jyapayne/kaboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Authentik blueprints for automated OAuth2/OIDC setup

Browse source 
Automate the manual Authentik configuration process using native YAML blueprints
that are applied on container startup.

Changes:
- Add kaboot-setup.yaml blueprint for local development
- Add kaboot-setup-production.yaml.example for production with configurable domains
- Update docker-compose.yml and docker-compose.prod.yml to mount blueprints
- Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup
- Update setup.sh to generate bootstrap credentials and display admin password
- Update Caddyfile.example with proper proxy headers for Authentik
- Add Caddyfile to .gitignore (user-specific config)
- Update docs with Quick Start sections for automated setup

The blueprints create:
- OAuth2/OIDC provider (public client, client_id: kaboot-spa)
- Kaboot application with redirect URIs
- kaboot-users group with application binding
- Enrollment flow with sign-up capability
- Password complexity policy
- Test user and service account (passwords set manually)
This commit is contained in:
Joey Yakimowich-Payne 2026-01-14 16:20:10 -07:00
commit 1506210a2e
No known key found for this signature in database
GPG key ID: DDF6AF5B21B407D4
11 changed files with 765 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

19
scripts/setup.sh
View file

@ -26,23 +26,38 @@ echo "Generating secrets..."
PG_PASS=$(openssl rand -base64 36 | tr -d '\n')
AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')
AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 24 | tr -d '\n')
AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -base64 36 | tr -d '\n')
cp "$ENV_EXAMPLE" "$ENV_FILE"
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
sed -i '' "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
sed -i '' "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
sed -i '' "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
else
sed -i "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" "$ENV_FILE"
sed -i "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" "$ENV_FILE"
sed -i "s|^AUTHENTIK_BOOTSTRAP_PASSWORD=.*|AUTHENTIK_BOOTSTRAP_PASSWORD=${AUTHENTIK_BOOTSTRAP_PASSWORD}|" "$ENV_FILE"
sed -i "s|^AUTHENTIK_BOOTSTRAP_TOKEN=.*|AUTHENTIK_BOOTSTRAP_TOKEN=${AUTHENTIK_BOOTSTRAP_TOKEN}|" "$ENV_FILE"
fi
echo ""
echo "Created .env file with generated secrets."
echo ""
echo "Authentik admin credentials (save these):"
echo " Username: akadmin"
echo " Password: ${AUTHENTIK_BOOTSTRAP_PASSWORD}"
echo ""
echo "Next steps:"
echo " 1. Review .env and adjust settings if needed"
echo " 2. Run: docker compose up -d"
echo " 3. Open: http://localhost:9000/if/flow/initial-setup/"
echo " 4. Follow docs/AUTHENTIK_SETUP.md to configure the OAuth2 provider"
echo " 3. Wait for Authentik to start (~30 seconds)"
echo " 4. The Kaboot application is auto-configured via blueprint!"
echo ""
echo "Remaining manual steps:"
echo " - Set password for test user: docker compose exec authentik-server ak set_password kaboottest"
echo " - Create app password for service account via Authentik UI"
echo " - See docs/AUTHENTIK_SETUP.md for details"
echo ""