diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e20c3d831e2afd93975d069cd3ee372962be6d02..667b080f924a124239809f996a9889f4e89538fe 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -41,6 +41,19 @@ login_provider:
- login_provider/**/*
- .gitlab-ci.yml
+# Build kratos image
+ stage: build
+ needs: []
+ variables:
+ KANIKO_CONTEXT: "kratos"
+ KANIKO_BUILD_IMAGENAME: $CI_JOB_NAME
+ extends: .kaniko_build
+ only:
+ changes:
+ - kratos/**/*
+ - .gitlab-ci.yml
+
+
integration_test_app:
stage: build-test-images
variables:
diff --git a/docker-compose.yml b/docker-compose.yml
index dda6b6db91b432a0ff7b3e9ddf4a4fbb8fc2b64b..55cbe4ff7b0b253632b548fccb2a45d4c5c57d19 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -88,3 +88,35 @@ services:
- "13337:13337"
command: flask run --port 13337
restart: unless-stopped
+ kratos-migrate:
+ build: ./kratos
+ command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+ environment:
+ - DSN=postgres://kratos:secret@kratos-db:5433/kratos?sslmode=disable
+ restart: on-failure
+ kratos:
+ build: ./kratos
+ depends_on:
+ - kratos-db
+ - kratos-migrate
+ - mailslurper
+ ports:
+ - "4433:4433" # public
+ - "4434:4434" # admin
+ restart: unless-stopped
+ environment:
+ - LOG_LEVEL=trace
+ - DSN=postgres://kratos:secret@kratos-db:5433/kratos?sslmode=disable
+ command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
+ kratos-db:
+ image: postgres:13
+ environment:
+ - POSTGRES_USER=kratos
+ - POSTGRES_DB=kratos
+ - POSTGRES_PASSWORD=secret
+ ports:
+ - "5433:5433"
+ volumes:
+ - .local/kratos/psql:/var/lib/postgresql/data
+ # change port via command https://github.com/docker-library/postgres/issues/196
+ command: -p 5433
diff --git a/kratos/Dockerfile b/kratos/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..ef62f8ca3c541d6637e5d6f392c1fa396d9068c7
--- /dev/null
+++ b/kratos/Dockerfile
@@ -0,0 +1,6 @@
+FROM oryd/kratos:v0.7.6-alpha.1-sqlite
+
+ENV DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
+
+COPY identity.schema.json /etc/config/kratos/identity.schema.json
+COPY kratos.yml /etc/config/kratos/kratos.yml
diff --git a/kratos/identity.schema.json b/kratos/identity.schema.json
new file mode 100644
index 0000000000000000000000000000000000000000..9aa5c410bfaecb2df6b80c272f78e64fe559db72
--- /dev/null
+++ b/kratos/identity.schema.json
@@ -0,0 +1,54 @@
+{
+ "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Person",
+ "type": "object",
+ "properties": {
+ "traits": {
+ "type": "object",
+ "properties": {
+ "username": {
+ "type": "string",
+ "title": "Username",
+ "minLength": 1,
+ "ory.sh/kratos": {
+ "credentials": {
+ "password": {
+ "identifier": true
+ }
+ }
+ }
+ },
+ "email": {
+ "type": "string",
+ "format": "email",
+ "title": "E-Mail",
+ "minLength": 3,
+ "ory.sh/kratos": {
+ "verification": {
+ "via": "email"
+ },
+ "recovery": {
+ "via": "email"
+ }
+ }
+ },
+ "name": {
+ "type": "object",
+ "properties": {
+ "first": {
+ "type": "string",
+ "title": "First name"
+ },
+ "last": {
+ "type": "string",
+ "title": "Last name"
+ }
+ }
+ }
+ },
+ "required": ["email", "username"],
+ "additionalProperties": false
+ }
+ }
+}
diff --git a/kratos/kratos.yml b/kratos/kratos.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f26ce88814c0779be3ae497e43fa16a7f526165e
--- /dev/null
+++ b/kratos/kratos.yml
@@ -0,0 +1,85 @@
+version: v0.7.6-alpha.1
+
+dsn: memory
+
+serve:
+ public:
+ base_url: http://127.0.0.1:4433/
+ cors:
+ enabled: true
+ admin:
+ base_url: http://127.0.0.1:4434/
+
+selfservice:
+ default_browser_return_url: http://127.0.0.1:5000/settings
+ whitelisted_return_urls:
+ - http://127.0.0.1:4455
+ - http://127.0.0.1:5000
+ - http://127.0.0.1:5000/login
+ - http://127.0.0.1:5000/recover
+ - http://127.0.0.1:5000/settings
+
+ methods:
+ password:
+ enabled: true
+ link:
+ enabled: true
+
+ flows:
+ error:
+ ui_url: http://127.0.0.1:4455/error
+
+ settings:
+ ui_url: http://127.0.0.1:5000/settings
+ privileged_session_max_age: 15m
+
+ recovery:
+ enabled: true
+ ui_url: http://127.0.0.1:5000/recover
+
+ verification:
+ enabled: true
+ ui_url: http://127.0.0.1:4455/verify
+ after:
+ default_browser_return_url: http://127.0.0.1:4455/
+
+ logout:
+ after:
+ default_browser_return_url: http://127.0.0.1:4455/auth/login
+
+ login:
+ ui_url: http://127.0.0.1:5000/auth
+ lifespan: 10m
+
+ registration:
+ lifespan: 10m
+ ui_url: http://127.0.0.1:4455/auth/registration
+ # after:
+ # password:
+ # hooks:
+ # -
+ # hook: session
+
+log:
+ level: debug
+ format: text
+ leak_sensitive_values: true
+
+secrets:
+ cookie:
+ - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+
+identity:
+ default_schema_url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+ smtp:
+ connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true
+
+hashers:
+ argon2:
+ parallelism: 1
+ memory: 128MB
+ iterations: 2
+ salt_length: 16
+ key_length: 16