diff --git a/lib/authelia.sh b/lib/authelia.sh index 09c1f92..f91fb5c 100644 --- a/lib/authelia.sh +++ b/lib/authelia.sh @@ -54,6 +54,7 @@ openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096 openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem POWERDNS_CLIENT_SECRET=$(create_password); POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }') +[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns" NEXTCLOUD_CLIENT_SECRET=$(create_password); NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }') @@ -158,6 +159,7 @@ identity_providers: - client_id: 'powerdns' client_name: 'PowerDNS Admin' client_secret: $POWERDNS_CLIENT_SECRET_HASH + consent_mode: 'implicit' public: false authorization_policy: 'one_factor' redirect_uris: @@ -172,23 +174,6 @@ identity_providers: grant_types: - 'authorization_code' userinfo_signed_response_alg: 'none' - ### Nextcloud - - client_id: 'nextcloud' - client_name: 'NextCloud' - client_secret: $NEXTCLOUD_CLIENT_SECRET_HASH - public: false - authorization_policy: 'one_factor' - require_pkce: true - pkce_challenge_method: 'S256' - redirect_uris: - - 'https://nextcloud.$DOMAIN/apps/user_oidc/code' - scopes: - - 'openid' - - 'profile' - - 'email' - - 'groups' - userinfo_signed_response_alg: 'none' - token_endpoint_auth_method: 'client_secret_post' EOF # Insert PowerDNS configuration because we need an initial @@ -201,15 +186,15 @@ PDNS_MYSQL_COMMAND5="insert into setting (name, value) values (\"oidc_oauth_logo PDNS_MYSQL_COMMAND6="insert into setting (name, value) values (\"oidc_oauth_email\", \"email\");insert into setting (name, value) values (\"oidc_oauth_firstname\", \"preferred_username\");" PDNS_MYSQL_COMMAND7="insert into setting (name, value) values (\"oidc_oauth_last_name\", \"name\");insert into setting (name, value) values (\"oidc_oauth_account_name_property\", \"preferred_username\");" PDNS_MYSQL_COMMAND8="insert into setting (name, value) values (\"oidc_oauth_account_description_property\", \"name\");insert into setting (name, value) values (\"oidc_oauth_secret\", \"$POWERDNS_CLIENT_SECRET\");" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND1;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND2;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND3;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND4;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND5;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND6;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND7;'" -docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND8;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND1;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND2;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND3;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND4;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND5;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND6;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'" +docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'" echo -ne "done." } @@ -220,6 +205,9 @@ start_authelia() { docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null [ $? -ne 0 ] && fail "Couldn't add dns record for authelia" + # If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin + [[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.12/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml + # Stop and start pdnsadmin for internal dns externalhosts to work /federated/bin/stop pdnsadmin /federated/bin/start pdnsadmin @@ -234,6 +222,10 @@ uninstall_authelia() { # First stop the service cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null + # Delete the entries in the settings table + [[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns" + docker exec pdnsmysql mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e "delete from setting where name like '%oidc_oauth%';" + # Delete the app directory rm -rf /federated/apps/authelia