Added nextcloud.sh for sso and installappsso

bin/installappsso

@@ -0,0 +1,24 @@
+#!/bin/bash -x
+#
+# Installs configuration for SSO on specified application
+. /etc/federated
+. /federated/lib/functions.sh
+trap cleanup `seq 1 15`
+
+usage() {
+cat << EOF
+Install application SSO configuration
+Usage: $0 appname
+Arguments:
+    appname         Application SSO config to install. nextcloud,bookstack,matrix,etc
+
+EOF
+exit 2;
+}
+
+[ $# != 1 ] && usage
+APP=$1
+
+[ ! -f /federated/lib/$APP.sh ] && failcheck "/federated/lib/$APP.sh doesn't exist."
+. /federated/lib/$APP.sh
+configsso_$APP

lib/nextcloud.sh

@@ -303,6 +303,9 @@ start_nextcloud() {
   docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
   docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
 
+  docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP &> /dev/null
+  [ $? -ne 0 ] && fail "Couldn't add dns record for nextcloud"
+
   # Remove configs
   rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
 
@@ -326,6 +329,57 @@ uninstall_nextcloud() {
   # Delete the app directory
   rm -rf /federated/apps/nextcloud
 
+  # Delete the image
+  docker image rm nextcloud:$IMAGE_VERSION &> /dev/null
+
+  # Delete the DNS record
+  docker exec pdns pdnsutil delete-rrset $DOMAIN nextcloud A
+
+  # Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
+  if [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
+    sed -i '/### Nextcloud/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
+    sed -i '/### Nextcloud/d' /federated/apps/authelia/data/config/idproviders.yml
+    /federated/bin/stop authelia
+    /federated/bin/start authelia
+  fi
+
   kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
+configsso_nextcloud() {
+  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
+  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
+  [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration."
+
+  NEXTCLOUD_CLIENT_SECRET=$(create_password);
+  NEXTCLOUD_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $NEXTCLOUD_CLIENT_SECRET | awk '{ print $2 }')
+
+cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
+      ### Nextcloud
+      - client_id: 'nextcloud'
+        client_name: 'NextCloud'
+        client_secret: $NEXTCLOUD_CLIENT_SECRET_HASH
+        consent_mode: 'implicit'
+        public: false
+        authorization_policy: 'one_factor'
+        require_pkce: true
+        pkce_challenge_method: 'S256'
+        redirect_uris:
+          - 'https://nextcloud.$DOMAIN/apps/user_oidc/code'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+          - 'groups'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_post'
+EOF
+
+  # Restart Authelia for changes to take the above configuration
+  /federated/bin/stop authelia
+  /federated/bin/start authelia
+
+  docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
+  docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
+  docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration"
+}