diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 178ae1513..07ba451a3 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1 +1 @@ -github: [BeryJu] +custom: ["https://www.paypal.me/octocat"] diff --git a/.github/screen_admin.png b/.github/screen_admin.png new file mode 100644 index 000000000..dd9a39f2e Binary files /dev/null and b/.github/screen_admin.png differ diff --git a/.github/screen_apps.png b/.github/screen_apps.png new file mode 100644 index 000000000..9cfcac631 Binary files /dev/null and b/.github/screen_apps.png differ diff --git a/README.md b/README.md index fb814af3c..5557ebc1b 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,86 @@ ![](https://img.shields.io/docker/v/beryju/passbook?sort=semver&style=flat-square) ![](https://img.shields.io/codecov/c/gh/beryju/passbook?style=flat-square) -## Quick instance +## What is passbook? + +passbook is an open-source Identity Provider. It is focused on flexibility. You can use passbook in an existing environment to add support for new protocols. passbook is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it. + +## Installation + +For small/test setups it is recommended to use docker-compose. ``` +wget https://raw.githubusercontent.com/BeryJu/passbook/master/docker-compose.yml # Optionally enable Error-reporting # export PASSBOOK_ERROR_REPORTING=true +# Optionally deploy a different version +# export PASSBOOK_TAG=0.8.15-beta +# If this is a productive installation, set a different PostgreSQL Password +# export PG_PASS=$(pwgen 40 1) docker-compose pull docker-compose up -d docker-compose exec server ./manage.py migrate -docker-compose exec server ./manage.py createsuperuser ``` + +For bigger setups, there is a Helm Chart in the `helm/` directory. This is documented [here](https://beryju.github.io/passbook/installation/kubernetes/) + +## Screenshots + +![](.github/screen_apps.png) +![](.github/screen_admin.png) + +## Development + +To develop on passbook, you need a system with Python 3.7+ (3.8 is recommended). passbook uses [pipenv](https://pipenv.pypa.io/en/latest/) for managing dependencies. + +To get started, run + +``` +python3 -m pip install pipenv +git clone https://github.com/BeryJu/passbook.git +cd passbook +pipenv shell +pipenv sync -d +``` + +Since passbook uses PostgreSQL-specific fields, you also need a local PostgreSQL instance to develop. passbook also uses redis for caching and message queueing. +For these databases you can use [Postgres.app](https://postgresapp.com/) and [Redis.app](https://jpadilla.github.io/redisapp/) on macOS or use it via docker-comppose: + +```yaml +version: '3.7' + +services: + postgresql: + container_name: postgres + image: postgres:11 + volumes: + - db-data:/var/lib/postgresql/data + ports: + - 127.0.0.1:5432:5432 + restart: always + redis: + container_name: redis + image: redis + ports: + - 127.0.0.1:6379:6379 + restart: always + +volumes: + db-data: + driver: local +``` + +To tell passbook about these databases, create a file in the project root called `local.env.yml` with the following contents: + +```yaml +debug: true +postgresql: + user: postgres + +log_level: debug +error_reporting: false +``` + +## Security + +See [SECURITY.md](SECURITY.md) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..65451b5f5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +As passbook is currently in a pre-stable, only the latest "stable" version is supported. After passbook 1.0, this will change. + +| Version | Supported | +| -------- | ------------------ | +| 0.8.15 | :white_check_mark: | + +## Reporting a Vulnerability + +To report a vulnerability, send am email to [security@beryju.org](mailto:security@beryju.org) diff --git a/docker-compose.yml b/docker-compose.yml index e18059a4e..95abb6381 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,7 +21,7 @@ services: labels: - traefik.enable=false server: - image: beryju/passbook:${SERVER_TAG:-latest} + image: beryju/passbook:${PASSBOOK_TAG:-latest} command: - uwsgi - uwsgi.ini @@ -39,7 +39,7 @@ services: - traefik.docker.network=internal - traefik.frontend.rule=PathPrefix:/ worker: - image: beryju/passbook:${SERVER_TAG:-latest} + image: beryju/passbook:${PASSBOOK_TAG:-latest} command: - celery - worker diff --git a/docs/installation/kubernetes.md b/docs/installation/kubernetes.md index 959437b57..1209bea09 100644 --- a/docs/installation/kubernetes.md +++ b/docs/installation/kubernetes.md @@ -1,3 +1,61 @@ # Kubernetes For a mid to high-load Installation, Kubernetes is recommended. passbook is installed using a helm-chart. + +``` +# Default values for passbook. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +# passbook version to use. Defaults to latest stable version +# image: +# tag: + +nameOverride: "" + +config: + # Optionally specify fixed secret_key, otherwise generated automatically + # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o + # Enable error reporting + error_reporting: false + # Log level used by web and worker + # Can be either debug, info, warning, error + log_level: warning + +# This Helm chart ships with built-in Prometheus ServiceMonitors and Rules. +# This requires the CoreOS Prometheus Operator. +monitoring: + enabled: false + +# Enable Database Backups to S3 +# backup: +# access_key: access-key +# secret_key: secret-key +# bucket: s3-bucket +# host: s3-host + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - passbook.k8s.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - passbook.k8s.local + +# These settings configure the packaged PostgreSQL and Redis chart. +postgresql: + postgresqlDatabase: passbook + +redis: + cluster: + enabled: false + master: + persistence: + enabled: false + # https://stackoverflow.com/a/59189742 + disableCommands: [] +```