vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: vst:07568c6f4b5dad9dd7a63f02cc5f9837bbffaa56
Branches Tags
vst:single-dockerfile
..
compare: vst:3d9ffa0aa150bd456231b4122083ed437cce0119
Branches Tags
vst:single-dockerfile

No commits in common. '07568c6f4b5dad9dd7a63f02cc5f9837bbffaa56' and '3d9ffa0aa150bd456231b4122083ed437cce0119' have entirely different histories.
07568c6f4b ... 3d9ffa0aa1

10 changed files with 20 additions and 73 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 5
      Makefile
  2. 1
      keycloak.yaml
  3. 19
      keycloak/client-create
  4. 14
      keycloak/client-get
  5. 29
      keycloak/mapper-setup.sh
  6. 3
      mastodon.yaml
  7. 1
      mastodon/entrypoint.sh
  8. 5
      mastodon/keycloak.sh
  9. 12
      pixelfed.yaml
  10. 4
      pixelfed/keycloak.sh

5
Makefile
Unescape View File

@ -33,8 +33,6 @@ nginx-shell:
$(DOCKER) exec nginx sh
nginx-logs:
$(DOCKER) logs -f --tail 1000 nginx
mastodon-logs:
$(DOCKER) logs -f --tail 1000 mastodon
grafana-shell:
$(DOCKER) exec grafana bash
hedgedoc-shell:
@ -44,9 +42,6 @@ keycloak-shell:
keycloak-rebuild:
$(DOCKER) create keycloak
$(DOCKER) restart keycloak
mastodon-es-rebuild:
$(DOCKER) create mastodon-es
$(DOCKER) restart mastodon-es
mastodon-shell:
$(DOCKER) exec mastodon bash
mastodon-streaming-shell:

1
keycloak.yaml
Unescape View File

@ -38,7 +38,6 @@ services:
- ./data/keycloak/certs:/etc/x509/https
- ./data/keycloak/keycloak:/opt/keycloak/data
- ./keycloak/client-create:/bin/client-create:ro
- ./keycloak/client-get:/bin/client-get:ro
- ./keycloak/create-user:/bin/create-user:ro
- ./keycloak/remind-user:/bin/remind-user:ro
- ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro

19
keycloak/client-create
Unescape View File

@ -5,19 +5,22 @@ client_name="$1"
hostname="$2"
secret="$3"
client_id="$(client-get $client_name)"
client_id="$(kcadm.sh get clients \
-r "$REALM" \
--fields id \
-q clientId="$client_name" \
--format csv \
--noquotes \
)"
if [ -n "$client_id" ]; then
#kcadm.sh delete "clients/$client_id" -r "$REALM" || die "$client_id: unable to delete"
echo >&2 "$client_name: $client_id already exists"
echo "$client_id"
exit 0
kcadm.sh delete "clients/$client_id" -r "$REALM" || die "$client_id: unable to delete"
fi
# remember to add a leading , if adding extra data
extra="$(cat -)"
kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_name: unable to create"
kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_id: unable to create"
{
"clientId": "$client_name",
"rootUrl": "https://$hostname",
@ -29,7 +32,3 @@ kcadm.sh create clients -r "$REALM" -f - <<EOF || die "$client_name: unable to
$extra
}
EOF
client_id=$(client-get "$client_name")
echo >&2 "$client_name: $client_id created"
echo "$client_id"

14
keycloak/client-get
Unescape View File

@ -1,14 +0,0 @@
#!/bin/sh
client_name="$1"
if [ -z "$client_name" ]; then
echo >&2 "usage: $0 client-name"
exit 1
fi
kcadm.sh get clients \
-r "$REALM" \
-q "clientId=$client_name" \
--fields id \
--format csv \
--noquotes

29
keycloak/mapper-setup.sh
Unescape View File

@ -2,7 +2,7 @@
# Turn on the userinfo for the roles/cient roles default protocol mapper.
# this should be so much easier, but they don't have ways to do queries?
# and they don't include jq in the keycloak container, so updating the JSON
# it banging the rocks together with sed and awk.
# it bangning the rocks together with sed and awk.
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
@ -12,24 +12,11 @@ if [ -z "$SCOPE_ID" ]; then die "no client scope" ; fi
MAPPER_ID=$(kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models --format csv --noquotes | awk -F, '/,client roles,/ { print $1 }')
if [ -z "$MAPPER_ID" ]; then die "no mapper defined" ; fi
tee /tmp/map <<EOF
{
"id" : "$MAPPER_ID",
"name" : "client roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-client-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"userinfo.token.claim" : "true",
"claim.name" : "resource_access.\${client_id}.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}
EOF
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID \
| sed 's/"userinfo.token.claim" : "false"/"userinfo.token.claim" : "true"/' \
> /tmp/map
cat /tmp/map
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map \
|| die "$REALM/$SCOPE_ID/$MAPPER_ID: unable to configure mapper"
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID

3
mastodon.yaml
Unescape View File

@ -160,8 +160,7 @@ services:
- SMTP_LOGIN=$SMTP_USER
- SMTP_PASSWORD=$SMTP_PASSWORD
- SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
- VAPID_KEY_FILE=/mastodon/public/system/vapid_key
entrypoint: ['/bin/bash', '-c', 'if [ -r "$$VAPID_KEY_FILE" ]; then . "$$VAPID_KEY_FILE" ; export VAPID_PUBLIC_KEY VAPID_PRIVATE_KEY ; echo "VAPID_PUBLIC_KEY=$$VAPID_PUBLIC_KEY"; fi ; exec bundle exec sidekiq' ]
command: bundle exec sidekiq
depends_on:
- mastodon-db
- mastodon-redis

1
mastodon/entrypoint.sh
Unescape View File

@ -21,7 +21,6 @@ if [ ! -r "$VAPID_KEY" ]; then
fi
. "$VAPID_KEY"
export VAPID_PRIVATE_KEY VAPID_PUBLIC_KEY
if [ ! -r "$DB_SETUP" ]; then
rails db:setup \

5
mastodon/keycloak.sh
Unescape View File

@ -1,6 +1,3 @@
#!/bin/bash -x
client_id=$(client-create mastodon "$MASTODON_HOSTNAME.$DOMAIN_NAME" "$MASTODON_CLIENT_SECRET" </dev/null)
echo '{"name":"admin"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -
echo '{"name":"moderator"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -
client-create mastodon "$MASTODON_HOSTNAME.$DOMAIN_NAME" "$MASTODON_CLIENT_SECRET" </dev/null

12
pixelfed.yaml
Unescape View File

@ -41,18 +41,6 @@ services:
env_file:
- ./pixelfed/env.production
- ./secrets/pixelfed.app
environment:
- APP_URL="https://${PIXELFED_HOSTNAME}.${DOMAIN_NAME}"
- APP_DOMAIN="${PIXELFED_HOSTNAME}.${DOMAIN_NAME}"
- ADMIN_DOMAIN="${PIXELFED_HOSTNAME}.${DOMAIN_NAME}"
- SESSION_DOMAIN="${PIXELFED_HOSTNAME}.${DOMAIN_NAME}"
- MAIL_DRIVER=log
- MAIL_HOST=${SMTP_SERVER}
- MAIL_PORT=${SMTP_PORT}
- MAIL_FROM_ADDRESS="pixelfed@${DOMAIN_NAME}"
- MAIL_FROM_NAME="Pixelfed"
- MAIL_USERNAME="${SMTP_USER}"
- MAIL_PASSWORD="${SMTP_PASSWORD}"
command: gosu www-data php artisan horizon
depends_on:
- pixelfed-db

4
pixelfed/keycloak.sh
Unescape View File

@ -1,4 +1,2 @@
#!/bin/bash -x
client_id=$(client-create pixelfed "$PIXELFED_HOSTNAME.$DOMAIN_NAME" "$PIXELFED_CLIENT_SECRET" </dev/null)
echo '{"name":"admin"}' | kcadm.sh create -r "$REALM" "clients/$client_id/roles" -f -
client-create pixelfed "$PIXELFED_HOSTNAME.$DOMAIN_NAME" "$PIXELFED_CLIENT_SECRET" </dev/null

Write Preview
Loading…
Cancel
Save