Merge branch 'master' into 208-feature-implement-page-title-translati…

…on-and-vike-language

authentik/.env

@@ -0,0 +1,9 @@
+# echo -n "dreammall" | sha1sum | awk '{print $1}'
+PG_PASS=905d212ac491ab9bbacfaa2baa359a37ea065da9
+# echo -n "dreammall" | sha1sum | awk '{print $1}'
+AUTHENTIK_SECRET_KEY=905d212ac491ab9bbacfaa2baa359a37ea065da9
+AUTHENTIK_ERROR_REPORTING__ENABLED=false
+
+# Use http & https ports
+#COMPOSE_PORT_HTTP=80
+#COMPOSE_PORT_HTTPS=443

authentik/.gitignore

@@ -0,0 +1,3 @@
+database/
+database.old/
+database.old.7z

authentik/README.md

@@ -0,0 +1,44 @@
+# Authentik
+
+This is an Authentik setup for development in order to make local testing for production behaviour as easy as possible including the authentication mechanisms.
+
+## Preperation
+
+This package comes with an preconfigured authentic - which has its data mainly residing in a postgress database. The contents of this database is available in packed form.
+
+To extract the database use:
+```bash
+./database.unpack.sh
+```
+(Note: make sure the database is not running before executing this command)
+
+Alternatively you can not extract the database, which will start the service with an empty database. Use the [Docker Guide](https://goauthentik.io/docs/installation/docker-compose#preparation) from Authentik to get you going then.
+
+## Start Docker
+
+To start the authentik server and its services run:
+```bash
+docker compose up
+```
+(Note: make sure to run this command in the authentik folder, since there is another docker-compose setup in the main folder)
+
+## User Credentials
+
+You can navigate to the now running authentik by opening [http://localhost:9000](http://localhost:9000).
+
+To login you can use the superadmins credentials:
+
+| description | value                                          |
+|-------------|------------------------------------------------|
+| username    | akadmin                                        |
+| email       | [admin@dreammall.earth](admin@dreammall.earth) |
+| password    | dreammall                                      |
+
+## Publish changes
+
+If you want to publish changes to the database you can use the following command to pack the database:
+```bash
+./database.pack.sh
+```
+(Note: this assumes you are not root and sets the permissions of the database files via sudo)
+(Note: make sure to shut down the database first before you run the script)

authentik/data/user_settings.py

@@ -0,0 +1 @@
+X_FRAME_OPTIONS = "allow-from *"

authentik/database.pack.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+SCRIPT_PATH=$(realpath $0)
+SCRIPT_DIR=$(dirname $SCRIPT_PATH)
+
+# delete last backup & backup
+rm -R $SCRIPT_DIR/database.old.7z || true
+mv $SCRIPT_DIR/database.7z $SCRIPT_DIR/database.old.7z
+
+# make the databse folder readable by everyone
+sudo chmod 777 -R $SCRIPT_DIR/database
+
+7z a -t7z -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on $SCRIPT_DIR/database.7z $SCRIPT_DIR/database/{*,.[!.]*}

authentik/database.unpack.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+SCRIPT_PATH=$(realpath $0)
+SCRIPT_DIR=$(dirname $SCRIPT_PATH)
+
+# delete last backup & backup
+rm -R $SCRIPT_DIR/database.old || true
+mv $SCRIPT_DIR/database $SCRIPT_DIR/database.old
+
+7z x $SCRIPT_DIR/database.7z -o$SCRIPT_DIR/database/

authentik/docker-compose.yml

@@ -0,0 +1,88 @@
+version: "3.4"
+
+services:
+  postgresql:
+    image: docker.io/library/postgres:12-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - ./database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+    env_file:
+      - .env
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - redis:/data
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+      - ./data:/data
+    env_file:
+      - .env
+    ports:
+      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      - postgresql
+      - redis
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./data:/data
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      - postgresql
+      - redis
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local