chore: publish 7.0.1+2025.2.0 release

Merge pull request 'Fix race condition when setting admin password with POST_DEPLOY_CMDS' (#13 ) from virtualboys/authentik:main into main
Reviewed-on: #13 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech> Reviewed-by: ammaratef45 <ammaratef45@proton.me>
2025-02-28 16:34:52 -05:00 · 2025-02-27 16:41:42 +00:00 · 2025-02-26 17:21:09 -05:00 · 2025-02-26 12:16:17 -05:00 · 2025-02-24 15:22:15 +01:00 · 2025-02-13 14:45:32 +01:00
17 changed files with 78 additions and 24 deletions
--- a/.env.sample
+++ b/.env.sample
@ -130,5 +130,5 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 # SECRET_HEDGEDOC_SECRET_VERSION=v1
 # APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"

-# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
-# EXTRA_ICONS={"Calendar": "~/.abra/recipes/authentik/icons/calendar.svg", "BBB": "~/.abra/recipes/authentik/icons/bbb.png"}
+# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/", "Pretix": "https://pretix.example.com/control/"}'
+# EXTRA_ICONS={"Calendar": "~/.abra/recipes/authentik/icons/calendar.svg", "BBB": "~/.abra/recipes/authentik/icons/bbb.png", "Pretix": "~/.abra/recipes/authentik/icons/pretix.svg"}
--- a/abra.sh
+++ b/abra.sh
@ -5,17 +5,17 @@ export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v3
 export SYSTEM_BRAND_VERSION=v4
-export NEXTCLOUD_CONFIG_VERSION=v2
-export WORDPRESS_CONFIG_VERSION=v3
-export MATRIX_CONFIG_VERSION=v2
-export WEKAN_CONFIG_VERSION=v4
-export VIKUNJA_CONFIG_VERSION=v2
-export OUTLINE_CONFIG_VERSION=v3
-export KIMAI_CONFIG_VERSION=v2
-export ZAMMAD_CONFIG_VERSION=v3
-export RALLLY_CONFIG_VERSION=v3
-export HEDGEDOC_CONFIG_VERSION=v2
-export MONITORING_CONFIG_VERSION=v3
+export NEXTCLOUD_CONFIG_VERSION=v3
+export WORDPRESS_CONFIG_VERSION=v4
+export MATRIX_CONFIG_VERSION=v3
+export WEKAN_CONFIG_VERSION=v5
+export VIKUNJA_CONFIG_VERSION=v3
+export OUTLINE_CONFIG_VERSION=v4
+export KIMAI_CONFIG_VERSION=v3
+export ZAMMAD_CONFIG_VERSION=v4
+export RALLLY_CONFIG_VERSION=v4
+export HEDGEDOC_CONFIG_VERSION=v3
+export MONITORING_CONFIG_VERSION=v4
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
 export ENTRYPOINT_CSS_VERSION=v1
@ -35,6 +35,15 @@ customize() {
    done
 }

+shell(){
+    if [ -z "$1" ]
+    then
+            echo "Usage: ... shell <python code>"
+            exit 1
+    fi
+    ak shell -c "$1" 2>&1 | quieten
+}
+
 import_user() {
    if [ -z "$1" ]
    then
@ -79,6 +88,16 @@ set_admin_pass() {
 password=$(cat /run/secrets/admin_pass)
 token=$(cat /run/secrets/admin_token)
 /manage.py shell -c """
+import time
+i = 0
+while (not User.objects.filter(username='akadmin')):
+    print('Waiting for akadmin to be created...')
+    time.sleep(10)
+    i += 1
+    if i > 6:
+        print('Failed to find admin user!')
+        exit()
+
 akadmin = User.objects.get(username='akadmin')
 akadmin.set_password('$password')
 akadmin.save()
--- a/compose.matrix.yml
+++ b/compose.matrix.yml
@ -12,6 +12,7 @@ services:
      - matrix_secret
    environment:
      - ELEMENT_DOMAIN
+      - MATRIX_DOMAIN
    configs:
      - source: matrix
        target: /blueprints/matrix.yaml
--- a/compose.outposts.ldap.yml
+++ b/compose.outposts.ldap.yml
@ -1,7 +1,7 @@
 version: "3.8"
 services:
  authentik_ldap:
-      image: ghcr.io/goauthentik/ldap:2024.10.5
+      image: ghcr.io/goauthentik/ldap:2025.2.0
      # Optionally specify which networks the container should be
      # might be needed to reach the core authentik server
      networks:
--- a/compose.yml
+++ b/compose.yml
@ -34,7 +34,7 @@ x-env: &env
 version: '3.8'
 services:
  app:
-    image: ghcr.io/goauthentik/server:2024.10.5
+    image: ghcr.io/goauthentik/server:2025.2.0
    command: server
    depends_on:
      - db
@ -72,11 +72,11 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=6.11.0+2024.10.5"
+        - "coop-cloud.${STACK_NAME}.version=7.0.1+2025.2.0"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

  worker:
-    image: ghcr.io/goauthentik/server:2024.10.5
+    image: ghcr.io/goauthentik/server:2025.2.0
    command: worker
    depends_on:
      - db
@ -117,7 +117,7 @@ services:
      start_period: 5m

  db:
-    image: postgres:15.8
+    image: postgres:15.12
    secrets:
      - db_password
    configs:
@ -152,7 +152,7 @@ services:
          backupbot.restore.post-hook: '/pg_backup.sh restore'

  redis:
-    image:  redis:7.4.1-alpine
+    image:  redis:7.4.2-alpine
    command: --save 60 1 --loglevel warning
    networks:
      - internal
--- a/hedgedoc.yaml.tmpl
+++ b/hedgedoc.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2/callback
    name: Hedgedoc
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -32,7 +35,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}
+    meta_launch_url: https://{{ env  "HEDGEDOC_DOMAIN" }}/auth/oauth2
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf hedgedoc_provider
--- a/icons/pretix.svg
+++ b/icons/pretix.svg
@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg id="Ebene_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"><defs><style>.cls-1{fill:#3b1c4a;}</style></defs><path class="cls-1" d="m50.67,56.95c-.72.1-1.22.3-1.66.5l2.38,16.91c.41.08.95.13,1.6.04,3.52-.5,4.61-3.64,3.81-9.39-.83-5.87-2.53-8.56-6.12-8.06Z"/><path class="cls-1" d="m116.04,35.05c.71-.17,1.16-.76,1.06-1.48L112.54,1.13c-.1-.72-.77-1.22-1.49-1.12l-37.5,5.27.73,5.22c.16,1.12-.62,2.15-1.74,2.31s-2.15-.62-2.31-1.74l-.73-5.22L1.13,15.46c-.72.1-1.22.77-1.12,1.49l4.56,32.44c.1.72.7,1.17,1.42,1.13,11.25-.92,21.43,7.1,23.03,18.46,1.6,11.36-5.99,21.81-17.07,23.96-.71.17-1.16.76-1.06,1.48l4.56,32.44c.1.72.77,1.22,1.49,1.12l68.37-9.61-.73-5.22c-.16-1.15.59-2.15,1.74-2.31s2.15.62,2.31,1.74l.73,5.22,37.5-5.27c.72-.1,1.22-.77,1.12-1.49l-4.56-32.44c-.1-.72-.7-1.17-1.42-1.13-11.25.92-21.42-7.04-23.02-18.4-1.6-11.36,5.98-21.87,17.06-24.03Zm-59.84,44.75c-1.76.25-3.29.26-4.04.17l1.59,11.29-9.92,1.39-5.3-37.73c2.5-1.62,5.96-3.03,11.38-3.8,8.68-1.22,15.27,2.58,16.66,12.44,1.25,8.88-3.12,15.21-10.36,16.23Zm30.73,20.71c.16,1.12-.62,2.15-1.74,2.31-1.12.16-2.15-.62-2.31-1.74l-1.47-10.44c-.16-1.12.62-2.15,1.74-2.31s2.16.66,2.31,1.74l1.47,10.44Zm-3.17-22.58c.15,1.08-.66,2.16-1.74,2.31s-2.16-.66-2.31-1.74l-1.47-10.44c-.16-1.15.59-2.15,1.74-2.31,1.12-.16,2.15.62,2.31,1.74l1.47,10.44Zm-3.16-22.45c.16,1.12-.62,2.15-1.74,2.31-1.12.16-2.15-.62-2.31-1.74l-1.47-10.44c-.16-1.12.62-2.15,1.74-2.31s2.16.66,2.31,1.74l1.47,10.44Zm-3.17-22.58c.15,1.08-.66,2.16-1.74,2.31s-2.16-.66-2.31-1.74l-1.47-10.44c-.16-1.15.59-2.15,1.74-2.31s2.15.62,2.31,1.74l1.47,10.44Z"/></svg>
--- a/icons/vaultwarden.svg
+++ b/icons/vaultwarden.svg
--- a/kimai.yaml.tmpl
+++ b/kimai.yaml.tmpl
@ -37,7 +37,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}
+    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml/login
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf kimai_provider
--- a/matrix.yaml.tmpl
+++ b/matrix.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MATRIX_DOMAIN" }}/_synapse/client/oidc/callback
    name: Matrix
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -36,10 +39,10 @@ entries:
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf matrix_provider
-    slug: matrix
+    name: Element
  conditions: []
  id: matrix_application
  identifiers:
-    name: Matrix
+    slug: matrix
  model: authentik_core.application
  state: present
--- a/monitoring.yaml.tmpl
+++ b/monitoring.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MONITORING_DOMAIN" }}/login/generic_oauth
    name: Monitoring
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/nextcloud.yaml.tmpl
+++ b/nextcloud.yaml.tmpl
@ -28,6 +28,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "NEXTCLOUD_DOMAIN" }}/apps/sociallogin/custom_oidc/authentik
    name: Nextcloud
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/outline.yaml.tmpl
+++ b/outline.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc.callback
    name: Outline
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -32,7 +35,7 @@ entries:
  state: present

 - attrs:
-    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}
+    meta_launch_url: https://{{ env  "OUTLINE_DOMAIN" }}/auth/oidc
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf outline_provider
--- a/rallly.yaml.tmpl
+++ b/rallly.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "RALLLY_DOMAIN" }}/api/auth/callback/oidc
    name: Rallly
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/vikunja.yaml.tmpl
+++ b/vikunja.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "VIKUNJA_DOMAIN" }}/auth/openid/authentik
    name: Vikunja
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@ -33,6 +33,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WEKAN_DOMAIN" }}/_oauth/oidc
    name: Wekan
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
--- a/wordpress.yaml.tmpl
+++ b/wordpress.yaml.tmpl
@ -16,6 +16,9 @@ entries:
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "WORDPRESS_DOMAIN" }}/openid-connect-authorize
    name: Wordpress
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
Author	SHA1	Message	Date
many	77d79b3a07	chore: publish 7.0.1+2025.2.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-02-28 16:34:52 -05:00
marlon	ac7192e6ab	Merge pull request 'Fix race condition when setting admin password with POST_DEPLOY_CMDS' (#13 ) from virtualboys/authentik:main into main All checks were successful continuous-integration/drone/push Build is passing Details Reviewed-on: #13 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech> Reviewed-by: ammaratef45 <ammaratef45@proton.me>	2025-02-27 16:41:42 +00:00
many	d6bd030880	Fix race condition when setting admin password with POST_DEPLOY_CMDS	2025-02-26 17:21:09 -05:00
3wc	7a2c45137f	chore: publish 7.0.0+2025.2.0 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-02-26 12:16:17 -05:00
Moritz	86ce0820bc	add vaultwarden icon	2025-02-24 15:22:15 +01:00
Simon	6fcba9ff03	add pretix icon All checks were successful continuous-integration/drone/push Build is passing Details	2025-02-13 14:45:32 +01:00
Moritz	43700b2562	add shell command All checks were successful continuous-integration/drone/push Build is passing Details	2025-02-11 15:07:52 +01:00
3wc	35d48cc4c4	chore: publish 6.12.0+2024.12.3 release Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/tag Build is passing Details	2025-02-05 12:16:36 -05:00
3wc	64100ce3a4	Merge branch 'main' of ssh://git.coopcloud.tech:2222/coop-cloud/authentik All checks were successful continuous-integration/drone/push Build is passing Details	2025-02-05 12:15:13 -05:00
3wc	abc1ed307c	Updates in response to PR feedback	2025-02-05 12:15:07 -05:00
knoflook	a5b5395bdf	update .env.sample and drop unused volume	2025-02-05 12:15:07 -05:00
knoflook	97ce2e451a	don't create a new volume	2025-02-05 12:15:07 -05:00
3wc	98a5d4b726	Work towards custom CSS in volume	2025-02-05 12:15:07 -05:00
Moritz	d0c924a864	chore: publish 6.11.1+2024.10.5 release All checks were successful continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	2025-01-20 22:28:24 +01:00
Moritz	5df1f34cd7	UX: rename matrix to element	2025-01-20 22:28:24 +01:00
Moritz	bc62831e58	fix blueprints: add redirect_uris	2025-01-20 22:28:20 +01:00
				`@ -0,0 +1 @@`
				<?xml version="1.0" encoding="UTF-8"?><svg id="Ebene_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"><defs><style>.cls-1{fill:#3b1c4a;}</style></defs><path class="cls-1" d="m50.67,56.95c-.72.1-1.22.3-1.66.5l2.38,16.91c.41.08.95.13,1.6.04,3.52-.5,4.61-3.64,3.81-9.39-.83-5.87-2.53-8.56-6.12-8.06Z"/><path class="cls-1" d="m116.04,35.05c.71-.17,1.16-.76,1.06-1.48L112.54,1.13c-.1-.72-.77-1.22-1.49-1.12l-37.5,5.27.73,5.22c.16,1.12-.62,2.15-1.74,2.31s-2.15-.62-2.31-1.74l-.73-5.22L1.13,15.46c-.72.1-1.22.77-1.12,1.49l4.56,32.44c.1.72.7,1.17,1.42,1.13,11.25-.92,21.43,7.1,23.03,18.46,1.6,11.36-5.99,21.81-17.07,23.96-.71.17-1.16.76-1.06,1.48l4.56,32.44c.1.72.77,1.22,1.49,1.12l68.37-9.61-.73-5.22c-.16-1.15.59-2.15,1.74-2.31s2.15.62,2.31,1.74l.73,5.22,37.5-5.27c.72-.1,1.22-.77,1.12-1.49l-4.56-32.44c-.1-.72-.7-1.17-1.42-1.13-11.25.92-21.42-7.04-23.02-18.4-1.6-11.36,5.98-21.87,17.06-24.03Zm-59.84,44.75c-1.76.25-3.29.26-4.04.17l1.59,11.29-9.92,1.39-5.3-37.73c2.5-1.62,5.96-3.03,11.38-3.8,8.68-1.22,15.27,2.58,16.66,12.44,1.25,8.88-3.12,15.21-10.36,16.23Zm30.73,20.71c.16,1.12-.62,2.15-1.74,2.31-1.12.16-2.15-.62-2.31-1.74l-1.47-10.44c-.16-1.12.62-2.15,1.74-2.31s2.16.66,2.31,1.74l1.47,10.44Zm-3.17-22.58c.15,1.08-.66,2.16-1.74,2.31s-2.16-.66-2.31-1.74l-1.47-10.44c-.16-1.15.59-2.15,1.74-2.31,1.12-.16,2.15.62,2.31,1.74l1.47,10.44Zm-3.16-22.45c.16,1.12-.62,2.15-1.74,2.31-1.12.16-2.15-.62-2.31-1.74l-1.47-10.44c-.16-1.12.62-2.15,1.74-2.31s2.16.66,2.31,1.74l1.47,10.44Zm-3.17-22.58c.15,1.08-.66,2.16-1.74,2.31s-2.16-.66-2.31-1.74l-1.47-10.44c-.16-1.15.59-2.15,1.74-2.31s2.15.62,2.31,1.74l1.47,10.44Z"/></svg>