forked from coop-cloud/authentik
Compare commits
1 Commits
1.3.0+2022
...
0.7.0+2022
| Author | SHA1 | Date | |
|---|---|---|---|
| c07909575c |
@ -28,13 +28,8 @@ SECRET_EMAIL_PASS_VERSION=v1
|
||||
|
||||
# X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
|
||||
AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
|
||||
AUTHENTIK_IMPERSONATION=true
|
||||
|
||||
## FLOW OPTIONS
|
||||
WELCOME_MESSAGE="Welcome to Authentik"
|
||||
DEFAULT_LANGUAGE=en
|
||||
AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
||||
|
||||
EMAIL_SUBJECT="Account Recovery"
|
||||
EMAIL_TOKEN_EXPIRY_MINUTES=30
|
||||
|
||||
27
README.md
27
README.md
@ -9,7 +9,7 @@
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**: 0, work-in-progress
|
||||
* **Image**: [ghcr/goauthentik/server](https://ghcr.io/goauthentik/server), 4, upstream
|
||||
* **Image**: [ghcr/goauthentik/server](https://ghcr.io/goauthentik/server)
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: Yes
|
||||
* **Email**: Yes
|
||||
@ -20,17 +20,15 @@
|
||||
|
||||
## Quick start
|
||||
|
||||
* `abra app new authentik`
|
||||
* `abra app new authentik --secrets`
|
||||
* `abra app config <app-name>`
|
||||
* `abra app secret insert <app_name> email_pass v1 <password>`
|
||||
* `abra app secret generate -a <app_name>`
|
||||
* `abra app secret generate -a <app_name>
|
||||
* `abra app deploy <app-name>`
|
||||
* `abra app cmd <app_name> app set_admin_pass`
|
||||
|
||||
## Rotate Secrets
|
||||
|
||||
Increment the secret versions using `abra app config <app_name>`
|
||||
|
||||
```
|
||||
abra app secret generate -a <app_name>
|
||||
abra app undeploy <app_name>
|
||||
@ -41,21 +39,14 @@ abra app cmd <app_name> app set_admin_pass
|
||||
|
||||
## Customization
|
||||
|
||||
Place the files you want to overwrite in a directory `<assets_path>`.
|
||||
Run `abra app config <app_name>` and define the env variable `COPY_ASSETS` in the following format:
|
||||
|
||||
```
|
||||
"<source_file1>|<service>:<target_directory1> <source_file2>|<service>:<target_directory2> ...
|
||||
```
|
||||
|
||||
For example:
|
||||
|
||||
```
|
||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
|
||||
```
|
||||
|
||||
Run this command after every deploy/upgrade:
|
||||
|
||||
`abra app command --local <app-name> customize <assets_path>`
|
||||
|
||||
This command replaces the background image, the logo and the favicon with the following files placed in the `<assets_path>` directory:
|
||||
* `flow_background.jpg`
|
||||
* `icon_left_brand.svg`
|
||||
* `icon.png`
|
||||
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
|
||||
27
abra.sh
27
abra.sh
@ -1,5 +1,5 @@
|
||||
export CUSTOM_CSS_VERSION=v2
|
||||
export CUSTOM_FLOWS_VERSION=v3
|
||||
export CUSTOM_FLOWS_VERSION=v2
|
||||
|
||||
customize() {
|
||||
if [ -z "$1" ]
|
||||
@ -7,13 +7,22 @@ customize() {
|
||||
echo "Usage: ... customize <assets_path>"
|
||||
exit 1
|
||||
fi
|
||||
asset_dir=$1
|
||||
for asset in $COPY_ASSETS; do
|
||||
source=$(echo $asset | cut -d "|" -f1)
|
||||
target=$(echo $asset | cut -d "|" -f2)
|
||||
echo copy $source to $target
|
||||
abra app cp $APP_NAME $asset_dir/$source $target
|
||||
done
|
||||
# TODO: use env to specify source and target files
|
||||
if [ -e $1/flow_background.jpg ]
|
||||
then
|
||||
echo copy flow_background.jpg
|
||||
abra app cp $APP_NAME $1/flow_background.jpg app:/web/dist/assets/images/
|
||||
fi
|
||||
if [ -e $1/icon_left_brand.svg ]
|
||||
then
|
||||
echo copy icon_left_brand.svg
|
||||
abra app cp $APP_NAME $1/icon_left_brand.svg app:/web/dist/assets/icons/
|
||||
fi
|
||||
if [ -e $1/icon.png ]
|
||||
then
|
||||
echo copy icon.png
|
||||
abra app cp $APP_NAME $1/icon.png app:/web/dist/assets/icons/
|
||||
fi
|
||||
}
|
||||
|
||||
set_admin_pass() {
|
||||
@ -31,7 +40,7 @@ if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()
|
||||
token.key=key
|
||||
token.save()
|
||||
print('Changed authentik-bootstrap-token')
|
||||
else:
|
||||
else:
|
||||
Token.objects.create(
|
||||
identifier='authentik-bootstrap-token',
|
||||
user=akadmin,
|
||||
|
||||
@ -20,17 +20,14 @@ x-env: &env
|
||||
- AUTHENTIK_SETTINGS__THEME__BACKGROUND
|
||||
- AUTHENTIK_COLOR_BACKGROUND_LIGHT
|
||||
- AUTHENTIK_FOOTER_LINKS
|
||||
- AUTHENTIK_IMPERSONATION
|
||||
- WELCOME_MESSAGE
|
||||
- DEFAULT_LANGUAGE
|
||||
- EMAIL_SUBJECT
|
||||
- EMAIL_TOKEN_EXPIRY_MINUTES
|
||||
- DOMAIN
|
||||
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2022.12.2
|
||||
image: ghcr.io/goauthentik/server:2022.11.1
|
||||
command: server
|
||||
secrets:
|
||||
- db_password
|
||||
@ -70,10 +67,10 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.3.0+2022.12.2"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.7.0+2022.11.1"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2022.12.2
|
||||
image: ghcr.io/goauthentik/server:2022.11.1
|
||||
command: worker
|
||||
secrets:
|
||||
- db_password
|
||||
|
||||
@ -12,7 +12,7 @@ context:
|
||||
transl_name: {{ if eq (env "DEFAULT_LANGUAGE") "de" }} Vor- und Nachname {{ else }} Full name {{ end }}
|
||||
|
||||
entries:
|
||||
######## Email Recovery Flow ########
|
||||
######## Email Recovery Flow ########
|
||||
- identifiers:
|
||||
slug: default-recovery-flow
|
||||
id: recovery_flow
|
||||
@ -54,8 +54,8 @@ entries:
|
||||
model: authentik_stages_email.emailstage
|
||||
attrs:
|
||||
use_global_settings: true
|
||||
token_expiry: {{ env "EMAIL_TOKEN_EXPIRY_MINUTES" }}
|
||||
subject: "{{ env "EMAIL_SUBJECT" }}"
|
||||
token_expiry: 30
|
||||
subject: authentik
|
||||
template: email/password_reset.html
|
||||
activate_user_on_success: true
|
||||
- identifiers:
|
||||
@ -174,7 +174,7 @@ entries:
|
||||
|
||||
|
||||
|
||||
######## Authentication Flow ########
|
||||
######## Authentication Flow ########
|
||||
- attrs:
|
||||
designation: authentication
|
||||
name: custom-authentication-flow
|
||||
@ -236,7 +236,7 @@ entries:
|
||||
target: !KeyOf authentication_flow
|
||||
model: authentik_flows.flowstagebinding
|
||||
|
||||
######## Invitation Enrollment Flow ########
|
||||
######## Invitation Enrollment Flow ########
|
||||
- attrs:
|
||||
designation: enrollment
|
||||
name: invitation-enrollment-flow
|
||||
@ -336,7 +336,7 @@ entries:
|
||||
|
||||
######## System Tenant ##########
|
||||
- attrs:
|
||||
attributes:
|
||||
attributes:
|
||||
settings:
|
||||
locale: {{ env "DEFAULT_LANGUAGE" }}
|
||||
# branding_favicon: /static/dist/assets/icons/icon.png
|
||||
|
||||
Reference in New Issue
Block a user