add alakazam integration file alaconnect.yml

Reviewed-on: #1

.drone.yml

@@ -0,0 +1,41 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: wekan
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+      networks:
+        - proxy
+    environment:
+      DOMAIN: wekan.swarm-test.autonomic.zone
+      STACK_NAME: wekan
+      LETS_ENCRYPT_ENV: production
+      SECRET_OAUTH2_SECRET_VERSION: v1
+      ENTRYPOINT_VERSION: v1
+      SECRET_OAUTH2_SECRET_VERSION: v1
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -1,4 +1,6 @@
 TYPE=wekan
+TIMEOUT=300
+ENABLE_AUTO_UPDATE=true
 LETS_ENCRYPT_ENV=production
 SECRET_OAUTH2_SECRET_VERSION=v1
 
@@ -7,8 +9,8 @@ COMPOSE_FILE="compose.yml"
 # Set this to run mongodb in replicaset mode (needs initialisation!)
 # COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
 
-DOMAIN=board.${DOMAIN}
-ROOT_URL=https://board.${DOMAIN}
+DOMAIN=wekan.example.com
+ROOT_URL=https://wekan.example.com
 
 DEBUG=false
 
@@ -29,7 +31,7 @@ RICHER_CARD_COMMENT_EDITOR=false
 OAUTH2_ENABLED=false
 # OAUTH2_LOGIN_STYLE=redirect
 # OAUTH2_CLIENT_ID=wekan
-# OAUTH2_SERVER_URL=https://sso.${DOMAIN}
+# OAUTH2_SERVER_URL=https://authentik.example.com
 # OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
 # OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
 # OAUTH2_TOKEN_ENDPOINT=/application/o/token/
@@ -39,6 +41,7 @@ OAUTH2_ENABLED=false
 # OAUTH2_FULLNAME_MAP=given_name
 # OAUTH2_EMAIL_MAP=email
 # PROPAGATE_OIDC_DATA=true
+# OIDC_REDIRECTION_ENABLED=true
 
 
 ### LDAP ###

README.md

@@ -38,4 +38,16 @@ after mongo conaintainer came up the first time run:
 ```
 abra app run wekan.example.org db mongo
 > rs.initiate() 
-```
+```
+
+## Promote user to admin
+
+If using SSO, it might happen that there is no admin user. If so, you can fix it manually in the database:
+
+```
+$ abra app run <app-name> db bash
+# mongo
+> use wekan
+> db.users.find({'username': '<your username>'})
+> db.users.updateOne({'_id': '<_id from result above>'}, {$set: {'isAdmin': true}})
+```

abra.sh

@@ -1,2 +1 @@
-export SECRET_OAUTH2_SECRET_VERSION=v1
 export ENTRYPOINT_VERSION=v2

alaconnect.yml

@@ -0,0 +1,20 @@
+authentik:
+    env: 
+        OAUTH2_ENABLED: "true"
+        OAUTH2_SERVER_URL: https://authentik.example.com
+        # TODO: set CLIENT_ID as secret
+        OAUTH2_CLIENT_ID: wekan
+    uncomment:
+        - OAUTH2_LOGIN_STYLE
+        - OAUTH2_AUTH_ENDPOINT
+        - OAUTH2_USERINFO_ENDPOINT
+        - OAUTH2_TOKEN_ENDPOINT
+        - OAUTH2_REQUEST_PERMISSIONS
+        - OAUTH2_ID_MAP
+        - OAUTH2_USERNAME_MAP
+        - OAUTH2_FULLNAME_MAP
+        - OAUTH2_EMAIL_MAP
+        - PROPAGATE_OIDC_DATA
+        - OIDC_REDIRECTION_ENABLED
+    shared_secrets:
+        wekan_secret: oauth2_secret

compose.yml

@@ -1,8 +1,8 @@
 version: '3.8'
 services:
   db:
-    image: mongo:4.4
-    command: mongod --oplogSize 128 --replSet rs0 
+    image: mongo:5.0
+    command: mongod --oplogSize 128 --quiet
     volumes:
       - wekan-db:/data/db
     networks:
@@ -16,15 +16,14 @@ services:
     deploy:
       labels:
         backupbot.backup: "true"
-        backupbot.backup.pre-hook: "mkdir /tmp/backup/ && mongodump --archive=/tmp/backup/wekan.db"
-        backupbot.backup.post-hook: "rm -rf /tmp/backup"
-        backupbot.backup.path: "/tmp/backup/"
+        backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
+        backupbot.backup.post-hook: "rm -rf /data/db/wekan.db"
+        backupbot.backup.path: "/data/db/wekan.db"
 
   app:
-    image: quay.io/wekan/wekan:v6.28
+    image: quay.io/wekan/wekan:v7.30
     environment:
-      - MONGO_URL
-      - MONGO_OPLOG_URL
+      - MONGO_URL=mongodb://db:27017/wekan
       - DOMAIN
       - ROOT_URL
       - DEBUG
@@ -33,7 +32,7 @@ services:
       - WITH_API
       - RICHER_CARD_COMMENT_EDITOR
       - CORS
-      - CORS_ALLOW_HEADERS 
+      - CORS_ALLOW_HEADERS
       - CORS_EXPOSE_HEADERS
       - PASSWORD_LOGIN_ENABLED
       - OAUTH2_ENABLED
@@ -51,9 +50,10 @@ services:
       - OAUTH2_EMAIL_MAP
       - DEFAULT_AUTHENTICATION_METHOD
       - PROPAGATE_OIDC_DATA
+      - OIDC_REDIRECTION_ENABLED
     networks:
-      - internal 
-      - proxy 
+      - internal
+      - proxy
     depends_on:
       - db
     healthcheck:
@@ -83,11 +83,12 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=0.6.0+v6.28"
+        - "coop-cloud.${STACK_NAME}.version=2.1.0+v7.30"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
 volumes:
   wekan-db:
-  
+
 networks:
   proxy:
     external: true