110 lines
3.3 KiB
Bash
110 lines
3.3 KiB
Bash
export CUSTOM_CSS_VERSION=v2
|
|
export FLOW_AUTHENTICATION_VERSION=v1
|
|
export FLOW_INVITATION_VERSION=v1
|
|
export FLOW_INVALIDATION_VERSION=v1
|
|
export FLOW_RECOVERY_VERSION=v1
|
|
export FLOW_TRANSLATION_VERSION=v1
|
|
export SYSTEM_TENANT_VERSION=v1
|
|
export NEXTCLOUD_CONFIG_VERSION=v1
|
|
|
|
customize() {
|
|
if [ -z "$1" ]
|
|
then
|
|
echo "Usage: ... customize <assets_path>"
|
|
exit 1
|
|
fi
|
|
asset_dir=$1
|
|
for asset in $COPY_ASSETS; do
|
|
source=$(echo $asset | cut -d "|" -f1)
|
|
target=$(echo $asset | cut -d "|" -f2)
|
|
echo copy $source to $target
|
|
abra app cp $APP_NAME $asset_dir/$source $target
|
|
done
|
|
}
|
|
|
|
set_admin_pass() {
|
|
password=$(cat /run/secrets/admin_pass)
|
|
token=$(cat /run/secrets/admin_token)
|
|
/manage.py shell -c """
|
|
akadmin = User.objects.get(username='akadmin')
|
|
akadmin.set_password('$password')
|
|
akadmin.save()
|
|
print('Changed akadmin password')
|
|
|
|
from authentik.core.models import TokenIntents
|
|
key='$token'
|
|
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
|
|
token.key=key
|
|
token.save()
|
|
print('Changed authentik-bootstrap-token')
|
|
else:
|
|
Token.objects.create(
|
|
identifier='authentik-bootstrap-token',
|
|
user=akadmin,
|
|
intent=TokenIntents.INTENT_API,
|
|
expiring=False,
|
|
key=key,
|
|
)
|
|
print('Created authentik-bootstrap-token')
|
|
"""
|
|
}
|
|
|
|
rotate_db_pass() {
|
|
db_password=$(cat /run/secrets/db_password)
|
|
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
|
|
}
|
|
|
|
apply_blueprints() {
|
|
enable_blueprint default/flow-default-authentication-flow.yaml
|
|
enable_blueprint default/flow-default-user-settings-flow.yaml
|
|
enable_blueprint default/flow-password-change.yaml
|
|
ak apply_blueprint 6_flow_invalidation.yaml
|
|
ak apply_blueprint 5_system_tenant.yaml
|
|
disable_blueprint default/flow-default-authentication-flow.yaml
|
|
disable_blueprint default/flow-default-user-settings-flow.yaml
|
|
disable_blueprint default/flow-password-change.yaml
|
|
}
|
|
|
|
disable_blueprint() {
|
|
blueprint_state False $@
|
|
}
|
|
|
|
enable_blueprint() {
|
|
blueprint_state True $@
|
|
}
|
|
|
|
blueprint_state() {
|
|
TOKEN=$(cat /run/secrets/admin_token)
|
|
python -c """
|
|
import requests
|
|
session = requests.Session()
|
|
my_token='$TOKEN'
|
|
blueprint_state=$1
|
|
blueprint_path='$2'
|
|
resp = session.get(f'https://$DOMAIN/api/v3/managed/blueprints/?path={blueprint_path}', headers={'Authorization':f'Bearer {my_token}'})
|
|
if not resp.ok:
|
|
print(f'Error fetching blueprint: {resp.content}')
|
|
exit()
|
|
auth_flow_uuid = resp.json()['results'][0]['pk']
|
|
blueprint_name = resp.json()['results'][0]['name']
|
|
params = {'name': blueprint_name,'path': blueprint_path,'context':{},'enabled': blueprint_state}
|
|
resp = session.put(f'https://$DOMAIN/api/v3/managed/blueprints/{auth_flow_uuid}/', json=params, headers={'Authorization':f'Bearer {my_token}'})
|
|
if resp.ok:
|
|
print(f'{blueprint_name} enabled: {blueprint_state}')
|
|
else:
|
|
print(f'Error changing blueprint state: {resp.content}')
|
|
"""
|
|
|
|
}
|
|
|
|
blueprint_cleanup() {
|
|
/manage.py shell -c """
|
|
delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup']
|
|
Flow.objects.filter(slug__in=delete_flows).delete()
|
|
Stage.objects.filter(flow=None).delete()
|
|
Prompt.objects.filter(promptstage=None).delete()
|
|
Tenant.objects.filter(default=True).delete()
|
|
"""
|
|
apply_blueprints
|
|
}
|