Compare commits
10 Commits
0.1.0+apac
...
0.3.0+apac
| Author | SHA1 | Date | |
|---|---|---|---|
| 915a3e83e7 | |||
| 0c691d8f40 | |||
| 7220e08109 | |||
| af070f42e7 | |||
| ca97a2b248 | |||
| f42ad06dbf | |||
| e88b9bdc76 | |||
| 7f8382687a | |||
| d73939218e | |||
9e087bda4a
|
27
.drone.yml
27
.drone.yml
@ -3,10 +3,12 @@ kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: kimai
|
||||
networks:
|
||||
- proxy
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
generate_secrets: true
|
||||
@ -16,19 +18,26 @@ steps:
|
||||
STACK_NAME: kimai
|
||||
LETS_ENCRYPT_ENV: production
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
ADMIN_PASSWORD_VERSION: v1
|
||||
DB_PASSWORD_VERSION: v1
|
||||
DB_ROOT_PASSWORD_VERSION: v1
|
||||
LOCAL_CONF_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION: v1
|
||||
SECRET_ADMIN_PASSWORD_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
command: recipe kimai release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -10,6 +10,9 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||
|
||||
# SSO_ENABLED=0
|
||||
## only set one of those depending on which SSO you're using
|
||||
# SSO_AUTHENTIK=1
|
||||
# SSO_KEYCLOAK=0
|
||||
# SSO_PROVIDER_URL=https://sso.example.org/
|
||||
# SSO_SAML_URL=https://sso.example.org/application/saml/<application-slug>/sso/binding/redirect/
|
||||
# SSO_LOGOUT_URL=https://sso.example.org/if/session-end/<application-slug>/
|
||||
|
||||
@ -20,9 +20,9 @@ Based on the recommended [`tobybatch/kimai2`] compose file.
|
||||
1. Set up Docker Swarm and [`abra`]
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new kimai --secrets`
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. `abra app run YOURAPPDOMAIN app create_admin`
|
||||
|
||||
[Kimai]: https://www.kimai.org/
|
||||
|
||||
4
abra.sh
4
abra.sh
@ -1,7 +1,7 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
export LOCAL_CONF_VERSION=v1
|
||||
export LOCAL_CONF_VERSION=v3
|
||||
|
||||
create_admin () {
|
||||
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
|
||||
/opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN
|
||||
/opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN
|
||||
}
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: kimai/kimai2:apache-1.26.0-prod
|
||||
image: kimai/kimai2:apache-1.29.1-prod
|
||||
environment:
|
||||
- APP_ENV=prod
|
||||
- TRUSTED_HOSTS=localhost,traefik,${DOMAIN},127.0.0.1
|
||||
@ -15,6 +15,8 @@ services:
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DOMAIN
|
||||
- SSO_ENABLED
|
||||
- SSO_KEYCLOAK
|
||||
- SSO_AUTHENTIK
|
||||
- SSO_PROVIDER_URL
|
||||
- SSO_SAML_URL
|
||||
- SSO_LOGOUT_URL
|
||||
@ -57,7 +59,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- coop-cloud.${STACK_NAME}.app.version=0.1.0+apache-debian-1.26.0-prod
|
||||
- "coop-cloud.${STACK_NAME}.version=0.3.0+apache-1.29.1-prod"
|
||||
db:
|
||||
image: mysql:5.7
|
||||
environment:
|
||||
|
||||
@ -3,14 +3,27 @@ kimai:
|
||||
saml:
|
||||
activate: true
|
||||
title: Login with SAML
|
||||
{{ if eq (env "SSO_AUTHENTIK") "1" }}
|
||||
mapping:
|
||||
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
|
||||
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
|
||||
roles:
|
||||
attribute: http://schemas.xmlsoap.org/claims/Group
|
||||
resetOnLogin: true
|
||||
attribute: Roles
|
||||
mapping:
|
||||
# Insert your roles here (ROLE_USER is added automatically)
|
||||
- { saml: admin.group, kimai: ROLE_ADMIN }
|
||||
{{ else if eq (env "SSO_KEYCLOAK") "1" }}
|
||||
mapping:
|
||||
- { saml: $Email, kimai: email }
|
||||
- { saml: $FirstName $LastName, kimai: alias }
|
||||
roles:
|
||||
resetOnLogin: true
|
||||
attribute: Roles
|
||||
mapping:
|
||||
- { saml: Admins, kimai: ROLE_ADMIN }
|
||||
- { saml: Management, kimai: ROLE_TEAMLEAD }
|
||||
{{ end }}
|
||||
connection:
|
||||
# You SAML provider
|
||||
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
||||
|
||||
5
release/0.3.0+apache-debian-1.29.1-prod
Normal file
5
release/0.3.0+apache-debian-1.29.1-prod
Normal file
@ -0,0 +1,5 @@
|
||||
If you have SSO enabled this upgrade will break unless you add
|
||||
`SSO_KEYCLOAK=1` or `SSO_AUTHENTIK=1` in your env file for kimai!
|
||||
This allows us to support both SSO methods
|
||||
|
||||
knoflook @ kotec.pl
|
||||
Reference in New Issue
Block a user