feat(service): add 2fauth.

4 files changed, 46 insertions, 0 deletions

diff --git a/crupest-words.txt b/crupest-words.txt
index fef2115..f5dd7dc 100644
--- a/crupest-words.txt
+++ b/crupest-words.txt
@@ -3,6 +3,7 @@ crupest
 # software
 forgejo
 sypht
+2fauth
 
 # secret
 vnext
diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template
index f64543b..d2ddfbd 100644
--- a/template/docker-compose.yaml.template
+++ b/template/docker-compose.yaml.template
@@ -191,6 +191,29 @@ services:
       - ROUNDCUBEMAIL_SMTP_PORT=465
       - ROUNDCUBEMAIL_DB_TYPE=sqlite
 
+  2fauth:
+    image: 2fauth/2fauth
+    container_name: 2fauth
+    volumes:
+      - ./data/2fauth/work-dir:/2fauth
+      - ./data/2fauth/database:/srv/database
+    environment:
+      - APP_NAME=2FAuth-crupest
+      - APP_TIMEZONE=UTC
+      - SITE_OWNER=crupest@crupest.life
+      - APP_KEY=${CRUPEST_2FAUTH_APP_KEY}
+      - APP_URL=https://2fa.${CRUPEST_DOMAIN}
+      - DB_DATABASE="/srv/database/database.sqlite"
+      - MAIL_MAILER=smtp
+      - MAIL_HOST=smtp.crupest.life
+      - MAIL_PORT=465
+      - MAIL_USERNAME=${CRUPEST_2FAUTH_MAIL_USERNAME}
+      - MAIL_PASSWORD=${CRUPEST_2FAUTH_MAIL_PASSWORD}
+      - MAIL_ENCRYPTION=ssl
+      - MAIL_FROM_NAME=2FAuth-crupest
+      - MAIL_FROM_ADDRESS=${CRUPEST_2FAUTH_MAIL_USERNAME}
+      - TRUSTED_PROXIES=*
+
 volumes:
   blog-public:
   debian-dev-home:
diff --git a/template/nginx/server.json b/template/nginx/server.json
index b2655e2..5edf168 100644
--- a/template/nginx/server.json
+++ b/template/nginx/server.json
@@ -22,6 +22,11 @@
             "upstream": "roundcubemail:80"
         },
         {
+            "type": "reverse-proxy",
+            "subdomain": "2fa",
+            "upstream": "2fauth:8000"
+        },
+        {
             "type": "static-file",
             "subdomain": "blog",
             "root": "/srv/blog"
diff --git a/tools/aio/modules/config.py b/tools/aio/modules/config.py
index 962e418..d6e7d87 100644
--- a/tools/aio/modules/config.py
+++ b/tools/aio/modules/config.py
@@ -1,12 +1,23 @@
 import os
 import typing
 import uuid
+import random
+import string
 from rich.prompt import Prompt
 from .path import config_file_path
 
 def generate_uuid():
     return str(uuid.uuid4())
 
+# generate random characters of digits and alphabets
+def generate_random_string(length: int):
+    characters = string.ascii_letters + string.digits
+    random_string = ''.join(random.choice(characters) for _ in range(n))
+    return random_string
+
+def generate_random_string_32():
+    return generate_random_string(32)
+
 class ConfigVar:
     def __init__(self, name: str, description: str, default_value_generator: typing.Callable[[], str] | str, /, default_value_for_ask=str | None):
         """Create a config var.
@@ -59,6 +70,12 @@ config_var_list: list = [
               "Forgejo SMTP user.", "Please input your Forgejo SMTP user."),
     ConfigVar("CRUPEST_FORGEJO_MAILER_PASSWD",
               "Forgejo SMTP password.", "Please input your Forgejo SMTP password."),
+    ConfigVar("CRUPEST_2FAUTH_APP_KEY",
+              "2FAuth App Key.", generate_random_string_32),
+    ConfigVar("CRUPEST_2FAUTH_MAIL_USERNAME",
+              "2FAuth SMTP user.", "Please input your 2FAuth SMTP user."),
+    ConfigVar("CRUPEST_2FAUTH_MAIL_PASSWORD",
+              "2FAuth SMTP password.", "Please input your 2FAuth SMTP password."),
 ]
 
 config_var_name_set = set([config_var.name for config_var in config_var_list])