Use AUTHENTIK_BOOTSTRAP_PASSWORD env instead of set_admin_pass function

.env.sample

@@ -1,7 +1,7 @@
 TYPE=authentik
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
-# POST_DEPLOY_CMDS="worker set_admin_pass|worker apply_blueprints|worker add_applications"
+# POST_DEPLOY_CMDS="worker worker apply_blueprints|worker add_applications"
 LETS_ENCRYPT_ENV=production
 
 DOMAIN=authentik.example.com
@@ -17,9 +17,6 @@ AUTHENTIK_LOG_LEVEL=info
 ## Outpost Integration
 # COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
 
-## ADMIN
-AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
-
 ## EMAIL
 AUTHENTIK_EMAIL__HOST=smtp
 AUTHENTIK_EMAIL__PORT=587
@@ -96,13 +93,13 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
 # KIMAI_DOMAIN=kimai.example.com
 # SECRET_KIMAI_ID_VERSION=v1
 # SECRET_KIMAI_SECRET_VERSION=v1
-# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png"
+# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai.png"
 
 # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
 # MONITORING_DOMAIN=monitoring.example.com
 # SECRET_MONITORING_ID_VERSION=v1
 # SECRET_MONITORING_SECRET_VERSION=v1
-# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg"
+# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png"
 
 # COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
 # RALLLY_DOMAIN=rallly.example.com

README.md

@@ -35,7 +35,6 @@ abra app secret generate -a <app_name>
 abra app undeploy <app_name>
 abra app deploy <app_name>
 abra app cmd <app_name> db rotate_db_pass
-abra app cmd <app_name> app set_admin_pass
 ```
 
 ## Add SSO for Nextcloud

abra.sh

@@ -14,7 +14,7 @@ export OUTLINE_CONFIG_VERSION=v2
 export KIMAI_CONFIG_VERSION=v1
 export RALLLY_CONFIG_VERSION=v2
 export HEDGEDOC_CONFIG_VERSION=v1
-export MONITORING_CONFIG_VERSION=v2
+export MONITORING_CONFIG_VERSION=v1
 export DB_ENTRYPOINT_VERSION=v1
 
 customize() {
@@ -73,30 +73,7 @@ with open('/tmp/$1', newline='') as file:
 }
 
 set_admin_pass() {
-password=$(cat /run/secrets/admin_pass)
+echo "The set_admin_pass function is depricated"
-token=$(cat /run/secrets/admin_token)
-/manage.py shell -c """
-akadmin = User.objects.get(username='akadmin')
-akadmin.set_password('$password')
-akadmin.save()
-print('Changed akadmin password')
-
-from authentik.core.models import TokenIntents
-key='$token'
-if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
-    token.key=key
-    token.save()
-    print('Changed authentik-bootstrap-token')
-else:
-    Token.objects.create(
-        identifier='authentik-bootstrap-token',
-        user=akadmin,
-        intent=TokenIntents.INTENT_API,
-        expiring=False,
-        key=key,
-    )
-    print('Created authentik-bootstrap-token')
-""" 2>&1 | quieten
 }
 
 rotate_db_pass() {

alaconnect.yml

@@ -40,7 +40,7 @@ vikunja:
         - vikunja.svg
     secrets:
         vikunja_id: vikunja
-monitoring-ng:
+monitoring:
     uncomment:
         - compose.monitoring.yml
         - MONITORING_DOMAIN

compose.yml

@@ -8,6 +8,8 @@ x-env: &env
     - AUTHENTIK_REDIS__HOST=redis
     - AUTHENTIK_ERROR_REPORTING__ENABLED
     - AUTHENTIK_SECRET_KEY=file:///run/secrets/secret_key
+    - AUTHENTIK_BOOTSTRAP_PASSWORD=file:///run/secrets/admin_pass
+    - AUTHENTIK_BOOTSTRAP_TOKEN=file:///run/secrets/admin_token
     - AUTHENTIK_EMAIL__HOST
     - AUTHENTIK_EMAIL__PORT
     - AUTHENTIK_EMAIL__USERNAME
@@ -21,7 +23,6 @@ x-env: &env
     - AUTHENTIK_COLOR_BACKGROUND_LIGHT
     - AUTHENTIK_FOOTER_LINKS
     - AUTHENTIK_IMPERSONATION
-    - AUTHENTIK_BOOTSTRAP_EMAIL
     - WELCOME_MESSAGE
     - DEFAULT_LANGUAGE
     - EMAIL_SUBJECT
@@ -33,7 +34,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2024.6.2
+    image: ghcr.io/goauthentik/server:2024.4.2
     command: server
     depends_on:
       - db
@@ -52,13 +53,16 @@ services:
       - internal
       - proxy
     healthcheck:
-      test: "ak healthcheck"
+      test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/9000; exit $$?;'"
       interval: 30s
-      timeout: 30s
+      timeout: 10s
       retries: 10
       start_period: 5m
     environment: *env
     deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
       labels:
         - "traefik.enable=true"
         - "traefik.docker.network=proxy"
@@ -71,11 +75,11 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=6.3.1+2024.6.2"
+        - "coop-cloud.${STACK_NAME}.version=6.1.1+2024.4.2"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2024.6.2
+    image: ghcr.io/goauthentik/server:2024.4.2
     command: worker
     depends_on:
       - db
@@ -108,12 +112,6 @@ services:
       - source: flow_invalidation
         target: /blueprints/6_flow_invalidation.yaml
     environment: *env
-    healthcheck:
-      test: "ak healthcheck"
-      interval: 30s
-      timeout: 30s
-      retries: 10
-      start_period: 5m
 
   db:
     image: postgres:15.7
@@ -147,7 +145,7 @@ services:
           backupbot.backup.path: "/var/lib/postgresql/data"
 
   redis:
-    image:  redis:7.4.0-alpine
+    image:  redis:7.2.4-alpine
     networks:
       - internal
     healthcheck:

monitoring.yaml.tmpl

@@ -25,7 +25,7 @@ entries:
   conditions: []
   id: monitoring_provider
   identifiers:
-    pk: 9990
+    pk: 9994
   model: authentik_providers_oauth2.oauth2provider
   state: present