bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Updates for SSO across all apps

Browse Source
This commit is contained in:
root 2024-10-02 20:06:49 +00:00
parent c719bbdefa
commit 2f969592bd
9 changed files with 26 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/bookstack.sh
View File

@ -252,7 +252,7 @@ OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout
EOF EOF
# Add in extra hosts config # Add in extra hosts config
[[ ! $(grep extra_hosts /federated/apps/bookstack/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.36/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/bookstack/docker-compose.yml add_authelia_config_to_dockercompose "$APP"
# Setup external_auth_id for each user in bookstack users table # Setup external_auth_id for each user in bookstack users table
BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }') BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')

2
lib/dashboard.sh
View File

@ -41,7 +41,7 @@ EOF
cat > /federated/apps/dashboard/.env <<EOF cat > /federated/apps/dashboard/.env <<EOF
IMAGE_VERSION="latest" IMAGE_VERSION="latest"
DOMAIN="$DOMAIN" DOMAIN="$DOMAIN"
TIER="$BUNDLE" TIER="$TIER"
EOF EOF
chmod 600 /federated/apps/dashboard/.env chmod 600 /federated/apps/dashboard/.env

6
lib/espocrm.sh
View File

@ -90,7 +90,7 @@ echo -ne "done.\n"
} }
start_espocrm() { start_espocrm() {
# Start service with command to make sure it's up before proceeding # Start service with command to make sure it's up before proceeding
start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "7" start_service "espocrm" "nc -z 172.99.0.39 80 &> /dev/null" "15"
docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for espocrm" [ $? -ne 0 ] && fail "Couldn't add dns record for espocrm"
@ -235,6 +235,7 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
- 'openid' - 'openid'
- 'profile' - 'profile'
- 'email' - 'email'
- 'groups'
userinfo_signed_response_alg: 'none' userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post' token_endpoint_auth_method: 'client_secret_post'
EOF EOF
@ -246,7 +247,6 @@ EOF
cat >> /federated/apps/espocrm/.env <<EOF cat >> /federated/apps/espocrm/.env <<EOF
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
ESPOCRM_CONFIG_OIDC_GROUP_CLAIM=groups
ESPOCRM_CONFIG_OIDC_FALLBACK=true ESPOCRM_CONFIG_OIDC_FALLBACK=true
ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
@ -268,7 +268,7 @@ EOF
sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php sed -i "/authenticationMethod/a \ 'oidcScopes' => [\n\ 0 => 'profile',\n\ 1 => 'email',\n\ 2 => 'groups',\n\ 3 => 'openid'\n\ ]," /federated/apps/espocrm/data/var/www/html/data/config.php
# Add in extra_hosts to docker-compose # Add in extra_hosts to docker-compose
[[ ! $(grep extra_hosts /federated/apps/espocrm/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/espocrm/docker-compose.yml add_authelia_config_to_dockercompose "$APP"
# Set auth method to Oidc only # Set auth method to Oidc only
sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env

9
lib/functions.sh
View File

@ -1727,3 +1727,12 @@ run_finishtasks() {
docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0 docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0
docker system prune -a -f docker system prune -a -f
} }
add_authelia_config_to_dockercompose() {
if [[ ! $(grep authelia /federated/apps/$1/docker-compose.yml) ]]; then
if [[ $(grep extra_hosts /federated/apps/$1/docker-compose.yml) ]]; then
sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml
else
sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/$1/docker-compose.yml
fi
fi
}

2
lib/gitea.sh
View File

@ -262,7 +262,7 @@ uninstall_gitea() {
docker exec pdns pdnsutil delete-rrset $DOMAIN gitea A docker exec pdns pdnsutil delete-rrset $DOMAIN gitea A
# Uninstall the SSO configuration if it exists in authelia (authelia must exist too) # Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
if [[ $(grep "### Matrix" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then if [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml sed -i '/### Gitea/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml sed -i '/### Gitea/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia /federated/bin/stop authelia

2
lib/matrix.sh
View File

@ -279,6 +279,8 @@ EOF
/federated/bin/stop authelia /federated/bin/stop authelia
/federated/bin/start authelia /federated/bin/start authelia
add_authelia_config_to_dockercompose "$APP"
cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF cat >> /federated/apps/matrix/data/matrix/homeserver.yaml <<EOF
oidc_providers: oidc_providers:
- idp_id: authelia - idp_id: authelia

6
lib/nextcloud.sh
View File

@ -350,6 +350,7 @@ uninstall_nextcloud() {
configsso_nextcloud() { configsso_nextcloud() {
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing." [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing." [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
get_appvars
[[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration." [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Nextcloud configuration."
NEXTCLOUD_CLIENT_SECRET=$(create_password); NEXTCLOUD_CLIENT_SECRET=$(create_password);
@ -376,6 +377,8 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
token_endpoint_auth_method: 'client_secret_basic' token_endpoint_auth_method: 'client_secret_basic'
EOF EOF
add_authelia_config_to_dockercompose "$APP"
# Restart Authelia for changes to take the above configuration # Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia /federated/bin/stop authelia
/federated/bin/start authelia /federated/bin/start authelia
@ -384,4 +387,7 @@ EOF
docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout
/federated/bin/stop nextcloud
/federated/bin/start nextcloud
} }

4
lib/roundcube.sh
View File

@ -176,8 +176,8 @@ EOF
/federated/bin/start authelia /federated/bin/start authelia
# Add in extra hosts config # Add in extra hosts config
[[ ! $(grep extra_hosts /federated/apps/roundcube/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/roundcube/docker-compose.yml add_authelia_config_to_dockercompose "$APP"
[[ ! $(grep extra_hosts /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/mail/docker-compose.yml add_authelia_config_to_dockercompose "mail"
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\ sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
\$config['oauth_provider_name'] = 'Authelia'; \n\ \$config['oauth_provider_name'] = 'Authelia'; \n\

8
lib/wordpress.sh
View File

@ -239,13 +239,7 @@ EOF
/federated/bin/stop authelia /federated/bin/stop authelia
/federated/bin/start authelia /federated/bin/start authelia
if [[ ! $(grep authelia /federated/apps/wordpress/docker-compose.yml) ]]; then add_authelia_config_to_dockercompose "$APP"
if [[ $(grep extra_hosts /federated/apps/wordpress/docker-compose.yml) ]]; then
sed -i "/extra_hosts/a \ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml
else
sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/wordpress/docker-compose.yml
fi
fi
sed -i "/Add any custom values/a \ sed -i "/Add any custom values/a \
define( 'OIDC_CLIENT_ID', 'wordpress' );\n\ define( 'OIDC_CLIENT_ID', 'wordpress' );\n\