update authentik und hedgedoc
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Moritz 2022-12-20 17:06:45 +01:00
parent 9d9c0cd0e7
commit 5a34ee5336
2 changed files with 36 additions and 59 deletions

View file

@ -7,54 +7,4 @@ title: Single-Sign-On Provider
[Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
```
abra app new authentik
abra app config <app_name>
abra app secret insert <app_name> email_pass v1 <password>
abra app secret generate -a <app_name>
abra app deploy <app_name>
abra app cmd <app_name> app set_admin_pass
```
## Theming
Platziere die Dateien `flow_background.jpg`, `icon_left_brand.svg` und `icon.png` in einem Ordner`./<assets>`.
Füge folgende Zeile zur Konfiguration hinzu:
```
abra app config <app_name>
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
```
Nach jedem neuen deploy / upgrade führe folgenden Befehl aus:
```
abra app cmd -l <app_name> customize ./<assets>
```
## Rotate Secrets
Inkrementiere die Secret Versionen
```
abra app config <app_name>
SECRET_SECRET_KEY_VERSION=v2
SECRET_DB_PASSWORD_VERSION=V2
SECRET_ADMIN_TOKEN_VERSION=v2
SECRET_ADMIN_PASS_VERSION=v2
```
Aktualisiere die Secrets:
~~~
abra app secret generate -a <app_name>
abra app undeploy <app_name>
abra app deploy <app_name>
abra app cmd <app_name> db rotate_db_pass
abra app cmd <app_name> app set_admin_pass
abra app cmd -l <app_name> customize ./<assets>
~~~
## Upgrade
TODO
Setup: [https://git.coopcloud.tech/coop-cloud/authentik](https://git.coopcloud.tech/coop-cloud/authentik)

View file

@ -1,12 +1,39 @@
# Hedgedoc
Setup: [https://git.coopcloud.tech/coop-cloud/hedgedoc](https://git.coopcloud.tech/coop-cloud/hedgedoc)
## SKA Spezifische Konfiguration
Authentik SSO:
- Erstelle OAuth2 Provider
- wähle `default-provider-authorization-implicit-consent`
- Erstelle Application
- Start URL: <hedgedoc_domain>
Setze folgende Konfiguration mit `abra app YOURAPPDOMAIN config` und ersetze <authentik_domain> und <client_id>:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
CMD_OAUTH2_PROVIDERNAME=local-it
CMD_OAUTH2_CLIENT_ID=<client_id>
CMD_OAUTH2_AUTHORIZATION_URL=https://<authentik_domain>/application/o/authorize/
CMD_OAUTH2_TOKEN_URL=https://<authentik_domain>/application/o/token/
CMD_OAUTH2_USER_PROFILE_URL=https://<authentik_domain>/application/o/userinfo/
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
CMD_OAUTH2_SCOPE="openid email profile"
SECRET_OAUTH_KEY_VERSION=v1
```
Füge das secret aus Authentik ein:
`abra app secret insert pad.kaputt.cloud oauth_key v1 <authentik_secret`
Weitere Optionen:
```
abra app new hedgedoc
abra app config hedgedoc
# uncomment oauth config
# and adjust settings
abra app secrets generate -A
# copy oauth secrets and create oauth provider in authentik
abra app deploy pad.example.org
```
CMD_ALLOW_ANONYMOUS=true
CMD_ALLOW_FREEURL=true
CMD_COOKIE_POLICY=none
```