feat (vikunja): implemant oauth

2024-05-20 12:14:40 +02:00 · 2024-05-20 12:14:40 +02:00 · ddc4320fe9
commit ddc4320fe9
parent d1b475d651
2 changed files with 55 additions and 25 deletions
--- a/nomad-job/authelia.nomad.hcl
+++ b/nomad-job/authelia.nomad.hcl
@ -168,6 +168,19 @@ identity_providers:
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
+      - client_id: 'vikunja'
+        client_name: 'vikunja'
+        client_secret:{{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.hash }} {{end}}
+        public: false
+        authorization_policy: 'one_factor'
+        redirect_uris:
+          - 'https://vikunja.ducamps.eu/auth/openid/authelia'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'

 log:
  level: 'trace'
--- a/nomad-job/vikunja.nomad
+++ b/nomad-job/vikunja.nomad
@ -7,7 +7,7 @@ job "vikunja" {
    forcedeploy = "0"
  }

-  group "vikunja"{
+  group "vikunja" {
    network {
      mode = "host"
      port "front" {
@ -17,8 +17,8 @@ job "vikunja" {
        to = 3456
      }
    }
-    vault{
-      policies= ["vikunja"]
+    vault {
+      policies = ["vikunja"]

    }
    task "api" {
@ -42,7 +42,8 @@ job "vikunja" {
      }
      config {
        image = "docker.service.consul:5000/vikunja/vikunja"
-        ports = ["api","front"]
+        ports = ["api", "front"]
+        volumes = ["local/config.yml:/etc/vikunja/config.yml"]
      }
      env {
        VIKUNJA_DATABASE_HOST       = "active.db.service.consul"
@ -51,10 +52,11 @@ job "vikunja" {
        VIKUNJA_DATABASE_DATABASE   = "vikunja"
        VIKUNJA_SERVICE_JWTSECRET   = uuidv4()
        VIKUNJA_SERVICE_FRONTENDURL = "https://${NOMAD_JOB_NAME}.ducamps.eu/"
+        VIKUNJA_AUTH_LOCAL          = False
      }

      template {
-        data= <<EOH
+        data        = <<EOH
          {{ with secret "secrets/data/database/vikunja"}}
            VIKUNJA_DATABASE_PASSWORD= "{{ .Data.data.password }}"
          {{end}}
@ -62,6 +64,21 @@ job "vikunja" {
        destination = "secrets/sample.env"
        env         = true
      }
+      template {
+        data        = <<EOH
+auth:
+  openid:
+    enabled: true
+    redirecturl: https://vikunja.ducamps.eu/auth/openid/
+    providers:
+      - name: Authelia
+        authurl: https://auth.ducamps.eu
+        clientid: vikunja
+        clientsecret: {{ with secret "secrets/data/authelia/vikunja"}} {{ .Data.data.password }} {{end}}
+        scope: openid profile email
+        EOH
+        destination = "local/config.yml"
+      }
      resources {
        memory = 100
      }