update authentik und hedgedoc
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Moritz 2022-12-20 17:06:45 +01:00
parent 9d9c0cd0e7
commit 5a34ee5336
2 changed files with 36 additions and 59 deletions

View file

@ -7,54 +7,4 @@ title: Single-Sign-On Provider
[Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management. [Authentik](https://goauthentik.io) ist unser Single-Sign-On (SSO) Provider und Identity Management.
Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden. Alle Apps die per SSO angebunden werden sollen, müssen später in der Administrationsoberfläche konfiguriert werden.
``` Setup: [https://git.coopcloud.tech/coop-cloud/authentik](https://git.coopcloud.tech/coop-cloud/authentik)
abra app new authentik
abra app config <app_name>
abra app secret insert <app_name> email_pass v1 <password>
abra app secret generate -a <app_name>
abra app deploy <app_name>
abra app cmd <app_name> app set_admin_pass
```
## Theming
Platziere die Dateien `flow_background.jpg`, `icon_left_brand.svg` und `icon.png` in einem Ordner`./<assets>`.
Füge folgende Zeile zur Konfiguration hinzu:
```
abra app config <app_name>
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
```
Nach jedem neuen deploy / upgrade führe folgenden Befehl aus:
```
abra app cmd -l <app_name> customize ./<assets>
```
## Rotate Secrets
Inkrementiere die Secret Versionen
```
abra app config <app_name>
SECRET_SECRET_KEY_VERSION=v2
SECRET_DB_PASSWORD_VERSION=V2
SECRET_ADMIN_TOKEN_VERSION=v2
SECRET_ADMIN_PASS_VERSION=v2
```
Aktualisiere die Secrets:
~~~
abra app secret generate -a <app_name>
abra app undeploy <app_name>
abra app deploy <app_name>
abra app cmd <app_name> db rotate_db_pass
abra app cmd <app_name> app set_admin_pass
abra app cmd -l <app_name> customize ./<assets>
~~~
## Upgrade
TODO

View file

@ -1,12 +1,39 @@
# Hedgedoc # Hedgedoc
Setup: [https://git.coopcloud.tech/coop-cloud/hedgedoc](https://git.coopcloud.tech/coop-cloud/hedgedoc)
## SKA Spezifische Konfiguration
Authentik SSO:
- Erstelle OAuth2 Provider
- wähle `default-provider-authorization-implicit-consent`
- Erstelle Application
- Start URL: <hedgedoc_domain>
Setze folgende Konfiguration mit `abra app YOURAPPDOMAIN config` und ersetze <authentik_domain> und <client_id>:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
CMD_OAUTH2_PROVIDERNAME=local-it
CMD_OAUTH2_CLIENT_ID=<client_id>
CMD_OAUTH2_AUTHORIZATION_URL=https://<authentik_domain>/application/o/authorize/
CMD_OAUTH2_TOKEN_URL=https://<authentik_domain>/application/o/token/
CMD_OAUTH2_USER_PROFILE_URL=https://<authentik_domain>/application/o/userinfo/
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
CMD_OAUTH2_SCOPE="openid email profile"
SECRET_OAUTH_KEY_VERSION=v1
```
Füge das secret aus Authentik ein:
`abra app secret insert pad.kaputt.cloud oauth_key v1 <authentik_secret`
Weitere Optionen:
``` ```
abra app new hedgedoc CMD_ALLOW_ANONYMOUS=true
abra app config hedgedoc CMD_ALLOW_FREEURL=true
# uncomment oauth config CMD_COOKIE_POLICY=none
# and adjust settings ```
abra app secrets generate -A
# copy oauth secrets and create oauth provider in authentik
abra app deploy pad.example.org
```