feat: init

2025-04-15 01:22:06 +02:00
commit 5bbb17cf0f
8 changed files with 1475 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,21 @@
 TYPE=rauthy
 DOMAIN=rauthy.example.com
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
 ADMIN_EMAIL=admin@example.org
 ADMIN_FORCE_MFA=true
 SECRET_ENC_KEYS_VERSION=v1
 ENC_KEY_ACTIVE=""
 SECRET_HQL_RAFT_VERSION=v1
 SECRET_HQL_API_VERSION=v1
 # SMTP
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_ENABLED=1
 #EMAIL_SUB_PREFIX="Rauthy IAM"
 #SMTP_USERNAME=
 #SECRET_SMTP_PASSWORD_VERSION=v1
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 .envrc
--- a/README.md
+++ b/README.md
@ -0,0 +1,43 @@
 # rauthy
 > OpenID Connect Single Sign-On Identity & Access Management
 <!-- metadata -->
 * **Category**: Apps
 * **Status**: 0
 * **Image**: [`rauthy`](https://ghcr.io/sebadob/rauthy), 4, upstream
 * **Healthcheck**: No
 * **Backups**: No
 * **Email**: No
 * **Tests**: No
 * **SSO**: No
 <!-- endmetadata -->
 ## Quick start
 * `abra app new rauthy`
 ### Generate encryption keys
 * `echo "$(openssl rand -hex 4)/$(openssl rand -base64 32)"`
 * `abra app secret insert <app> enc_keys v1 <enc-key>`
 * `abra app config <app>`
  * **N.B** you need to match the `ENC_KEYS_ACTIVE` env var with the start of
    the generated `ENC_KEYS` value (everything before the `/`. See [the
    docs](https://sebadob.github.io/rauthy/config/encryption.html) for more)
 ### Generate secrets
 * `abra app secret generate <app> -a`
 ### Deploy
 * `abra app deploy <app>`
 * `abra app logs <app>`
  * You'll see the automatically generated admin password in the initial logs.
    Ensure that you reset this password after you log in. The `ADMIN_EMAIL` env
    var controls the value of the admin login username.
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
--- a/abra.sh
+++ b/abra.sh
@ -0,0 +1 @@
 export RAUTHY_CFG_VERSION=v1
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -0,0 +1,16 @@
 ---
 version: "3.13"
 services:
  app:
    environment:
      - EMAIL_SUB_PREFIX
      - SMTP_FROM
      - SMTP_USERNAME
    secrets:
      - smtp_password
 secrets:
  smtp_password:
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
    external: true
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,56 @@
 ---
 version: "3.13"
 services:
  app:
    image: ghcr.io/sebadob/rauthy:0.28.3
    environment:
      - ADMIN_EMAIL
      - ADMIN_FORCE_MFA
      - DOMAIN
      - ENC_KEY_ACTIVE
    configs:
      - source: rauthy_cfg
        target: /app/rauthy.cfg
    secrets:
      - enc_keys
      - hql_api
      - hql_raft
    volumes:
      - data:/app/data
    networks:
      - proxy
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+0.28.3"
 networks:
  proxy:
    external: true
 configs:
  rauthy_cfg:
    name: ${STACK_NAME}_rauthy_cfg_${RAUTHY_CFG_VERSION}
    file: rauthy.cfg.tmpl
    template_driver: golang
 secrets:
  enc_keys:
    name: ${STACK_NAME}_enc_keys_${SECRET_ENC_KEYS_VERSION}
    external: true
  hql_raft:
    name: ${STACK_NAME}_hql_raft_${SECRET_HQL_RAFT_VERSION}
    external: true
  hql_api:
    name: ${STACK_NAME}_hql_api_${SECRET_HQL_API_VERSION}
    external: true
 volumes:
  data:
--- a/rauthy.cfg.tmpl
+++ b/rauthy.cfg.tmpl
--- a/release/.git-keep-me
+++ b/release/.git-keep-me