From 2f969592bdc4fb370b896d2950809b4f54ffd119 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 2 Oct 2024 20:06:49 +0000 Subject: [PATCH] Updates for SSO across all apps --- lib/bookstack.sh | 2 +- lib/dashboard.sh | 2 +- lib/espocrm.sh | 6 +++--- lib/functions.sh | 9 +++++++++ lib/gitea.sh | 2 +- lib/matrix.sh | 2 ++ lib/nextcloud.sh | 6 ++++++ lib/roundcube.sh | 4 ++-- lib/wordpress.sh | 8 +------- 9 files changed, 26 insertions(+), 15 deletions(-) diff --git a/lib/bookstack.sh b/lib/bookstack.sh index 4be35c4..f5b10b6 100644 --- a/lib/bookstack.sh +++ b/lib/bookstack.sh @@ -252,7 +252,7 @@ OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout EOF # Add in extra hosts config - [[ ! $(grep extra_hosts /federated/apps/bookstack/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.36/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/bookstack/docker-compose.yml + add_authelia_config_to_dockercompose "$APP" # Setup external_auth_id for each user in bookstack users table BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }') diff --git a/lib/dashboard.sh b/lib/dashboard.sh index a916b71..09a9b59 100644 --- a/lib/dashboard.sh +++ b/lib/dashboard.sh @@ -41,7 +41,7 @@ EOF cat > /federated/apps/dashboard/.env < /dev/null" "7" + start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "15" docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null [ $? -ne 0 ] && fail "Couldn't add dns record for espocrm" @@ -235,6 +235,7 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <> /federated/apps/espocrm/.env < [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php # Add in extra_hosts to docker-compose - [[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml + add_authelia_config_to_dockercompose "$APP" # Set auth method to Oidc only sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env diff --git a/lib/functions.sh b/lib/functions.sh index 701df6e..3022757 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -1727,3 +1727,12 @@ run_finishtasks() { docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0 docker system prune -a -f } +add_authelia_config_to_dockercompose() { + if [[ ! $(grep authelia /federated/apps/$1/docker-compose.yml) ]]; then + if [[ $(grep extra_hosts /federated/apps/$1/docker-compose.yml) ]]; then + sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml + else + sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml + fi + fi +} diff --git a/lib/gitea.sh b/lib/gitea.sh index 33d9548..ad2db51 100644 --- a/lib/gitea.sh +++ b/lib/gitea.sh @@ -262,7 +262,7 @@ uninstall_gitea() { docker exec pdns pdnsutil delete-rrset $DOMAIN gitea A # Uninstall the SSO configuration if it exists in authelia (authelia must exist too) - if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then + if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml /federated/bin/stop authelia diff --git a/lib/matrix.sh b/lib/matrix.sh index 7fdba86..9d317b8 100644 --- a/lib/matrix.sh +++ b/lib/matrix.sh @@ -279,6 +279,8 @@ EOF /federated/bin/stop authelia /federated/bin/start authelia + add_authelia_config_to_dockercompose "$APP" + cat >> /federated/apps/matrix/data/matrix/homeserver.yaml </dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration." NEXTCLOUD_CLIENT_SECRET=$(create_password); @@ -376,6 +377,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml </dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/roundcube/docker-compose.yml - [[ ! $(grep extra_hosts /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/mail/docker-compose.yml + add_authelia_config_to_dockercompose "$APP" + add_authelia_config_to_dockercompose "mail" sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\ \$config['oauth_provider_name'] = 'Authelia'; \n\ diff --git a/lib/wordpress.sh b/lib/wordpress.sh index 3edd269..c252e75 100644 --- a/lib/wordpress.sh +++ b/lib/wordpress.sh @@ -239,13 +239,7 @@ EOF /federated/bin/stop authelia /federated/bin/start authelia -if [[ ! $(grep authelia /federated/apps/wordpress/docker-compose.yml) ]]; then - if [[ $(grep extra_hosts /federated/apps/wordpress/docker-compose.yml) ]]; then - sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml - else - sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml - fi -fi + add_authelia_config_to_dockercompose "$APP" sed -i "/Add any custom values/a \ define( 'OIDC_CLIENT_ID', 'wordpress' );\n\