From 5a34ee5336b0c34be0887060e70859de76cc0c12 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 20 Dec 2022 17:06:45 +0100
Subject: [PATCH] update authentik und hedgedoc

---
 docs/installation/authentik.md | 52 +---------------------------------
 docs/installation/hedgedoc.md  | 43 ++++++++++++++++++++++------
 2 files changed, 36 insertions(+), 59 deletions(-)

diff --git a/docs/installation/authentik.md b/docs/installation/authentik.md
index cf91660..97bafcd 100644
--- a/docs/installation/authentik.md
+++ b/docs/installation/authentik.md
@@ -7,54 +7,4 @@ title: Single-Sign-On Provider
 [Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
 Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
 
-```
-abra app new authentik
-abra app config <app_name>
-abra app secret insert <app_name> email_pass v1 <password>
-abra app secret generate -a <app_name>
-abra app deploy <app_name>
-abra app cmd <app_name> app set_admin_pass
-```
-
-
-## Theming
-
-Platziere die Dateien `flow_background.jpg`, `icon_left_brand.svg` und `icon.png` in einem Ordner`./<assets>`.
-
-Füge folgende Zeile zur Konfiguration hinzu:
-
-```
-abra app config <app_name>
-COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
-```
-
-Nach jedem neuen deploy / upgrade führe folgenden Befehl aus:
-```
-abra app cmd -l <app_name> customize ./<assets>
-```
-
-## Rotate Secrets
-
-Inkrementiere die Secret Versionen
-```
-abra app config <app_name>
-SECRET_SECRET_KEY_VERSION=v2
-SECRET_DB_PASSWORD_VERSION=V2
-SECRET_ADMIN_TOKEN_VERSION=v2
-SECRET_ADMIN_PASS_VERSION=v2
-```
-
-Aktualisiere die Secrets:
-
-~~~
-abra app secret generate -a <app_name>
-abra app undeploy <app_name>
-abra app deploy <app_name>
-abra app cmd <app_name> db rotate_db_pass
-abra app cmd <app_name> app set_admin_pass
-abra app cmd -l <app_name> customize ./<assets>
-~~~
-
-## Upgrade
-
-TODO
+Setup: [https://git.coopcloud.tech/coop-cloud/authentik](https://git.coopcloud.tech/coop-cloud/authentik)
diff --git a/docs/installation/hedgedoc.md b/docs/installation/hedgedoc.md
index 55bcdcd..828bea5 100644
--- a/docs/installation/hedgedoc.md
+++ b/docs/installation/hedgedoc.md
@@ -1,12 +1,39 @@
 # Hedgedoc
 
+Setup: [https://git.coopcloud.tech/coop-cloud/hedgedoc](https://git.coopcloud.tech/coop-cloud/hedgedoc)
+
+## SKA Spezifische Konfiguration
+
+Authentik SSO:
+
+- Erstelle OAuth2 Provider
+    - wähle `default-provider-authorization-implicit-consent`
+- Erstelle Application
+    - Start URL: <hedgedoc_domain>
+
+Setze folgende Konfiguration mit `abra app YOURAPPDOMAIN config` und ersetze <authentik_domain> und <client_id>:
+```
+COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
+CMD_OAUTH2_PROVIDERNAME=local-it
+CMD_OAUTH2_CLIENT_ID=<client_id>
+CMD_OAUTH2_AUTHORIZATION_URL=https://<authentik_domain>/application/o/authorize/
+CMD_OAUTH2_TOKEN_URL=https://<authentik_domain>/application/o/token/
+CMD_OAUTH2_USER_PROFILE_URL=https://<authentik_domain>/application/o/userinfo/
+CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
+CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
+CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
+CMD_OAUTH2_SCOPE="openid email profile"
+
+SECRET_OAUTH_KEY_VERSION=v1
+```
+
+Füge das secret aus Authentik ein:
+`abra app secret insert pad.kaputt.cloud oauth_key v1 <authentik_secret`
+
+Weitere Optionen:
 
 ```
-abra app new hedgedoc
-abra app config hedgedoc
-# uncomment oauth config
-# and adjust settings
-abra app secrets generate -A
-# copy oauth secrets and create oauth provider in authentik
-abra app deploy pad.example.org
-```
\ No newline at end of file
+CMD_ALLOW_ANONYMOUS=true
+CMD_ALLOW_FREEURL=true
+CMD_COOKIE_POLICY=none
+```