diff --git a/.envrc.sample b/.envrc.sample index c01c2a7..2d75394 100644 --- a/.envrc.sample +++ b/.envrc.sample @@ -9,6 +9,7 @@ export ENTRYPOINT_CONF_VERSION=v1 # OAuth, see https://hackmd.io/@codimd/codimd-generic-oauth-2 +#export COMPOSE_FILE="compose.yml:compose.oauth.yml" #export CMD_OAUTH2_PROVIDERNAME="Keycloak" #export CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/" #export CMD_OAUTH2_CLIENT_ID="codimd" diff --git a/compose.oauth.yml b/compose.oauth.yml new file mode 100644 index 0000000..2afa404 --- /dev/null +++ b/compose.oauth.yml @@ -0,0 +1,21 @@ +--- +version: "3.8" + +services: + codimd: + environment: + - CMD_OAUTH2_PROVIDERNAME + - CMD_OAUTH2_BASEURL + - CMD_OAUTH2_CLIENT_ID + - CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key + - CMD_OAUTH2_AUTHORIZATION_URL + - CMD_OAUTH2_TOKEN_URL + - CMD_OAUTH2_USER_PROFILE_URL + - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR + secrets: + - oauth_key + +secrets: + oauth_key: + external: true + name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION} diff --git a/compose.yml b/compose.yml index 2f4f5ce..446076a 100644 --- a/compose.yml +++ b/compose.yml @@ -23,14 +23,7 @@ services: - CMD_DB_USER=codimd - CMD_DB_HOST=postgres - CMD_DB_PASSWORD_FILE=/run/secrets/db_password - - CMD_OAUTH2_PROVIDERNAME - - CMD_OAUTH2_BASEURL - - CMD_OAUTH2_CLIENT_ID - - CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key - - CMD_OAUTH2_AUTHORIZATION_URL - - CMD_OAUTH2_TOKEN_URL - - CMD_OAUTH2_USER_PROFILE_URL - - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR + - CMD_EMAIL # Email login enabled? depends_on: - postgres networks: @@ -40,7 +33,6 @@ services: - codimd_uploads:/home/hackmd/app/public/uploads secrets: - db_password - - oauth_key entrypoint: /docker-entrypoint2.sh configs: - source: entrypoint2_conf @@ -72,9 +64,6 @@ secrets: db_password: external: true name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION} - oauth_key: - external: true - name: ${STACK_NAME}_oauth_key_${OAUTH_KEY_VERSION} networks: proxy: