autonomic-bot
f283a371bb
Sanitized single-commit public mirror of recipe-maintainer. - Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders. - Removed plans/ and planned-updates/ (deployment-planning docs) so no client/ deployment domains appear in the public repo. - All other secret stores were already gitignored. - docs.coopcloud.tech retained as a submodule (public upstream).
1.7 KiB
1.7 KiB
CryptPad — First-Time Setup
Prerequisites
- DNS:
cryptpad.<domain_suffix>must resolve to the server - DNS:
sandbox.cryptpad.<domain_suffix>must resolve to the server (sandbox iframe domain) - Authentik must be deployed and running (dependency)
Steps
-
Create the app:
abra app new cryptpad --server <SERVER> --domain cryptpad.<DOMAIN_SUFFIX> --no-input -
Generate secrets:
abra app secret generate cryptpad.<DOMAIN_SUFFIX> --all -m --no-inputSave output to
recipe-info/testsecrets/cryptpad.<DOMAIN_SUFFIX>. -
Configure SSO compose file: Edit the env file at
~/.abra/servers/<SERVER>/cryptpad.<DOMAIN_SUFFIX>.envand set:COMPOSE_FILE=compose.yml:compose.sso.ymlThis enables the SSO overlay that adds OIDC support.
-
Deploy:
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-input -
Authentik SSO integration:
python3 recipe-info/cryptpad/setup_authentik_integration.pyThis creates an OAuth2 provider and application in Authentik, creates a test user, inserts the client secret, and updates CryptPad's env file with SSO settings.
-
Redeploy with SSO settings:
abra app deploy cryptpad.<DOMAIN_SUFFIX> --chaos --force --no-inputWait ~2 minutes for the SSO plugin to install and CryptPad to rebuild.
-
Verify: curl
https://cryptpad.<DOMAIN_SUFFIX>returns HTTP 200.
Notes
- Credentials are saved to
recipe-info/cryptpad/authentik-test-credentials.<DOMAIN_SUFFIX>.toml. - OIDC test user:
testuser/testpass123. - The SSO plugin takes a couple of minutes to install on first deploy.