diff --git a/.env.sample b/.env.sample index dca65a4..d090ff1 100644 --- a/.env.sample +++ b/.env.sample @@ -72,6 +72,16 @@ RETENTION_MAX_LIFETIME=4w ## TURN +#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak3.yml" +#KEYCLOAK3_ENABLED=1 +#KEYCLOAK3_ID=keycloak3 +#KEYCLOAK3_NAME= +#KEYCLOAK3_URL= +#KEYCLOAK3_CLIENT_ID= +#KEYCLOAK3_CLIENT_DOMAIN= +#KEYCLOAK3_ALLOW_EXISTING_USERS=false +#SECRET_KEYCLOAK3_CLIENT_SECRET_VERSION=v1 + #COMPOSE_FILE="$COMPOSE_FILE:compose.turn.yml" #TURN_ENABLED=1 #TURN_URIS="[\"turns:coturn.foo.zone?transport=udp\", \"turns:coturn.foo.zone?transport=tcp\"]" diff --git a/abra.sh b/abra.sh index 0a943d5..722c951 100644 --- a/abra.sh +++ b/abra.sh @@ -1,6 +1,6 @@ export DISCORD_BRIDGE_YAML_VERSION=v2 export ENTRYPOINT_CONF_VERSION=v1 -export HOMESERVER_YAML_VERSION=v17 +export HOMESERVER_YAML_VERSION=v18 export LOG_CONFIG_VERSION=v2 export SHARED_SECRET_AUTH_VERSION=v1 export SIGNAL_BRIDGE_YAML_VERSION=v4 diff --git a/compose.keycloak2.yml b/compose.keycloak2.yml new file mode 100644 index 0000000..a956e61 --- /dev/null +++ b/compose.keycloak2.yml @@ -0,0 +1,17 @@ +--- +version: "3.8" + +services: + app: + secrets: + - keycloak2_client_secret + environment: + - KEYCLOAK2_CLIENT_ID + - KEYCLOAK2_ENABLED + - KEYCLOAK2_NAME + - KEYCLOAK2_URL + +secrets: + keycloak2_client_secret: + external: true + name: ${STACK_NAME}_keycloak2_client_secret_${SECRET_KEYCLOAK2_CLIENT_SECRET_VERSION} diff --git a/compose.keycloak3.yml b/compose.keycloak3.yml new file mode 100644 index 0000000..ec8514c --- /dev/null +++ b/compose.keycloak3.yml @@ -0,0 +1,19 @@ +--- +version: "3.8" + +services: + app: + secrets: + - keycloak3_client_secret + environment: + - KEYCLOAK3_ALLOW_EXISTING_USERS + - KEYCLOAK3_CLIENT_ID + - KEYCLOAK3_ENABLED + - KEYCLOAK3_ID + - KEYCLOAK3_NAME + - KEYCLOAK3_URL + +secrets: + keycloak3_client_secret: + external: true + name: ${STACK_NAME}_keycloak3_client_secret_${SECRET_KEYCLOAK3_CLIENT_SECRET_VERSION} diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index 9fcfc5d..8438625 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -604,6 +604,32 @@ oidc_providers: display_name_template: "{{ "{{ user.name }}" }}" {{ end }} + {{ if eq (env "KEYCLOAK2_ENABLED") "1" }} + - idp_id: keycloak2 + idp_name: {{ env "KEYCLOAK2_NAME" }} + issuer: "{{ env "KEYCLOAK2_URL" }}" + client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}" + client_secret: "{{ secret "keycloak2_client_secret" }}" + scopes: ["openid", "profile"] + user_mapping_provider: + config: + localpart_template: "{{ "{{ user.preferred_username }}" }}" + display_name_template: "{{ "{{ user.name }}" }}" + {{ end }} + + {{ if eq (env "KEYCLOAK3_ENABLED") "1" }} + - idp_id: keycloak3 + idp_name: {{ env "KEYCLOAK3_NAME" }} + issuer: "{{ env "KEYCLOAK3_URL" }}" + client_id: "{{ env "KEYCLOAK3_CLIENT_ID" }}" + client_secret: "{{ secret "keycloak3_client_secret" }}" + scopes: ["openid", "profile"] + user_mapping_provider: + config: + localpart_template: "{{ "{{ user.preferred_username }}" }}" + display_name_template: "{{ "{{ user.name }}" }}" + {{ end }} + # Additional settings to use with single-sign on systems such as OpenID Connect, # SAML2 and CAS. #