recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit)
Sanitized single-commit public mirror of recipe-maintainer. - Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders. - Removed plans/ and planned-updates/ (deployment-planning docs) so no client/ deployment domains appear in the public repo. - All other secret stores were already gitignored. - docs.coopcloud.tech retained as a submodule (public upstream).
This commit is contained in:
52
recipe-info/cryptpad/setup.md
Normal file
52
recipe-info/cryptpad/setup.md
Normal file
@ -0,0 +1,52 @@
|
||||
# CryptPad — First-Time Setup
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- DNS: `cryptpad.<domain_suffix>` must resolve to the server
|
||||
- DNS: `sandbox.cryptpad.<domain_suffix>` must resolve to the server (sandbox iframe domain)
|
||||
- **Authentik** must be deployed and running (dependency)
|
||||
|
||||
## Steps
|
||||
|
||||
1. **Create the app:**
|
||||
```bash
|
||||
abra app new cryptpad --server <SERVER> --domain cryptpad.<DOMAIN_SUFFIX> --no-input
|
||||
```
|
||||
|
||||
2. **Generate secrets:**
|
||||
```bash
|
||||
abra app secret generate cryptpad.<DOMAIN_SUFFIX> --all -m --no-input
|
||||
```
|
||||
Save output to `recipe-info/testsecrets/cryptpad.<DOMAIN_SUFFIX>`.
|
||||
|
||||
3. **Configure SSO compose file:**
|
||||
Edit the env file at `~/.abra/servers/<SERVER>/cryptpad.<DOMAIN_SUFFIX>.env` and set:
|
||||
```
|
||||
COMPOSE_FILE=compose.yml:compose.sso.yml
|
||||
```
|
||||
This enables the SSO overlay that adds OIDC support.
|
||||
|
||||
4. **Deploy:**
|
||||
```bash
|
||||
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input
|
||||
```
|
||||
|
||||
5. **Authentik SSO integration:**
|
||||
```bash
|
||||
python3 recipe-info/cryptpad/setup_authentik_integration.py
|
||||
```
|
||||
This creates an OAuth2 provider and application in Authentik, creates a test user, inserts the client secret, and updates CryptPad's env file with SSO settings.
|
||||
|
||||
6. **Redeploy with SSO settings:**
|
||||
```bash
|
||||
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input
|
||||
```
|
||||
Wait ~2 minutes for the SSO plugin to install and CryptPad to rebuild.
|
||||
|
||||
7. **Verify:** curl `https://cryptpad.<DOMAIN_SUFFIX>` returns HTTP 200.
|
||||
|
||||
## Notes
|
||||
|
||||
- Credentials are saved to `recipe-info/cryptpad/authentik-test-credentials.<DOMAIN_SUFFIX>.toml`.
|
||||
- OIDC test user: `testuser` / `testpass123`.
|
||||
- The SSO plugin takes a couple of minutes to install on first deploy.
|
||||
Reference in New Issue
Block a user