forked from coop-cloud/authentik
Compare commits
8 Commits
4.1.1+2023
...
5.0.2+2024
| Author | SHA1 | Date | |
|---|---|---|---|
| 8d32814219 | |||
| 78cfd95198 | |||
| 4593eb6340 | |||
| 0419ed279d | |||
| abb49e7019 | |||
| 74f654c192 | |||
| 7a4daaf475 | |||
| b7605f6a87 |
@ -90,7 +90,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||
# SECRET_MONITORING_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png"
|
||||
|
||||
# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/", "Rallly":"https://rallly.example.cloud/"}'
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
|
||||
# RALLLY_DOMAIN=rallly.example.com
|
||||
# SECRET_RALLLY_ID_VERSION=v1
|
||||
# SECRET_RALLLY_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png"
|
||||
|
||||
# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
|
||||
# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
|
||||
# APP_ICONS="$APP_ICONS Rallly:~/.abra/recipes/authentik/icons/rallly.png"
|
||||
# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.jpg"
|
||||
|
||||
@ -169,7 +169,7 @@ The `abra.sh` function `apply_blueprints` needs to be executed to deactivate the
|
||||
- `default-source-enrollment-field-username`
|
||||
- Custom System Tenant
|
||||
- Default - Tenant
|
||||
- APPEND: `authentik_tenants.tenant domain: authentik-default`
|
||||
- APPEND: `authentik_brands.brand domain: authentik-default`
|
||||
- Recovery with email verification
|
||||
- USE:
|
||||
- `default-recovery-flow`
|
||||
|
||||
7
abra.sh
7
abra.sh
@ -1,16 +1,17 @@
|
||||
export CUSTOM_CSS_VERSION=v2
|
||||
export FLOW_AUTHENTICATION_VERSION=v3
|
||||
export FLOW_INVITATION_VERSION=v1
|
||||
export FLOW_INVITATION_VERSION=v2
|
||||
export FLOW_INVALIDATION_VERSION=v2
|
||||
export FLOW_RECOVERY_VERSION=v1
|
||||
export FLOW_TRANSLATION_VERSION=v2
|
||||
export SYSTEM_TENANT_VERSION=v2
|
||||
export FLOW_TRANSLATION_VERSION=v3
|
||||
export SYSTEM_TENANT_VERSION=v3
|
||||
export NEXTCLOUD_CONFIG_VERSION=v1
|
||||
export WORDPRESS_CONFIG_VERSION=v2
|
||||
export MATRIX_CONFIG_VERSION=v1
|
||||
export WEKAN_CONFIG_VERSION=v3
|
||||
export VIKUNJA_CONFIG_VERSION=v1
|
||||
export OUTLINE_CONFIG_VERSION=v1
|
||||
export RALLLY_CONFIG_VERSION=v1
|
||||
export MONITORING_CONFIG_VERSION=v1
|
||||
export DB_ENTRYPOINT_VERSION=v1
|
||||
|
||||
|
||||
26
compose.rallly.yml
Normal file
26
compose.rallly.yml
Normal file
@ -0,0 +1,26 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
worker:
|
||||
secrets:
|
||||
- rallly_id
|
||||
- rallly_secret
|
||||
environment:
|
||||
- RALLLY_DOMAIN
|
||||
configs:
|
||||
- source: rallly
|
||||
target: /blueprints/rallly.yaml
|
||||
|
||||
secrets:
|
||||
rallly_id:
|
||||
external: true
|
||||
name: ${STACK_NAME}_rallly_id_${SECRET_RALLLY_ID_VERSION}
|
||||
rallly_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_rallly_secret_${SECRET_RALLLY_SECRET_VERSION}
|
||||
|
||||
|
||||
configs:
|
||||
rallly:
|
||||
name: ${STACK_NAME}_rallly_${RALLLY_CONFIG_VERSION}
|
||||
file: rallly.yaml.tmpl
|
||||
template_driver: golang
|
||||
@ -32,7 +32,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2023.10.7
|
||||
image: ghcr.io/goauthentik/server:2024.2.2
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -76,11 +76,11 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=4.1.1+2023.10.7"
|
||||
- "coop-cloud.${STACK_NAME}.version=5.0.2+2024.2.2"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2023.10.7
|
||||
image: ghcr.io/goauthentik/server:2024.2.2
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
@ -402,4 +402,4 @@ entries:
|
||||
identifiers:
|
||||
pk: 047cce25-aae2-4b02-9f96-078e155f803d
|
||||
id: system_tenant
|
||||
model: authentik_tenants.tenant
|
||||
model: authentik_brands.brand
|
||||
|
||||
@ -24,6 +24,18 @@ entries:
|
||||
id: invitation-enrollment-flow
|
||||
model: authentik_flows.flow
|
||||
|
||||
### POLICIES
|
||||
- attrs:
|
||||
expression: |
|
||||
if not regex_match(request.context.get('prompt_data').get('username'), '\s'):
|
||||
return True
|
||||
ak_message("Username must not contain any whitespace!")
|
||||
return False
|
||||
id: username-without-spaces-policy
|
||||
identifiers:
|
||||
name: username-without-spaces-policy
|
||||
model: authentik_policies_expression.expressionpolicy
|
||||
|
||||
### STAGES
|
||||
- identifiers:
|
||||
name: invitation-stage
|
||||
@ -41,6 +53,8 @@ entries:
|
||||
- !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-email]]
|
||||
- !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password]]
|
||||
- !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password-repeat]]
|
||||
validation_policies:
|
||||
- !Find [ authentik_policies_expression.expressionpolicy, [name, username-without-spaces-policy]]
|
||||
|
||||
### STAGE BINDINGS
|
||||
- identifiers:
|
||||
|
||||
43
rallly.yaml.tmpl
Normal file
43
rallly.yaml.tmpl
Normal file
@ -0,0 +1,43 @@
|
||||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: rallly
|
||||
|
||||
entries:
|
||||
|
||||
- attrs:
|
||||
access_code_validity: minutes=1
|
||||
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
||||
client_id: {{ secret "rallly_id" }}
|
||||
client_secret: {{ secret "rallly_secret" }}
|
||||
client_type: confidential
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: per_provider
|
||||
name: Rallly
|
||||
property_mappings:
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
||||
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
||||
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
||||
sub_mode: hashed_user_id
|
||||
token_validity: days=30
|
||||
conditions: []
|
||||
id: rallly_provider
|
||||
identifiers:
|
||||
pk: 9995
|
||||
model: authentik_providers_oauth2.oauth2provider
|
||||
state: present
|
||||
|
||||
- attrs:
|
||||
meta_launch_url: https://{{ env "RALLLY_DOMAIN" }}
|
||||
open_in_new_tab: true
|
||||
policy_engine_mode: any
|
||||
provider: !KeyOf rallly_provider
|
||||
slug: rallly
|
||||
conditions: []
|
||||
id: rallly_application
|
||||
identifiers:
|
||||
name: Rallly
|
||||
model: authentik_core.application
|
||||
state: present
|
||||
1
release/5.0.0+2024.2.2
Normal file
1
release/5.0.0+2024.2.2
Normal file
@ -0,0 +1 @@
|
||||
Blueprint changes are applied and automatic migrations should work, however, manual action may be required: https://docs.goauthentik.io/docs/releases/2024.2
|
||||
@ -21,7 +21,7 @@ entries:
|
||||
# remove custom tenant from old recipe
|
||||
- identifiers:
|
||||
domain: {{ env "DOMAIN" }}
|
||||
model: authentik_tenants.tenant
|
||||
model: authentik_brands.brand
|
||||
state: absent
|
||||
|
||||
- attrs:
|
||||
@ -32,4 +32,4 @@ entries:
|
||||
identifiers:
|
||||
default: true
|
||||
domain: authentik-default
|
||||
model: authentik_tenants.tenant
|
||||
model: authentik_brands.brand
|
||||
|
||||
Reference in New Issue
Block a user