forked from moritz/alakazam
297 lines
9.2 KiB
YAML
297 lines
9.2 KiB
YAML
authentik:
|
|
nextcloud:
|
|
uncomment:
|
|
- compose.nextcloud.yml
|
|
- NEXTCLOUD_DOMAIN
|
|
- SECRET_NEXTCLOUD_ID_VERSION
|
|
- SECRET_NEXTCLOUD_SECRET_VERSION
|
|
- nextcloud.png
|
|
wordpress:
|
|
uncomment:
|
|
- compose.wordpress.yml
|
|
- WORDPRESS_DOMAIN
|
|
- WORDPRESS_GROUP
|
|
- SECRET_WORDPRESS_ID_VERSION
|
|
- SECRET_WORDPRESS_SECRET_VERSION
|
|
- wordpress.png
|
|
matrix-synapse:
|
|
uncomment:
|
|
- compose.matrix.yml
|
|
- ELEMENT_DOMAIN
|
|
- MATRIX_DOMAIN
|
|
- SECRET_MATRIX_ID_VERSION
|
|
- SECRET_MATRIX_SECRET_VERSION
|
|
- matrix.svg
|
|
secrets:
|
|
matrix_id: matrix
|
|
wekan:
|
|
uncomment:
|
|
- compose.wekan.yml
|
|
- WEKAN_DOMAIN
|
|
- SECRET_WEKAN_ID_VERSION
|
|
- SECRET_WEKAN_SECRET_VERSION
|
|
- wekan.png
|
|
secrets:
|
|
wekan_id: wekan
|
|
vikunja:
|
|
uncomment:
|
|
- compose.vikunja.yml
|
|
- VIKUNJA_DOMAIN
|
|
- SECRET_VIKUNJA_ID_VERSION
|
|
- SECRET_VIKUNJA_SECRET_VERSION
|
|
- vikunja.svg
|
|
secrets:
|
|
vikunja_id: vikunja
|
|
kimai:
|
|
uncomment:
|
|
- compose.kimai.yml
|
|
- KIMAI_DOMAIN
|
|
- SECRET_KIMAI_ID_VERSION
|
|
- SECRET_KIMAI_SECRET_VERSION
|
|
- kimai_logo.png
|
|
zammad:
|
|
uncomment:
|
|
- compose.zammad.yml
|
|
- ZAMMAD_DOMAIN
|
|
- zammad.svg
|
|
monitoring-ng:
|
|
uncomment:
|
|
- compose.monitoring.yml
|
|
- MONITORING_DOMAIN
|
|
- SECRET_MONITORING_ID_VERSION
|
|
- SECRET_MONITORING_SECRET_VERSION
|
|
- monitoring.svg
|
|
outline:
|
|
uncomment:
|
|
- compose.outline.yml
|
|
- OUTLINE_DOMAIN
|
|
- SECRET_OUTLINE_ID_VERSION
|
|
- SECRET_OUTLINE_SECRET_VERSION
|
|
- outline.png
|
|
secrets:
|
|
outline_id: outline
|
|
rallly:
|
|
uncomment:
|
|
- compose.rallly.yml
|
|
- RALLLY_DOMAIN
|
|
- SECRET_RALLLY_ID_VERSION
|
|
- SECRET_RALLLY_SECRET_VERSION
|
|
- rallly.png
|
|
secrets:
|
|
rallly_id: rallly
|
|
hedgedoc:
|
|
uncomment:
|
|
- compose.hedgedoc.yml
|
|
- HEDGEDOC_DOMAIN
|
|
- SECRET_HEDGEDOC_ID_VERSION
|
|
- SECRET_HEDGEDOC_SECRET_VERSION
|
|
- hedgedoc.png
|
|
secrets:
|
|
hedgedoc_id: hedgedoc
|
|
pretix:
|
|
env:
|
|
APPLICATIONS:
|
|
Pretix:
|
|
url: https://pretix.example.com/control/
|
|
group:
|
|
EXTRA_ICONS:
|
|
Pretix: ~/.abra/recipes/authentik/icons/pretix.svg
|
|
vaultwarden:
|
|
env:
|
|
APPLICATIONS:
|
|
Vaultwarden:
|
|
url: https://vaultwarden.example.com/
|
|
group:
|
|
EXTRA_ICONS:
|
|
Vaultwarden: ~/.abra/recipes/authentik/icons/vaultwarden.svg
|
|
mila:
|
|
uncomment:
|
|
- compose.mila.yml
|
|
- MILA_DOMAIN
|
|
- SECRET_MILA_ID_VERSION
|
|
- SECRET_MILA_SECRET_VERSION
|
|
- mila.svg
|
|
secrets:
|
|
mila_id: mila
|
|
kimai:
|
|
authentik:
|
|
uncomment:
|
|
- SSO_ENABLED
|
|
- SSO_PROVIDER_URL
|
|
- SSO_SAML_URL
|
|
- SSO_LOGOUT_URL
|
|
secret_hooks:
|
|
- insert_authentik_certificate
|
|
zammad:
|
|
authentik:
|
|
uncomment:
|
|
- SSO_PROVIDER_DOMAIN
|
|
- IDP_SSO_TARGET_URL
|
|
- IDP_SLO_SERVICE_URL
|
|
initial-hooks:
|
|
- local enable_authentik_sso
|
|
nextcloud:
|
|
authentik:
|
|
uncomment:
|
|
- compose.authentik.yml
|
|
- AUTHENTIK_USER_PREFIX
|
|
- AUTHENTIK_DOMAIN
|
|
- SECRET_AUTHENTIK_SECRET_VERSION
|
|
- SECRET_AUTHENTIK_ID_VERSION
|
|
initial-hooks:
|
|
- app set_authentik
|
|
shared_secrets:
|
|
nextcloud_secret: authentik_secret
|
|
nextcloud_id: authentik_id
|
|
onlyoffice:
|
|
uncomment:
|
|
- compose.onlyoffice.yml
|
|
- ONLYOFFICE_URL
|
|
- SECRET_ONLYOFFICE_JWT_VERSION
|
|
initial-hooks:
|
|
- app install_onlyoffice
|
|
collabora:
|
|
uncomment:
|
|
- COLLABORA_URL
|
|
initial-hooks:
|
|
- app install_collabora
|
|
onlyoffice:
|
|
nextcloud:
|
|
uncomment:
|
|
- compose.jwt.yml
|
|
- SECRET_JWT_SECRET_VERSION
|
|
shared_secrets:
|
|
onlyoffice_jwt: jwt_secret
|
|
outline:
|
|
authentik:
|
|
env:
|
|
OIDC_CLIENT_ID: outline
|
|
OIDC_AUTH_URI: https://authentik.example.com/application/o/authorize/
|
|
OIDC_TOKEN_URI: https://authentik.example.com/application/o/token/
|
|
OIDC_USERINFO_URI: https://authentik.example.com/application/o/userinfo/
|
|
OIDC_DISPLAY_NAME: "Authentik"
|
|
uncomment:
|
|
- compose.oidc.yml
|
|
- OIDC_ENABLED
|
|
- OIDC_USERNAME_CLAIM
|
|
- OIDC_SCOPES
|
|
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
|
shared_secrets:
|
|
outline_secret: oidc_client_secret
|
|
wordpress:
|
|
authentik:
|
|
uncomment:
|
|
- compose.authentik.yml
|
|
- AUTHENTIK_DOMAIN
|
|
- SECRET_AUTHENTIK_SECRET_VERSION
|
|
- SECRET_AUTHENTIK_ID_VERSION
|
|
- LOGIN_TYPE
|
|
initial-hooks:
|
|
- app set_authentik
|
|
shared_secrets:
|
|
wordpress_secret: authentik_secret
|
|
wordpress_id: authentik_id
|
|
vikunja:
|
|
authentik:
|
|
env:
|
|
OAUTH_NAME: authentik
|
|
OAUTH_URL: https://authentik.example.com/application/o/vikunja/
|
|
OAUTH_LOGOUT_URL: https://authentik.example.com/application/o/vikunja/end-session/
|
|
# TODO: set CLIENT_ID as secret
|
|
OAUTH_CLIENT_ID: vikunja
|
|
uncomment:
|
|
- compose.oauth.yml
|
|
- OAUTH_ENABLED
|
|
- SECRET_OAUTH_SECRET_VERSION
|
|
shared_secrets:
|
|
#vikunja_id: oauth_id
|
|
vikunja_secret: oauth_secret
|
|
matrix-synapse:
|
|
authentik:
|
|
env:
|
|
KEYCLOAK_ID: authentik
|
|
KEYCLOAK_NAME: sso
|
|
KEYCLOAK_URL: https://authentik.example.com/application/o/matrix/
|
|
# TODO: correct client domain?
|
|
KEYCLOAK_CLIENT_DOMAIN: https://element-web.example.com
|
|
KEYCLOAK_ALLOW_EXISTING_USERS: "true"
|
|
# TODO: set CLIENT_ID as secret
|
|
KEYCLOAK_CLIENT_ID: matrix
|
|
uncomment:
|
|
- compose.keycloak.yml
|
|
- KEYCLOAK_ENABLED
|
|
- KEYCLOAK_CLIENT_ID
|
|
- SECRET_KEYCLOAK_CLIENT_SECRET_VERSION
|
|
shared_secrets:
|
|
matrix_secret: keycloak_client_secret
|
|
traefik:
|
|
matrix-synapse:
|
|
uncomment:
|
|
- compose.matrix.yml
|
|
- MATRIX_FEDERATION_ENABLED
|
|
rallly:
|
|
authentik:
|
|
env:
|
|
OIDC_NAME: "Authentik"
|
|
OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
|
|
OIDC_ISSUER_URL: "https://authentik.example.com/application/o/rallly/"
|
|
OIDC_CLIENT_ID: rallly
|
|
uncomment:
|
|
- compose.oidc.yml
|
|
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
|
- OIDC_ENABLED
|
|
shared_secrets:
|
|
rallly_secret: oidc_client_secret
|
|
wekan:
|
|
authentik:
|
|
env:
|
|
OAUTH2_ENABLED: "true"
|
|
OAUTH2_SERVER_URL: https://authentik.example.com
|
|
# TODO: set CLIENT_ID as secret
|
|
OAUTH2_CLIENT_ID: wekan
|
|
uncomment:
|
|
- OAUTH2_LOGIN_STYLE
|
|
- OAUTH2_AUTH_ENDPOINT
|
|
- OAUTH2_USERINFO_ENDPOINT
|
|
- OAUTH2_TOKEN_ENDPOINT
|
|
- OAUTH2_REQUEST_PERMISSIONS
|
|
- OAUTH2_ID_MAP
|
|
- OAUTH2_USERNAME_MAP
|
|
- OAUTH2_FULLNAME_MAP
|
|
- OAUTH2_EMAIL_MAP
|
|
- PROPAGATE_OIDC_DATA
|
|
- OIDC_REDIRECTION_ENABLED
|
|
shared_secrets:
|
|
wekan_secret: oauth2_secret
|
|
hedgedoc:
|
|
authentik:
|
|
env:
|
|
CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
|
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
|
CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
|
|
CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
|
|
# TODO: set CLIENT_ID as secret
|
|
CMD_OAUTH2_CLIENT_ID: hedgedoc
|
|
CMD_OAUTH2_PROVIDERNAME: Authentik
|
|
uncomment:
|
|
- compose.oauth.yml
|
|
- SECRET_OAUTH_KEY_VERSION
|
|
shared_secrets:
|
|
hedgedoc_secret: oauth_key
|
|
mila:
|
|
authentik:
|
|
env:
|
|
OIDC_CLIENT_ID: mila
|
|
OIDC_BASE_URL: https://authentik.example.com/application/o/mila
|
|
OIDC_REDIRECT_URI: https://mila.example.com/auth/user/oidc/callback
|
|
OIDC_ADMIN_GROUP_NAME: mv_admin
|
|
OIDC_GROUPS_CLAIM: groups
|
|
OIDC_ONLY: "true"
|
|
uncomment:
|
|
- compose.oidc.yml
|
|
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
|
shared_secrets:
|
|
mila_secret: oidc_client_secret
|