forked from coop-cloud/rauthy
5128431f97
- Added abra.sh functions for creating clients, groups and roles with the Rauthy API - Documentation and example for Nextcloud integration
50 lines
2.1 KiB
Plaintext
50 lines
2.1 KiB
Plaintext
TYPE=rauthy
|
|
DOMAIN=rauthy.example.com
|
|
LETS_ENCRYPT_ENV=production
|
|
ENABLE_BACKUPS=true
|
|
|
|
COMPOSE_FILE="compose.yml"
|
|
|
|
# See https://sebadob.github.io/rauthy/config/config.html
|
|
|
|
ADMIN_EMAIL=admin@example.org
|
|
ADMIN_FORCE_MFA=true
|
|
|
|
LOG_LEVEL=info
|
|
|
|
SECRET_ENC_KEYS_A_VERSION=a1 # generate=false
|
|
SECRET_ENC_KEYS_B_VERSION=b1 # generate=false
|
|
ENC_KEY_ACTIVE="a1"
|
|
|
|
SECRET_HQL_RAFT_VERSION=v1
|
|
SECRET_HQL_API_VERSION=v1
|
|
|
|
# SMTP
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
|
#SMTP_ENABLED=1
|
|
#EMAIL_SUB_PREFIX="Rauthy IAM"
|
|
#SMTP_URL=
|
|
#SMTP_FROM=
|
|
#SMTP_USERNAME=
|
|
#SECRET_SMTP_PASSWORD_VERSION=v1
|
|
#SMTP_STARTTLS_ONLY=true
|
|
|
|
# Bootstrap admin account (only on first deploy)
|
|
# Generate admin bootstrap hash: abra app cmd --local generate_bootstrap_admin_password
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.bootstrapadmin.yml"
|
|
#SECRET_ADMIN_PWHASH_VERSION=v1 # generate=false
|
|
|
|
# API key
|
|
# When set before first deploy, rauthy will bootstrap an API key with the Base64 encoded JSON access rights.
|
|
# Default value is read and create rights on Clients, Roles and Groups. See https://sebadob.github.io/rauthy/config/bootstrap.html#api-key
|
|
# After first deploy, api_secret is also used be abra.sh functions (create_clients, create_groups)
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.api.yml"
|
|
#BOOTSTRAP_API_KEY="ewogICJuYW1lIjoiYm9vdHN0cmFwIiwKICAiZXhwIjpudWxsLAogICJhY2Nlc3MiOlt7CiAgICAgICJncm91cCI6IkNsaWVudHMiLAogICAgICAiYWNjZXNzX3JpZ2h0cyI6WyJyZWFkIiwiY3JlYXRlIl0KICAgIH0sewogICAgICAiZ3JvdXAiOiJSb2xlcyIsCiAgICAgICJhY2Nlc3NfcmlnaHRzIjpbInJlYWQiLCJjcmVhdGUiXQogICAgfSx7CiAgICAgICJncm91cCI6ICJHcm91cHMiLAogICAgICAiYWNjZXNzX3JpZ2h0cyI6WyJyZWFkIiwiY3JlYXRlIl0KICAgIH0sewogICAgICAiZ3JvdXAiOiAiU2VjcmV0cyIsCiAgICAgICJhY2Nlc3NfcmlnaHRzIjpbInJlYWQiXQogICAgfQogIF0KfQo="
|
|
#SECRET_API_SECRET_VERSION=v1 # length=64
|
|
|
|
# Nextcloud OIDC integration
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
|
|
#SECRET_NEXTCLOUD_SEC_VERSION=v1 # length=5 prefix=Empty- This needs a value before deployment, but it will be set to the actual secret after the OIDC client is created.
|
|
#NEXTCLOUD_CLIENT_NAME="Nextcloud"
|
|
#NEXTCLOUD_REDIRECT_URI="https://nextcloud.example.com/apps/user_oidc/code"
|