From ba82be059c0f5ba7d8bdff930c96902bb151d8a3 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Mon, 4 Aug 2025 13:50:23 +0100 Subject: [PATCH] Enable healthcheck, OIDC --- .env.sample | 18 ++++++++++++++++-- TODO.md | 2 +- compose.oidc.yml | 17 +++++++++++++++++ compose.yml | 16 +++++++++------- 4 files changed, 43 insertions(+), 10 deletions(-) create mode 100644 compose.oidc.yml diff --git a/.env.sample b/.env.sample index 2289069..4f103f0 100644 --- a/.env.sample +++ b/.env.sample @@ -31,13 +31,27 @@ WEBLATE_ADMIN_NAME=Weblate Admin WEBLATE_ADMIN_EMAIL=weblate@example.com WEBLATE_SERVER_EMAIL=weblate@example.com WEBLATE_DEFAULT_FROM_EMAIL=weblate@example.com -WEBLATE_REGISTRATION_OPEN=0 # Extra #WEBLATE_TIME_ZONE= - CLIENT_MAX_BODY_SIZE=1000M +# Login +WEBLATE_REGISTRATION_OPEN=0 +# Limit which backends can create accounts +# https://docs.weblate.org/en/latest/admin/install/docker.html#envvar-WEBLATE_REGISTRATION_ALLOW_BACKENDS +#WEBLATE_REGISTRATION_ALLOW_BACKENDS=oidc +#WEBLATE_NO_EMAIL_AUTH=1 + +# OpenID Connect +#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml" +#SECRET_OIDC_SECRET_VERSION=v1 +#WEBLATE_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT= +#WEBLATE_SOCIAL_AUTH_OIDC_KEY= +#WEBLATE_SOCIAL_AUTH_OIDC_USERNAME_KEY= +#WEBLATE_SOCIAL_AUTH_OIDC_TITLE= +#WEBLATE_SOCIAL_AUTH_OIDC_IMAGE= + # FIXME: Below settings not yet implemented #WEBLATE_MT_GOOGLE_KEY= diff --git a/TODO.md b/TODO.md index 2e96c04..a9fe940 100644 --- a/TODO.md +++ b/TODO.md @@ -1,6 +1,6 @@ # Must -- [ ] Set up gitea access +- [ ] Set up gitea access https://docs.weblate.org/en/latest/admin/continuous.html#gitea-setup # Should diff --git a/compose.oidc.yml b/compose.oidc.yml new file mode 100644 index 0000000..c3964c2 --- /dev/null +++ b/compose.oidc.yml @@ -0,0 +1,17 @@ +--- +services: + app: + environment: + WEBLATE_SOCIAL_AUTH_OIDC_SECRET_FILE: /run/secrets/oidc_secret + WEBLATE_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: + WEBLATE_SOCIAL_AUTH_OIDC_KEY: + WEBLATE_SOCIAL_AUTH_OIDC_USERNAME_KEY: + WEBLATE_SOCIAL_AUTH_OIDC_TITLE: + WEBLATE_SOCIAL_AUTH_OIDC_IMAGE: + secrets: + - oidc_secret + +secrets: + oidc_secret: + external: true + name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION} diff --git a/compose.yml b/compose.yml index b6af02b..d069155 100644 --- a/compose.yml +++ b/compose.yml @@ -19,9 +19,11 @@ services: WEBLATE_SERVER_EMAIL: WEBLATE_DEFAULT_FROM_EMAIL: WEBLATE_ALLOWED_HOSTS: "*" - WEBLATE_REGISTRATION_OPEN: WEBLATE_TIME_ZONE: CLIENT_MAX_BODY_SIZE: + # Login + WEBLATE_REGISTRATION_OPEN: + WEBLATE_REGISTRATION_ALLOW_BACKENDS: # Cache # https://docs.weblate.org/en/latest/admin/install.html#production-cache REDIS_HOST: cache @@ -65,12 +67,12 @@ services: ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore # - "backupbot.backup=true" # - "backupbot.backup.path=/some/path" - # healthcheck: - # test: ["CMD", "curl", "-f", "http://localhost"] - # interval: 30s - # timeout: 10s - # retries: 10 - # start_period: 1m + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/healthz/"] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m cache: image: redis:8-alpine