docs: add Keycloak SSO entry to .env.sample, fix missing quote on public-db line

Add Keycloak SSO compose override file
merge upstream
2026-06-02 23:50:07 +01:00 · 2026-06-02 23:33:29 +01:00 · 2026-06-02 21:32:31 +00:00 · 2026-06-02 16:24:48 +01:00 · 2026-06-02 16:23:11 +01:00 · 2026-06-02 16:11:39 +01:00
4 changed files with 43 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -72,13 +72,19 @@ SECRET_DB_PASSWORD_VERSION=v1
 #SECRET_AUTHENTIK_ID_VERSION=v1
 #LOGIN_TYPE='auto'

+# Keycloak SSO
+#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
+#KEYCLOAK_DOMAIN=keycloak.example.com
+#SECRET_KEYCLOAK_CLIENT_ID_VERSION=v1
+#SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
+
 # Matrix .well-known redirect
 #COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
 #MATRIX_DOMAIN=matrix.example.com

 # Allow remote connections to db
 # 🚩🚩 dangerous, use only for development sites!
-#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
+#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml"

 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,22 @@
+# direnv
 /.envrc
+
+# Environment files (may contain secrets)
+.env
+
+# Logs
+*.log
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Editor/IDE
+*.swp
+*.swo
+*~
+*.bak
+.idea/
+.vscode/
+.project
+.classpath
--- a/compose.keycloak.yml
+++ b/compose.keycloak.yml
@ -0,0 +1,14 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - keycloak_client_id
+      - keycloak_client_secret
+
+secrets:
+  keycloak_client_id:
+    external: true
+    name: ${STACK_NAME}_keycloak_client_id_${SECRET_KEYCLOAK_CLIENT_ID_VERSION}
+  keycloak_client_secret:
+    external: true
+    name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -54,7 +54,7 @@ if [ ! -f "$UPLOADS_HTACCESS" ]; then
 EOF
 fi

-chown -R www-data:www-data /var/www/html/wp-content/uploads/
+chown -R --from=root:root www-data:www-data /var/www/html/wp-content/

 if [ -n "$@" ]; then
 	"$@"
Author	SHA1	Message	Date
kawaiipunk	cb1df12c72	docs: add Keycloak SSO entry to .env.sample, fix missing quote on public-db line Some checks reported errors continuous-integration/drone/pr Build encountered an error Details	2026-06-02 23:50:07 +01:00
kawaiipunk	f5fdab61b1	Add Keycloak SSO compose override file Some checks reported errors continuous-integration/drone/pr Build encountered an error Details	2026-06-02 23:33:29 +01:00
KawaiiPunk	b305445512	merge upstream Some checks reported errors continuous-integration/drone/pr Build encountered an error Details	2026-06-02 21:32:31 +00:00
kawaiipunk	cf54575187	restricts ownership changes to files still owned by root (e.g., from the image build). On subsequent restarts, files already owned by www-data are skipped entirely, avoiding a full recursive write cycle. Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:24:48 +01:00
kawaiipunk	b4db12f09c	Added ignores for .env, *.log, .DS_Store, Thumbs.db, and common editor/IDE files Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:23:11 +01:00
kawaiipunk	e4b87c8ab9	chown entire wp-content to ensure correct permissions Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:11:39 +01:00