From 894d8a91b2b337347f8fc62c09f08657ccc049fe Mon Sep 17 00:00:00 2001
From: jabertwo <git@jabertwo.de>
Date: Wed, 26 Mar 2025 18:59:03 +0100
Subject: [PATCH] hackmd uffd

---
 webserver/docker_hackmd/tasks/main.yml         |  2 +-
 .../docker_hackmd/templates/docker-compose.yml | 18 ++++++++++--------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml
index f67c1426..75ffba40 100644
--- a/webserver/docker_hackmd/tasks/main.yml
+++ b/webserver/docker_hackmd/tasks/main.yml
@@ -5,7 +5,7 @@
    - { path: /srv/hackmd/mysql_root_pass,  length: 24 }
    - { path: /srv/hackmd/mysql_user_pass,  length: 12 }
    - { path: /srv/hackmd/hackmd_session_secret,  length: 32 }
-   - { path: /srv/ldap/secret/ldap_readonly_pass,  length: -1 }
+   - { path: /srv/hackmd/oauth_client_secret,  length: 32 }
 
 
 - name: create folder struct for hackmd
diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml
index 95eebbc5..3eb21555 100644
--- a/webserver/docker_hackmd/templates/docker-compose.yml
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
@@ -15,15 +15,17 @@ services:
       CMD_ALLOW_ANONYMOUS_EDITS: "true"
       CMD_DEFAULT_PERMISSION: "freely"
       CMD_ALLOW_FREEURL: "true"
-      CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
-      CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
-      CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
-      CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
-      CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
-      CMD_LDAP_SEARCHATTRIBUTES: "uid"
-      CMD_LDAP_USERIDFIELD: "uid"
-      CMD_LDAP_USERNAMEFIELD: "uid"
       CMD_EMAIL: "false"
+      CMD_OAUTH2_USER_PROFILE_URL: "{{ oauth_global.userinfo_url }}"
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
+      CMD_OAUTH2_TOKEN_URL: "{{ oauth_global.token_url }}"
+      CMD_OAUTH2_AUTHORIZATION_URL: "{{ oauth_global.authorize_url }}"
+      CMD_OAUTH2_CLIENT_ID: "hackmd"
+      CMD_OAUTH2_CLIENT_SECRET: "{{ oauth_client_secret }}"
+      CMD_OAUTH2_PROVIDERNAME: "Login with uffd"
+      CMD_OAUTH2_SCOPE: "openid email profile"
     labels:
       - traefik.enable=true
       - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
-- 
GitLab