From 565accdb22d5a77b3f5174f616aa9eb9472b0bd8 Mon Sep 17 00:00:00 2001
From: Derek Crudgington <derek@federated.computer>
Date: Wed, 12 Feb 2025 18:24:17 +0000
Subject: [PATCH] Updated discourse.sh with new plus fixes

---
 lib/discourse.sh | 75 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 63 insertions(+), 12 deletions(-)

diff --git a/lib/discourse.sh b/lib/discourse.sh
index 19c0560..6749a26 100644
--- a/lib/discourse.sh
+++ b/lib/discourse.sh
@@ -41,7 +41,7 @@ services:
       - ./data/discourse/log:/opt/bitnami/discourse/log
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.discourse.rule=Host(\`discourse.$DOMAIN\`) || Host(\`forum.$DOMAIN\`)"
+      - "traefik.http.routers.discourse.rule=Host(\`discourse.$DOMAIN\`, \`forum.$DOMAIN\`)"
       - "traefik.http.routers.discourse.entrypoints=websecure"
       - "traefik.http.routers.discourse.tls.certresolver=letsencrypt"
     logging:
@@ -158,17 +158,6 @@ start_discourse() {
     docker exec pdns pdnsutil add-record $DOMAIN forum A 86400 $EXTERNALIP &> /dev/null
   fi
 
-  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
-  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
-  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
-  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
-  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
-  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
-  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', 'asdfsaf123231x23432432', NOW(), NOW());"
-
-  /federated/bin/stop discourse
-  /federated/bin/start discourse
-
   echo -ne "done.\n"
 }
 email_discourse() {
@@ -266,3 +255,65 @@ uninstall_discourse() {
 
   echo -ne "done.\n"
 }
+configsso_discourse() {
+  if [[ "${PLUS}" != "true" ]]; then
+  echo -ne "* Configuring discourse container with SSO.."
+
+  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
+  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
+  [[ $(grep "### Discourse" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Discourse configuration."
+
+  DISCOURSE_CLIENT_SECRET=$(create_password);
+  DISCOURSE_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $DISCOURSE_CLIENT_SECRET | awk '{ print $2 }')
+
+cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
+    ### Discourse
+      - client_id: 'discourse'
+        client_name: 'Discourse'
+        client_secret: $DISCOURSE_CLIENT_SECRET_HASH
+        consent_mode: 'implicit'
+        public: false
+        authorization_policy: 'one_factor'
+        redirect_uris:
+          - 'https://discourse.$DOMAIN/auth/oidc/callback'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+          - 'groups'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'
+EOF
+
+  # Restart Authelia for changes to take the above configuration
+  run_command "/federated/bin/stop authelia"
+  run_command "/federated/bin/start authelia"
+
+  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
+  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
+
+  /federated/bin/stop discourse
+  /federated/bin/start discourse
+
+  echo -ne "done.\n"
+  fi
+}
+configsso_discourse_plus() {
+  DISCOURSE_CLIENT_SECRET=$(cat /federated/apps/discourse/.discourse.client.secret)
+
+  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
+  docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
+  docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
+
+  /federated/bin/stop discourse
+  /federated/bin/start discourse
+}