Joey Yakimowich-Payne
1506210a2eAutomate the manual Authentik configuration process using native YAML blueprints that are applied on container startup. Changes: - Add kaboot-setup.yaml blueprint for local development - Add kaboot-setup-production.yaml.example for production with configurable domains - Update docker-compose.yml and docker-compose.prod.yml to mount blueprints - Add AUTHENTIK_BOOTSTRAP_PASSWORD/TOKEN env vars for automated admin setup - Update setup.sh to generate bootstrap credentials and display admin password - Update Caddyfile.example with proper proxy headers for Authentik - Add Caddyfile to .gitignore (user-specific config) - Update docs with Quick Start sections for automated setup The blueprints create: - OAuth2/OIDC provider (public client, client_id: kaboot-spa) - Kaboot application with redirect URIs - kaboot-users group with application binding - Enrollment flow with sign-up capability - Password complexity policy - Test user and service account (passwords set manually)
46 lines
2 KiB
Text
46 lines
2 KiB
Text
# ==============================================================================
|
|
# REQUIRED - Generate with: openssl rand -base64 36 | tr -d '\n'
|
|
# ==============================================================================
|
|
PG_PASS=
|
|
AUTHENTIK_SECRET_KEY=
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - Authentik Database
|
|
# ==============================================================================
|
|
PG_USER=authentik
|
|
PG_DB=authentik
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - Ports
|
|
# ==============================================================================
|
|
AUTHENTIK_PORT_HTTP=9000
|
|
AUTHENTIK_PORT_HTTPS=9443
|
|
KABOOT_BACKEND_PORT=3001
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - Authentik Settings
|
|
# ==============================================================================
|
|
AUTHENTIK_ERROR_REPORTING=false
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - Authentik Bootstrap (for automated setup)
|
|
# Generate with: openssl rand -base64 36 | tr -d '\n'
|
|
# ==============================================================================
|
|
AUTHENTIK_BOOTSTRAP_PASSWORD=
|
|
AUTHENTIK_BOOTSTRAP_TOKEN=
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - OIDC (Override if using custom domain)
|
|
# ==============================================================================
|
|
OIDC_ISSUER=http://localhost:9000/application/o/kaboot/
|
|
OIDC_JWKS_URI=http://localhost:9000/application/o/kaboot/jwks/
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - CORS (Frontend origin for backend API)
|
|
# ==============================================================================
|
|
CORS_ORIGIN=http://localhost:5173
|
|
|
|
# ==============================================================================
|
|
# OPTIONAL - Logging
|
|
# ==============================================================================
|
|
LOG_REQUESTS=false
|