Compare commits
11 Commits
1.2.0+apac
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| f4cf71b0da | |||
| 8d831e94d7 | |||
| e00ccf9905 | |||
| 075c908af8 | |||
| 275642e6f7 | |||
| 0c43c0dba3 | |||
| ff926f9e3d | |||
| 5a173462da | |||
| ec09a755d9 | |||
| 58e83a8999 | |||
| d59ee9bcbd |
@ -17,11 +17,12 @@ steps:
|
||||
DOMAIN: kimai.swarm-test.autonomic.zone
|
||||
STACK_NAME: kimai
|
||||
LETS_ENCRYPT_ENV: production
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
LOCAL_CONF_VERSION: v1
|
||||
ENTRYPOINT_CONF_VERSION: v2
|
||||
LOCAL_CONF_VERSION: v2
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION: v1
|
||||
SECRET_ADMIN_PASSWORD_VERSION: v1
|
||||
SECRET_SSO_CERT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
@ -37,7 +38,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -5,6 +5,8 @@ DOMAIN=kimai.example.com
|
||||
#EXTRA_DOMAINS=', `www.kimai.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||
|
||||
@ -23,7 +23,7 @@ Based on the recommended [`tobybatch/kimai2`] compose file.
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. `abra app run YOURAPPDOMAIN app create_admin`
|
||||
6. Retrieve the admin password and username with this command `abra app run <DOMAIN> cat /run/secrets/admin_password`
|
||||
|
||||
[Kimai]: https://www.kimai.org/
|
||||
[`tobybatch/kimai2`]: https://tobybatch.github.io/kimai2/docker-compose.html#docker-compose
|
||||
@ -33,4 +33,4 @@ Based on the recommended [`tobybatch/kimai2`] compose file.
|
||||
## SSO
|
||||
|
||||
To enable SSO, after running the blueprint in Authentik and before deploying Kimai, you need to add the Authentik Self-Signed-Certificate as secret in Kimai via the following command:
|
||||
`abra app cmd -l kimai.tmp.dev.local-it.cloud insert_authentik_certificate`
|
||||
`abra app cmd -l YOURAPPDOMAIN insert_authentik_certificate`
|
||||
|
||||
4
abra.sh
4
abra.sh
@ -1,5 +1,5 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
export LOCAL_CONF_VERSION=v2
|
||||
export ENTRYPOINT_CONF_VERSION=v2
|
||||
export LOCAL_CONF_VERSION=v3
|
||||
|
||||
create_admin () {
|
||||
export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$(cat /run/secrets/db_password)@$DATABASE_HOST/$DATABASE_NAME"
|
||||
|
||||
12
compose.yml
12
compose.yml
@ -1,7 +1,7 @@
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: kimai/kimai2:apache-2.19.1-prod
|
||||
image: kimai/kimai2:apache-2.34.0
|
||||
environment:
|
||||
- APP_ENV=prod
|
||||
- TRUSTED_HOSTS=localhost,traefik,${DOMAIN},127.0.0.1
|
||||
@ -58,7 +58,7 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.0+apache-2.19.1-prod"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.4.0+apache-2.34.0"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
db:
|
||||
image: mysql:5.7
|
||||
@ -83,10 +83,10 @@ services:
|
||||
start_period: 1m
|
||||
deploy:
|
||||
labels:
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.pre-hook=sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" kimai > /var/lib/mysql/backup.sql'"
|
||||
- "backupbot.backup.post-hook=rm -f /var/lib/mysql/backup.sql"
|
||||
- "backupbot.backup.path=/var/lib/mysql/backup.sql"
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" kimai > /var/lib/mysql/backup.sql'
|
||||
backupbot.backup.volumes.mariadb.path: "backup.sql"
|
||||
backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" kimai < /var/lib/mysql/backup.sql'
|
||||
|
||||
volumes:
|
||||
kimai_var:
|
||||
|
||||
@ -38,8 +38,8 @@ export DATABASE_URL="$DATABASE_TYPE://$DATABASE_USER:$DATABASE_PASSWORD@$DATABAS
|
||||
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
# 3wc: upstream ENTRYPOINT
|
||||
# https://github.com/tobybatch/kimai2/blob/main/Dockerfile#L226
|
||||
/startup.sh
|
||||
# https://github.com/kimai/kimai/blob/main/Dockerfile#L278
|
||||
/entrypoint.sh
|
||||
fi
|
||||
|
||||
set +eu
|
||||
|
||||
@ -11,8 +11,8 @@ kimai:
|
||||
attribute: http://schemas.xmlsoap.org/claims/Group
|
||||
mapping:
|
||||
# Insert your roles here (ROLE_USER is added automatically)
|
||||
- { saml: admin.group, kimai: ROLE_ADMIN }
|
||||
- { saml: "authentik Admins", kimai: ROLE_ADMIN }
|
||||
- { saml: admin.group, kimai: ROLE_SUPER_ADMIN }
|
||||
- { saml: "authentik Admins", kimai: ROLE_SUPER_ADMIN }
|
||||
connection:
|
||||
# You SAML provider
|
||||
# Your Authentik instance, replace https://authentik.company with your authentik URL
|
||||
|
||||
Reference in New Issue
Block a user