219 lines
6.9 KiB
YAML
219 lines
6.9 KiB
YAML
authentik:
|
|
nextcloud:
|
|
uncomment:
|
|
- compose.nextcloud.yml
|
|
- NEXTCLOUD_DOMAIN
|
|
- SECRET_NEXTCLOUD_ID_VERSION
|
|
- SECRET_NEXTCLOUD_SECRET_VERSION
|
|
- nextcloud.png
|
|
wordpress:
|
|
uncomment:
|
|
- compose.wordpress.yml
|
|
- WORDPRESS_DOMAIN
|
|
- WORDPRESS_GROUP
|
|
- SECRET_WORDPRESS_ID_VERSION
|
|
- SECRET_WORDPRESS_SECRET_VERSION
|
|
- wordpress.png
|
|
matrix-synapse:
|
|
uncomment:
|
|
- compose.matrix.yml
|
|
- ELEMENT_DOMAIN
|
|
- SECRET_MATRIX_ID_VERSION
|
|
- SECRET_MATRIX_SECRET_VERSION
|
|
- matrix.svg
|
|
secrets:
|
|
matrix_id: matrix
|
|
wekan:
|
|
uncomment:
|
|
- compose.wekan.yml
|
|
- WEKAN_DOMAIN
|
|
- SECRET_WEKAN_ID_VERSION
|
|
- SECRET_WEKAN_SECRET_VERSION
|
|
- wekan.png
|
|
secrets:
|
|
wekan_id: wekan
|
|
vikunja:
|
|
uncomment:
|
|
- compose.vikunja.yml
|
|
- VIKUNJA_DOMAIN
|
|
- SECRET_VIKUNJA_ID_VERSION
|
|
- SECRET_VIKUNJA_SECRET_VERSION
|
|
- vikunja.svg
|
|
secrets:
|
|
vikunja_id: vikunja
|
|
monitoring:
|
|
uncomment:
|
|
- compose.monitoring.yml
|
|
- MONITORING_DOMAIN
|
|
- SECRET_MONITORING_ID_VERSION
|
|
- SECRET_MONITORING_SECRET_VERSION
|
|
- monitoring.png
|
|
outline:
|
|
uncomment:
|
|
- compose.outline.yml
|
|
- OUTLINE_DOMAIN
|
|
- SECRET_OUTLINE_ID_VERSION
|
|
- SECRET_OUTLINE_SECRET_VERSION
|
|
- outline.png
|
|
secrets:
|
|
outline_id: outline
|
|
rallly:
|
|
uncomment:
|
|
- compose.rallly.yml
|
|
- RALLLY_DOMAIN
|
|
- SECRET_RALLLY_ID_VERSION
|
|
- SECRET_RALLLY_SECRET_VERSION
|
|
- rallly.png
|
|
secrets:
|
|
rallly_id: rallly
|
|
hedgedoc:
|
|
uncomment:
|
|
- compose.hedgedoc.yml
|
|
- HEDGEDOC_DOMAIN
|
|
- SECRET_HEDGEDOC_ID_VERSION
|
|
- SECRET_HEDGEDOC_SECRET_VERSION
|
|
- hedgedoc.png
|
|
secrets:
|
|
hedgedoc_id: hedgedoc
|
|
nextcloud:
|
|
authentik:
|
|
uncomment:
|
|
- compose.authentik.yml
|
|
- AUTHENTIK_USER_PREFIX
|
|
- AUTHENTIK_DOMAIN
|
|
- SECRET_AUTHENTIK_SECRET_VERSION
|
|
- SECRET_AUTHENTIK_ID_VERSION
|
|
execute:
|
|
- app set_authentik
|
|
shared_secrets:
|
|
nextcloud_secret: authentik_secret
|
|
nextcloud_id: authentik_id
|
|
onlyoffice:
|
|
uncomment:
|
|
- ONLYOFFICE_URL
|
|
- SECRET_ONLYOFFICE_JWT_VERSION
|
|
execute:
|
|
- app install_onlyoffice
|
|
collabora:
|
|
uncomment:
|
|
- COLLABORA_URL
|
|
execute:
|
|
- app install_collabora
|
|
onlyoffice:
|
|
nextcloud:
|
|
uncomment:
|
|
- compose.jwt.yml
|
|
- SECRET_JWT_SECRET_VERSION
|
|
shared_secrets:
|
|
onlyoffice_jwt: jwt_secret
|
|
outline:
|
|
authentik:
|
|
env:
|
|
OIDC_CLIENT_ID: outline
|
|
OIDC_AUTH_URI: https://authentik.example.com/application/o/authorize/
|
|
OIDC_TOKEN_URI: https://authentik.example.com/application/o/token/
|
|
OIDC_USERINFO_URI: https://authentik.example.com/application/o/userinfo/
|
|
OIDC_DISPLAY_NAME: "Authentik"
|
|
uncomment:
|
|
- compose.oidc.yml
|
|
- OIDC_ENABLED
|
|
- OIDC_USERNAME_CLAIM
|
|
- OIDC_SCOPES
|
|
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
|
shared_secrets:
|
|
outline_secret: oidc_client_secret
|
|
wordpress:
|
|
authentik:
|
|
uncomment:
|
|
- compose.authentik.yml
|
|
- AUTHENTIK_DOMAIN
|
|
- SECRET_AUTHENTIK_SECRET_VERSION
|
|
- SECRET_AUTHENTIK_ID_VERSION
|
|
- LOGIN_TYPE
|
|
execute:
|
|
- app set_authentik
|
|
shared_secrets:
|
|
wordpress_secret: authentik_secret
|
|
wordpress_id: authentik_id
|
|
vikunja:
|
|
authentik:
|
|
env:
|
|
OAUTH_NAME: authentik
|
|
OAUTH_URL: https://authentik.example.com/application/o/vikunja/
|
|
OAUTH_LOGOUT_URL: https://authentik.example.com/application/o/vikunja/end-session/
|
|
# TODO: set CLIENT_ID as secret
|
|
OAUTH_CLIENT_ID: vikunja
|
|
uncomment:
|
|
- compose.oauth.yml
|
|
- OAUTH_ENABLED
|
|
- SECRET_OAUTH_SECRET_VERSION
|
|
shared_secrets:
|
|
#vikunja_id: oauth_id
|
|
vikunja_secret: oauth_secret
|
|
matrix-synapse:
|
|
authentik:
|
|
env:
|
|
KEYCLOAK_ID: authentik
|
|
KEYCLOAK_NAME: sso
|
|
KEYCLOAK_URL: https://authentik.example.com/application/o/matrix/
|
|
# TODO: correct client domain?
|
|
KEYCLOAK_CLIENT_DOMAIN: https://element-web.example.com
|
|
KEYCLOAK_ALLOW_EXISTING_USERS: "true"
|
|
# TODO: set CLIENT_ID as secret
|
|
KEYCLOAK_CLIENT_ID: matrix
|
|
uncomment:
|
|
- compose.keycloak.yml
|
|
- KEYCLOAK_ENABLED
|
|
- KEYCLOAK_CLIENT_ID
|
|
- SECRET_KEYCLOAK_CLIENT_SECRET_VERSION
|
|
shared_secrets:
|
|
matrix_secret: keycloak_client_secret
|
|
rallly:
|
|
authentik:
|
|
env:
|
|
OIDC_NAME: "Authentik"
|
|
OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
|
|
OIDC_CLIENT_ID: rallly
|
|
uncomment:
|
|
- compose.oidc.yml
|
|
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
|
- OIDC_ENABLED
|
|
wekan:
|
|
authentik:
|
|
env:
|
|
OAUTH2_ENABLED: "true"
|
|
OAUTH2_SERVER_URL: https://authentik.example.com
|
|
# TODO: set CLIENT_ID as secret
|
|
OAUTH2_CLIENT_ID: wekan
|
|
uncomment:
|
|
- OAUTH2_LOGIN_STYLE
|
|
- OAUTH2_AUTH_ENDPOINT
|
|
- OAUTH2_USERINFO_ENDPOINT
|
|
- OAUTH2_TOKEN_ENDPOINT
|
|
- OAUTH2_REQUEST_PERMISSIONS
|
|
- OAUTH2_ID_MAP
|
|
- OAUTH2_USERNAME_MAP
|
|
- OAUTH2_FULLNAME_MAP
|
|
- OAUTH2_EMAIL_MAP
|
|
- PROPAGATE_OIDC_DATA
|
|
- OIDC_REDIRECTION_ENABLED
|
|
shared_secrets:
|
|
wekan_secret: oauth2_secret
|
|
hedgedoc:
|
|
authentik:
|
|
env:
|
|
CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
|
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
|
CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
|
|
CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
|
|
# TODO: set CLIENT_ID as secret
|
|
CMD_OAUTH2_CLIENT_ID: hedgedoc
|
|
CMD_OAUTH2_PROVIDERNAME: Authentik
|
|
uncomment:
|
|
- compose.oauth.yml
|
|
- SECRET_OAUTH_KEY_VERSION
|
|
shared_secrets:
|
|
hedgedoc_secret: oauth_key
|