diff --git a/.env.sample b/.env.sample index 1468df1..37347cd 100644 --- a/.env.sample +++ b/.env.sample @@ -84,6 +84,12 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/" # SECRET_OUTLINE_SECRET_VERSION=v1 # APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png" +# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml" +# KIMAI_DOMAIN=kimai.example.com +# SECRET_KIMAI_ID_VERSION=v1 +# SECRET_KIMAI_SECRET_VERSION=v1 +# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai.png" + # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml" # MONITORING_DOMAIN=monitoring.example.com # SECRET_MONITORING_ID_VERSION=v1 diff --git a/abra.sh b/abra.sh index 858a449..9f5446a 100644 --- a/abra.sh +++ b/abra.sh @@ -11,6 +11,7 @@ export MATRIX_CONFIG_VERSION=v1 export WEKAN_CONFIG_VERSION=v3 export VIKUNJA_CONFIG_VERSION=v1 export OUTLINE_CONFIG_VERSION=v2 +export KIMAI_CONFIG_VERSION=v1 export RALLLY_CONFIG_VERSION=v2 export HEDGEDOC_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1 diff --git a/compose.kimai.yml b/compose.kimai.yml new file mode 100644 index 0000000..83db73d --- /dev/null +++ b/compose.kimai.yml @@ -0,0 +1,14 @@ +version: "3.8" +services: + worker: + environment: + - KIMAI_DOMAIN + configs: + - source: kimai + target: /blueprints/kimai.yaml + +configs: + kimai: + name: ${STACK_NAME}_kimai_${KIMAI_CONFIG_VERSION} + file: kimai.yaml.tmpl + template_driver: golang diff --git a/icons/kimai_logo.png b/icons/kimai_logo.png new file mode 100644 index 0000000..a0335a0 Binary files /dev/null and b/icons/kimai_logo.png differ diff --git a/kimai.yaml.tmpl b/kimai.yaml.tmpl new file mode 100644 index 0000000..59e2e9f --- /dev/null +++ b/kimai.yaml.tmpl @@ -0,0 +1,48 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: kimai + +entries: +- attrs: + acs_url: https://{{ env "KIMAI_DOMAIN" }}/auth/saml/acs + assertion_valid_not_before: minutes=-5 + assertion_valid_not_on_or_after: minutes=5 + audience: https://{{ env "KIMAI_DOMAIN" }}/auth/saml + authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]] + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256 + issuer: https://{{ env "DOMAIN" }} + name: Kimai + name_id_mapping: !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]] + property_mappings: + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Name"]] + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Email"]] + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: User ID"]] + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]] + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Groups"]] + - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: UPN"]] + session_valid_not_on_or_after: minutes=86400 + signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 + signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sp_binding: post + conditions: [] + id: kimai_provider + identifiers: + pk: 9991 + model: authentik_providers_saml.samlprovider + state: present + +- attrs: + meta_launch_url: https://{{ env "KIMAI_DOMAIN" }} + open_in_new_tab: true + policy_engine_mode: any + provider: !KeyOf kimai_provider + slug: kimai + conditions: [] + id: kimai_application + identifiers: + name: Kimai + model: authentik_core.application + state: present \ No newline at end of file