coop-cloud/mattermost
coop-cloud/mattermost
1
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

working on sso support

Browse Source
This commit is contained in:
marlon 2025-02-09 14:47:02 -05:00
parent f58c9a2aab
commit cdc7d659a0
6 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.env.sample
View File

@ -9,8 +9,18 @@ LETS_ENCRYPT_ENV=production
# Secret Versions # Secret Versions
SECRET_POSTGRES_PASSWORD_VERSION=v1 SECRET_POSTGRES_PASSWORD_VERSION=v1
COMPOSE_FILE="compose.yml"
# Container Settings # Container Settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'. ## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia ## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=UTC TZ=UTC
## SSO config
#COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
#SSO_DOMAIN=accounts.example.com
#ORG_NAME="My Organization"
#SSO_APP=mattermost
#SSO_ID=
#SECRET_MATTERMOST_SSO_SECRET_VERSION=v1

1
abra.sh
View File

@ -1 +1,2 @@
export ENTRYPOINT_VERSION=v1 export ENTRYPOINT_VERSION=v1
export GITLAB_CONFIG_VERSION=v1

21
compose.sso.yml Normal file
View File

@ -0,0 +1,21 @@
version: "3.8"
services:
app:
configs:
- source: gitlab_config_patch
target: /gitlab_config_patch.json
mode: 0555
secrets:
- mattermost_sso_secret
secrets:
mattermost_sso_secret:
external: true
name: ${STACK_NAME}_mattermost_sso_secret_${SECRET_MATTERMOST_SSO_SECRET_VERSION}
configs:
gitlab_config_patch:
name: ${STACK_NAME}_gitlab_config_${GITLAB_CONFIG_VERSION}
file: ./gitlab_config_patch.json.tmpl
template_driver: golang

2
compose.yml
View File

@ -59,7 +59,6 @@ services:
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
backupbot.backup.path: "/var/lib/postgresql/data/" backupbot.backup.path: "/var/lib/postgresql/data/"
secrets: secrets:
postgres_password: postgres_password:
external: true external: true
@ -70,6 +69,7 @@ configs:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: ./entrypoint.sh file: ./entrypoint.sh
networks: networks:
proxy: proxy:
external: true external: true

9
entrypoint.sh
View File

@ -15,5 +15,12 @@ else
exit 1 exit 1
fi fi
# Patch Mattermost config to enable SSO
if test -f "/run/secrets/mattermost_sso_secret"; then
export PATCH=`cat /gitlab_config_patch.json`
jq ".GitLabSettings = $PATCH" < mattermost/docker/volumes/app/mattermost/config/config.json > tmp.json &&
mv tmp.json mattermost/docker/volumes/app/mattermost/config/config.json
fi
# https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile # https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile
/entrypoint.sh "mattermost" /entrypoint.sh "mattermost"

12
gitlab_config_patch.json.tmpl Normal file
View File

@ -0,0 +1,12 @@
{
"Enable": true,
"Secret": "${MATTERMOST_SSO_SECRET}",
"Id": "${SSO_ID}",
"Scope": "",
"AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/",
"TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/",
"UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/",
"DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration",
"ButtonText": "${ORG_NAME}",
"ButtonColor": "#ff0000"
}