chore: publish 9.1.0+2025.10.2 release

add mila blueprint
chore: publish 10.0.0+2025.10.2 release
2025-12-10 22:03:54 +01:00 · 2025-12-10 21:18:10 +01:00 · 2025-11-27 10:25:25 +01:00
10 changed files with 105 additions and 23 deletions
--- a/.env.sample
+++ b/.env.sample
@ -156,5 +156,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 # APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
 # HEDGEDOC_APPGROUP="$GROUP_DOCUMENTATION"

+# COMPOSE_FILE="$COMPOSE_FILE:compose.mila.yml"
+# MILA_DOMAIN=mila.example.com
+# SECRET_MILA_ID_VERSION=v1
+# SECRET_MILA_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS mila:~/.abra/recipes/authentik/icons/mila.svg"
+# MILA_APPGROUP=""
+
 # APPLICATIONS='{"Calendar": {"url":"https://nextcloud.example.com/apps/calendar/", "group": ""}, "BBB": {"url":"https://nextcloud.example.com/apps/bbb/", "group":""}, "Pretix": {"url":"https://pretix.example.com/control/", "group":""}}'
 # EXTRA_ICONS={"Calendar": "~/.abra/recipes/authentik/icons/calendar.svg", "BBB": "~/.abra/recipes/authentik/icons/bbb.png", "Pretix": "~/.abra/recipes/authentik/icons/pretix.svg"}
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .envrc
+.cursorignore
--- a/abra.sh
+++ b/abra.sh
@ -16,6 +16,7 @@ export ZAMMAD_CONFIG_VERSION=v4
 export RALLLY_CONFIG_VERSION=v4
 export HEDGEDOC_CONFIG_VERSION=v3
 export MONITORING_CONFIG_VERSION=v4
+export MILA_CONFIG_VERSION=v1
 export DB_ENTRYPOINT_VERSION=v1
 export PG_BACKUP_VERSION=v2
 export ENTRYPOINT_CSS_VERSION=v1
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -87,3 +87,12 @@ hedgedoc:
        - hedgedoc.png
    secrets:
        hedgedoc_id: hedgedoc
+mila:
+    uncomment:
+        - compose.mila.yml
+        - MILA_DOMAIN
+        - SECRET_MILA_ID_VERSION
+        - SECRET_MILA_SECRET_VERSION
+        - mila.svg
+    secrets:
+        mila_id: mila
--- a/compose.mila.yml
+++ b/compose.mila.yml
@ -0,0 +1,27 @@
+version: "3.8"
+services:
+  worker:
+    secrets:
+      - mila_id
+      - mila_secret
+    environment:
+      - MILA_DOMAIN
+    configs:
+      - source: mila
+        target: /blueprints/mila.yaml
+
+secrets:
+  mila_id:
+    external: true
+    name: ${STACK_NAME}_mila_id_${SECRET_MILA_ID_VERSION}
+  mila_secret:
+    external: true
+    name: ${STACK_NAME}_mila_secret_${SECRET_MILA_SECRET_VERSION}
+
+
+configs:
+  mila:
+    name: ${STACK_NAME}_mila_${MILA_CONFIG_VERSION}
+    file: mila.yaml.tmpl
+    template_driver: golang
+
--- a/compose.outposts.ldap.yml
+++ b/compose.outposts.ldap.yml
@ -1,7 +1,7 @@
 version: "3.8"
 services:
  authentik_ldap:
-      image: ghcr.io/goauthentik/ldap:2025.8.1
+      image: ghcr.io/goauthentik/ldap:2025.10.2
      # Optionally specify which networks the container should be
      # might be needed to reach the core authentik server
      networks:
--- a/compose.yml
+++ b/compose.yml
@ -5,7 +5,6 @@ x-env: &env
    - AUTHENTIK_POSTGRESQL__USER=authentik
    - AUTHENTIK_POSTGRESQL__NAME=authentik
    - AUTHENTIK_POSTGRESQL__HOST=db
-    - AUTHENTIK_REDIS__HOST=redis
    - AUTHENTIK_ERROR_REPORTING__ENABLED
    - AUTHENTIK_SECRET_KEY=file:///run/secrets/secret_key
    - AUTHENTIK_EMAIL__HOST
@ -35,11 +34,10 @@ x-env: &env
 version: '3.8'
 services:
  app:
-    image: ghcr.io/goauthentik/server:2025.8.1
+    image: ghcr.io/goauthentik/server:2025.10.2
    command: server
    depends_on:
      - db
-      - redis
    secrets:
      - db_password
      - admin_pass
@ -71,18 +69,17 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=9.0.2+2025.8.1"
+        - "coop-cloud.${STACK_NAME}.version=10.1.0+2025.10.2"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

  worker:
-    image: ghcr.io/goauthentik/server:2025.8.1
+    image: ghcr.io/goauthentik/server:2025.10.2
    command: worker
    depends_on:
      - db
-      - redis
    secrets:
      - db_password
      - admin_pass
@ -119,7 +116,7 @@ services:
      start_period: 5m

  db:
-    image: postgres:15.13
+    image: postgres:15.15
    secrets:
      - db_password
    configs:
@ -150,22 +147,8 @@ services:
          backupbot.backup: "${ENABLE_BACKUPS:-true}"
          backupbot.backup.pre-hook: "/pg_backup.sh backup"
          backupbot.backup.volumes.database.path: "backup.sql"
-          backupbot.backup.volumes.redis: "false"
          backupbot.restore.post-hook: '/pg_backup.sh restore'

-  redis:
-    image:  redis:8.2.1-alpine
-    command: --save 60 1 --loglevel warning
-    networks:
-      - internal
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
-    volumes:
-        - redis:/data

 secrets:
  db_password:
@ -192,7 +175,6 @@ networks:
 volumes:
  media:
  certs:
-  redis:
  templates:
  assets:
  database:
--- a/icons/mila.svg
+++ b/icons/mila.svg
@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" width="100" height="100">
+  <rect width="100" height="100" rx="12" fill="#4f46e5"/>
+  <text x="50" y="65" font-family="Arial, sans-serif" font-size="48" font-weight="bold" fill="white" text-anchor="middle">M</text>
+</svg>
+
--- a/mila.yaml.tmpl
+++ b/mila.yaml.tmpl
@ -0,0 +1,49 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+  name: mila
+
+entries:
+
+- attrs:
+    access_code_validity: minutes=1
+    authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
+    authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+    invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
+    client_id: {{ secret  "mila_id" }}
+    client_secret: {{ secret  "mila_secret" }}
+    client_type: confidential
+    include_claims_in_id_token: true
+    issuer_mode: per_provider
+    redirect_uris:
+    - matching_mode: strict
+      url: https://{{ env  "MILA_DOMAIN" }}/auth/user/rauthy/callback
+    name: Mila
+    property_mappings:
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+    signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+    sub_mode: hashed_user_id
+    token_validity: days=30
+  conditions: []
+  id: mila_provider
+  identifiers:
+    pk: 9990
+  model: authentik_providers_oauth2.oauth2provider
+  state: present
+
+- attrs:
+    meta_launch_url: https://{{ env  "MILA_DOMAIN" }}
+    open_in_new_tab: true
+    policy_engine_mode: any
+    provider: !KeyOf mila_provider
+    slug: mila
+  conditions: []
+  id: mila_application
+  identifiers:
+    name: Mila
+  model: authentik_core.application
+  state: present
+
--- a/release/10.0.0+2025.10.2
+++ b/release/10.0.0+2025.10.2
@ -0,0 +1 @@
+2025.10 removes redis. Since 2025.8 all redis tasks have been migrated to postgres.
Author	SHA1	Message	Date
Simon	721164a2f2	chore: publish 9.1.0+2025.10.2 release	2025-12-10 22:03:54 +01:00
Simon	f025eda69e	add mila blueprint	2025-12-10 21:18:10 +01:00
knoflook	2d67a8a77e	chore: publish 10.0.0+2025.10.2 release	2025-11-27 10:25:25 +01:00
				`@ -0,0 +1 @@`
				`2025.10 removes redis. Since 2025.8 all redis tasks have been migrated to postgres.`