feat: enable backups

chore: publish 1.1.0+0.33.1 release
docs: Fix 1.0.0 release note
2026-03-13 16:10:34 +01:00 · 2025-12-13 20:32:48 -05:00 · 2025-12-13 20:28:02 -05:00 · 2025-12-13 20:27:56 -05:00 · 2025-12-13 20:27:36 -05:00 · 2025-12-13 20:27:02 -05:00
7 changed files with 17 additions and 7 deletions
@@ -1,6 +1,7 @@
 TYPE=rauthy
 DOMAIN=rauthy.example.com
 LETS_ENCRYPT_ENV=production
+ENABLE_BACKUPS=true

 COMPOSE_FILE="compose.yml"

@@ -1,6 +1,6 @@
 set -e

-export CONFIG_TOML_VERSION=v2
+export CONFIG_TOML_VERSION=v3

 generate_enc_keys() {
  KEY_A="$(openssl rand -base64 32)"
@@ -5,6 +5,7 @@ services:
      - SMTP_ENABLED
      - SMTP_FROM
      - SMTP_URL
+      - SMTP_PORT
      - SMTP_USERNAME
    secrets:
      - smtp_password
@@ -1,6 +1,6 @@
 services:
  app:
-    image: ghcr.io/sebadob/rauthy:0.32.3
+    image: ghcr.io/sebadob/rauthy:0.33.1
    environment:
      - ADMIN_EMAIL
      - ADMIN_FORCE_MFA
@@ -31,7 +31,8 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
-        - "coop-cloud.${STACK_NAME}.version=1.0.0+0.32.3"
+        - "coop-cloud.${STACK_NAME}.version=1.1.0+0.33.1"
+        - "backupbot.backup=${ENABLE_BACKUPS:-true}"

 networks:
  proxy:
@@ -6,17 +6,17 @@ This release supports encryption key rotation, which unfortunately requires some
   docker secret list  # to obtain the secret's full name
   docker service create --name temp-reader --secret <secret-name> --mode replicated-job alpine:latest sh -c "cat /run/secrets/<secret-name>" && docker service logs --raw temp-reader && echo && docker service rm temp-reader

-NOTE: the encryption key is only the characters AFTER the "/"
+NOTE: the enc_keys secret has the format `<key_id>/<key_value>`; we'll refer to those two parts as $KEY_ID and $KEY_VALUE from here on.

 2. Add these lines to your config, overwriting the existing SECRET_ENC_KEYS_VERSION and ENC_KEY_ACTIVE values:

-    SECRET_ENC_KEYS_A_VERSION=a1 # generated=false
+    SECRET_ENC_KEYS_A_VERSION=$KEY_ID # generated=false
    SECRET_ENC_KEYS_B_VERSION=b1 # generated=false
-    ENC_KEY_ACTIVE="a1"
+    ENC_KEY_ACTIVE="$KEY_ID"

 3. Set key_a and generate key_b:

-    abra app secret insert $STACK_NAME enc_keys_a a1 "<your-existing-secret>" -C
+    abra app secret insert $STACK_NAME enc_keys_a $KEY_ID "<your-existing-secret>" -C
    abra app secret insert $STACK_NAME enc_keys_b b1 "$(openssl rand -base64 32)" -C

 Then you can deploy :)
@@ -0,0 +1 @@
+Enables backup-bot-2 backups
@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}
Author	SHA1	Message	Date
p4u1	1cf5a8a195	feat: enable backups	2026-03-13 16:10:34 +01:00
3wordchant	eecfe6239c	chore: publish 1.1.0+0.33.1 release	2025-12-13 20:32:48 -05:00
3wordchant	012818dfc2	docs: Fix 1.0.0 release note	2025-12-13 20:28:02 -05:00
3wordchant	705a039676	Add SMTP_PORT	2025-12-13 20:27:56 -05:00
3wordchant	cf9739b856	chore: publish 1.0.1+0.32.3 release	2025-12-13 20:27:36 -05:00
3wordchant	0c59e8d3c1	fix: Fix up 1.0.0 release	2025-12-13 20:27:02 -05:00
decentral1se	8a1423afaf	Merge pull request 'chore: Configure Renovate' (#8 ) from renovate/configure into main Reviewed-on: coop-cloud/rauthy#8	2025-10-03 20:10:10 +00:00
renovate-bot	a56da6b1a2	Add renovate.json	2025-10-03 20:04:38 +00:00