Adding lldap and authelia.

This commit is contained in:
2026-07-08 14:48:54 -07:00
parent e62593bf44
commit b8605f02ab
19 changed files with 595 additions and 28 deletions

View File

@@ -626,7 +626,9 @@ where user_id=$1;"
(2 . "adding-deployments-instance-backup")
(3 . "normalizing-apps")
(4 . "fixing-app-normalization")
(5 . "adding-wordpress-app")))
(5 . "adding-wordpress-app")
(6 . "adding-lldap-app")
(7 . "adding-authelia-app")))
(define (run-pending-migrations conn)
(let* ((migration-ids (sort (map car *migrations*) <))

View File

@@ -0,0 +1 @@
insert into apps(app_name) values('lldap');

View File

@@ -0,0 +1 @@
insert into apps(app_name) values('authelia');

View File

@@ -947,12 +947,13 @@ chmod -R 777 /opt/keys")))
(input (@ (type "hidden") (name "sid") (value ,(alist-ref 'sid (current-params) equal?))))
(Button (@ (type "submit")) "Create Account"))))))
;; https://app.nassella.org/unsecured/account/create?sid={CHECKOUT_SESSION_ID}
(post "/unsecured/account/create-submit"
(let ((email (stripe-session-email (alist-ref 'sid (current-params))))
(username (alist-ref 'username (current-params))))
(create-lldap-user username email)
(with-db/transaction (lambda (db) (create-user db email username))))
(redirect "/authelia/reset-password"))
(let ((email (stripe-session-email (alist-ref 'sid (current-params))))
(username (alist-ref 'username (current-params))))
(create-lldap-user username email)
(with-db/transaction (lambda (db) (create-user db email username))))
(redirect "/authelia/reset-password"))
;;; REQUIRES AUTHED USER
(post "/config/wizard/create-instance"
@@ -1112,6 +1113,8 @@ chmod -R 777 /opt/keys")))
(else
'()))
(Field (@ (name "wordpress") (type "checkbox") (label ("wordpress")) (checked ,(member 'wordpress (alist-ref 'selected-apps results)))))
(Field (@ (name "lldap") (type "checkbox") (label ("lldap")) (checked ,(member 'lldap (alist-ref 'selected-apps results)))))
(Field (@ (name "authelia") (type "checkbox") (label ("authelia")) (checked ,(member 'authelia (alist-ref 'selected-apps results)))))
(Field (@ (name "log-viewer") (type "checkbox") (label ("Log Viewer")) (checked #t) (disabled "disabled"))))
;; TODO add config for when automatic upgrades are scheduled for?
;; TODO add config for server timezone?
@@ -1131,6 +1134,8 @@ chmod -R 777 /opt/keys")))
(ghost . ,(or (and (alist-ref 'ghost (current-params)) "6") #f))
(nassella . ,(or (and (alist-ref 'nassella (current-params)) "b0.0.1") #f))
(wordpress . ,(or (and (alist-ref 'wordpress (current-params)) "8.4") #f))
(lldap . ,(or (and (alist-ref 'lldap (current-params)) "0.6.3") #f))
(authelia . ,(or (and (alist-ref 'authelia (current-params)) "4") #f))
(instance-control . "b0.0.1")
(log-viewer . "20"))))
(update-root-domain db
@@ -1194,6 +1199,20 @@ chmod -R 777 /opt/keys")))
(@ (title "Wordpress"))
(Field (@ (name "wordpress-subdomain") (label ("Subdomain")) (value ,(alist-ref 'subdomain (alist-ref 'wordpress app-config eq? '()) eq? "wordpress"))))))
'())
,@(if (member 'lldap selected-apps)
`((Fieldset
(@ (title "LLDAP"))
(Field (@ (name "lldap-subdomain") (label ("Subdomain")) (value ,(alist-ref 'subdomain (alist-ref 'lldap app-config eq? '()) eq? "lldap"))))
(Field (@ (name "lldap-user-email") (label ("Admin Email Address")) (type "email")
(value ,(alist-ref 'user-email (alist-ref 'lldap app-config eq? '()) eq? ""))))
(Field (@ (name "lldap-admin-password") (label ("Admin Password")) (type "password")
(value ,(alist-ref 'admin-password (alist-ref 'lldap app-config eq? '()) eq? ""))))))
'())
,@(if (member 'authelia selected-apps)
`((Fieldset
(@ (title "Authelia"))
(Field (@ (name "authelia-subdomain") (label ("Subdomain")) (value ,(alist-ref 'subdomain (alist-ref 'authelia app-config eq? '()) eq? "authelia"))))))
'())
(Fieldset
(@ (title "Log Viewer"))
(Field (@ (name "log-viewer-subdomain") (label ("Subdomain"))
@@ -1202,7 +1221,7 @@ chmod -R 777 /opt/keys")))
(value ,(alist-ref 'user (alist-ref 'log-viewer app-config eq? '()) eq? ""))))
(Field (@ (name "log-viewer-password") (label ("Password")) (type "password")
(value ,(alist-ref 'password (alist-ref 'log-viewer app-config eq? '()) eq? "")))))
,@(if (or (member 'nextcloud selected-apps) (member 'ghost selected-apps) (member 'nassella selected-apps))
,@(if (or (member 'nextcloud selected-apps) (member 'ghost selected-apps) (member 'nassella selected-apps) (member 'authelia selected-apps))
`((Fieldset
(@ (title "All Apps - Email - SMTP"))
(Field (@ (name "smtp-host") (label ("Host"))
@@ -1276,6 +1295,31 @@ chmod -R 777 /opt/keys")))
(db-root-password . ,(or (alist-ref 'db-root-password
(alist-ref 'wordpress config eq? '()))
(generate-postgres-password)))))
(lldap . ((subdomain . ,(alist-ref 'lldap-subdomain (current-params)))
(db-password . ,(or (alist-ref 'db-password
(alist-ref 'lldap config eq? '()))
(generate-postgres-password)))
(jwt-secret . ,(or (alist-ref 'jwt-secret
(alist-ref 'lldap config eq? '()))
(generate-jwt-secret)))
(key-seed . ,(or (alist-ref 'key-seed
(alist-ref 'lldap config eq? '()))
(generate-key-seed)))
(admin-password . ,(alist-ref 'lldap-admin-password (current-params)))
(user-email . ,(alist-ref 'lldap-user-email (current-params)))))
(authelia . ((subdomain . ,(alist-ref 'authelia-subdomain (current-params)))
(db-password . ,(or (alist-ref 'db-password
(alist-ref 'authelia config eq? '()))
(generate-postgres-password)))
(jwt-secret . ,(or (alist-ref 'jwt-secret
(alist-ref 'authelia config eq? '()))
(generate-jwt-secret)))
(session-secret . ,(or (alist-ref 'session-secret
(alist-ref 'authelia config eq? '()))
(generate-authelia-key-seed)))
(encryption-key . ,(or (alist-ref 'encryption-key
(alist-ref 'authelia config eq? '()))
(generate-authelia-key-seed)))))
(log-viewer . ((subdomain . ,(alist-ref 'log-viewer-subdomain (current-params)))
(user . ,(alist-ref 'log-viewer-user (current-params)))
(password . ,(alist-ref 'log-viewer-password (current-params)))))
@@ -1406,7 +1450,6 @@ chmod -R 777 /opt/keys")))
(VStack
(Form-Nav (@ (back-to ,(conc "/config/wizard/machine2/" instance-id)) (submit-button "Launch")))))))))
;; TODO should this perform a backup and then run the systemctl stop app command first?
(post "/config/wizard/review-submit/:id"
(let* ((instance-id (alist-ref "id" (current-params) equal?))
(status (string->symbol
@@ -1479,6 +1522,19 @@ chmod -R 777 /opt/keys")))
("NASSELLA_AUTHELIA_KEY_SEED" . ,(alist-ref 'authelia-key-seed (alist-ref 'nassella config)))
("WORDPRESS_DB_PASSWORD" . ,(alist-ref 'db-password (alist-ref 'wordpress config)))
("WORDPRESS_DB_ROOT_PASSWORD" . ,(alist-ref 'db-root-password (alist-ref 'wordpress config)))
("LLDAP_POSTGRES_DB" . "lldap")
("LLDAP_POSTGRES_USER" . "lldap")
("LLDAP_POSTGRES_PASSWORD" . ,(alist-ref 'db-password (alist-ref 'lldap config)))
("LLDAP_JWT_SECRET" . ,(alist-ref 'jwt-secret (alist-ref 'lldap config)))
("LLDAP_KEY_SEED" . ,(alist-ref 'key-seed (alist-ref 'lldap config)))
("LLDAP_ADMIN_PASSWORD" . ,(alist-ref 'admin-password (alist-ref 'lldap config)))
("LLDAP_USER_EMAIL" . ,(alist-ref 'user-email (alist-ref 'lldap config)))
("AUTHELIA_POSTGRES_DB" . "authelia")
("AUTHELIA_POSTGRES_USER" . "authelia")
("AUTHELIA_POSTGRES_PASSWORD" . ,(alist-ref 'db-password (alist-ref 'authelia config)))
("AUTHELIA_JWT_SECRET" . ,(alist-ref 'jwt-secret (alist-ref 'authelia config)))
("AUTHELIA_SESSION_SECRET" . ,(alist-ref 'session-secret (alist-ref 'authelia config)))
("AUTHELIA_ENCRYPTION_KEY" . ,(alist-ref 'encryption-key (alist-ref 'authelia config)))
("SMTP_HOST" . ,(alist-ref 'smtp-host (alist-ref 'all-apps config)))
("SMTP_PORT" . ,(alist-ref 'smtp-port (alist-ref 'all-apps config)))
("SMTP_AUTH_USER" . ,(alist-ref 'smtp-auth-user (alist-ref 'all-apps config)))
@@ -1518,6 +1574,7 @@ chmod -R 777 /opt/keys")))
(with-db/transaction
(lambda (db)
(update-deployment-progress db deployment-id '((instance-backup . in-progress)))))
;; ;; TODO does this handle new deployments? We should not do a back up if this is new!
;; (handle-exceptions
;; exn
;; (with-db/transaction