From a77ba54fc30395dcc5074a820036538a70923a71 Mon Sep 17 00:00:00 2001
From: Daniel Meiburg <key@dmeiburg.de>
Date: Wed, 17 Apr 2024 19:09:03 +0200
Subject: [PATCH] grist: enable, configure oidc

---
 forgejo/docker-compose.yml |   2 +-
 grist/.env.gpg             | Bin 324 -> 493 bytes
 grist/docker-compose.yml   |  10 +++-------
 grist/enabled              |   0
 4 files changed, 4 insertions(+), 8 deletions(-)
 create mode 100644 grist/enabled

diff --git a/forgejo/docker-compose.yml b/forgejo/docker-compose.yml
index 77ff745..86106f3 100644
--- a/forgejo/docker-compose.yml
+++ b/forgejo/docker-compose.yml
@@ -6,7 +6,7 @@ volumes:
 
 services:
   server:
-    image: codeberg.org/forgejo/forgejo
+    image: codeberg.org/forgejo/forgejo:1.21
     restart: always
     volumes:
       - server:/data
diff --git a/grist/.env.gpg b/grist/.env.gpg
index bd0e07acab97a6cef8f37c8c1e3472d57adcf7a9..79d641ed48917a5fe681cead59f8616b4cade452 100644
GIT binary patch
literal 493
zcmV<J0TTX%UIW7aH>CT($_^3%2SC$3YW~>!Z$x4P)A*ESjW%1;(sH6On;p7yAM@!$
zun{oY1;NQye4lI(mFo#dn~Y8S5}thfp%VS#@cU`PP(?6?Nj`w04y;N?=xM>5dWXP-
zUIYCdD&1HRGa?cJ2SCha<hALez}%TylOf*0aXq0N<~H2*bye62Yv@~r>SQn}08OBz
zm?{NNz}afIRUd6Rkn#>>$xw-qgw<?evbCz=Y~6Vzl5kM;IKDSk=-pn@z-j@a06m2m
z9Ql@ECgG!)*edg`5-U`E;SAdAYOD)<u`)@7@*Pt|;{yk59t=rG4PDeDTajP?sBFa<
z?Gp#a>F#dFa6WRyDJX`W@_JS<A(!&-w7e>5dn@Wq8JM>{WJc;s5e`zSKx4v!OxH03
z3ZhdcOZU24L4c|nZ$th#-7MyOy)_U7-Ub^)d1s(g1Z4czGu$m#h`@w=$Y+BRfz?18
zT!UXp?FHHyHUuvO@-)bZuW9bV$Z;r3DP^PMRw0XHqvte_h>55AVny?6mnAUfB`H(@
zD(IelvHos%NpzRWfl+M!VwU>Y11<QzKmrB*Rt@jCqa=vgK&`6rBrE00bBokhWQM7!
jW$Sc@1ngR>>J~0O(GRM=v)*@+quCT{t2BIo`a(v=o;&VG

literal 324
zcmV-K0lWT$UIW7aH>CT($_^3%2SDa3-90Lq24jky2Ip8M(k>%Le8?|Pr=w7}?!R`_
z>s>H<a_R0CSCG1ae+~#VMl|5!z~LJwbTE|Z%LkacA!;HqQsYJ%&dm|2Rkxo(Csm__
zUIYCdD&1HRGa?cJ2S8n`H4%W4rglZiY*wSSsFHr*22jzp?7~!0IwJ_1nMg2N6UbMu
z%?!5&DV(kPcup_BppZgO*U)^n?Go!awhOZ>@=L<r9;nI3CkoRDN(+C|f&t;JFkewn
zGEI|KG7JBh8J(rx6s`V5Nd6BAan+hXyGw(~Pj)GGG~E(e(i3n`{gDEZz5J-o2^&3U
z#Bf(9?ZHBw5Z3y}EvRGd8Byt>V0RZ&qu%Zk<yS2_g2)|P(U-1&y1#5o08m21F}&oq
W;rb4!Chn@7d#FFh{ySe;>IFOgdzc>p

diff --git a/grist/docker-compose.yml b/grist/docker-compose.yml
index 4216627..bf67f2b 100644
--- a/grist/docker-compose.yml
+++ b/grist/docker-compose.yml
@@ -14,14 +14,10 @@ services:
       APP_HOME_URL: https://grist.dmeiburg.de
       GRIST_SESSION_SECRET: ${SECRET}
       GRIST_SANDBOX_FLAVOR: gvisor
-      GRIST_SAML_IDP_UNENCRYPTED: 1
-      GRIST_SAML_SP_HOST: https://grist.dmeiburg.de
-      GRIST_SAML_IDP_LOGIN: https://sso.dmeiburg.de/application/saml/grist/sso/binding/redirect/
-      GRIST_SAML_IDP_LOGOUT: https://sso.dmeiburg.de/if/session-end/grist/
-      GRIST_SAML_IDP_CERTS: /certs/authentik.pem
-      GRIST_SAML_SP_KEY: /certs/grist_private_key.pem
-      GRIST_SAML_SP_CERT: /certs/grist_certificate.pem
       GRIST_FORCE_LOGIN: true
+      GRIST_OIDC_IDP_ISSUER: https://sso.dmeiburg.de/application/o/grist/.well-known/openid-configuration
+      GRIST_OIDC_IDP_CLIENT_ID: ${OIDC_ID}
+      GRIST_OIDC_IDP_CLIENT_SECRET: ${OIDC_SECRET}
     expose: 
         - 8484
 networks:
diff --git a/grist/enabled b/grist/enabled
new file mode 100644
index 0000000..e69de29