export CUSTOM_CSS_VERSION=v2 export FLOW_AUTHENTICATION_VERSION=v1 export FLOW_INVITATION_VERSION=v1 export FLOW_INVALIDATION_VERSION=v1 export FLOW_RECOVERY_VERSION=v1 export FLOW_TRANSLATION_VERSION=v1 export SYSTEM_TENANT_VERSION=v1 export NEXTCLOUD_CONFIG_VERSION=v1 export WORDPRESS_CONFIG_VERSION=v1 export MATRIX_CONFIG_VERSION=v1 export WEKAN_CONFIG_VERSION=v2 export VIKUNJA_CONFIG_VERSION=v1 customize() { if [ -z "$1" ] then echo "Usage: ... customize " exit 1 fi asset_dir=$1 for asset in $COPY_ASSETS; do source=$(echo $asset | cut -d "|" -f1) target=$(echo $asset | cut -d "|" -f2) echo copy $source to $target abra app cp $APP_NAME $asset_dir/$source $target done } set_admin_pass() { password=$(cat /run/secrets/admin_pass) token=$(cat /run/secrets/admin_token) /manage.py shell -c """ akadmin = User.objects.get(username='akadmin') akadmin.set_password('$password') akadmin.save() print('Changed akadmin password') from authentik.core.models import TokenIntents key='$token' if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()): token.key=key token.save() print('Changed authentik-bootstrap-token') else: Token.objects.create( identifier='authentik-bootstrap-token', user=akadmin, intent=TokenIntents.INTENT_API, expiring=False, key=key, ) print('Created authentik-bootstrap-token') """ 2>&1 | quieten } rotate_db_pass() { db_password=$(cat /run/secrets/db_password) psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';""" } apply_blueprints() { enable_blueprint default/flow-default-authentication-flow.yaml enable_blueprint default/flow-default-user-settings-flow.yaml enable_blueprint default/flow-password-change.yaml ak apply_blueprint 6_flow_invalidation.yaml 2>&1 | quieten ak apply_blueprint 5_system_tenant.yaml 2>&1 | quieten disable_blueprint default/flow-default-authentication-flow.yaml disable_blueprint default/flow-default-user-settings-flow.yaml disable_blueprint default/flow-password-change.yaml } disable_blueprint() { blueprint_state False $@ } enable_blueprint() { blueprint_state True $@ } blueprint_state() { /manage.py shell -c """ blueprint_state=$1 blueprint_path='$2' blueprint = BlueprintInstance.objects.filter(path=blueprint_path).first() blueprint.enabled = blueprint_state print(f'{blueprint.name} enabled: {blueprint.enabled}') """ 2>&1 | quieten } add_applications(){ /manage.py shell -c """ import json if '$APPLICATIONS' == '': exit() applications = json.loads('$APPLICATIONS') for name, url in applications.items(): print(f'Add {name}: {url}') app = Application.objects.filter(name=name).first() if not app: app = Application() app.name = name app.slug = name.replace(' ', '-') app.meta_launch_url = url app.open_in_new_tab = True app.save() """ 2>&1 | quieten } quieten(){ grep -v '{"event"' } set_icons(){ for icon in $APP_ICONS; do app=$(echo $icon | cut -d ":" -f1) file_path=$(eval echo $(echo $icon | cut -d ":" -f2)) file=$(basename $file_path) echo copy icon $file_path for $app abra app cp $APP_NAME $file_path app:/media/ abra app cmd -T $APP_NAME app set_app_icon $app /media/$file done } set_app_icon() { TOKEN=$(cat /run/secrets/admin_token) python -c """ import requests import os my_token = '$TOKEN' application = '$1' icon_path = '$2' url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/' headers = {'Authorization':f'Bearer {my_token}'} with open(icon_path, 'rb') as img: name_img = os.path.basename(icon_path) files= {'file': (name_img,img,'image/png') } with requests.Session() as s: r = s.post(url,files=files,headers=headers) print(r.status_code) """ } blueprint_cleanup() { /manage.py shell -c """ delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup'] Flow.objects.filter(slug__in=delete_flows).delete() Stage.objects.filter(flow=None).delete() Prompt.objects.filter(promptstage=None).delete() Tenant.objects.filter(default=True).delete() """ 2>&1 | quieten apply_blueprints }