Merge branch 'main' into feature/authentik-integration

feat: integrate authentik
Merge pull request 'chore: Configure Renovate' (#4 ) from renovate/configure into main
2026-05-14 15:41:31 +00:00 · 2026-05-14 12:36:39 -03:00 · 2025-09-14 16:29:35 +00:00 · 2025-09-14 16:27:14 +00:00 · 2025-09-11 18:07:27 -04:00 · 2025-09-11 18:00:49 -04:00
8 changed files with 91 additions and 6 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -7,7 +7,6 @@ steps:
    settings:
      host: swarm-test.autonomic.zone
      stack: writefreely
      generate_secrets: true
      purge: true
      deploy_key:
        from_secret: drone_ssh_swarm_test
@ -16,11 +15,11 @@ steps:
    environment:
      DOMAIN: writefreely.swarm-test.autonomic.zone
      STACK_NAME: writefreely
      ASSETS_PATH: /usr/share/writefreely
      DATA_PATH: /data
      LETS_ENCRYPT_ENV: production
-      CONFIG_WRITEFREELY_VERSION: v1
+      CONFIG_INI_VERSION: v1
-      CONFIG_ENTRYPOINT_VERSION: v1
+      WRITEFREELY_ENTRYPOINT_VERSION: v1
      SECRET_DB_ROOT_PASSWORD_VERSION: v1
      SECRET_DB_PASSWORD_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -48,3 +48,12 @@ LETS_ENCRYPT_ENV=production
 #OAUTH_HOST=https://<your domain>/realms/<your realm>/protocol/openid-connect
 #OAUTH_DISPLAY_NAME=Keycloak
 #OAUTH_CLIENT_SECRET_VERSION=v1
 ## Uncomment to use Authentik. This only works if Keycloak is disabled.
 ## See README.md for explanation.
 #AUTHENTIK_ENABLED=1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
 #OAUTH_HOST=https://<your domain>
 #OAUTH_DISPLAY_NAME=Authentik
 #OAUTH_CLIENT_ID_VERSION=v1
 #OAUTH_CLIENT_SECRET_VERSION=v1
--- a/README.md
+++ b/README.md
@ -36,6 +36,44 @@ For the **OAUTH_HOST** config, it uses this format: `https://keycloak.example.co
 To set the client secret: `abra app secret insert <domain> oauth_client_secret v1`
 ## Authentik setup
 If you've set up Authentik for SSO, you can integrate it into Writefreely by running the following steps:
 1. In the Authentik app, uncomment the Writefreely configuration to enable the associated blueprint:
   ```
   COMPOSE_FILE="$COMPOSE_FILE:compose.writefreely.yml"
   WRITEFREELY_DOMAIN=writefreely.example.com
   SECRET_WRITEFREELY_ID_VERSION=v1
   SECRET_WRITEFREELY_SECRET_VERSION=v1
   APP_ICONS="writefreely:~/.abra/recipes/authentik/icons/writefreely.png"
   WRITEFREELY_APPGROUP="$GROUP_DOCUMENTATION"
    ```
 2. Also in Authentik, generate the client id/secret pair.
    ```
    abra app secret generate <authentik_app_name> writefreely_id v1
    ```
    ```
    abra app secret generate <authentik_app_name> writefreely_secret v1
    ```
 3. Uncomment and properly set the configs for Authentik in `abra app config <domain>`.
 4. Set the client id/secret that were generated previously, by running:
    ```
    abra app secret insert <domain> oauth_client_id v1
    ```
    ```
    abra app secret insert <domain> oauth_client_secret v1
    ```
 ## MariaDB
 By default, this recipe uses sqlite. If you wish to use MariaDB instead:
--- a/compose.authentik.yml
+++ b/compose.authentik.yml
@ -0,0 +1,16 @@
 ---
 version: "3.8"
 services:
  app:
    secrets:
      - oauth_client_id
      - oauth_client_secret
 secrets:
  oauth_client_id:
    external: true
    name: ${STACK_NAME}_oauth_client_id_${OAUTH_CLIENT_ID_VERSION}
  oauth_client_secret:
    external: true
    name: ${STACK_NAME}_oauth_client_secret_${OAUTH_CLIENT_SECRET_VERSION}
--- a/compose.yml
+++ b/compose.yml
@ -30,7 +30,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
-        - "coop-cloud.${STACK_NAME}.version=0.1.0+latest"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+v0.16.0"
 volumes:
  local-data:
--- a/config.ini.tmpl
+++ b/config.ini.tmpl
@ -69,4 +69,21 @@ map_user_id        = sub
 map_username       = preferred_username
 map_display_name   =
 map_email          = email
 {{ else if eq (env "AUTHENTIK_ENABLED") "1" }}
 [oauth.generic]
 client_id          = {{ secret "oauth_client_id" }}
 client_secret      = {{ secret "oauth_client_secret" }}
 host               = {{ env "OAUTH_HOST" }}
 display_name       = {{ env "OAUTH_DISPLAY_NAME" }}
 callback_proxy     =
 callback_proxy_api =
 token_endpoint     = /application/o/token/
 inspect_endpoint   = /application/o/userinfo/
 auth_endpoint      = /application/o/authorize/
 scope              = openid profile email
 allow_disconnect   = false
 map_user_id        = sub
 map_username       = preferred_username
 map_display_name   =
 map_email          = email
 {{ end }}
--- a/release/1.0.0+v0.16.0
+++ b/release/1.0.0+v0.16.0
--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,6 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended"
  ]
 }
Author	SHA1	Message	Date
luisb	d39892feaa	Merge branch 'main' into feature/authentik-integration	2026-05-14 15:41:31 +00:00
Luis Barrueco	d5d3c1e553	feat: integrate authentik	2026-05-14 12:36:39 -03:00
cyrnel	4661b61938	Merge pull request 'chore: Configure Renovate' (#4 ) from renovate/configure into main Reviewed-on: coop-cloud/writefreely#4	2025-09-14 16:29:35 +00:00
Renovate Bot	e6aa5518c6	Add renovate.json	2025-09-14 16:27:14 +00:00
Mac Chaffee	20d883f772	chore: publish 1.0.0+v0.16.0 release	2025-09-11 18:07:27 -04:00
Mac Chaffee	972cdf6c91	fix: add more envs to drone, remove secret gen	2025-09-11 18:00:49 -04:00
Mac Chaffee	3f1c985dc6	fix: update config versions in .drone.yml	2025-09-11 17:52:07 -04:00
mac-chaffee	fdea96d548	Merge pull request 'feat: use sqlite by default' (#3 ) from default-sqlite into main Reviewed-on: coop-cloud/writefreely#3	2025-09-11 21:46:12 +00:00