authentik: nextcloud: uncomment: - compose.nextcloud.yml - NEXTCLOUD_DOMAIN - SECRET_NEXTCLOUD_ID_VERSION - SECRET_NEXTCLOUD_SECRET_VERSION - nextcloud.png wordpress: uncomment: - compose.wordpress.yml - WORDPRESS_DOMAIN - WORDPRESS_GROUP - SECRET_WORDPRESS_ID_VERSION - SECRET_WORDPRESS_SECRET_VERSION - wordpress.png matrix-synapse: uncomment: - compose.matrix.yml - ELEMENT_DOMAIN - MATRIX_DOMAIN - SECRET_MATRIX_ID_VERSION - SECRET_MATRIX_SECRET_VERSION - matrix.svg secrets: matrix_id: matrix wekan: uncomment: - compose.wekan.yml - WEKAN_DOMAIN - SECRET_WEKAN_ID_VERSION - SECRET_WEKAN_SECRET_VERSION - wekan.png secrets: wekan_id: wekan vikunja: uncomment: - compose.vikunja.yml - VIKUNJA_DOMAIN - SECRET_VIKUNJA_ID_VERSION - SECRET_VIKUNJA_SECRET_VERSION - vikunja.svg secrets: vikunja_id: vikunja kimai: uncomment: - compose.kimai.yml - KIMAI_DOMAIN - SECRET_KIMAI_ID_VERSION - SECRET_KIMAI_SECRET_VERSION - kimai_logo.png zammad: uncomment: - compose.zammad.yml - ZAMMAD_DOMAIN - zammad.svg monitoring-ng: uncomment: - compose.monitoring.yml - MONITORING_DOMAIN - SECRET_MONITORING_ID_VERSION - SECRET_MONITORING_SECRET_VERSION - monitoring.svg outline: uncomment: - compose.outline.yml - OUTLINE_DOMAIN - SECRET_OUTLINE_ID_VERSION - SECRET_OUTLINE_SECRET_VERSION - outline.png secrets: outline_id: outline rallly: uncomment: - compose.rallly.yml - RALLLY_DOMAIN - SECRET_RALLLY_ID_VERSION - SECRET_RALLLY_SECRET_VERSION - rallly.png secrets: rallly_id: rallly hedgedoc: uncomment: - compose.hedgedoc.yml - HEDGEDOC_DOMAIN - SECRET_HEDGEDOC_ID_VERSION - SECRET_HEDGEDOC_SECRET_VERSION - hedgedoc.png secrets: hedgedoc_id: hedgedoc pretix: env: APPLICATIONS: Pretix: url: https://pretix.example.com/control/ group: EXTRA_ICONS: Pretix: ~/.abra/recipes/authentik/icons/pretix.svg vaultwarden: env: APPLICATIONS: Vaultwarden: url: https://vaultwarden.example.com/ group: EXTRA_ICONS: Vaultwarden: ~/.abra/recipes/authentik/icons/vaultwarden.svg mila: uncomment: - compose.mila.yml - MILA_DOMAIN - SECRET_MILA_ID_VERSION - SECRET_MILA_SECRET_VERSION - mila.svg secrets: mila_id: mila kimai: authentik: uncomment: - SSO_ENABLED - SSO_PROVIDER_URL - SSO_SAML_URL - SSO_LOGOUT_URL secret_hooks: - insert_authentik_certificate zammad: authentik: uncomment: - SSO_PROVIDER_DOMAIN - IDP_SSO_TARGET_URL - IDP_SLO_SERVICE_URL initial-hooks: - local enable_authentik_sso nextcloud: authentik: uncomment: - compose.authentik.yml - AUTHENTIK_USER_PREFIX - AUTHENTIK_DOMAIN - SECRET_AUTHENTIK_SECRET_VERSION - SECRET_AUTHENTIK_ID_VERSION initial-hooks: - app set_authentik shared_secrets: nextcloud_secret: authentik_secret nextcloud_id: authentik_id onlyoffice: uncomment: - compose.onlyoffice.yml - ONLYOFFICE_URL - SECRET_ONLYOFFICE_JWT_VERSION initial-hooks: - app install_onlyoffice collabora: uncomment: - COLLABORA_URL initial-hooks: - app install_collabora onlyoffice: nextcloud: uncomment: - compose.jwt.yml - SECRET_JWT_SECRET_VERSION shared_secrets: onlyoffice_jwt: jwt_secret outline: authentik: env: OIDC_CLIENT_ID: outline OIDC_AUTH_URI: https://authentik.example.com/application/o/authorize/ OIDC_TOKEN_URI: https://authentik.example.com/application/o/token/ OIDC_USERINFO_URI: https://authentik.example.com/application/o/userinfo/ OIDC_DISPLAY_NAME: "Authentik" uncomment: - compose.oidc.yml - OIDC_ENABLED - OIDC_USERNAME_CLAIM - OIDC_SCOPES - SECRET_OIDC_CLIENT_SECRET_VERSION shared_secrets: outline_secret: oidc_client_secret wordpress: authentik: uncomment: - compose.authentik.yml - AUTHENTIK_DOMAIN - SECRET_AUTHENTIK_SECRET_VERSION - SECRET_AUTHENTIK_ID_VERSION - LOGIN_TYPE initial-hooks: - app set_authentik shared_secrets: wordpress_secret: authentik_secret wordpress_id: authentik_id vikunja: authentik: env: OAUTH_NAME: authentik OAUTH_URL: https://authentik.example.com/application/o/vikunja/ OAUTH_LOGOUT_URL: https://authentik.example.com/application/o/vikunja/end-session/ # TODO: set CLIENT_ID as secret OAUTH_CLIENT_ID: vikunja uncomment: - compose.oauth.yml - OAUTH_ENABLED - SECRET_OAUTH_SECRET_VERSION shared_secrets: #vikunja_id: oauth_id vikunja_secret: oauth_secret matrix-synapse: authentik: env: KEYCLOAK_ID: authentik KEYCLOAK_NAME: sso KEYCLOAK_URL: https://authentik.example.com/application/o/matrix/ # TODO: correct client domain? KEYCLOAK_CLIENT_DOMAIN: https://element-web.example.com KEYCLOAK_ALLOW_EXISTING_USERS: "true" # TODO: set CLIENT_ID as secret KEYCLOAK_CLIENT_ID: matrix uncomment: - compose.keycloak.yml - KEYCLOAK_ENABLED - KEYCLOAK_CLIENT_ID - SECRET_KEYCLOAK_CLIENT_SECRET_VERSION shared_secrets: matrix_secret: keycloak_client_secret traefik: matrix-synapse: uncomment: - compose.matrix.yml - MATRIX_FEDERATION_ENABLED rallly: authentik: env: OIDC_NAME: "Authentik" OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration" OIDC_ISSUER_URL: "https://authentik.example.com/application/o/rallly/" OIDC_CLIENT_ID: rallly uncomment: - compose.oidc.yml - SECRET_OIDC_CLIENT_SECRET_VERSION - OIDC_ENABLED shared_secrets: rallly_secret: oidc_client_secret wekan: authentik: env: OAUTH2_ENABLED: "true" OAUTH2_SERVER_URL: https://authentik.example.com # TODO: set CLIENT_ID as secret OAUTH2_CLIENT_ID: wekan uncomment: - OAUTH2_LOGIN_STYLE - OAUTH2_AUTH_ENDPOINT - OAUTH2_USERINFO_ENDPOINT - OAUTH2_TOKEN_ENDPOINT - OAUTH2_REQUEST_PERMISSIONS - OAUTH2_ID_MAP - OAUTH2_USERNAME_MAP - OAUTH2_FULLNAME_MAP - OAUTH2_EMAIL_MAP - PROPAGATE_OIDC_DATA - OIDC_REDIRECTION_ENABLED shared_secrets: wekan_secret: oauth2_secret hedgedoc: authentik: env: CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/ CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/ CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/ # TODO: set CLIENT_ID as secret CMD_OAUTH2_CLIENT_ID: hedgedoc CMD_OAUTH2_PROVIDERNAME: Authentik uncomment: - compose.oauth.yml - SECRET_OAUTH_KEY_VERSION shared_secrets: hedgedoc_secret: oauth_key mila: authentik: env: OIDC_CLIENT_ID: mila OIDC_BASE_URL: https://authentik.example.com/application/o/mila OIDC_REDIRECT_URI: https://mila.example.com/auth/user/oidc/callback OIDC_ADMIN_GROUP_NAME: mv_admin OIDC_GROUPS_CLAIM: groups OIDC_ONLY: "true" uncomment: - compose.oidc.yml - SECRET_OIDC_CLIENT_SECRET_VERSION shared_secrets: mila_secret: oidc_client_secret