From b95df148f85ee20af6971252e1f724faa57048ab Mon Sep 17 00:00:00 2001
From: Simon <simonthiessen@posteo.de>
Date: Mon, 15 Jan 2024 16:52:40 +0100
Subject: [PATCH] upgrade to v3.5 and add OIDC

---
 .env.sample        |  9 +++++++++
 compose.oidc.yml   | 16 ++++++++++++++++
 compose.yml        |  7 +++++--
 entrypoint.sh.tmpl |  5 +++++
 4 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 compose.oidc.yml

diff --git a/.env.sample b/.env.sample
index 90dcefe..bb61f3f 100644
--- a/.env.sample
+++ b/.env.sample
@@ -7,6 +7,8 @@ DOMAIN=rallly.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.rallly.example.com`'
 
+COMPOSE_FILE="compose.yml"
+
 LETS_ENCRYPT_ENV=production
 
 SECRET_SECRET_KEY_VERSION=v1
@@ -18,3 +20,10 @@ SMTP_HOST=mail.example.com
 SMTP_PORT=465
 SMTP_SECURE=true
 SMTP_USER=noreply@example.com
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
+#OIDC_ENABLED=1
+#OIDC_NAME= #The user-facing name of your provider as it will be shown on the login page
+#OIDC_DISCOVERY_URL= #URL of the .well-known/openid-configuration endpoint for your OIDC provider
+#OIDC_CLIENT_ID=
+#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
\ No newline at end of file
diff --git a/compose.oidc.yml b/compose.oidc.yml
new file mode 100644
index 0000000..68fbca9
--- /dev/null
+++ b/compose.oidc.yml
@@ -0,0 +1,16 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - oidc_client_secret
+    environment:
+      - OIDC_ENABLED
+      - OIDC_NAME
+      - OIDC_DISCOVERY_URL
+      - OIDC_CLIENT_ID
+secrets:
+  oidc_client_secret:
+    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
+    external: true
diff --git a/compose.yml b/compose.yml
index 27c76eb..cc24f65 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,8 @@ version: "3.8"
 
 services:
   app:
-    image: lukevella/rallly:2.11.1
+    image: lukevella/rallly:3.5.0
+    hostname: 0.0.0.0
     networks:
       - proxy
       - internal
@@ -16,7 +17,9 @@ services:
     environment:
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
       - DATABASE=rallly_db:5432/db
-      - NEXT_PUBLIC_BASE_URL=${DOMAIN}
+      - NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
+      - NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
+      - NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
       - SECRET_PASSWORD_FILE=/run/secrets/secret_key
       - SUPPORT_EMAIL
       - SMTP_HOST
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 365c18f..359105d 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+{{ if eq (env "OIDC_ENABLED") "1" }}
+export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
+{{ end }}
+
 set -eu
 
 file_env() {
@@ -26,6 +30,7 @@ file_env() {
 file_env "SECRET_PASSWORD"
 file_env "SMTP_PWD"
 file_env "POSTGRES_PASSWORD"
+file_env "OIDC_CLIENT_SECRET"
 
 export DATABASE_URL=postgres://postgres:$POSTGRES_PASSWORD@$DATABASE