chore: publish 6.4.0+2024.6.3 release

chore: publish 6.3.1+2024.6.2 release
fix app icon paths
2024-08-06 16:23:31 +02:00 · 2024-08-01 13:21:39 -04:00 · 2024-07-17 14:42:25 +02:00 · 2024-07-17 14:27:34 +02:00 · 2024-07-17 13:43:12 +02:00 · 2024-07-17 12:53:15 +02:00
11 changed files with 188 additions and 14 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -30,6 +30,7 @@ steps:
      SECRET_ADMIN_TOKEN_VERSION: v1
      SECRET_ADMIN_PASS_VERSION: v1
      SECRET_EMAIL_PASS_VERSION: v1
+      DB_ENTRYPOINT_VERSION: v1
 trigger:
  branch:
    - main
--- a/.env.sample
+++ b/.env.sample
@ -17,6 +17,9 @@ AUTHENTIK_LOG_LEVEL=info
 ## Outpost Integration
 # COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"

+## ADMIN
+AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com
+
 ## EMAIL
 AUTHENTIK_EMAIL__HOST=smtp
 AUTHENTIK_EMAIL__PORT=587
@ -89,11 +92,17 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
 # SECRET_OUTLINE_SECRET_VERSION=v1
 # APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"

+# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
+# KIMAI_DOMAIN=kimai.example.com
+# SECRET_KIMAI_ID_VERSION=v1
+# SECRET_KIMAI_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png"
+
 # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
 # MONITORING_DOMAIN=monitoring.example.com
 # SECRET_MONITORING_ID_VERSION=v1
 # SECRET_MONITORING_SECRET_VERSION=v1
-# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png"
+# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg"

 # COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
 # RALLLY_DOMAIN=rallly.example.com
--- a/abra.sh
+++ b/abra.sh
@ -11,9 +11,10 @@ export MATRIX_CONFIG_VERSION=v1
 export WEKAN_CONFIG_VERSION=v3
 export VIKUNJA_CONFIG_VERSION=v1
 export OUTLINE_CONFIG_VERSION=v2
+export KIMAI_CONFIG_VERSION=v1
 export RALLLY_CONFIG_VERSION=v2
 export HEDGEDOC_CONFIG_VERSION=v1
-export MONITORING_CONFIG_VERSION=v1
+export MONITORING_CONFIG_VERSION=v2
 export DB_ENTRYPOINT_VERSION=v1

 customize() {
@ -55,15 +56,19 @@ with open('/tmp/$1', newline='') as file:
    email = row[2].strip()
    groups = row[3].split(';')
    if User.objects.filter(username=username):
+        print(f'{username} already exists')
        continue
    new_user = User.objects.create(name=name, username=username, email=email)
+    print(f'{username} created')
    for group_name in groups:
        group_name = group_name.strip()
        if Group.objects.filter(name=group_name):
            group = Group.objects.get(name=group_name)
        else:
            group = Group.objects.create(name=group_name)
+            print(f'{group_name} created')
        group.users.add(new_user)
+        print(f'add {username} to group {group_name}')
 """ 2>&1 | quieten
 }

@ -171,7 +176,9 @@ for name, url in applications.items():


 quieten(){
-    grep -v -e '{"event"' -e '{"action"'
+    # 'SyntaxWarning|version_regex|"http\['
+    # is a workaround to get rid of some verbose syntax warnings, this might be fixed with another version
+    grep -Pv '"level": "(info|debug)"|SyntaxWarning|version_regex|"http\[|RuntimeWarning:'
 }

 add_email_templates(){
@ -222,3 +229,16 @@ Brand.objects.filter(default=True).delete()
 """ 2>&1 | quieten
 apply_blueprints
 }
+
+get_certificate() {
+/manage.py shell -c """
+provider_name='$1'
+if not provider_name:
+    print('no Provider Name given')
+    exit(1)
+provider = Provider.objects.filter(name=provider_name).first()
+saml = provider.samlprovider
+cert = saml.signing_kp
+print(''.join(cert.certificate_data.splitlines()[1:-1]))
+""" 2>&1 | quieten
+}
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -0,0 +1,76 @@
+nextcloud:
+    uncomment:
+        - compose.nextcloud.yml
+        - NEXTCLOUD_DOMAIN
+        - SECRET_NEXTCLOUD_ID_VERSION
+        - SECRET_NEXTCLOUD_SECRET_VERSION
+        - nextcloud.png
+wordpress:
+    uncomment:
+        - compose.wordpress.yml
+        - WORDPRESS_DOMAIN
+        - WORDPRESS_GROUP
+        - SECRET_WORDPRESS_ID_VERSION
+        - SECRET_WORDPRESS_SECRET_VERSION
+        - wordpress.png
+matrix-synapse:
+    uncomment:
+        - compose.matrix.yml
+        - ELEMENT_DOMAIN
+        - SECRET_MATRIX_ID_VERSION
+        - SECRET_MATRIX_SECRET_VERSION
+        - matrix.svg
+    secrets:
+        matrix_id: matrix
+wekan:
+    uncomment:
+        - compose.wekan.yml
+        - WEKAN_DOMAIN
+        - SECRET_WEKAN_ID_VERSION
+        - SECRET_WEKAN_SECRET_VERSION
+        - wekan.png
+    secrets:
+        wekan_id: wekan
+vikunja:
+    uncomment:
+        - compose.vikunja.yml
+        - VIKUNJA_DOMAIN
+        - SECRET_VIKUNJA_ID_VERSION
+        - SECRET_VIKUNJA_SECRET_VERSION
+        - vikunja.svg
+    secrets:
+        vikunja_id: vikunja
+monitoring-ng:
+    uncomment:
+        - compose.monitoring.yml
+        - MONITORING_DOMAIN
+        - SECRET_MONITORING_ID_VERSION
+        - SECRET_MONITORING_SECRET_VERSION
+        - monitoring.png
+outline:
+    uncomment:
+        - compose.outline.yml
+        - OUTLINE_DOMAIN
+        - SECRET_OUTLINE_ID_VERSION
+        - SECRET_OUTLINE_SECRET_VERSION
+        - outline.png
+    secrets:
+        outline_id: outline
+rallly:
+    uncomment:  
+        - compose.rallly.yml
+        - RALLLY_DOMAIN
+        - SECRET_RALLLY_ID_VERSION
+        - SECRET_RALLLY_SECRET_VERSION
+        - rallly.png
+    secrets:
+        rallly_id: rallly
+hedgedoc:
+    uncomment:  
+        - compose.hedgedoc.yml
+        - HEDGEDOC_DOMAIN
+        - SECRET_HEDGEDOC_ID_VERSION
+        - SECRET_HEDGEDOC_SECRET_VERSION
+        - hedgedoc.png
+    secrets:
+        hedgedoc_id: hedgedoc
--- a/compose.kimai.yml
+++ b/compose.kimai.yml
@ -0,0 +1,14 @@
+version: "3.8"
+services:
+  worker:
+    environment:
+      - KIMAI_DOMAIN
+    configs:
+      - source: kimai
+        target: /blueprints/kimai.yaml
+
+configs:
+  kimai:
+    name: ${STACK_NAME}_kimai_${KIMAI_CONFIG_VERSION}
+    file: kimai.yaml.tmpl
+    template_driver: golang
--- a/compose.yml
+++ b/compose.yml
@ -21,6 +21,7 @@ x-env: &env
    - AUTHENTIK_COLOR_BACKGROUND_LIGHT
    - AUTHENTIK_FOOTER_LINKS
    - AUTHENTIK_IMPERSONATION
+    - AUTHENTIK_BOOTSTRAP_EMAIL
    - WELCOME_MESSAGE
    - DEFAULT_LANGUAGE
    - EMAIL_SUBJECT
@ -32,7 +33,7 @@ x-env: &env
 version: '3.8'
 services:
  app:
-    image: ghcr.io/goauthentik/server:2024.4.0
+    image: ghcr.io/goauthentik/server:2024.6.3
    command: server
    depends_on:
      - db
@ -51,16 +52,13 @@ services:
      - internal
      - proxy
    healthcheck:
-      test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/9000; exit $$?;'"
+      test: "ak healthcheck"
      interval: 30s
-      timeout: 10s
+      timeout: 30s
      retries: 10
      start_period: 5m
    environment: *env
    deploy:
-      update_config:
-        failure_action: rollback
-        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
@ -73,11 +71,11 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=5.2.1+2024.4.0"
+        - "coop-cloud.${STACK_NAME}.version=6.4.0+2024.6.3"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

  worker:
-    image: ghcr.io/goauthentik/server:2024.4.0
+    image: ghcr.io/goauthentik/server:2024.6.3
    command: worker
    depends_on:
      - db
@ -110,9 +108,15 @@ services:
      - source: flow_invalidation
        target: /blueprints/6_flow_invalidation.yaml
    environment: *env
+    healthcheck:
+      test: "ak healthcheck"
+      interval: 30s
+      timeout: 30s
+      retries: 10
+      start_period: 5m

  db:
-    image: postgres:15.5
+    image: postgres:15.7
    secrets:
      - db_password
    configs:
@ -143,7 +147,7 @@ services:
          backupbot.backup.path: "/var/lib/postgresql/data"

  redis:
-    image:  redis:7.2.4-alpine
+    image:  redis:7.4.0-alpine
    networks:
      - internal
    healthcheck:
--- a/icons/kimai_logo.png
+++ b/icons/kimai_logo.png
--- a/kimai.yaml.tmpl
+++ b/kimai.yaml.tmpl
@ -0,0 +1,48 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+  name: kimai
+
+entries:
+- attrs:
+    acs_url: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml/acs
+    assertion_valid_not_before: minutes=-5
+    assertion_valid_not_on_or_after: minutes=5
+    audience: https://{{ env  "KIMAI_DOMAIN" }}/auth/saml
+    authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
+    authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+    digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256
+    issuer: https://{{ env  "DOMAIN" }}
+    name: Kimai
+    name_id_mapping: !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
+    property_mappings:
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Name"]]
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Email"]]
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: User ID"]]
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Groups"]]
+    - !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: UPN"]]
+    session_valid_not_on_or_after: minutes=86400
+    signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+    signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+    sp_binding: post
+  conditions: []
+  id: kimai_provider
+  identifiers:
+    pk: 9991
+  model: authentik_providers_saml.samlprovider
+  state: present
+
+- attrs:
+    meta_launch_url: https://{{ env  "KIMAI_DOMAIN" }}
+    open_in_new_tab: true
+    policy_engine_mode: any
+    provider: !KeyOf kimai_provider
+    slug: kimai
+  conditions: []
+  id: kimai_application
+  identifiers:
+    name: Kimai
+  model: authentik_core.application
+  state: present
--- a/monitoring.yaml.tmpl
+++ b/monitoring.yaml.tmpl
@ -25,7 +25,7 @@ entries:
  conditions: []
  id: monitoring_provider
  identifiers:
-    pk: 9994
+    pk: 9990
  model: authentik_providers_oauth2.oauth2provider
  state: present

--- a/release/6.0.0+2024.4.0
+++ b/release/6.0.0+2024.4.0
@ -0,0 +1 @@
+Alerta! ⚠️ If you are using AUTHENTIK_COLOR_BACKGROUND_LIGHT, you will need to set COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
--- a/release/6.1.0+2024.4.2
+++ b/release/6.1.0+2024.4.2
@ -0,0 +1 @@
+Blueprint for Kimai SSO integration added
Author	SHA1	Message	Date
knoflook	a3f114834f	chore: publish 6.4.0+2024.6.3 release	2024-08-06 16:23:31 +02:00
3wc	e6e13eb1c7	chore: publish 6.3.1+2024.6.2 release	2024-08-01 13:21:39 -04:00
Moritz	3bc925d3fa	fix app icon paths	2024-07-17 14:42:25 +02:00
Moritz	f322f6a09e	fix monitoring blueprint pk	2024-07-17 14:27:34 +02:00
Moritz	24ff7ee444	fix alaconnect.yml for monitoring-ng	2024-07-17 13:43:12 +02:00
Moritz	38911193db	better healthchecks	2024-07-17 12:53:15 +02:00
Moritz	3b9bea3681	chore: publish 6.3.0+2024.6.1 release	2024-07-16 19:15:33 +02:00
iexos	e8016868fe	possible fix for coop-cloud/authentik#6	2024-07-11 00:14:30 +02:00
Simon	a00c7deb2c	chore: publish 6.2.0+2024.4.2 release	2024-06-10 14:31:56 +02:00
Simon	c1f0358f29	add admin mail env	2024-06-10 14:23:11 +02:00
Moritz	0be7e95f48	make abra.sh less verbose by ignoring RuntimeWarnings	2024-05-27 12:10:32 +02:00
3wc	4fe52c1e5f	Fix Drone CI	2024-05-16 15:18:09 -03:00
3wc	248a09c594	chore: publish 6.1.1+2024.4.2 release	2024-05-16 15:09:40 -03:00
Simon	b957425981	chore: publish 6.1.0+2024.4.2 release	2024-05-15 16:42:35 +02:00
Moritz	20f99b13ad	add alakazam integration file alaconnect.yml	2024-05-13 17:28:58 +02:00
Moritz	c42017839f	update quieten() function to make output less verbose	2024-05-08 21:50:39 +02:00
Moritz	cdabec1b18	make get_certificate more general	2024-05-08 21:50:09 +02:00
Moritz	a606a84a98	make import_user command more verbose	2024-05-08 21:00:19 +02:00
Simon	a0505e0dec	add function to output certificate	2024-05-08 12:52:26 +02:00
Simon	17d40711e0	add kimai saml integration	2024-05-08 12:34:07 +02:00
Moritz	fc33f285f4	make import_user command more verbose	2024-05-06 12:26:25 +02:00
3wc	d1f091da62	chore: publish 6.0.0+2024.4.0 release	2024-04-27 14:39:01 -03:00
3wc	3e339228f5	Merge branch 'custom-css'	2024-04-27 14:37:27 -03:00
3wc	03f8810462	chore: publish 5.2.1+2024.4.0 release	2024-04-25 17:27:05 -03:00
3wc	d19bf17781	Revert "feat: make themeing easier" This reverts commit `e07d57718a`.	2024-04-25 17:26:01 -03:00
				`@ -0,0 +1 @@`
				`Alerta! ⚠️ If you are using AUTHENTIK_COLOR_BACKGROUND_LIGHT, you will need to set COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"`