From ddc4320fe933bdec5ece158ee729fd9b4ebf418b Mon Sep 17 00:00:00 2001 From: vincent Date: Mon, 20 May 2024 12:14:40 +0200 Subject: [PATCH] feat (vikunja): implemant oauth --- nomad-job/authelia.nomad.hcl | 13 +++++++ nomad-job/vikunja.nomad | 67 ++++++++++++++++++++++-------------- 2 files changed, 55 insertions(+), 25 deletions(-) diff --git a/nomad-job/authelia.nomad.hcl b/nomad-job/authelia.nomad.hcl index 50c3e07..4a3ccc5 100644 --- a/nomad-job/authelia.nomad.hcl +++ b/nomad-job/authelia.nomad.hcl @@ -168,6 +168,19 @@ identity_providers: - 'email' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' + - client_id: 'vikunja' + client_name: 'vikunja' + client_secret:{{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.hash }} {{end}} + public: false + authorization_policy: 'one_factor' + redirect_uris: + - 'https://vikunja.ducamps.eu/auth/openid/authelia' + scopes: + - 'openid' + - 'profile' + - 'email' + userinfo_signed_response_alg: 'none' + token_endpoint_auth_method: 'client_secret_basic' log: level: 'trace' diff --git a/nomad-job/vikunja.nomad b/nomad-job/vikunja.nomad index 6685f9b..ed2e5d0 100644 --- a/nomad-job/vikunja.nomad +++ b/nomad-job/vikunja.nomad @@ -1,13 +1,13 @@ job "vikunja" { datacenters = ["homelab"] - priority = 70 - type = "service" + priority = 70 + type = "service" meta { forcedeploy = "0" } - group "vikunja"{ + group "vikunja" { network { mode = "host" port "front" { @@ -17,8 +17,8 @@ job "vikunja" { to = 3456 } } - vault{ - policies= ["vikunja"] + vault { + policies = ["vikunja"] } task "api" { @@ -27,46 +27,63 @@ job "vikunja" { name = "vikunja-api" port = "api" tags = [ - "traefik.enable=true", - "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)", - "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu", - "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver", - "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure", - "homer.enable=true", - "homer.name=vikunka", - "homer.service=Application", - "homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png", - "homer.target=_blank", - "homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu", + "traefik.enable=true", + "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)", + "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu", + "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver", + "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure", + "homer.enable=true", + "homer.name=vikunka", + "homer.service=Application", + "homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png", + "homer.target=_blank", + "homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu", ] } config { image = "docker.service.consul:5000/vikunja/vikunja" - ports = ["api","front"] + ports = ["api", "front"] + volumes = ["local/config.yml:/etc/vikunja/config.yml"] } env { - VIKUNJA_DATABASE_HOST = "active.db.service.consul" - VIKUNJA_DATABASE_TYPE = "postgres" - VIKUNJA_DATABASE_USER = "vikunja" - VIKUNJA_DATABASE_DATABASE = "vikunja" - VIKUNJA_SERVICE_JWTSECRET = uuidv4() + VIKUNJA_DATABASE_HOST = "active.db.service.consul" + VIKUNJA_DATABASE_TYPE = "postgres" + VIKUNJA_DATABASE_USER = "vikunja" + VIKUNJA_DATABASE_DATABASE = "vikunja" + VIKUNJA_SERVICE_JWTSECRET = uuidv4() VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/" + VIKUNJA_AUTH_LOCAL = False } template { - data= <