add OIDC (DRAWBRIDGED, NEED A LICENSE KEY)

.env.sample

@@ -44,3 +44,8 @@ COMPOSE_FILE="compose.yml"
 #MS_GRAPH_CLIENT_ID=
 #COMPOSE_FILE="$COMPOSE_FILE:compose.microsoft.yml"
 #SECRET_MS_GRAPH_CLIENT_SECRET_VERSION=v1
+
+## Enable OIDC (jk you need a license key)
+#COMPOSE_FILE="${COMPOSE_FILE}:compose.oidc.yml"
+#OIDCDB_PASSWORD_VERSION=v1
+#SAML_ADMINS=user@example.com

abra.sh

@@ -1 +1 @@
-export ENTRYPOINT_CONF_VERSION=v8
+export ENTRYPOINT_CONF_VERSION=v9

compose.oidc.yml

@@ -0,0 +1,40 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - SAML_ADMINS
+      - OIDCDB_USER=oidc
+      - OIDCDB_PASSWORD_FILE=/run/secrets/oidcdb_password
+      - OIDCDB_HOST=oidcdb
+      - OIDC_DB=oidc
+    secrets:
+      - oidcdb_password
+
+  oidcdb:
+    image: "postgres:13-alpine"
+    networks:
+      - backend
+    secrets:
+      - oidcdb_password
+    environment:
+      - POSTGRES_DB=oidc
+      - POSTGRES_USER=oidc
+      - POSTGRES_PASSWORD_FILE=/run/secrets/oidcdb_password
+    volumes:
+      - "oidc_postgres:/var/lib/postgresql/data"
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: 'bash -c "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"'
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"
+
+secrets:
+  oidcdb_password:
+    external: true
+    name: ${STACK_NAME}_oidcdb_password_${OIDCDB_PASSWORD_VERSION}
+
+volumes:
+  oidc_postgres:

entrypoint.sh

@@ -34,8 +34,10 @@ load_vars() {
 	file_env "GOOGLE_API_CREDENTIALS"
 	file_env "MS_GRAPH_CLIENT_SECRET"
 	file_env "ZOOM_CLIENT_SECRET"
+  file_env "OIDCDB_PASSWORD"
 
 	export "DATABASE_URL=postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB"
+  export "SAML_DATABASE_URL=postgresql://$OIDCDB_USER:$OIDCDB_PASSWORD@$OIDCDB_HOST:5432/$OIDC_DB"
 }
 
 main() {