feat: init

2025-04-15 01:22:06 +02:00
commit 5bbb17cf0f
8 changed files with 1475 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,21 @@
+TYPE=rauthy
+DOMAIN=rauthy.example.com
+LETS_ENCRYPT_ENV=production
+
+COMPOSE_FILE="compose.yml"
+
+ADMIN_EMAIL=admin@example.org
+ADMIN_FORCE_MFA=true
+
+SECRET_ENC_KEYS_VERSION=v1
+ENC_KEY_ACTIVE=""
+
+SECRET_HQL_RAFT_VERSION=v1
+SECRET_HQL_API_VERSION=v1
+
+# SMTP
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#SMTP_ENABLED=1
+#EMAIL_SUB_PREFIX="Rauthy IAM"
+#SMTP_USERNAME=
+#SECRET_SMTP_PASSWORD_VERSION=v1
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.envrc
--- a/README.md
+++ b/README.md
@ -0,0 +1,43 @@
+# rauthy
+
+> OpenID Connect Single Sign-On Identity & Access Management
+
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**: 0
+* **Image**: [`rauthy`](https://ghcr.io/sebadob/rauthy), 4, upstream
+* **Healthcheck**: No
+* **Backups**: No
+* **Email**: No
+* **Tests**: No
+* **SSO**: No
+
+<!-- endmetadata -->
+
+## Quick start
+
+* `abra app new rauthy`
+
+### Generate encryption keys
+
+* `echo "$(openssl rand -hex 4)/$(openssl rand -base64 32)"`
+* `abra app secret insert <app> enc_keys v1 <enc-key>`
+* `abra app config <app>`
+  * **N.B** you need to match the `ENC_KEYS_ACTIVE` env var with the start of
+    the generated `ENC_KEYS` value (everything before the `/`. See [the
+    docs](https://sebadob.github.io/rauthy/config/encryption.html) for more)
+
+### Generate secrets
+
+* `abra app secret generate <app> -a`
+
+### Deploy
+
+* `abra app deploy <app>`
+* `abra app logs <app>`
+  * You'll see the automatically generated admin password in the initial logs.
+    Ensure that you reset this password after you log in. The `ADMIN_EMAIL` env
+    var controls the value of the admin login username.
+
+For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
--- a/abra.sh
+++ b/abra.sh
@ -0,0 +1 @@
+export RAUTHY_CFG_VERSION=v1
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -0,0 +1,16 @@
+---
+version: "3.13"
+
+services:
+  app:
+    environment:
+      - EMAIL_SUB_PREFIX
+      - SMTP_FROM
+      - SMTP_USERNAME
+    secrets:
+      - smtp_password
+
+secrets:
+  smtp_password:
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+    external: true
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,56 @@
+---
+version: "3.13"
+
+services:
+  app:
+    image: ghcr.io/sebadob/rauthy:0.28.3
+    environment:
+      - ADMIN_EMAIL
+      - ADMIN_FORCE_MFA
+      - DOMAIN
+      - ENC_KEY_ACTIVE
+    configs:
+      - source: rauthy_cfg
+        target: /app/rauthy.cfg
+    secrets:
+      - enc_keys
+      - hql_api
+      - hql_raft
+    volumes:
+      - data:/app/data
+    networks:
+      - proxy
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "coop-cloud.${STACK_NAME}.version=0.1.0+0.28.3"
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  rauthy_cfg:
+    name: ${STACK_NAME}_rauthy_cfg_${RAUTHY_CFG_VERSION}
+    file: rauthy.cfg.tmpl
+    template_driver: golang
+
+secrets:
+  enc_keys:
+    name: ${STACK_NAME}_enc_keys_${SECRET_ENC_KEYS_VERSION}
+    external: true
+  hql_raft:
+    name: ${STACK_NAME}_hql_raft_${SECRET_HQL_RAFT_VERSION}
+    external: true
+  hql_api:
+    name: ${STACK_NAME}_hql_api_${SECRET_HQL_API_VERSION}
+    external: true
+
+volumes:
+  data:
--- a/rauthy.cfg.tmpl
+++ b/rauthy.cfg.tmpl
--- a/release/.git-keep-me
+++ b/release/.git-keep-me