feat (vikunja): implemant oauth
Some checks reported errors
continuous-integration/drone/push Build was killed
Some checks reported errors
continuous-integration/drone/push Build was killed
This commit is contained in:
parent
d1b475d651
commit
ddc4320fe9
@ -168,6 +168,19 @@ identity_providers:
|
|||||||
- 'email'
|
- 'email'
|
||||||
userinfo_signed_response_alg: 'none'
|
userinfo_signed_response_alg: 'none'
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
token_endpoint_auth_method: 'client_secret_basic'
|
||||||
|
- client_id: 'vikunja'
|
||||||
|
client_name: 'vikunja'
|
||||||
|
client_secret:{{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.hash }} {{end}}
|
||||||
|
public: false
|
||||||
|
authorization_policy: 'one_factor'
|
||||||
|
redirect_uris:
|
||||||
|
- 'https://vikunja.ducamps.eu/auth/openid/authelia'
|
||||||
|
scopes:
|
||||||
|
- 'openid'
|
||||||
|
- 'profile'
|
||||||
|
- 'email'
|
||||||
|
userinfo_signed_response_alg: 'none'
|
||||||
|
token_endpoint_auth_method: 'client_secret_basic'
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: 'trace'
|
level: 'trace'
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
|
|
||||||
job "vikunja" {
|
job "vikunja" {
|
||||||
datacenters = ["homelab"]
|
datacenters = ["homelab"]
|
||||||
priority = 70
|
priority = 70
|
||||||
type = "service"
|
type = "service"
|
||||||
meta {
|
meta {
|
||||||
forcedeploy = "0"
|
forcedeploy = "0"
|
||||||
}
|
}
|
||||||
|
|
||||||
group "vikunja"{
|
group "vikunja" {
|
||||||
network {
|
network {
|
||||||
mode = "host"
|
mode = "host"
|
||||||
port "front" {
|
port "front" {
|
||||||
@ -17,8 +17,8 @@ job "vikunja" {
|
|||||||
to = 3456
|
to = 3456
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
vault{
|
vault {
|
||||||
policies= ["vikunja"]
|
policies = ["vikunja"]
|
||||||
|
|
||||||
}
|
}
|
||||||
task "api" {
|
task "api" {
|
||||||
@ -27,40 +27,57 @@ job "vikunja" {
|
|||||||
name = "vikunja-api"
|
name = "vikunja-api"
|
||||||
port = "api"
|
port = "api"
|
||||||
tags = [
|
tags = [
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)",
|
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu",
|
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
|
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.tls.certresolver=myresolver",
|
||||||
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure",
|
"traefik.http.routers.${NOMAD_JOB_NAME}-${NOMAD_TASK_NAME}.entrypoints=web,websecure",
|
||||||
"homer.enable=true",
|
"homer.enable=true",
|
||||||
"homer.name=vikunka",
|
"homer.name=vikunka",
|
||||||
"homer.service=Application",
|
"homer.service=Application",
|
||||||
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png",
|
"homer.logo=https://${NOMAD_JOB_NAME}.ducamps.eu/images/icons/apple-touch-icon-180x180.png",
|
||||||
"homer.target=_blank",
|
"homer.target=_blank",
|
||||||
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu",
|
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
config {
|
config {
|
||||||
image = "docker.service.consul:5000/vikunja/vikunja"
|
image = "docker.service.consul:5000/vikunja/vikunja"
|
||||||
ports = ["api","front"]
|
ports = ["api", "front"]
|
||||||
|
volumes = ["local/config.yml:/etc/vikunja/config.yml"]
|
||||||
}
|
}
|
||||||
env {
|
env {
|
||||||
VIKUNJA_DATABASE_HOST = "active.db.service.consul"
|
VIKUNJA_DATABASE_HOST = "active.db.service.consul"
|
||||||
VIKUNJA_DATABASE_TYPE = "postgres"
|
VIKUNJA_DATABASE_TYPE = "postgres"
|
||||||
VIKUNJA_DATABASE_USER = "vikunja"
|
VIKUNJA_DATABASE_USER = "vikunja"
|
||||||
VIKUNJA_DATABASE_DATABASE = "vikunja"
|
VIKUNJA_DATABASE_DATABASE = "vikunja"
|
||||||
VIKUNJA_SERVICE_JWTSECRET = uuidv4()
|
VIKUNJA_SERVICE_JWTSECRET = uuidv4()
|
||||||
VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/"
|
VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/"
|
||||||
|
VIKUNJA_AUTH_LOCAL = False
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data= <<EOH
|
data = <<EOH
|
||||||
{{ with secret "secrets/data/database/vikunja"}}
|
{{ with secret "secrets/data/database/vikunja"}}
|
||||||
VIKUNJA_DATABASE_PASSWORD= "{{ .Data.data.password }}"
|
VIKUNJA_DATABASE_PASSWORD= "{{ .Data.data.password }}"
|
||||||
{{end}}
|
{{end}}
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/sample.env"
|
destination = "secrets/sample.env"
|
||||||
env = true
|
env = true
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
auth:
|
||||||
|
openid:
|
||||||
|
enabled: true
|
||||||
|
redirecturl: https://vikunja.ducamps.eu/auth/openid/
|
||||||
|
providers:
|
||||||
|
- name: Authelia
|
||||||
|
authurl: https://auth.ducamps.eu
|
||||||
|
clientid: vikunja
|
||||||
|
clientsecret: {{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.password }} {{end}}
|
||||||
|
scope: openid profile email
|
||||||
|
EOH
|
||||||
|
destination = "local/config.yml"
|
||||||
}
|
}
|
||||||
resources {
|
resources {
|
||||||
memory = 100
|
memory = 100
|
||||||
|
Loading…
Reference in New Issue
Block a user