Cian-H/iform-invenio
1
0
Fork 0
mirror of https://github.com/Cian-H/iform-invenio.git synced 2025-12-22 20:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reorganized env and attempted to add SAML

Browse Source
This commit is contained in:
Cian Hughes
2025-06-03 11:27:38 +01:00
parent 016a313cf6
commit e77605d314
7 changed files with 224 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

237
docker-compose.yaml
View File

@@ -11,7 +11,7 @@ services:
- "8443:443"
volumes:
- caddy_data:/data
- ./caddy/${INVENIO_ENV}:/etc/caddy
- ./caddy/${COMPOSE_PROFILES}:/etc/caddy
- site_data:/var/www:ro
restart: unless-stopped
labels:
@@ -24,91 +24,57 @@ services:
volumes:
- uploaded_data:/opt/invenio/var/instance/data
- archived_data:/opt/invenio/var/instance/archive
- ./invenio_assets:/opt/invenio/var/instance/static/custom_assets # Add static assets for theming
- ./invenio.cfg:/opt/invenio/var/instance/invenio.cfg # Override the config with our custom one
- site_data:/opt/invenio/var/instance/
# - ./invenio_assets:/opt/invenio/var/instance/static/custom_assets # Add static assets for theming
# - ./invenio.cfg:/opt/invenio/var/instance/invenio.cfg # Override the config with our custom one
environment:
# Flask
- INVENIO_APP_ALLOWED_HOSTS=${INVENIO_APP_ALLOWED_HOSTS:-['0.0.0.0', 'localhost', '127.0.0.1']}
# Flask-SQLAlchemy
- INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER:-inveniordm}:${POSTGRES_PASSWORD:-inveniordm}@db/${POSTGRES_DB:-inveniordm}
# Flask-Babel
- INVENIO_BABEL_DEFAULT_LOCALE=${INVENIO_BABEL_DEFAULT_LOCALE:-en}
- INVENIO_BABEL_DEFAULT_TIMEZONE=${INVENIO_BABEL_DEFAULT_TIMEZONE:-UTC}
# Invenio-App
- INVENIO_CACHE_TYPE=${INVENIO_CACHE_TYPE:-redis}
- INVENIO_CACHE_REDIS_URL=${INVENIO_CACHE_REDIS_URL:-redis://cache:6379/0}
- INVENIO_ACCOUNTS_SESSION_REDIS_URL=${INVENIO_ACCOUNTS_SESSION_REDIS_URL:-redis://cache:6379/1}
- INVENIO_CELERY_RESULT_BACKEND=${INVENIO_CELERY_RESULT_BACKEND:-redis://cache:6379/2}
- INVENIO_RATELIMIT_STORAGE_URL=${INVENIO_RATELIMIT_STORAGE_URL:-redis://cache:6379/3}
- INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL=${INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL:-redis://cache:6379/4}
- INVENIO_BROKER_URL=${INVENIO_BROKER_URL:-redis://cache:6379/5}
- INVENIO_CELERY_BROKER_URL=${INVENIO_BROKER_URL:-redis://cache:6379/5}
- INVENIO_WSGI_PROXIES=4
- INVENIO_SECRET_KEY=${INVENIO_SECRET_KEY:-changeme}
# Invenio-I18N
# TODO: fix tuple parsing
# - INVENIO_I18N_LANGUAGES=${INVENIO_I18N_LANGUAGES:-'[("de", _("German"))]'}
# Invenio-Theme
- INVENIO_THEME_LOGO=${INVENIO_THEME_LOGO:-images/invenio-rdm-white.svg}
- INVENIO_THEME_SITENAME=${INVENIO_THEME_SITENAME:-InvenioRDM Starter}
- INVENIO_THEME_FRONTPAGE_TITLE=${INVENIO_THEME_FRONTPAGE_TITLE:-InvenioRDM Starter}
- INVENIO_THEME_FRONTPAGE_SUBTITLE=${INVENIO_THEME_FRONTPAGE_SUBTITLE:-A starter project for the turn-key research data management repository.}
- INVENIO_THEME_SHOW_FRONTPAGE_INTRO_SECTION=False
# Invenio-Records-Resources
- INVENIO_SITE_UI_URL=${INVENIO_SITE_UI_URL:-https://localhost}
- INVENIO_SITE_API_URL=${INVENIO_SITE_API_URL:-https://localhost/api}
# Invenio-RDM-Records
- INVENIO_DATACITE_ENABLED=${INVENIO_DATACITE_ENABLED:-False}
- INVENIO_DATACITE_USERNAME=${INVENIO_DATACITE_USERNAME:-}
- INVENIO_DATACITE_PASSWORD=${INVENIO_DATACITE_PASSWORD:-}
- INVENIO_DATACITE_PREFIX=${INVENIO_DATACITE_PREFIX:-}
- INVENIO_DATACITE_TEST_MODE=${INVENIO_DATACITE_TEST_MODE:-True}
- INVENIO_DATACITE_DATACENTER_SYMBOL=${INVENIO_DATACITE_DATACENTER_SYMBOL:-}
- INVENIO_RDM_ALLOW_METADATA_ONLY_RECORDS=${INVENIO_RDM_ALLOW_METADATA_ONLY_RECORDS:-True}
- INVENIO_RDM_ALLOW_RESTRICTED_RECORDS=${INVENIO_RDM_ALLOW_RESTRICTED_RECORDS:-True}
- INVENIO_RDM_ALLOW_EXTERNAL_DOI_VERSIONING=${INVENIO_RDM_ALLOW_EXTERNAL_DOI_VERSIONING:-True}
- INVENIO_RDM_CITATION_STYLES_DEFAULT=${INVENIO_RDM_CITATION_STYLES_DEFAULT:-apa}
- INVENIO_SECURITY_EMAIL_SENDER=${INVENIO_SECURITY_EMAIL_SENDER:-}
# TODO: fix tuple parsing
# - INVENIO_RDM_CITATION_STYLES=${INVENIO_RDM_CITATION_STYLES:-"[('apa', 'APA'), ('chicago-note-bibliography', 'Chicago'), ('harvard-cite-them-right', 'Harvard')]"}
# Invenio-Accounts
- INVENIO_ACCOUNTS_LOCAL_LOGIN_ENABLED=${INVENIO_ACCOUNTS_LOCAL_LOGIN_ENABLED:-True}
- INVENIO_GITHUB_APP_CREDENTIALS=${INVENIO_GITHUB_APP_CREDENTIALS:-}
# OAI-PMH
- INVENIO_OAISERVER_ID_PREFIX=${OAISERVER_ID_PREFIX:-invenio-rdm}
# Invenio-Files-REST
- INVENIO_FILES_REST_STORAGE_FACTORY=invenio_s3.s3fs_storage_factory
# Invenio-S3
- INVENIO_S3_ENDPOINT_URL=${INVENIO_S3_ENDPOINT_URL:-}
- INVENIO_S3_ACCESS_KEY_ID=${INVENIO_S3_ACCESS_KEY_ID:-}
- INVENIO_S3_SECRET_ACCESS_KEY=${INVENIO_S3_SECRET_ACCESS_KEY:-}
- INVENIO_S3_BUCKET_NAME=${INVENIO_S3_BUCKET_NAME:-}
# Invenio-Search
- INVENIO_SEARCH_HOSTS=${INVENIO_SEARCH_HOSTS:-['search:9200']}
- INVENIO_SEARCH_INDEX_PREFIX=${INVENIO_SEARCH_INDEX_PREFIX:-invenio-rdm-}
# Logging
- INVENIO_LOGGING_CONSOLE_LEVEL=${INVENIO_LOGGING_CONSOLE_LEVEL:-WARNING}
# Custom invenio settings
- INVENIO_SECURITY_REGISTERABLE=False # Disable manual user registration
- INVENIO_MAIL_SUPPRESS_SEND=False # Allow server to send emails
- INVENIO_RDM_DEFAULT_CITATION_STYLE = "vancouver"
- INVENIO_THEME_LOGO
- INVENIO_THEME_FRONTPAGE_TITLE
- INVENIO_THEME_SITENAME
- INVENIO_THEME_FRONTPAGE_SUBTITLE
- INVENIO_THEME_SHOW_FRONTPAGE_INTRO_SECTION
- INVENIO_SECURITY_REGISTERABLE
- INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}
- INVENIO_CACHE_TYPE
- INVENIO_CACHE_REDIS_URL
- INVENIO_ACCOUNTS_SESSION_REDIS_URL
- INVENIO_CELERY_RESULT_BACKEND
- INVENIO_RATELIMIT_STORAGE_URL
- INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL
- INVENIO_BROKER_URL
- INVENIO_CELERY_BROKER_URL
- INVENIO_WSGI_PROXIES
- INVENIO_SITE_UI_URL
- INVENIO_SITE_API_URL
- INVENIO_DATACITE_ENABLED
- INVENIO_DATACITE_USERNAME
- INVENIO_DATACITE_PASSWORD
- INVENIO_DATACITE_PREFIX
- INVENIO_DATACITE_TEST_MODE
- INVENIO_DATACITE_DATACENTER_SYMBOL
- INVENIO_RDM_ALLOW_METADATA_ONLY_RECORDS
- INVENIO_RDM_ALLOW_RESTRICTED_RECORDS
- INVENIO_RDM_ALLOW_EXTERNAL_DOI_VERSIONING
- INVENIO_RDM_CITATION_STYLES_DEFAULT
- INVENIO_RDM_DEFAULT_CITATION_STYLE
- INVENIO_MAIL_SUPPRESS_SEND
- INVENIO_SECURITY_EMAIL_SENDER
- INVENIO_ACCOUNTS_LOCAL_LOGIN_ENABLED
- INVENIO_GITHUB_APP_CREDENTIALS
- INVENIO_OAISERVER_ID_PREFIX
- INVENIO_FILES_REST_STORAGE_FACTORY
- INVENIO_S3_ENDPOINT_URL
- INVENIO_S3_ACCESS_KEY_ID
- INVENIO_S3_SECRET_ACCESS_KEY
- INVENIO_S3_BUCKET_NAME
- INVENIO_SEARCH_HOSTS
- INVENIO_SEARCH_INDEX_PREFIX
- INVENIO_LOGGING_CONSOLE_LEVEL
- INVENIO_APP_ALLOWED_HOSTS
- INVENIO_ENV=${COMPOSE_PROFILES}
- FLASK_ENV=${COMPOSE_PROFILES}
- NODE_ENV=${COMPOSE_PROFILES}
- FLASK_DEBUG
depends_on:
search:
condition: service_started
@@ -118,42 +84,41 @@ services:
condition: service_started
worker:
command: "celery -A invenio_app.celery worker --beat --events --loglevel=WARNING"
# command: "sh"
build:
context: .
networks:
- invenio-network
image: ghcr.io/front-matter/invenio-rdm-starter:latest
volumes:
- uploaded_data:/opt/invenio/var/instance/data
environment:
- INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER:-inveniordm}:${POSTGRES_PASSWORD:-inveniordm}@db/${POSTGRES_DB:-inveniordm}
- INVENIO_SEARCH_HOSTS=${INVENIO_SEARCH_HOSTS:-['search:9200']}
- INVENIO_SEARCH_INDEX_PREFIX=${INVENIO_SEARCH_INDEX_PREFIX:-invenio-rdm-}
- INVENIO_CACHE_TYPE=${INVENIO_CACHE_TYPE:-redis}
- INVENIO_CACHE_REDIS_URL=${INVENIO_CACHE_REDIS_URL:-redis://cache:6379/0}
- INVENIO_ACCOUNTS_SESSION_REDIS_URL=${INVENIO_ACCOUNTS_SESSION_REDIS_URL:-redis://cache:6379/1}
- INVENIO_CELERY_RESULT_BACKEND=${INVENIO_CELERY_RESULT_BACKEND:-redis://cache:6379/2}
- INVENIO_RATELIMIT_STORAGE_URL=${INVENIO_RATELIMIT_STORAGE_URL:-redis://cache:6379/3}
- INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL=${INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL:-redis://cache:6379/4}
- INVENIO_BROKER_URL=${INVENIO_BROKER_URL:-redis://cache:6379/5}
- INVENIO_CELERY_BROKER_URL=${INVENIO_BROKER_URL:-redis://cache:6379/5}
- INVENIO_MAIL_SUPPRESS_SEND=${INVENIO_MAIL_SUPPRESS_SEND:-True}
- INVENIO_MAIL_SERVER=${INVENIO_MAIL_SERVER:-smtp.gmail.com}
- INVENIO_MAIL_PORT=${INVENIO_MAIL_PORT:-465}
- INVENIO_MAIL_USERNAME=${INVENIO_MAIL_USERNAME:-info}
- INVENIO_MAIL_PASSWORD=${INVENIO_MAIL_PASSWORD:-changeme}
- INVENIO_MAIL_USE_SSL=${INVENIO_MAIL_USE_SSL:-True}
# Invenio-Files-REST
- INVENIO_FILES_REST_STORAGE_FACTORY=${INVENIO_FILES_REST_STORAGE_FACTORY:-invenio_s3.s3fs_storage_factory}
# Invenio-S3
- INVENIO_S3_ENDPOINT_URL=${INVENIO_S3_ENDPOINT_URL:-}
- INVENIO_S3_ACCESS_KEY_ID=${INVENIO_S3_ACCESS_KEY_ID:-}
- INVENIO_S3_SECRET_ACCESS_KEY=${INVENIO_S3_SECRET_ACCESS_KEY:-}
- INVENIO_S3_BUCKET_NAME=${INVENIO_S3_BUCKET_NAME:-}
- INVENIO_MAIL_SUPPRESS_SEND=true
# Passthrough of shared env variables
- INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB:-inveniordm}
- INVENIO_SEARCH_HOSTS
- INVENIO_SEARCH_INDEX_PREFIX
- INVENIO_CACHE_TYPE
- INVENIO_CACHE_REDIS_URL
- INVENIO_ACCOUNTS_SESSION_REDIS_URL
- INVENIO_CELERY_RESULT_BACKEND
- INVENIO_RATELIMIT_STORAGE_URL
- INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL
- INVENIO_BROKER_URL
- INVENIO_CELERY_BROKER_URL
- INVENIO_MAIL_SERVER
- INVENIO_MAIL_PORT
- INVENIO_MAIL_USERNAME
- INVENIO_MAIL_PASSWORD
- INVENIO_MAIL_USE_SSL
- INVENIO_FILES_REST_STORAGE_FACTORY
- INVENIO_S3_ENDPOINT_URL
- INVENIO_S3_ACCESS_KEY_ID
- INVENIO_S3_SECRET_ACCESS_KEY
- INVENIO_S3_BUCKET_NAME
- INVENIO_ENV=${COMPOSE_PROFILES}
- FLASK_ENV=${COMPOSE_PROFILES}
- NODE_ENV=${COMPOSE_PROFILES}
- FLASK_DEBUG
depends_on:
search:
condition: service_started
@@ -176,9 +141,9 @@ services:
- invenio-network
restart: "unless-stopped"
environment:
- POSTGRES_USER=${POSTGRES_USER:-inveniordm}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-inveniordm}
- POSTGRES_DB=${POSTGRES_DB:-inveniordm}
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
volumes:
- "postgres_data:/var/lib/postgresql/data"
ports:
@@ -189,6 +154,7 @@ services:
- invenio-network
restart: "unless-stopped"
environment:
- OPENSEARCH_INITIAL_ADMIN_PASSWORD
- bootstrap.memory_lock=true
- OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m
- DISABLE_INSTALL_DEMO_CONFIG=true
@@ -208,6 +174,42 @@ services:
- "9200:9200"
- "9600:9600"
# Test SAML for development
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:latest
profiles:
- development
ports:
- "4180:4180"
environment:
- OAUTH2_PROXY_PROVIDER=oidc
- OAUTH2_PROXY_OIDC_ISSUER_URL=http://saml-idp:8080/simplesaml/saml2/idp
- OAUTH2_PROXY_CLIENT_ID=your-client-id
- OAUTH2_PROXY_CLIENT_SECRET=your-client-secret
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET}
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_UPSTREAM=http://caddy:80
- OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
- OAUTH2_PROXY_REDIRECT_URL=http://localhost:4180/oauth2/callback
depends_on:
- saml-idp
- caddy
networks:
- invenio-network
saml-idp:
image: kristophjunge/test-saml-idp:latest
profiles:
- development
ports:
- "8080:8080"
environment:
- SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:4180
- SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:4180/oauth2/callback
volumes:
- ./saml/authsources.php:/var/www/simplesamlphp/config/authsources.php:ro
networks:
- invenio-network
networks:
invenio-network:
@@ -215,6 +217,7 @@ volumes:
app_data:
uploaded_data:
archived_data:
site_data:
postgres_data:
opensearch_data:
valkey_data: