chore(app): archive removed stacks from app
archived stacks: - actual-budget - ezbookkeeping - opencloud - trilium - vikunja - wikijs
This commit is contained in:
@@ -1,22 +0,0 @@
|
||||
# Actual budget
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### Create oidc secret and hash
|
||||
|
||||
- Create the secret with `openssl rand -base64 32`
|
||||
- access to auth vm
|
||||
- `podman exec -it authelia sh`
|
||||
- `authelia crypto hash generate pbkdf2 --password 'actualbudget.oidc.secret'`
|
||||
- Save this value in secrets.yaml in `actualbudget.oidc.secret` and `actualbudget.oidc.hash`
|
||||
|
||||
## Configuration
|
||||
|
||||
### Initialization
|
||||
|
||||
- Use current domain
|
||||
- ok
|
||||
- Start Using OpenID
|
||||
- Start fresh
|
||||
- Server Online: User directory: Add User: the user name which is defined on LDAP
|
||||
- Server Online: User Access: enable user
|
||||
@@ -1,35 +0,0 @@
|
||||
# ezBookkeeping
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### Create database
|
||||
|
||||
- Create the password with `openssl rand -base64 32`
|
||||
- Save this value in secrets.yaml in `postgresql.password.ezbookkeeping`
|
||||
- Access infra server to create paperless_db with `podman exec -it postgresql psql -U postgres`
|
||||
|
||||
```SQL
|
||||
CREATE USER ezbookkeeping WITH PASSWORD 'postgresql.password.ezbookkeeping';
|
||||
CREATE DATABASE ezbookkeeping_db;
|
||||
ALTER DATABASE ezbookkeeping_db OWNER TO ezbookkeeping;
|
||||
```
|
||||
|
||||
### Create oidc secret and hash
|
||||
|
||||
- Create the secret with `openssl rand -base64 32`
|
||||
- access to auth vm
|
||||
- `podman exec -it authelia sh`
|
||||
- `authelia crypto hash generate pbkdf2 --password 'ezbookkeeping.oidc.secret'`
|
||||
- Save this value in secrets.yaml in `ezbookkeeping.oidc.secret` and `ezbookkeeping.oidc.hash`
|
||||
|
||||
### Add postgresql dump backup list
|
||||
|
||||
- [set_postgresql.yaml](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
|
||||
|
||||
```yaml
|
||||
- name: Set connected services list
|
||||
ansible.builtin.set_fact:
|
||||
connected_services:
|
||||
- ...
|
||||
- "ezbookkeeping"
|
||||
```
|
||||
@@ -1,25 +0,0 @@
|
||||
# opencloud
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### oidc secret and hash
|
||||
|
||||
- Opencloud uses PKEC, therefore it doesn't need client secret
|
||||
|
||||
### Create admin password
|
||||
|
||||
- Create the password with `openssl rand -base64 32`
|
||||
- Save this value in secrets.yaml in `opencloud.admin.password`
|
||||
|
||||
## Configuration
|
||||
|
||||
- **!CAUTION!** OpenCloud application (Android, IOS, Desktop) doesn't support standard OIDC. Every scopes and client id is hardcoded.
|
||||
- `WEBFINGER_[DESKTOP|ANDROID|IOS]_OIDC_CLIENT_ID`, `WEBFINGER_[DESKTOP|ANDROID|IOS]_OIDC_CLIENT_SCOPES` don't work on official app.
|
||||
- It is impossible to set group claim in scopes. Therefore, it is hard to control roles with token including group claim.
|
||||
- When authelia doesn't work, annotate `OC_EXCLUDE_RUN_SERVICES=idp` and restart to container to use local admin.
|
||||
- This app doesn't support regex on role_assignment mapping.
|
||||
- When the new user added, manage proxy.yaml.j2 manually until they will support regex or fallback mapping, or fix the hardcoded scopes on applications.
|
||||
|
||||
### csp
|
||||
|
||||
- Fix `csp.yaml`
|
||||
@@ -1,33 +0,0 @@
|
||||
# trilium
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### Create oidc secret and hash
|
||||
|
||||
- Create the secret with `openssl rand -base64 32`
|
||||
- access to auth vm
|
||||
- `podman exec -it authelia sh`
|
||||
- `authelia crypto hash generate pbkdf2 --password 'trilium.oidc.secret'`
|
||||
- Save this value in secrets.yaml in `trilium.oidc.secret` and `trilium.oidc.hash`
|
||||
|
||||
## Configuration
|
||||
|
||||
### Access
|
||||
|
||||
- https://notes.ilnmors.com
|
||||
- `[x]` I'm a new user, and I want to create a new Trilium document for my notes
|
||||
- Next
|
||||
- Password configuration
|
||||
- local password login
|
||||
|
||||
### OIDC
|
||||
|
||||
- Menu: Options: MFA
|
||||
- `[x]` Enable MFA
|
||||
- `[x]` OAuth/OpenID
|
||||
- logout
|
||||
- Authelia
|
||||
|
||||
### about ERRORS
|
||||
|
||||
- This is so unstable to use, especially OIDC is one of terrible experience.
|
||||
@@ -1,62 +0,0 @@
|
||||
# vikunja
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### Create database
|
||||
|
||||
- Create the password with `openssl rand -base64 32`
|
||||
- Save this value in secrets.yaml in `postgresql.password.vikunja`
|
||||
- Access infra server to create vikunja_db with `podman exec -it postgresql psql -U postgres`
|
||||
|
||||
```SQL
|
||||
CREATE USER vikunja WITH PASSWORD 'postgresql.password.vikunja';
|
||||
CREATE DATABASE vikunja_db;
|
||||
ALTER DATABASE vikunja_db OWNER TO vikunja;
|
||||
```
|
||||
|
||||
### Create oidc secret and hash
|
||||
|
||||
- Create the secret with `openssl rand -base64 32`
|
||||
- access to auth vm
|
||||
- `podman exec -it authelia sh`
|
||||
- `authelia crypto hash generate pbkdf2 --password 'vikunja.oidc.secret'`
|
||||
- Save this value in secrets.yaml in `vikunja.oidc.secret` and `vikunja.oidc.hash`
|
||||
|
||||
### Create session secret value
|
||||
|
||||
- Create the secret with `LC_ALL=C tr -dc 'A-Za-z0-9!#%&()*+,-./:;<=>?@[\]^_{|}~' </dev/urandom | head -c 32`
|
||||
- Save this value in secrets.yaml in `vikunja.session_secret`
|
||||
|
||||
### Add postgresql dump backup list
|
||||
|
||||
- [set_postgresql.yaml](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
|
||||
|
||||
```yaml
|
||||
- name: Set connected services list
|
||||
ansible.builtin.set_fact:
|
||||
connected_services:
|
||||
- ...
|
||||
- "vikunja"
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
- !NOTE!
|
||||
- vikunja doesn't support local + oidc dual login environment. Don't use local account.
|
||||
- Just use oidc login.
|
||||
- ignore process below.
|
||||
|
||||
### Create local account
|
||||
|
||||
- Access to app vm via ssh
|
||||
|
||||
```bash
|
||||
ssh app
|
||||
podman exec -it vikunja /app/vikunja/vikunja user create --email il@ilnmors.internal --username il
|
||||
# Enter Password: vikunja.il.password
|
||||
# Confirm Password: vikunja.il.password
|
||||
```
|
||||
|
||||
- https://vikunja.ilnmors.com
|
||||
- Try to login locally
|
||||
- Try to login via Authelia
|
||||
@@ -1,106 +0,0 @@
|
||||
# wiki.js
|
||||
|
||||
## Prerequisite
|
||||
|
||||
### Create database
|
||||
|
||||
- Create the password with `openssl rand -base64 32`
|
||||
- Save this value in secrets.yaml in `postgresql.password.wikijs`
|
||||
- Access infra server to create wikijs_db with `podman exec -it postgresql psql -U postgres`
|
||||
|
||||
```SQL
|
||||
CREATE USER wikijs WITH PASSWORD 'postgresql.password.wikijs';
|
||||
CREATE DATABASE wikijs_db;
|
||||
ALTER DATABASE wikijs_db OWNER TO wikijs;
|
||||
```
|
||||
|
||||
### Create oidc secret and hash
|
||||
|
||||
- Create the secret with `openssl rand -base64 32`
|
||||
- access to auth vm
|
||||
- `podman exec -it authelia sh`
|
||||
- `authelia crypto hash generate pbkdf2 --password 'wikijs.oidc.secret'`
|
||||
- Save this value in secrets.yaml in `wikijs.oidc.secret` and `wikijs.oidc.hash`
|
||||
- !CAUTION! Don't update authelia with ansible-playbook before configuration
|
||||
|
||||
### Add postgresql dump backup list
|
||||
|
||||
- [set_postgresql.yaml](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
|
||||
|
||||
```yaml
|
||||
- name: Set connected services list
|
||||
ansible.builtin.set_fact:
|
||||
connected_services:
|
||||
- ...
|
||||
- "wikijs"
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### Access
|
||||
|
||||
- https://wiki.ilnmors.com
|
||||
- Administrator Email: admin@wiki.ilnmors.internal
|
||||
- Password: wikijs.il.password
|
||||
- Site URL: https://wiki.ilnmors.com
|
||||
- INSTALL
|
||||
|
||||
### Group configuration
|
||||
|
||||
- Administration: Groups: Guests: PERMISSIONS
|
||||
- Remove all permissions
|
||||
- Administration: Groups: NEW GROUP
|
||||
- Users
|
||||
- Administration: Groups: Users: PERMISSIONS
|
||||
- Grant all permission in CONTENT
|
||||
|
||||
- Administration: Groups: Users: PAGE RULES
|
||||
- Allow / Deny: Allow
|
||||
- Match: Path starts with
|
||||
- Path: empty value
|
||||
- Locale: Any / All
|
||||
- Permissions:
|
||||
- Grant all permission
|
||||
- Update Group
|
||||
|
||||
### OIDC configuration
|
||||
|
||||
- Administration: Modules: Authentication
|
||||
- Add Strategy: Generic OpenID Connect / OAuth2
|
||||
- Display Name: Authelia
|
||||
- client id: wikijs
|
||||
- client secret: wikijs.oidc.secret
|
||||
- Authorization Endpoint URL: https://authelia.ilnmors.com/api/oidc/authorization
|
||||
- Token Endpoint URL: https://authelia.ilnmors.com/api/oidc/token
|
||||
- User info Endpoint URL: https://authelia.ilnmors.com/api/oidc/userinfo
|
||||
- Skip User Profile: untoggled
|
||||
- Issure: https://authelia.ilnmors.com
|
||||
- Email Claim: email
|
||||
- Display Name Claim: displayName
|
||||
- Picture Claim: picture
|
||||
- Map Groups: untoggled
|
||||
- Groups Claim: groups
|
||||
- Registration: Allow self-registration: toggled
|
||||
- Assign to group: Users
|
||||
- Check: Callback URL / Redirect URI
|
||||
- Apply
|
||||
|
||||
- add Callback URL / Redirect URI to [authelia config](../../../config/services/containers/auth/authelia/config/authelia.yaml.j2)
|
||||
- update authelia
|
||||
|
||||
- logout from administrator
|
||||
|
||||
- login: Select Authentication Provider: Authelia
|
||||
|
||||
### Storage
|
||||
|
||||
- Administration: Modules: Stroage
|
||||
- Local File System
|
||||
- Path: /wiki/export
|
||||
- Apply
|
||||
|
||||
### Locale
|
||||
|
||||
- Administration: Site: Locale
|
||||
- Download what you needs.
|
||||
- Korean, Arabic, French ...
|
||||
Reference in New Issue
Block a user