website/docs: maintenance, re-add system settings (#9026)

* update screenshots

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix api schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* required working anchors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add system settings page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix broken anchors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use client-side-redirects plugin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* Revert "use client-side-redirects plugin"

This reverts commit 3103433617.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

website/docs/core/settings.md

@@ -0,0 +1,60 @@
+---
+title: System Settings
+---
+
+These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
+
+### Avatars
+
+Configure how authentik should show avatars for users. Following values can be set:
+
+Default: `gravatar,initials`
+
+-   `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
+-   `gravatar`: Uses gravatar with the user's email address
+-   `initials`: Generated avatars based on the user's name
+-   Any URL: If you want to use images hosted on another server, you can set any URL.
+
+    Additionally, these placeholders can be used:
+
+    -   `%(username)s`: The user's username
+    -   `%(mail_hash)s`: The email address, md5 hashed
+    -   `%(upn)s`: The user's UPN, if set (otherwise an empty string)
+
+You can also use an attribute path like `attributes.something.avatar`, which can be used in combination with the file field to allow users to upload custom avatars for themselves.
+
+Multiple modes can be set, and authentik will fallback to the next mode when no avatar could be found. For example, setting this to `gravatar,initials` will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.
+
+### Allow users to change name
+
+Enable the ability for users to change their name, defaults to `true`.
+
+### Allow users to change email
+
+Enable the ability for users to change their Email address, defaults to `false`.
+
+### Allow users to change username
+
+Enable the ability for users to change their Usernames, defaults to `false`.
+
+### Event retention
+
+Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
+
+### Footer links
+
+This option configures the footer links on the flow executor pages.
+
+The setting can be used as follows:
+
+```json
+[{ "name": "Link Name", "href": "https://goauthentik.io" }]
+```
+
+### GDPR compliance
+
+When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
+
+### Impersonation
+
+Globally enable/disable impersonation. Defaults to `true`.

website/docs/releases/2023/v2023.2.md

@@ -21,7 +21,7 @@ slug: "/releases/2023.2"
 
 -   Generated avatars, multiple avatar modes
 
-    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../installation/configuration.mdx#authentik_avatars)
+    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../core/settings.md#avatars)
 
 ## Upgrading
 

website/docusaurus.config.ts

@@ -11,6 +11,7 @@ module.exports = async function (): Promise<Config> {
         url: "https://docs.goauthentik.io",
         baseUrl: "/",
         onBrokenLinks: "throw",
+        onBrokenAnchors: "throw",
         favicon: "img/icon.png",
         organizationName: "Authentik Security Inc.",
         projectName: "authentik",

website/integrations/services/nextcloud/index.md

@@ -98,7 +98,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ ->
         -   `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section)
     -   Subject mode: Based on the User's UUID
         :::danger
-        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set this to `Based on the User's username`.
+        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`.
         :::
     -   Include claims in ID token: ✔️
 
@@ -233,7 +233,7 @@ Set the following values:
 
 -   Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid`
     :::danger
-    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
+    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
     :::
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`

website/integrations/sources/google/index.md

@@ -99,4 +99,4 @@ return False
 
 Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.
 
-This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).
+This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username).

website/sidebars.js

@@ -40,6 +40,7 @@ const docsSidebar = {
                 "core/certificates",
                 "core/geoip",
                 "core/architecture",
+                "core/settings",
             ],
         },
         {