forked from coop-cloud/authentik
Compare commits
13 Commits
1.3.0+2022
...
2.0.0+2023
| Author | SHA1 | Date | |
|---|---|---|---|
| 41396da668 | |||
| 2d732e243b | |||
| 2f231fb22e | |||
| c9f0db95dd | |||
| be0d41d9cd | |||
| 0548a00902 | |||
| 312d8f786d | |||
| b10fe24031 | |||
| 390043cf71 | |||
| 0c54677f57 | |||
| 34cf7e3f65 | |||
| bf6d25d9f7 | |||
| 99a90147ac |
45
.drone.yml
Normal file
45
.drone.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: deploy to swarm-test.autonomic.zone
|
||||||
|
steps:
|
||||||
|
- name: deployment
|
||||||
|
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||||
|
settings:
|
||||||
|
host: swarm-test.autonomic.zone
|
||||||
|
stack: authentik
|
||||||
|
generate_secrets: true
|
||||||
|
purge: true
|
||||||
|
deploy_key:
|
||||||
|
from_secret: drone_ssh_swarm_test
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
environment:
|
||||||
|
DOMAIN: authentik.swarm-test.autonomic.zone
|
||||||
|
STACK_NAME: authentik
|
||||||
|
LETS_ENCRYPT_ENV: production
|
||||||
|
CUSTOM_CSS_VERSION: v1
|
||||||
|
CUSTOM_FLOWS_VERSION: v1
|
||||||
|
SECRET_SECRET_KEY_VERSION: v1
|
||||||
|
SECRET_DB_PASSWORD_VERSION: v1
|
||||||
|
SECRET_ADMIN_TOKEN_VERSION: v1
|
||||||
|
SECRET_ADMIN_PASS_VERSION: v1
|
||||||
|
SECRET_EMAIL_PASS_VERSION: v1
|
||||||
|
trigger:
|
||||||
|
branch:
|
||||||
|
- main
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: generate recipe catalogue
|
||||||
|
steps:
|
||||||
|
- name: release a new version
|
||||||
|
image: plugins/downstream
|
||||||
|
settings:
|
||||||
|
server: https://build.coopcloud.tech
|
||||||
|
token:
|
||||||
|
from_secret: drone_abra-bot_token
|
||||||
|
fork: true
|
||||||
|
repositories:
|
||||||
|
- coop-cloud/auto-recipes-catalogue-json
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event: tag
|
||||||
@ -34,7 +34,12 @@ AUTHENTIK_IMPERSONATION=true
|
|||||||
WELCOME_MESSAGE="Welcome to Authentik"
|
WELCOME_MESSAGE="Welcome to Authentik"
|
||||||
DEFAULT_LANGUAGE=en
|
DEFAULT_LANGUAGE=en
|
||||||
AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
LOGOUT_REDIRECT="https://$DOMAIN"
|
||||||
|
#COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
|
||||||
|
#COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/
|
||||||
|
#COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||||
|
|
||||||
EMAIL_SUBJECT="Account Recovery"
|
EMAIL_SUBJECT="Account Recovery"
|
||||||
EMAIL_TOKEN_EXPIRY_MINUTES=30
|
EMAIL_TOKEN_EXPIRY_MINUTES=30
|
||||||
|
|
||||||
|
LOGOUT_REDIRECT=$DOMAIN
|
||||||
|
|||||||
@ -51,7 +51,9 @@ Run `abra app config <app_name>` and define the env variable `COPY_ASSETS` in th
|
|||||||
For example:
|
For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
|
||||||
|
COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/
|
||||||
|
COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||||
```
|
```
|
||||||
|
|
||||||
Run this command after every deploy/upgrade:
|
Run this command after every deploy/upgrade:
|
||||||
|
|||||||
2
abra.sh
2
abra.sh
@ -1,5 +1,5 @@
|
|||||||
export CUSTOM_CSS_VERSION=v2
|
export CUSTOM_CSS_VERSION=v2
|
||||||
export CUSTOM_FLOWS_VERSION=v3
|
export CUSTOM_FLOWS_VERSION=v4
|
||||||
|
|
||||||
customize() {
|
customize() {
|
||||||
if [ -z "$1" ]
|
if [ -z "$1" ]
|
||||||
|
|||||||
14
compose.yml
14
compose.yml
@ -26,11 +26,12 @@ x-env: &env
|
|||||||
- EMAIL_SUBJECT
|
- EMAIL_SUBJECT
|
||||||
- EMAIL_TOKEN_EXPIRY_MINUTES
|
- EMAIL_TOKEN_EXPIRY_MINUTES
|
||||||
- DOMAIN
|
- DOMAIN
|
||||||
|
- LOGOUT_REDIRECT
|
||||||
|
|
||||||
version: '3.8'
|
version: '3.8'
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: ghcr.io/goauthentik/server:2022.12.2
|
image: ghcr.io/goauthentik/server:2023.2.3
|
||||||
command: server
|
command: server
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
@ -70,10 +71,10 @@ services:
|
|||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=1.3.0+2022.12.2"
|
- "coop-cloud.${STACK_NAME}.version=2.0.0+2023.2.3"
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ghcr.io/goauthentik/server:2022.12.2
|
image: ghcr.io/goauthentik/server:2023.2.3
|
||||||
command: worker
|
command: worker
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
@ -91,13 +92,14 @@ services:
|
|||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- custom-templates:/templates
|
- custom-templates:/templates
|
||||||
- /dev/null:/blueprints/default/10-flow-default-authentication-flow.yaml
|
- /dev/null:/blueprints/default/10-flow-default-authentication-flow.yaml
|
||||||
|
- /dev/null:/blueprints/default/10-flow-default-invalidation-flow.yaml
|
||||||
configs:
|
configs:
|
||||||
- source: custom_flows
|
- source: custom_flows
|
||||||
target: /blueprints/custom_flows.yaml
|
target: /blueprints/custom_flows.yaml
|
||||||
environment: *env
|
environment: *env
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:12.13-alpine
|
image: postgres:12.14-alpine
|
||||||
secrets:
|
secrets:
|
||||||
- db_password
|
- db_password
|
||||||
volumes:
|
volumes:
|
||||||
@ -117,12 +119,12 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
backupbot.backup: "true"
|
backupbot.backup: "true"
|
||||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$(cat /run/secrets/db_password) pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > /tmp/backup/backup.sql"
|
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||||
backupbot.backup.path: "/tmp/backup/"
|
backupbot.backup.path: "/tmp/backup/"
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
image: redis:7.0.5-alpine
|
image: redis:7.0.9-alpine
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
@ -334,6 +334,55 @@ entries:
|
|||||||
target: !KeyOf invitation-enrollment-flow
|
target: !KeyOf invitation-enrollment-flow
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
|
|
||||||
|
######## Invalidation Flow ########
|
||||||
|
- identifiers:
|
||||||
|
slug: logout-flow
|
||||||
|
id: logout-flow
|
||||||
|
model: authentik_flows.flow
|
||||||
|
attrs:
|
||||||
|
name: Logout
|
||||||
|
title: Logout Flow
|
||||||
|
designation: invalidation
|
||||||
|
|
||||||
|
### STAGES
|
||||||
|
|
||||||
|
- id: logout-stage
|
||||||
|
identifiers:
|
||||||
|
name: logout-stage
|
||||||
|
model: authentik_stages_user_logout.userlogoutstage
|
||||||
|
|
||||||
|
### STAGE BINDINGS
|
||||||
|
|
||||||
|
- identifiers:
|
||||||
|
order: 0
|
||||||
|
stage: !KeyOf logout-stage
|
||||||
|
target: !KeyOf logout-flow
|
||||||
|
model: authentik_flows.flowstagebinding
|
||||||
|
attrs:
|
||||||
|
re_evaluate_policies: true
|
||||||
|
id: logout-stage-binding
|
||||||
|
|
||||||
|
### POLICIES
|
||||||
|
- attrs:
|
||||||
|
execution_logging: true
|
||||||
|
expression: 'context[''flow_plan''].context[''redirect''] = ''{{ env "LOGOUT_REDIRECT" }}''
|
||||||
|
|
||||||
|
return True'
|
||||||
|
identifiers:
|
||||||
|
name: redirect-policy
|
||||||
|
id: redirect-policy
|
||||||
|
model: authentik_policies_expression.expressionpolicy
|
||||||
|
|
||||||
|
### POLICY BINDINGS
|
||||||
|
- identifiers:
|
||||||
|
policy: !KeyOf redirect-policy
|
||||||
|
target: !KeyOf logout-stage-binding
|
||||||
|
order: 0
|
||||||
|
model: authentik_policies.policybinding
|
||||||
|
attrs:
|
||||||
|
enabled: {{ if eq (env "LOGOUT_REDIRECT") "" }} false {{ else }} true {{ end }}
|
||||||
|
timeout: 30
|
||||||
|
|
||||||
######## System Tenant ##########
|
######## System Tenant ##########
|
||||||
- attrs:
|
- attrs:
|
||||||
attributes:
|
attributes:
|
||||||
@ -347,7 +396,7 @@ entries:
|
|||||||
# event_retention: days=365
|
# event_retention: days=365
|
||||||
flow_authentication: !KeyOf authentication_flow
|
flow_authentication: !KeyOf authentication_flow
|
||||||
flow_recovery: !KeyOf recovery_flow
|
flow_recovery: !KeyOf recovery_flow
|
||||||
flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
|
flow_invalidation: !KeyOf logout-flow
|
||||||
flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
|
flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
|
||||||
identifiers:
|
identifiers:
|
||||||
pk: 047cce25-aae2-4b02-9f96-078e155f803d
|
pk: 047cce25-aae2-4b02-9f96-078e155f803d
|
||||||
|
|||||||
@ -1,53 +0,0 @@
|
|||||||
{% extends "email/base.html" %}
|
|
||||||
|
|
||||||
{% load i18n %}
|
|
||||||
{% load humanize %}
|
|
||||||
|
|
||||||
{% block content %}
|
|
||||||
<tr>
|
|
||||||
<td class="alert alert-success">
|
|
||||||
{% blocktrans with username=user.username %}
|
|
||||||
Herzlich Willkommen {{ username }},
|
|
||||||
{% endblocktrans %}
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td class="content-wrap">
|
|
||||||
<table width="100%" cellpadding="0" cellspacing="0">
|
|
||||||
<tr>
|
|
||||||
<td class="content-block">
|
|
||||||
{% blocktrans %}
|
|
||||||
Klicke auf folgenden Link um ein Passwort für deinen Account zu erstellen:
|
|
||||||
{% endblocktrans %}
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td class="content-block">
|
|
||||||
<table role="presentation" border="0" cellpadding="0" cellspacing="0" class="btn btn-primary">
|
|
||||||
<tbody>
|
|
||||||
<tr>
|
|
||||||
<td align="center">
|
|
||||||
<table role="presentation" border="0" cellpadding="0" cellspacing="0">
|
|
||||||
<tbody>
|
|
||||||
<tr>
|
|
||||||
<td> <a id="confirm" href="{{ url }}" rel="noopener noreferrer" target="_blank">Passwort Erstellen</a> </td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td class="content-block">
|
|
||||||
{% blocktrans with expires=expires|naturaltime %}
|
|
||||||
Falls du diese E-Mail fälschlicherweise erhalten hast, ignoriere sie bitte. Der obige Link ist gültig für: {{ expires }}.
|
|
||||||
{% endblocktrans %}
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
{% endblock %}
|
|
||||||
2
releases/2.0.0+2023.2.3
Normal file
2
releases/2.0.0+2023.2.3
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Logout URL changes from `https://login.example.org/if/flow/default-invalidation-flow/` to `https://login.example.org/if/flow/logout-flow/`
|
||||||
|
Replace it in any app that uses this logout url.
|
||||||
Reference in New Issue
Block a user