKGROUND_FONT_COLOR=white
|
||||
# BACKGROUND_BOX_COLOR='#eaeaeacf'
|
||||
# THEME_BACKGROUND="url('https://authentik.example.com/static/dist/assets/images/flow_background.jpg'); background-position: center; background-repeat: no-repeat; background-size: cover;"
|
||||
# THEME_BACKGROUND=""
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
|
||||
# NEXTCLOUD_DOMAIN=nextcloud.example.com
|
||||
|
||||
41
README.md
41
README.md
@ -52,6 +52,16 @@ APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
|
||||
|
||||
Set the nextcloud Icon using `abra app cmd -l -d <app_name> set_icons`
|
||||
|
||||
Generate OAuth client id and secret using `abra app secret generate <app_name> -a` (all secrets) or individually:
|
||||
- `abra app secret generate <app_name> nextcloud_id`
|
||||
- `abra app secret generate <app_name> nextcloud_secret`
|
||||
|
||||
Add the id and secret to nextcloud as secrets with:
|
||||
- `abra app secret insert <nextcloud_app_name> authentik_id v1 <id>`
|
||||
- `abra app secret insert <nextcloud_app_name> authentik_secret v1 <secret>`
|
||||
|
||||
Redeploy Authentik to enable the nextcloud client.
|
||||
|
||||
The configuration inside Nextcloud can be found in the [nextcloud recipe](https://git.coopcloud.tech/coop-cloud/nextcloud#authentik-integration)
|
||||
|
||||
## Add LDAP outpost
|
||||
@ -95,6 +105,25 @@ Run this command after every deploy/upgrade:
|
||||
|
||||
`abra app command --local <app-name> customize <assets_path>`
|
||||
|
||||
## Custom CSS
|
||||
|
||||
Uncomment the following env:
|
||||
|
||||
```
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.css-volume.yml"
|
||||
```
|
||||
|
||||
Redeploy the app:
|
||||
```
|
||||
abra app deploy -f <app_name>
|
||||
```
|
||||
|
||||
Copy the CSS and restart the container:
|
||||
```
|
||||
abra app cp <app_name> my_custom.css app:/web/dist/assets/custom.css
|
||||
abra app restart <app_name> app
|
||||
```
|
||||
|
||||
## Email templates
|
||||
|
||||
Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#custom-templates):
|
||||
@ -105,15 +134,15 @@ Add custom [email templates](https://goauthentik.io/docs/flow/stages/email/#cust
|
||||
|
||||
These blueprints overwrite default blueprint values:
|
||||
|
||||
- flow_translation.yaml
|
||||
- flow_authentication.yaml
|
||||
- `flow_translation.yaml`
|
||||
- `flow_authentication.yaml`
|
||||
|
||||
The following default blueprints will be overwritten by customizations:
|
||||
|
||||
- flow-password-change.yaml
|
||||
- flow-default-authentication-flow.yaml
|
||||
- flow-default-user-settings-flow.yaml
|
||||
- flow-default-source-enrollment.yaml
|
||||
- `flow-password-change.yaml`
|
||||
- `flow-default-authentication-flow.yaml`
|
||||
- `flow-default-user-settings-flow.yaml`
|
||||
- `flow-default-source-enrollment.yaml`
|
||||
|
||||
The `abra.sh` function `apply_blueprints` needs to be executed to deactivate these blueprints to ensure that the customizations won't be overwritten. It will further execute flow_translation.yaml and flow_authentication.yaml again.
|
||||
|
||||
|
||||
10
abra.sh
10
abra.sh
@ -88,6 +88,16 @@ set_admin_pass() {
|
||||
password=$(cat /run/secrets/admin_pass)
|
||||
token=$(cat /run/secrets/admin_token)
|
||||
/manage.py shell -c """
|
||||
import time
|
||||
i = 0
|
||||
while (not User.objects.filter(username='akadmin')):
|
||||
print('Waiting for akadmin to be created...')
|
||||
time.sleep(10)
|
||||
i += 1
|
||||
if i > 6:
|
||||
print('Failed to find admin user!')
|
||||
exit()
|
||||
|
||||
akadmin = User.objects.get(username='akadmin')
|
||||
akadmin.set_password('$password')
|
||||
akadmin.save()
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
authentik_ldap:
|
||||
image: ghcr.io/goauthentik/ldap:2025.2.0
|
||||
image: ghcr.io/goauthentik/ldap:2025.6.2
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
networks:
|
||||
|
||||
10
compose.yml
10
compose.yml
@ -34,7 +34,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2025.2.0
|
||||
image: ghcr.io/goauthentik/server:2025.6.2
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -72,11 +72,11 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.0.0+2025.2.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.3.2+2025.6.2"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2025.2.0
|
||||
image: ghcr.io/goauthentik/server:2025.6.2
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
@ -117,7 +117,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
db:
|
||||
image: postgres:15.12
|
||||
image: postgres:15.13
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
@ -152,7 +152,7 @@ services:
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
|
||||
redis:
|
||||
image: redis:7.4.2-alpine
|
||||
image: redis:8.0.2-alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
networks:
|
||||
- internal
|
||||
|
||||
Reference in New Issue
Block a user