coop-cloud/kimai
coop-cloud
/
kimai
1
0
Fork 1
Code Issues 1 Pull Requests Releases Wiki Activity

Compare commits

base: coop-cloud:0.2.0+apache-debian-1.29.1-prod
Branches Tags
coop-cloud:main
coop-cloud:keycloak
coop-cloud:1.1.3+apache-2.15.0-prod
coop-cloud:1.1.2+apache-2.15.0-prod
coop-cloud:1.1.1+apache-2.15.0-prod
coop-cloud:1.1.0+apache-2.15.0-prod
coop-cloud:1.0.0+apache-2.15.0-prod
coop-cloud:0.3.0+apache-1.29.1-prod
coop-cloud:0.2.0+apache-debian-1.29.1-prod
coop-cloud:0.1.0+apache-debian-1.26.0-prod
...
compare: coop-cloud:main
Branches Tags
coop-cloud:main
coop-cloud:keycloak
coop-cloud:1.1.3+apache-2.15.0-prod
coop-cloud:1.1.2+apache-2.15.0-prod
coop-cloud:1.1.1+apache-2.15.0-prod
coop-cloud:1.1.0+apache-2.15.0-prod
coop-cloud:1.0.0+apache-2.15.0-prod
coop-cloud:0.3.0+apache-1.29.1-prod
coop-cloud:0.2.0+apache-debian-1.29.1-prod
coop-cloud:0.1.0+apache-debian-1.26.0-prod

21 Commits
0.2.0+apac ... main

Author SHA1 Message Date
Simon d50c448e2e chore: publish 1.1.3+apache-2.15.0-prod release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-13 16:29:56 +02:00
Simon 5fe82a2331 chore: publish 1.1.2+apache-2.15.0-prod release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-13 12:53:36 +02:00
Simon 46ea1ef7dd chore: publish 1.1.1+apache-2.15.0-prod release
continuous-integration/drone/tag Build is passing Details
continuous-integration/drone/push Build is failing Details
2024-05-13 12:40:25 +02:00
Simon 2db79ed046 chore: publish 1.1.0+apache-2.15.0-prod release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-13 11:57:50 +02:00
Simon cd0f4e743e adjust healthcheck and timeouts
continuous-integration/drone/push Build is failing Details
2024-05-13 11:53:39 +02:00
Moritz 7ec54e395d add insert_authentik_certificate() function
continuous-integration/drone/push Build is failing Details
2024-05-08 21:52:25 +02:00
Simon 7f73b1c79e store authentik certificate as secret
continuous-integration/drone/push Build is failing Details
2024-05-08 13:05:44 +02:00
Simon 5bd20ca185 add smtp config
continuous-integration/drone/push Build is passing Details
2024-05-07 17:53:28 +02:00
Simon dc2d7c7b99 map authentik admin group to kimai admins
continuous-integration/drone/push Build is passing Details
2024-05-07 16:52:45 +02:00
Simon aae873dfe5 activate healthchecks
continuous-integration/drone/push Build is passing Details
2024-05-07 16:10:55 +02:00
Simon 028eb71e34 add release note
continuous-integration/drone/push Build is passing Details
2024-04-24 15:58:47 +02:00
Simon facbb958a5 chore: publish 1.0.0+apache-2.15.0-prod release
continuous-integration/drone/tag Build is passing Details
continuous-integration/drone/push Build is passing Details
2024-04-24 15:58:05 +02:00
Moritz a4f02cf0a4 fix backup label path
continuous-integration/drone/push Build is passing Details
2024-04-17 17:19:04 +02:00
Philipp Rothmann 92c3bcf27e chore: cleanup
continuous-integration/drone/push Build is passing Details
2023-04-24 11:50:41 +02:00
Philipp Rothmann 5c4f6098bf fix: backupbot labels 2023-04-24 11:49:38 +02:00
Moritz 7220e08109 fix version label
continuous-integration/drone/push Build is passing Details
2023-02-28 15:27:11 +01:00
3wc af070f42e7 Switch to self-hosted stack-ssh-deploy image [mass update]
continuous-integration/drone/push Build is passing Details
2023-01-21 11:49:56 -08:00
3wc ca97a2b248 Add drone configs / secrets [mass update]
continuous-integration/drone/push Build is passing Details
2023-01-20 21:32:06 -08:00
3wc f42ad06dbf Fix CI by adding networks: [mass update]
continuous-integration/drone/push Build is failing Details
2023-01-20 11:58:41 -08:00
3wc e88b9bdc76 Automatically generate catalogue on release [mass update]
continuous-integration/drone/push Build is failing Details 
Re: coop-cloud/recipes-catalogue-json#4
 2023-01-20 10:27:11 -08:00
3wc 7f8382687a Update abra syntax in examples (finally) [mass update]
continuous-integration/drone/push Build is failing Details
2023-01-19 16:02:27 -08:00
7 changed files with 79 additions and 45 deletions
Show Stats Expand all files Collapse all files

27
.drone.yml
View File

@ -3,10 +3,12 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone name: deploy to swarm-test.autonomic.zone
steps: steps:
- name: deployment - name: deployment
image: decentral1se/stack-ssh-deploy:latest image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings: settings:
host: swarm-test.autonomic.zone host: swarm-test.autonomic.zone
stack: kimai stack: kimai
networks:
- proxy
deploy_key: deploy_key:
from_secret: drone_ssh_swarm_test from_secret: drone_ssh_swarm_test
generate_secrets: true generate_secrets: true
@ -16,19 +18,26 @@ steps:
STACK_NAME: kimai STACK_NAME: kimai
LETS_ENCRYPT_ENV: production LETS_ENCRYPT_ENV: production
ENTRYPOINT_CONF_VERSION: v1 ENTRYPOINT_CONF_VERSION: v1
ADMIN_PASSWORD_VERSION: v1 LOCAL_CONF_VERSION: v1
DB_PASSWORD_VERSION: v1 SECRET_DB_PASSWORD_VERSION: v1
DB_ROOT_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1
SECRET_ADMIN_PASSWORD_VERSION: v1
trigger: trigger:
branch: branch:
- main - main
--- ---
kind: pipeline kind: pipeline
name: recipe release name: generate recipe catalogue
steps: steps:
- name: release a new version - name: release a new version
image: thecoopcloud/drone-abra:latest image: plugins/downstream
settings: settings:
command: recipe kimai release server: https://build.coopcloud.tech
deploy_key: token:
from_secret: abra_bot_deploy_key from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

13
.env.sample
View File

@ -8,9 +8,12 @@ LETS_ENCRYPT_ENV=production
SECRET_DB_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1
SECRET_DB_ROOT_PASSWORD_VERSION=v1 SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1 SECRET_ADMIN_PASSWORD_VERSION=v1
SECRET_SSO_CERT_VERSION=v1
# SSO_ENABLED=0 # SSO_ENABLED=1
# SSO_PROVIDER_URL=https://sso.example.org/ # SSO_PROVIDER_URL=https://authentik.example.com/
# SSO_SAML_URL=https://sso.example.org/application/saml/<application-slug>/sso/binding/redirect/ # SSO_SAML_URL=https://authentik.example.com/application/saml/kimai/sso/binding/redirect/
# SSO_LOGOUT_URL=https://sso.example.org/if/session-end/<application-slug>/ # SSO_LOGOUT_URL=https://authentik.example.com/if/session-end/kimai/slo/binding/redirect/
# SSO_CERT="muchmuchbase64certificatefoobar=="
# MAILER_URL="smtp://<from>:<password>%3F@<mailserver>:587"
# MAILER_FROM="Kimai Notifications noreply@example.com"

17
README.md
View File

@ -8,11 +8,11 @@ CoöpCloud [Kimai] ✊⏰
* **Category**: Apps * **Category**: Apps
* **Status**: ? * **Status**: ?
* **Image**: [`kimai/kimai2`](https://hub.docker.com/kimai/kimai2), 4, upstream * **Image**: [`kimai/kimai2`](https://hub.docker.com/kimai/kimai2), 4, upstream
* **Healthcheck**: No * **Healthcheck**: Yes
* **Backups**: No * **Backups**: Yes
* **Email**: No * **Email**: Yes
* **Tests**: 2 * **Tests**: 2
* **SSO**: No * **SSO**: Yes
<!-- endmetadata --> <!-- endmetadata -->
Based on the recommended [`tobybatch/kimai2`] compose file. Based on the recommended [`tobybatch/kimai2`] compose file.
@ -20,12 +20,17 @@ Based on the recommended [`tobybatch/kimai2`] compose file.
1. Set up Docker Swarm and [`abra`] 1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`] 2. Deploy [`coop-cloud/traefik`]
3. `abra app new kimai --secrets` 3. `abra app new kimai --secrets`
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to 4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy` 5. `abra app deploy YOURAPPDOMAIN`
6. `abra app run YOURAPPDOMAIN app create_admin` 6. `abra app run YOURAPPDOMAIN app create_admin`
[Kimai]: https://www.kimai.org/ [Kimai]: https://www.kimai.org/
[`tobybatch/kimai2`]: https://tobybatch.github.io/kimai2/docker-compose.html#docker-compose [`tobybatch/kimai2`]: https://tobybatch.github.io/kimai2/docker-compose.html#docker-compose
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
## SSO
To enable SSO, after running the blueprint in Authentik and before deploying Kimai, you need to add the Authentik Self-Signed-Certificate as secret in Kimai via the following command:
`abra app cmd -l kimai.tmp.dev.local-it.cloud insert_authentik_certificate`

8
abra.sh
View File

@ -1,7 +1,13 @@
export ENTRYPOINT_CONF_VERSION=v1 export ENTRYPOINT_CONF_VERSION=v1
export LOCAL_CONF_VERSION=v1 export LOCAL_CONF_VERSION=v2
create_admin () { create_admin () {
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME" export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
/opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN /opt/kimai/bin/console kimai:create-user admin admin@example.org ROLE_SUPER_ADMIN
} }
insert_authentik_certificate() {
SSO_PROVIDER_DOMAIN=$(echo $SSO_PROVIDER_URL | cut -d '/' -f 3)
CERT=$(abra app cmd -T $SSO_PROVIDER_DOMAIN worker get_certificate Kimai)
abra app secret insert $APP_NAME sso_cert v1 $CERT
}

53
compose.yml
View File

@ -1,7 +1,7 @@
version: '3.8' version: '3.8'
services: services:
app: app:
image: kimai/kimai2:apache-1.29.1-prod image: kimai/kimai2:apache-2.15.0-prod
environment: environment:
- APP_ENV=prod - APP_ENV=prod
- TRUSTED_HOSTS=localhost,traefik,${DOMAIN},127.0.0.1 - TRUSTED_HOSTS=localhost,traefik,${DOMAIN},127.0.0.1
@ -10,7 +10,7 @@ services:
- ADMINPASS_FILE=/run/secrets/admin_password - ADMINPASS_FILE=/run/secrets/admin_password
- DATABASE_TYPE=mysql - DATABASE_TYPE=mysql
- DATABASE_HOST=db - DATABASE_HOST=db
- DATABASE_NAME=kimai - DATABASE_NAME=kimai?charset=utf8mb4&serverVersion=5.7
- DATABASE_USER=kimai - DATABASE_USER=kimai
- DATABASE_PASSWORD_FILE=/run/secrets/db_password - DATABASE_PASSWORD_FILE=/run/secrets/db_password
- DOMAIN - DOMAIN
@ -18,7 +18,8 @@ services:
- SSO_PROVIDER_URL - SSO_PROVIDER_URL
- SSO_SAML_URL - SSO_SAML_URL
- SSO_LOGOUT_URL - SSO_LOGOUT_URL
- SSO_CERT - MAILER_URL
- MAILER_FROM
volumes: volumes:
- kimai_public:/opt/kimai/public - kimai_public:/opt/kimai/public
- kimai_var:/opt/kimai/var - kimai_var:/opt/kimai/var
@ -34,16 +35,16 @@ services:
secrets: secrets:
- db_password - db_password
- admin_password - admin_password
- sso_cert
depends_on: depends_on:
- db - db
#entrypoint: ['tail', '-f', '/dev/null']
entrypoint: /docker-entrypoint.sh entrypoint: /docker-entrypoint.sh
#healthcheck: healthcheck:
# test: curl -s -o /dev/null http://localhost:8001 || exit 1 test: curl -s -o /dev/null http://localhost:8001 || exit 1
# interval: 20s interval: 30s
# start_period: 10s start_period: 3m
# timeout: 10s timeout: 10s
# retries: 3 retries: 10
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
@ -57,7 +58,8 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- coop-cloud.${STACK_NAME}.app.version=0.2.0+apache-debian-1.29.1-prod - "coop-cloud.${STACK_NAME}.version=1.1.3+apache-2.15.0-prod"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
db: db:
image: mysql:5.7 image: mysql:5.7
environment: environment:
@ -73,24 +75,25 @@ services:
- db_password - db_password
- db_root_password - db_root_password
command: --default-storage-engine innodb command: --default-storage-engine innodb
#healthcheck: healthcheck:
# test: mysqladmin -pchangemeplease ping -h localhost test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping -h localhost']
# interval: 20s interval: 30s
# start_period: 10s timeout: 10s
# timeout: 10s retries: 10
# retries: 3 start_period: 1m
deploy: deploy:
labels: labels:
- backupbot.backup="true" - "backupbot.backup=true"
- backupbot.backup.pre-hook='mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" kimai > /tmp/backup/backup.sql' - "backupbot.backup.pre-hook=sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" kimai > /var/lib/mysql/backup.sql'"
- backupbot.backup.post-hook="rm -rf /tmp/backup" - "backupbot.backup.post-hook=rm -f /var/lib/mysql/backup.sql"
- backupbot.backup.path="/tmp/backup/" - "backupbot.backup.path=/var/lib/mysql/backup.sql"
volumes: volumes:
kimai_var: kimai_var:
kimai_public: kimai_public:
mariadb: mariadb:
secrets: secrets:
db_password: db_password:
external: true external: true
@ -101,10 +104,16 @@ secrets:
admin_password: admin_password:
external: true external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
sso_cert:
external: true
name: ${STACK_NAME}_sso_cert_${SECRET_SSO_CERT_VERSION}
networks: networks:
proxy: proxy:
external: true external: true
internal: internal:
configs: configs:
entrypoint_conf: entrypoint_conf:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION} name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}

5
local.yaml.tmpl
View File

@ -7,10 +7,12 @@ kimai:
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email } - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, kimai: email }
- { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias } - { saml: $http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, kimai: alias }
roles: roles:
resetOnLogin: true
attribute: http://schemas.xmlsoap.org/claims/Group attribute: http://schemas.xmlsoap.org/claims/Group
mapping: mapping:
# Insert your roles here (ROLE_USER is added automatically) # Insert your roles here (ROLE_USER is added automatically)
- { saml: admin.group, kimai: ROLE_ADMIN } - { saml: admin.group, kimai: ROLE_ADMIN }
- { saml: "authentik Admins", kimai: ROLE_ADMIN }
connection: connection:
# You SAML provider # You SAML provider
# Your Authentik instance, replace https://authentik.company with your authentik URL # Your Authentik instance, replace https://authentik.company with your authentik URL
@ -19,12 +21,11 @@ kimai:
singleSignOnService: singleSignOnService:
url: "{{ env "SSO_SAML_URL" }}" url: "{{ env "SSO_SAML_URL" }}"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# the "single logout" feature was not yet tested, if you want to help, please let me know!
singleLogoutService: singleLogoutService:
url: "{{ env "SSO_LOGOUT_URL" }}" url: "{{ env "SSO_LOGOUT_URL" }}"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
# Signing certificate from *Advanced protocol settings* # Signing certificate from *Advanced protocol settings*
x509cert: "{{ env "SSO_CERT" }}" x509cert: "{{ secret "sso_cert" }}"
# Service Provider Data that we are deploying. # Service Provider Data that we are deploying.
# Your Kimai instance, replace https://kimai.dev.local-it.cloud with your Kimai URL # Your Kimai instance, replace https://kimai.dev.local-it.cloud with your Kimai URL
sp: sp:

1
release/1.0.0+apache-2.15.0-prod Normal file
View File

@ -0,0 +1 @@
Make sure to have have a working backup before upgrading!