feat (vikunja): implemant oauth
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
vincent 2024-05-20 12:14:40 +02:00
parent d1b475d651
commit ddc4320fe9
2 changed files with 55 additions and 25 deletions

View File

@ -168,6 +168,19 @@ identity_providers:
- 'email' - 'email'
userinfo_signed_response_alg: 'none' userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic' token_endpoint_auth_method: 'client_secret_basic'
- client_id: 'vikunja'
client_name: 'vikunja'
client_secret:{{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.hash }} {{end}}
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://vikunja.ducamps.eu/auth/openid/authelia'
scopes:
- 'openid'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
log: log:
level: 'trace' level: 'trace'

View File

@ -1,13 +1,13 @@
job "vikunja" { job "vikunja" {
datacenters = ["homelab"] datacenters = ["homelab"]
priority = 70 priority = 70
type = "service" type = "service"
meta { meta {
forcedeploy = "0" forcedeploy = "0"
} }
group "vikunja"{ group "vikunja" {
network { network {
mode = "host" mode = "host"
port "front" { port "front" {
@ -17,8 +17,8 @@ job "vikunja" {
to = 3456 to = 3456
} }
} }
vault{ vault {
policies= ["vikunja"] policies = ["vikunja"]
} }
task "api" { task "api" {
@ -27,40 +27,57 @@ job "vikunja" {
name = "vikunja-api" name = "vikunja-api"
port = "api" port = "api"
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)", "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)",
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu", "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu",
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver", "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure", "traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure",
"homer.enable=true", "homer.enable=true",
"homer.name=vikunka", "homer.name=vikunka",
"homer.service=Application", "homer.service=Application",
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png", "homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png",
"homer.target=_blank", "homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu", "homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu",
] ]
} }
config { config {
image = "docker.service.consul:5000/vikunja/vikunja" image = "docker.service.consul:5000/vikunja/vikunja"
ports = ["api","front"] ports = ["api", "front"]
volumes = ["local/config.yml:/etc/vikunja/config.yml"]
} }
env { env {
VIKUNJA_DATABASE_HOST = "active.db.service.consul" VIKUNJA_DATABASE_HOST = "active.db.service.consul"
VIKUNJA_DATABASE_TYPE = "postgres" VIKUNJA_DATABASE_TYPE = "postgres"
VIKUNJA_DATABASE_USER = "vikunja" VIKUNJA_DATABASE_USER = "vikunja"
VIKUNJA_DATABASE_DATABASE = "vikunja" VIKUNJA_DATABASE_DATABASE = "vikunja"
VIKUNJA_SERVICE_JWTSECRET = uuidv4() VIKUNJA_SERVICE_JWTSECRET = uuidv4()
VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/" VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/"
VIKUNJA_AUTH_LOCAL = False
} }
template { template {
data= <<EOH data = <<EOH
{{ with secret "secrets/data/database/vikunja"}} {{ with secret "secrets/data/database/vikunja"}}
VIKUNJA_DATABASE_PASSWORD= "{{ .Data.data.password }}" VIKUNJA_DATABASE_PASSWORD= "{{ .Data.data.password }}"
{{end}} {{end}}
EOH EOH
destination = "secrets/sample.env" destination = "secrets/sample.env"
env = true env = true
}
template {
data = <<EOH
auth:
openid:
enabled: true
redirecturl: https://vikunja.ducamps.eu/auth/openid/
providers:
- name: Authelia
authurl: https://auth.ducamps.eu
clientid: vikunja
clientsecret: {{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.password }} {{end}}
scope: openid profile email
EOH
destination = "local/config.yml"
} }
resources { resources {
memory = 100 memory = 100