Enable healthcheck, OIDC

2025-08-04 13:50:23 +01:00
parent 48593f72a0
commit ba82be059c
4 changed files with 43 additions and 10 deletions
--- a/.env.sample
+++ b/.env.sample
@ -31,13 +31,27 @@ WEBLATE_ADMIN_NAME=Weblate Admin
 WEBLATE_ADMIN_EMAIL=weblate@example.com
 WEBLATE_SERVER_EMAIL=weblate@example.com
 WEBLATE_DEFAULT_FROM_EMAIL=weblate@example.com
-WEBLATE_REGISTRATION_OPEN=0

 # Extra
 #WEBLATE_TIME_ZONE=
-
 CLIENT_MAX_BODY_SIZE=1000M

+# Login
+WEBLATE_REGISTRATION_OPEN=0
+# Limit which backends can create accounts
+# https://docs.weblate.org/en/latest/admin/install/docker.html#envvar-WEBLATE_REGISTRATION_ALLOW_BACKENDS
+#WEBLATE_REGISTRATION_ALLOW_BACKENDS=oidc
+#WEBLATE_NO_EMAIL_AUTH=1
+
+# OpenID Connect
+#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
+#SECRET_OIDC_SECRET_VERSION=v1
+#WEBLATE_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT=
+#WEBLATE_SOCIAL_AUTH_OIDC_KEY=
+#WEBLATE_SOCIAL_AUTH_OIDC_USERNAME_KEY=
+#WEBLATE_SOCIAL_AUTH_OIDC_TITLE=
+#WEBLATE_SOCIAL_AUTH_OIDC_IMAGE=
+
 # FIXME: Below settings not yet implemented

 #WEBLATE_MT_GOOGLE_KEY=
--- a/TODO.md
+++ b/TODO.md
@ -1,6 +1,6 @@
 # Must

- [ ] Set up gitea access
+- [ ] Set up gitea access  https://docs.weblate.org/en/latest/admin/continuous.html#gitea-setup

 # Should

--- a/compose.oidc.yml
+++ b/compose.oidc.yml
@ -0,0 +1,17 @@
+--- 
+services:
+  app:
+    environment:
+      WEBLATE_SOCIAL_AUTH_OIDC_SECRET_FILE: /run/secrets/oidc_secret
+      WEBLATE_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT:
+      WEBLATE_SOCIAL_AUTH_OIDC_KEY:
+      WEBLATE_SOCIAL_AUTH_OIDC_USERNAME_KEY:
+      WEBLATE_SOCIAL_AUTH_OIDC_TITLE:
+      WEBLATE_SOCIAL_AUTH_OIDC_IMAGE:
+    secrets:
+      - oidc_secret
+      
+secrets:
+  oidc_secret: 
+    external: true
+    name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION}
--- a/compose.yml
+++ b/compose.yml
@ -19,9 +19,11 @@ services:
      WEBLATE_SERVER_EMAIL:
      WEBLATE_DEFAULT_FROM_EMAIL:
      WEBLATE_ALLOWED_HOSTS: "*"
-      WEBLATE_REGISTRATION_OPEN:
      WEBLATE_TIME_ZONE:
      CLIENT_MAX_BODY_SIZE:
+      # Login
+      WEBLATE_REGISTRATION_OPEN:
+      WEBLATE_REGISTRATION_ALLOW_BACKENDS:
      # Cache
      # https://docs.weblate.org/en/latest/admin/install.html#production-cache
      REDIS_HOST: cache
@ -65,12 +67,12 @@ services:
        ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
        # - "backupbot.backup=true"
        # - "backupbot.backup.path=/some/path"
-    # healthcheck:
-    #   test: ["CMD", "curl", "-f", "http://localhost"]
-    #   interval: 30s
-    #   timeout: 10s
-    #   retries: 10
-    #   start_period: 1m
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/healthz/"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m

  cache:
    image: redis:8-alpine