spell fixes and disable email password secret
This commit is contained in:
21
.env.sample
21
.env.sample
@ -13,7 +13,7 @@ LETS_ENCRYPT_ENV=production
|
|||||||
SECRET_MINIO_ROOT_PASSWORD_VERSION=v1
|
SECRET_MINIO_ROOT_PASSWORD_VERSION=v1
|
||||||
SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
|
SECRET_COLLABORATION_SERVER_SECRET_VERSION=v1
|
||||||
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
||||||
SECRET_AWS_S3_SECRET_KEY_VERSION=v1
|
SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION=v1
|
||||||
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
|
SECRET_OIDC_RP_CLIENT_SECRET_VERSION=v1
|
||||||
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||||
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
|
SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION=v1
|
||||||
@ -35,18 +35,23 @@ DJANGO_EMAIL_PORT=1025
|
|||||||
# SINGLE SIGN ON
|
# SINGLE SIGN ON
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
|
# NOTE: OpenID Connect (OIDC) single sign-on is **required**, see recipe README
|
||||||
OIDC_OP_JWKS_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/certs
|
## Set those according to your needs
|
||||||
OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/auth
|
OIDC_RP_CLIENT_ID=docs
|
||||||
OIDC_OP_TOKEN_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/token
|
REALM_NAME=
|
||||||
OIDC_OP_USER_ENDPOINT=https://auth.${DOMAIN}/realms/impress/protocol/openid-connect/userinfo
|
SSO_DOMAIN=
|
||||||
OIDC_RP_CLIENT_ID=impress
|
|
||||||
|
## These can probably be left as-is
|
||||||
|
OIDC_OP_JWKS_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/certs
|
||||||
|
OIDC_OP_AUTHORIZATION_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/auth
|
||||||
|
OIDC_OP_TOKEN_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/token
|
||||||
|
OIDC_OP_USER_ENDPOINT=https://${SSO_DOMAIN}/realms/${REALM_NAME}/protocol/openid-connect/userinfo
|
||||||
OIDC_RP_SIGN_ALGO=RS256
|
OIDC_RP_SIGN_ALGO=RS256
|
||||||
OIDC_RP_SCOPES="openid email"
|
OIDC_RP_SCOPES="openid email"
|
||||||
LOGIN_REDIRECT_URL=https://${DOMAIN}
|
LOGIN_REDIRECT_URL=https://${DOMAIN}
|
||||||
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
|
LOGIN_REDIRECT_URL_FAILURE=https://${DOMAIN}
|
||||||
LOGOUT_REDIRECT_URL=https://${DOMAIN}
|
LOGOUT_REDIRECT_URL=https://${DOMAIN}
|
||||||
OIDC_REDIRECT_ALLOWED_HOSTS='["https://auth.${DOMAIN}", "https://${DOMAIN}"]'
|
OIDC_REDIRECT_ALLOWED_HOSTS='["https://id.docs.coop", "https://${DOMAIN}"]'
|
||||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
#OIDC_AUTH_REQUEST_EXTRA_PARAMS="{'acr_values'='eidas1'}"
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# LOGGING
|
# LOGGING
|
||||||
|
|||||||
27
compose.yml
27
compose.yml
@ -21,7 +21,8 @@ x-common-env: &common-env
|
|||||||
DJANGO_EMAIL_LOGO_IMG:
|
DJANGO_EMAIL_LOGO_IMG:
|
||||||
DJANGO_EMAIL_PORT:
|
DJANGO_EMAIL_PORT:
|
||||||
DJANGO_EMAIL_HOST_USER:
|
DJANGO_EMAIL_HOST_USER:
|
||||||
DJANGO_EMAIL_HOST_PASSWORD_FILE: /run/secrets/django_email_host_password
|
DJANGO_EMAIL_HOST_PASSWORD_FILE:
|
||||||
|
# /run/secrets/django_email_host_password
|
||||||
# Backend url
|
# Backend url
|
||||||
IMPRESS_BASE_URL: "https://${DOMAIN}"
|
IMPRESS_BASE_URL: "https://${DOMAIN}"
|
||||||
# Media
|
# Media
|
||||||
@ -100,11 +101,11 @@ services:
|
|||||||
secrets:
|
secrets:
|
||||||
- collaboration_server_secret
|
- collaboration_server_secret
|
||||||
- postgres_password
|
- postgres_password
|
||||||
- aws_s3_secret_key
|
- aws_s3_secret_access_key
|
||||||
- oidc_rp_client_secret
|
- oidc_rp_client_secret
|
||||||
- django_secret_key
|
- django_secret_key
|
||||||
- django_superuser_password
|
- django_superuser_password
|
||||||
- django_email_host_password
|
#- django_email_host_password
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "python", "manage.py", "check"]
|
test: ["CMD", "python", "manage.py", "check"]
|
||||||
interval: 15s
|
interval: 15s
|
||||||
@ -123,10 +124,10 @@ services:
|
|||||||
- collaboration_server_secret
|
- collaboration_server_secret
|
||||||
- django_superuser_password
|
- django_superuser_password
|
||||||
- postgres_password
|
- postgres_password
|
||||||
- aws_s3_secret_key
|
- aws_s3_secret_access_key
|
||||||
- oidc_rp_client_secret
|
- oidc_rp_client_secret
|
||||||
- django_secret_key
|
- django_secret_key
|
||||||
- django_email_host_password
|
#- django_email_host_password
|
||||||
|
|
||||||
y-provider:
|
y-provider:
|
||||||
image: lasuite/impress-y-provider:v3.6.0
|
image: lasuite/impress-y-provider:v3.6.0
|
||||||
@ -151,6 +152,8 @@ services:
|
|||||||
PGDATA: var/lib/postgresql/data/pgdata
|
PGDATA: var/lib/postgresql/data/pgdata
|
||||||
volumes:
|
volumes:
|
||||||
- postgres:/var/lib/postgresql/data/pgdata
|
- postgres:/var/lib/postgresql/data/pgdata
|
||||||
|
secrets:
|
||||||
|
- postgres_password
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||||
@ -169,7 +172,7 @@ services:
|
|||||||
|
|
||||||
minio-bootstrap:
|
minio-bootstrap:
|
||||||
# NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
|
# NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
|
||||||
image: minio/mc:RELEASE.2025-09-07T16-13-09Z
|
image: minio/mc:RELEASE.2025-08-13T08-35-41Z
|
||||||
environment:
|
environment:
|
||||||
- MINIO_ROOT_USER=minio
|
- MINIO_ROOT_USER=minio
|
||||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||||
@ -184,7 +187,7 @@ services:
|
|||||||
condition: none
|
condition: none
|
||||||
|
|
||||||
minio:
|
minio:
|
||||||
image: minio/minio:RELEASE.RELEASE.2025-09-07T16-13-09Z
|
image: minio/minio:RELEASE.2025-09-07T16-13-09Z
|
||||||
environment:
|
environment:
|
||||||
- MINIO_ROOT_USER=minio
|
- MINIO_ROOT_USER=minio
|
||||||
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
- MINIO_ROOT_PASSWORD_FILE=/run/secrets/minio_root_password
|
||||||
@ -272,8 +275,8 @@ secrets:
|
|||||||
postgres_password:
|
postgres_password:
|
||||||
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
aws_s3_secret_key:
|
aws_s3_secret_access_key:
|
||||||
name: ${STACK_NAME}_aws_s3_secret_key_${SECRET_AWS_S3_SECRET_KEY_VERSION}
|
name: ${STACK_NAME}_aws_s3_secret_access_key_${SECRET_AWS_S3_SECRET_ACCESS_KEY_VERSION}
|
||||||
external: true
|
external: true
|
||||||
oidc_rp_client_secret:
|
oidc_rp_client_secret:
|
||||||
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
|
name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION}
|
||||||
@ -284,6 +287,6 @@ secrets:
|
|||||||
django_superuser_password:
|
django_superuser_password:
|
||||||
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
|
name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
django_email_host_password:
|
# django_email_host_password:
|
||||||
name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
|
# name: ${STACK_NAME}_django_email_host_passsword_${SECRET_DJANGO_EMAIL_HOST_PASSWORD_VERSION}
|
||||||
external: true
|
# external: true
|
||||||
|
|||||||
Reference in New Issue
Block a user