export CUSTOM_CSS_VERSION=v2 export FLOW_AUTHENTICATION_VERSION=v3 export FLOW_INVITATION_VERSION=v2 export FLOW_INVALIDATION_VERSION=v2 export FLOW_RECOVERY_VERSION=v1 export FLOW_TRANSLATION_VERSION=v3 export SYSTEM_TENANT_VERSION=v3 export NEXTCLOUD_CONFIG_VERSION=v1 export WORDPRESS_CONFIG_VERSION=v2 export MATRIX_CONFIG_VERSION=v1 export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 export OUTLINE_CONFIG_VERSION=v1 export RALLLY_CONFIG_VERSION=v1 export HEDGEDOC_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1 export DB_ENTRYPOINT_VERSION=v1 customize() { if [ -z "$1" ] then echo "Usage: ... customize " exit 1 fi asset_dir=$1 for asset in $COPY_ASSETS; do source=$(echo $asset | cut -d "|" -f1) target=$(echo $asset | cut -d "|" -f2) echo copy $source to $target abra app cp $APP_NAME $asset_dir/$source $target done } import_user() { if [ -z "$1" ] then echo "Usage: ... import_user " exit 1 fi source_file=$1 filename=$(basename $source_file) abra app cp $APP_NAME $source_file worker:/tmp/ abra app cmd -T $APP_NAME worker _import_user $filename } _import_user() { /manage.py shell -c """ import csv new_user = User() with open('/tmp/$1', newline='') as file: reader = csv.reader(file) for row in reader: name = row[0].strip() username = row[1].strip() email = row[2].strip() groups = row[3].split(';') if User.objects.filter(username=username): continue new_user = User.objects.create(name=name, username=username, email=email) for group_name in groups: group_name = group_name.strip() if Group.objects.filter(name=group_name): group = Group.objects.get(name=group_name) else: group = Group.objects.create(name=group_name) group.users.add(new_user) """ 2>&1 | quieten } set_admin_pass() { password=$(cat /run/secrets/admin_pass) token=$(cat /run/secrets/admin_token) /manage.py shell -c """ akadmin = User.objects.get(username='akadmin') akadmin.set_password('$password') akadmin.save() print('Changed akadmin password') from authentik.core.models import TokenIntents key='$token' if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()): token.key=key token.save() print('Changed authentik-bootstrap-token') else: Token.objects.create( identifier='authentik-bootstrap-token', user=akadmin, intent=TokenIntents.INTENT_API, expiring=False, key=key, ) print('Created authentik-bootstrap-token') """ 2>&1 | quieten } rotate_db_pass() { db_password=$(cat /run/secrets/db_password) psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';""" } # This function is for blueprints that are overwriting custom blueprints # It deactivates the affected custom blueprints to avoid changes to be reverted apply_blueprints() { update_and_disable_blueprint default/flow-password-change.yaml update_and_disable_blueprint default/flow-default-authentication-flow.yaml update_and_disable_blueprint default/flow-default-user-settings-flow.yaml update_and_disable_blueprint default/flow-default-source-enrollment.yaml apply_blueprint 3_flow_translation.yaml apply_blueprint 2_flow_authentication.yaml } update_and_disable_blueprint() { enable_blueprint $@ 2>&1 | quieten sleep 1 apply_blueprint $@ sleep 1 disable_blueprint $@ 2>&1 | quieten } disable_blueprint() { blueprint_state False $@ } enable_blueprint() { blueprint_state True $@ } apply_blueprint() { echo apply blueprint $@ ak apply_blueprint $@ 2>&1 | quieten } blueprint_state() { /manage.py shell -c """ import time blueprint_state=$1 blueprint_path='$2' blueprint = BlueprintInstance.objects.filter(path=blueprint_path).first() blueprint.enabled = blueprint_state # Hacky workaround to reduce chance of a race condition blueprint.save() time.sleep(1) blueprint.save() time.sleep(1) blueprint.save() print(f'{blueprint.name} enabled: {blueprint.enabled}') """ 2>&1 | quieten } add_applications(){ /manage.py shell -c """ import json if '$APPLICATIONS' == '': exit() applications = json.loads('$APPLICATIONS') for name, url in applications.items(): print(f'Add {name}: {url}') app = Application.objects.filter(name=name).first() if not app: app = Application() app.name = name app.slug = name.replace(' ', '-') app.meta_launch_url = url app.open_in_new_tab = True app.save() """ 2>&1 | quieten } quieten(){ grep -v -e '{"event"' -e '{"action"' } add_email_templates(){ for file_path in "$@"; do echo copy template $file_path abra app cp $APP_NAME $file_path app:/templates/ done } set_icons(){ for icon in $APP_ICONS; do app=$(echo $icon | cut -d ":" -f1) file_path=$(eval echo $(echo $icon | cut -d ":" -f2)) file=$(basename $file_path) echo copy icon $file_path for $app abra app cp $APP_NAME $file_path app:/media/ abra app cmd -T $APP_NAME app set_app_icon $app /media/$file done } set_app_icon() { TOKEN=$(cat /run/secrets/admin_token) python -c """ import requests import os my_token = '$TOKEN' application = '$1' icon_path = '$2' url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/' headers = {'Authorization':f'Bearer {my_token}'} with open(icon_path, 'rb') as img: name_img = os.path.basename(icon_path) files= {'file': (name_img,img,'image/png') } with requests.Session() as s: r = s.post(url,files=files,headers=headers) print(r.status_code) """ } blueprint_cleanup() { /manage.py shell -c """ delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup'] Flow.objects.filter(slug__in=delete_flows).delete() Stage.objects.filter(flow=None).delete() Prompt.objects.filter(promptstage=None).delete() Tenant.objects.filter(default=True).delete() """ 2>&1 | quieten apply_blueprints }