docs: add Keycloak SSO entry to .env.sample, fix missing quote on public-db line

.drone.yml

@@ -1,30 +1,30 @@
----
-kind: pipeline
-name: deploy to swarm-test.autonomic.zone
-steps:
-  - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
-    settings:
-      host: swarm-test.autonomic.zone
-      stack: wordpress
-      generate_secrets: true
-      purge: true
-      deploy_key:
-        from_secret: drone_ssh_swarm_test
-      networks:
-        - proxy
-    environment:
-      DOMAIN: wordpress.swarm-test.autonomic.zone
-      STACK_NAME: wordpress
-      LETS_ENCRYPT_ENV: production
-      SECRET_DB_PASSWORD_VERSION: v1
-      SECRET_DB_ROOT_PASSWORD_VERSION: v1
-      PHP_UPLOADS_CONF_VERSION: v1
-      ENTRYPOINT_CONF_VERSION: v1
-      HTACCESS_CONF_VERSION: v1
-trigger:
-  branch:
-    - main
+# ---
+# kind: pipeline
+# name: deploy to swarm-test.autonomic.zone
+# steps:
+#   - name: deployment
+#     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+#     settings:
+#       host: swarm-test.autonomic.zone
+#       stack: wordpress
+#       generate_secrets: true
+#       purge: true
+#       deploy_key:
+#         from_secret: drone_ssh_swarm_test
+#       networks:
+#         - proxy
+#     environment:
+#       DOMAIN: wordpress.swarm-test.autonomic.zone
+#       STACK_NAME: wordpress
+#       LETS_ENCRYPT_ENV: production
+#       SECRET_DB_PASSWORD_VERSION: v1
+#       SECRET_DB_ROOT_PASSWORD_VERSION: v1
+#       PHP_UPLOADS_CONF_VERSION: v1
+#       ENTRYPOINT_CONF_VERSION: v1
+#       HTACCESS_CONF_VERSION: v1
+# trigger:
+#   branch:
+#     - main
 ---
 kind: pipeline
 name: generate recipe catalogue

.env.sample

@@ -72,13 +72,19 @@ SECRET_DB_PASSWORD_VERSION=v1
 #SECRET_AUTHENTIK_ID_VERSION=v1
 #LOGIN_TYPE='auto'
 
+# Keycloak SSO
+#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
+#KEYCLOAK_DOMAIN=keycloak.example.com
+#SECRET_KEYCLOAK_CLIENT_ID_VERSION=v1
+#SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
+
 # Matrix .well-known redirect
 #COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
 #MATRIX_DOMAIN=matrix.example.com
 
 # Allow remote connections to db
 # 🚩🚩 dangerous, use only for development sites!
-#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
+#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml"
 
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!

.gitignore

@@ -1 +1,22 @@
+# direnv
 /.envrc
+
+# Environment files (may contain secrets)
+.env
+
+# Logs
+*.log
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Editor/IDE
+*.swp
+*.swo
+*~
+*.bak
+.idea/
+.vscode/
+.project
+.classpath

compose.keycloak.yml

@@ -0,0 +1,14 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - keycloak_client_id
+      - keycloak_client_secret
+
+secrets:
+  keycloak_client_id:
+    external: true
+    name: ${STACK_NAME}_keycloak_client_id_${SECRET_KEYCLOAK_CLIENT_ID_VERSION}
+  keycloak_client_secret:
+    external: true
+    name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}

entrypoint.sh.tmpl

@@ -54,7 +54,7 @@ if [ ! -f "$UPLOADS_HTACCESS" ]; then
 EOF
 fi
 
-chown -R www-data:www-data /var/www/html/wp-content/uploads/
+chown -R --from=root:root www-data:www-data /var/www/html/wp-content/
 
 if [ -n "$@" ]; then
 	"$@"