Added authelia.sh
This commit is contained in:
root
parent
8bb4f9a686
commit
16f2d8297e
@ -54,6 +54,7 @@ openssl genrsa -out /federated/apps/authelia/data/secrets/private.pem 4096
|
||||
openssl rsa -in /federated/apps/authelia/data/secrets/private.pem -outform PEM -pubout -out /federated/apps/authelia/data/secrets/public.pem
|
||||
POWERDNS_CLIENT_SECRET=$(create_password);
|
||||
POWERDNS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $POWERDNS_CLIENT_SECRET | awk '{ print $2 }')
|
||||
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
||||
NEXTCLOUD_CLIENT_SECRET=$(create_password);
|
||||
NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
|
||||
|
||||
@ -158,6 +159,7 @@ identity_providers:
|
||||
- client_id: 'powerdns'
|
||||
client_name: 'PowerDNS Admin'
|
||||
client_secret: $POWERDNS_CLIENT_SECRET_HASH
|
||||
consent_mode: 'implicit'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
redirect_uris:
|
||||
@ -172,23 +174,6 @@ identity_providers:
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
### Nextcloud
|
||||
- client_id: 'nextcloud'
|
||||
client_name: 'NextCloud'
|
||||
client_secret: $NEXTCLOUD_CLIENT_SECRET_HASH
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'https://nextcloud.$DOMAIN/apps/user_oidc/code'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
EOF
|
||||
|
||||
# Insert PowerDNS configuration because we need an initial
|
||||
@ -201,15 +186,15 @@ PDNS_MYSQL_COMMAND5="insert into setting (name, value) values (\"oidc_oauth_logo
|
||||
PDNS_MYSQL_COMMAND6="insert into setting (name, value) values (\"oidc_oauth_email\", \"email\");insert into setting (name, value) values (\"oidc_oauth_firstname\", \"preferred_username\");"
|
||||
PDNS_MYSQL_COMMAND7="insert into setting (name, value) values (\"oidc_oauth_last_name\", \"name\");insert into setting (name, value) values (\"oidc_oauth_account_name_property\", \"preferred_username\");"
|
||||
PDNS_MYSQL_COMMAND8="insert into setting (name, value) values (\"oidc_oauth_account_description_property\", \"name\");insert into setting (name, value) values (\"oidc_oauth_secret\", \"$POWERDNS_CLIENT_SECRET\");"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND1;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND2;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND3;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND4;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND5;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND6;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND7;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD pdnsadmin -e '$PDNS_MYSQL_COMMAND8;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND1;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND2;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND3;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND4;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND5;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND6;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND7;'"
|
||||
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e '$PDNS_MYSQL_COMMAND8;'"
|
||||
|
||||
echo -ne "done."
|
||||
}
|
||||
@ -220,6 +205,9 @@ start_authelia() {
|
||||
docker exec pdns pdnsutil add-record $DOMAIN authelia A 86400 $EXTERNALIP &> /dev/null
|
||||
[ $? -ne 0 ] && fail "Couldn't add dns record for authelia"
|
||||
|
||||
# If extra_hosts doesn't exist then insert extra_host configuration in pdnsadmin
|
||||
[[ ! $(grep extra_hosts /federated/apps/pdnsadmin/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.12/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/pdnsadmin/docker-compose.yml
|
||||
|
||||
# Stop and start pdnsadmin for internal dns externalhosts to work
|
||||
/federated/bin/stop pdnsadmin
|
||||
/federated/bin/start pdnsadmin
|
||||
@ -234,6 +222,10 @@ uninstall_authelia() {
|
||||
# First stop the service
|
||||
cd /federated/apps/authelia && docker-compose -f docker-compose.yml -p authelia down &> /dev/null
|
||||
|
||||
# Delete the entries in the settings table
|
||||
[[ -d "/federated/apps/pdnsmysql/data/var/lib/mysql/pdnsadmin" ]] && POWERDNS_DB="pdnsadmin" || POWERDNS_DB="pdns"
|
||||
docker exec pdnsmysql mysql -uroot -p$MYSQL_ROOTPASSWORD $POWERDNS_DB -e "delete from setting where name like '%oidc_oauth%';"
|
||||
|
||||
# Delete the app directory
|
||||
rm -rf /federated/apps/authelia
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user