export CUSTOM_CSS_VERSION=v2 export FLOW_AUTHENTICATION_VERSION=v1 export FLOW_INVITATION_VERSION=v1 export FLOW_INVALIDATION_VERSION=v1 export FLOW_RECOVERY_VERSION=v1 export FLOW_TRANSLATION_VERSION=v1 export SYSTEM_TENANT_VERSION=v1 export NEXTCLOUD_CONFIG_VERSION=v1 customize() { if [ -z "$1" ] then echo "Usage: ... customize " exit 1 fi asset_dir=$1 for asset in $COPY_ASSETS; do source=$(echo $asset | cut -d "|" -f1) target=$(echo $asset | cut -d "|" -f2) echo copy $source to $target abra app cp $APP_NAME $asset_dir/$source $target done } set_admin_pass() { password=$(cat /run/secrets/admin_pass) token=$(cat /run/secrets/admin_token) /manage.py shell -c """ akadmin = User.objects.get(username='akadmin') akadmin.set_password('$password') akadmin.save() print('Changed akadmin password') from authentik.core.models import TokenIntents key='$token' if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()): token.key=key token.save() print('Changed authentik-bootstrap-token') else: Token.objects.create( identifier='authentik-bootstrap-token', user=akadmin, intent=TokenIntents.INTENT_API, expiring=False, key=key, ) print('Created authentik-bootstrap-token') """ } rotate_db_pass() { db_password=$(cat /run/secrets/db_password) psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';""" } apply_blueprints() { enable_blueprint default/flow-default-authentication-flow.yaml enable_blueprint default/flow-default-user-settings-flow.yaml enable_blueprint default/flow-password-change.yaml ak apply_blueprint 6_flow_invalidation.yaml ak apply_blueprint 5_system_tenant.yaml disable_blueprint default/flow-default-authentication-flow.yaml disable_blueprint default/flow-default-user-settings-flow.yaml disable_blueprint default/flow-password-change.yaml } disable_blueprint() { blueprint_state False $@ } enable_blueprint() { blueprint_state True $@ } blueprint_state() { TOKEN=$(cat /run/secrets/admin_token) python -c """ import requests session = requests.Session() my_token='$TOKEN' blueprint_state=$1 blueprint_path='$2' resp = session.get(f'https://$DOMAIN/api/v3/managed/blueprints/?path={blueprint_path}', headers={'Authorization':f'Bearer {my_token}'}) if not resp.ok: print(f'Error fetching blueprint: {resp.content}') exit() auth_flow_uuid = resp.json()['results'][0]['pk'] blueprint_name = resp.json()['results'][0]['name'] params = {'name': blueprint_name,'path': blueprint_path,'context':{},'enabled': blueprint_state} resp = session.put(f'https://$DOMAIN/api/v3/managed/blueprints/{auth_flow_uuid}/', json=params, headers={'Authorization':f'Bearer {my_token}'}) if resp.ok: print(f'{blueprint_name} enabled: {blueprint_state}') else: print(f'Error changing blueprint state: {resp.content}') """ } blueprint_cleanup() { /manage.py shell -c """ delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup'] Flow.objects.filter(slug__in=delete_flows).delete() Stage.objects.filter(flow=None).delete() Prompt.objects.filter(promptstage=None).delete() Tenant.objects.filter(default=True).delete() """ apply_blueprints }