Automated update: 2026-06-08 14:35:08

2026-06-08 14:35:08 -05:00 · 2026-06-08 14:35:08 -05:00 · 49f76daaaa
commit 49f76daaaa
parent 3dcdd35c0d
18 changed files with 1074 additions and 6 deletions
--- a/apps/authentik/docker-compose.yml
+++ b/apps/authentik/docker-compose.yml
@ -27,6 +27,7 @@ services:
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
@ -35,6 +36,9 @@ services:
    depends_on:
      - postgresql
      - redis
+    networks:
+      - default
+      - kitestacks

  authentik-worker:
    image: ghcr.io/goauthentik/server:latest
@ -48,10 +52,18 @@ services:
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    depends_on:
      - postgresql
      - redis
+    networks:
+      - default
+      - kitestacks
+
+networks:
+  kitestacks:
+    external: true

--- a/apps/authentik/postgres/base/16384/17715
+++ b/apps/authentik/postgres/base/16384/17715
--- a/apps/authentik/postgres/base/16384/17720
+++ b/apps/authentik/postgres/base/16384/17720
--- a/apps/authentik/postgres/base/16384/17722
+++ b/apps/authentik/postgres/base/16384/17722
--- a/apps/authentik/postgres/base/16384/17733
+++ b/apps/authentik/postgres/base/16384/17733
--- a/apps/authentik/postgres/base/16384/17734
+++ b/apps/authentik/postgres/base/16384/17734
--- a/apps/authentik/postgres/base/16384/17735
+++ b/apps/authentik/postgres/base/16384/17735
--- a/apps/authentik/postgres/global/pg_control
+++ b/apps/authentik/postgres/global/pg_control
--- a/apps/authentik/postgres/pg_wal/000000010000000000000004
+++ b/apps/authentik/postgres/pg_wal/000000010000000000000004
--- a/apps/authentik/postgres/pg_xact/0000
+++ b/apps/authentik/postgres/pg_xact/0000
--- a/apps/bookstack/.env
+++ b/apps/bookstack/.env
@ -0,0 +1 @@
+BOOKSTACK_OIDC_SECRET=REPLACE_WITH_AUTHENTIK_CLIENT_SECRET
--- a/apps/bookstack/docker-compose.yml
+++ b/apps/bookstack/docker-compose.yml
@ -7,18 +7,30 @@ services:
      - PUID=1000
      - PGID=1000
      - TZ=America/Chicago
-      - APP_URL=http://192.168.1.205:6875
+      - APP_URL=https://books.kitestacks.com   # CHANGE: set to your actual BookStack subdomain
      - DB_HOST=bookstack-db
      - DB_PORT=3306
      - DB_USERNAME=bookstack
      - DB_PASSWORD=bookstackpassword
      - DB_DATABASE=bookstackapp
+      # Authentik OIDC — fill in BOOKSTACK_OIDC_SECRET in .env after creating the Authentik app
+      - AUTH_METHOD=oidc
+      - AUTH_AUTO_INITIATE=false
+      - OIDC_NAME=Authentik
+      - OIDC_DISPLAY_NAME_CLAIMS=name
+      - OIDC_CLIENT_ID=bookstack
+      - OIDC_CLIENT_SECRET=${BOOKSTACK_OIDC_SECRET}
+      - OIDC_ISSUER=https://auth.kitestacks.com/application/o/bookstack/
+      - OIDC_ISSUER_DISCOVER=true
    volumes:
      - ./bookstack:/config
    ports:
      - "6875:80"
    depends_on:
      - bookstack-db
+    networks:
+      - default
+      - kitestacks

  bookstack-db:
    image: mariadb:11
@ -31,3 +43,7 @@ services:
      - MYSQL_PASSWORD=bookstackpassword
    volumes:
      - ./db:/var/lib/mysql
+
+networks:
+  kitestacks:
+    external: true
--- a/apps/kavita/config/appsettings.json
+++ b/apps/kavita/config/appsettings.json
@ -6,10 +6,10 @@
  "Cache": 75,
  "AllowIFraming": false,
  "OpenIdConnectSettings": {
-    "Authority": "",
+    "Authority": "https://auth.kitestacks.com/application/o/kavita/",
    "ClientId": "kavita",
-    "Secret": "",
+    "Secret": "REPLACE_WITH_AUTHENTIK_CLIENT_SECRET",
    "CustomScopes": [],
-    "Enabled": false
+    "Enabled": true
  }
 }
--- a/apps/openproject/.env
+++ b/apps/openproject/.env
@ -0,0 +1 @@
+OPENPROJECT_OIDC_SECRET=REPLACE_WITH_AUTHENTIK_CLIENT_SECRET
--- a/apps/openproject/docker-compose.yml
+++ b/apps/openproject/docker-compose.yml
@ -10,12 +10,27 @@ services:
    environment:
      OPENPROJECT_SECRET_KEY_BASE: I-want-to-be-a-millionare-919!<3
      OPENPROJECT_HOST__NAME: tasks.kitestacks.com
-      OPENPROJECT_HTTPS: false
+      OPENPROJECT_HTTPS: "false"
+      # Authentik OIDC — fill OPENPROJECT_OIDC_SECRET in .env after creating the Authentik app
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_HOST: "auth.kitestacks.com"
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_IDENTIFIER: "openproject"
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_SECRET: "${OPENPROJECT_OIDC_SECRET}"
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_DISPLAY__NAME: "Authentik"
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_SCOPE: '["openid","email","profile"]'
+      OPENPROJECT_OPENID__CONNECT_PROVIDERS_AUTHENTIK_DISCOVERY__ENDPOINT: "https://auth.kitestacks.com/application/o/openproject/.well-known/openid-configuration"

    volumes:
      - openproject_pgdata:/var/openproject/pgdata
      - openproject_assets:/var/openproject/assets

+    networks:
+      - default
+      - kitestacks
+
 volumes:
  openproject_pgdata:
  openproject_assets:
+
+networks:
+  kitestacks:
+    external: true
				`@ -0,0 +1 @@`
				`BOOKSTACK_OIDC_SECRET=REPLACE_WITH_AUTHENTIK_CLIENT_SECRET`
				`@ -0,0 +1 @@`
				`OPENPROJECT_OIDC_SECRET=REPLACE_WITH_AUTHENTIK_CLIENT_SECRET`