coop-cloud/loomio
1
0
Fork 1
Code Issues 4 Pull Requests 2 Projects Releases Wiki Activity

add OAuth2 env variables #14

Merged
jmakdah2 merged 3 commits from jmakdah2/loomio:OAuth2 into main 2025-07-31 23:30:50 +00:00
Conversation 5 Commits 3 Files Changed 5 +47
5 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.drone.yml
View File

@ -22,6 +22,7 @@ steps:
SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
SECRET_DB_PASSWORD_VERSION: v1
SECRET_SMTP_PASSWORD_VERSION: v1
SECRET_OAUTH_APP_SECRET_VERSION: v1
trigger:
branch:
- main

14
.env.sample
View File

@ -90,3 +90,17 @@ SECRET_DB_PASSWORD_VERSION=v1
# THEME_ACCENT_COLOR=rgb(0,188,212)
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
# env variables needed to enable OAuth2 authentication
# COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
# OAUTH_ENABLED=1
# OAUTH_AUTH_URL=
# OAUTH_TOKEN_URL=
# OAUTH_PROFILE_URL=
# OAUTH_SCOPE=
# OAUTH_APP_KEY=
# OAUTH_ATTR_UID=
decentral1se marked this conversation as resolved
decentral1se commented 2025-07-24 08:50:59 +00:00
Review
Copy Link

Can the secret be configured as a file based secret using an entrypoint hack?

Several other recipes do this to get around the fact the upstream doesn't support it.

You store it in a secret and use the entrypoint to expose it from the FS.

entrypoint.sh.tmpl Lines 5 to 28 in 2744684292
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "PEERTUBE_DB_PASSWORD"
file_env "PEERTUBE_SECRET"

Can the secret be configured as a file based secret using an entrypoint hack? Several other recipes do this to get around the fact the upstream doesn't support it. You store it in a secret and use the entrypoint to expose it from the FS. https://git.coopcloud.tech/coop-cloud/peertube/src/commit/2744684292d66053a9681ac57692b9f026863dde/entrypoint.sh.tmpl#L5-L28
👍 1
3wordchant commented 2025-07-24 13:57:57 +00:00
Review
Copy Link

Yep, and no need to add file_env, it's already in use in the entrypoint: https://git.coopcloud.tech/coop-cloud/loomio/src/branch/main/entrypoint.sh#L24-L29

Yep, and no need to add `file_env`, it's already in use in the entrypoint: https://git.coopcloud.tech/coop-cloud/loomio/src/branch/main/entrypoint.sh#L24-L29
👍 1
jmakdah2 commented 2025-07-27 23:49:34 +00:00
Review
Copy Link

oh this is a much nicer solution :) i've updated it to use that hack

oh this is a much nicer solution :) i've updated it to use that hack
❤️ 1
# OAUTH_ATTR_NAME=
# OAUTH_ATTR_EMAIL=
# OAUTH_LOGIN_PROVIDER_NAME=
# SECRET_OAUTH_APP_SECRET_VERSION=v1

25
compose.oauth.yml Normal file
View File

@ -0,0 +1,25 @@
version: "3.8"
x-oauth-env: &oauth-env
OAUTH_AUTH_URL:
OAUTH_TOKEN_URL:
OAUTH_PROFILE_URL:
OAUTH_SCOPE:
OAUTH_APP_KEY:
OAUTH_APP_SECRET_FILE: /run/secrets/oauth_app_secret
OAUTH_ATTR_UID:
OAUTH_ATTR_NAME:
OAUTH_ATTR_EMAIL:
OAUTH_LOGIN_PROVIDER_NAME:
services:
app:
environment:
*oauth-env
secrets:
- oauth_app_secret
secrets:
oauth_app_secret:
name: ${STACK_NAME}_oauth_app_secret_${SECRET_OAUTH_APP_SECRET_VERSION}
external: true

5
entrypoint.sh
View File

@ -25,6 +25,11 @@ file_env "DEVISE_SECRET"
file_env "SECRET_COOKIE_TOKEN"
file_env "POSTGRES_PASSWORD"
file_env "SMTP_PASSWORD"
{{ if eq (env "OAUTH_ENABLED") "1" }}
file_env "OAUTH_APP_SECRET"
{{ end }}
export DB_HOST="db"
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"

2
release/5.1.0+v3.0.0 Normal file
View File

@ -0,0 +1,2 @@
Add support for OAuth2. To use this feature copy and populate the new oauth2 env variables from the .env.sample to your locale .env config and insert the oauth2_app_secret secret into your recipe:
abra app secret insert <domain> oauth_app_secret v1 <your oauth2 client secret>