Added plus support for espocrm

lib/espocrm.sh

@@ -4,6 +4,7 @@
 
 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 get_appvars
+. /etc/federated
 
 config_espocrm() {
   echo -ne "* Configuring espocrm container.."
@@ -22,6 +23,8 @@ services:
     networks:
       core:
         ipv4_address: 192.168.0.39
+    extra_hosts:
+      - "authelia.$DOMAIN:$EXTERNALIP"
     env_file:
       - ./.env
     volumes:
@@ -37,7 +40,8 @@ networks:
     external: true
 EOF
 
-ESPOCRM_SECRET=$(create_password);
+[[ "${PLUS}" = "true" ]] && sed -i "s/letsencrypt/httpresolver/g" /federated/apps/espocrm/docker-compose.yml
+ESPOCRM_SECRET=$(create_password)
 
 cat > /federated/apps/espocrm/.env <<EOF
 IMAGE_VERSION="8.4.0-apache"
@@ -89,8 +93,7 @@ start_espocrm() {
   # Start service with command to make sure it's up before proceeding
   start_service "espocrm" "nc -z 192.168.0.39 80 &> /dev/null" "15"
 
-  docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't add dns record for espocrm"
+  [[ "${PLUS}" != "true" ]] && docker exec pdns pdnsutil add-record $DOMAIN espocrm A 86400 $EXTERNALIP &> /dev/null
 
   # Install cronjob
   (crontab -l 2>/dev/null; echo "* * * * * /usr/bin/docker exec espocrm /usr/local/bin/php -f /var/www/html/cron.php > /dev/null 2>&1") | sort -u | crontab -
@@ -189,7 +192,7 @@ uninstall_espocrm() {
   docker image rm espocrm/espocrm:${IMAGE_VERSION} &> /dev/null
 
   # Delete the DNS record
-  docker exec pdns pdnsutil delete-rrset $DOMAIN espocrm A
+  [[ "${PLUS}" != "true" ]] && docker exec pdns pdnsutil delete-rrset $DOMAIN espocrm A
 
   # Remove cronjob
   crontab -l | grep -v 'espocrm /usr/local/bin/php -f /var/www/html/cron.php'  | crontab -
@@ -205,6 +208,7 @@ uninstall_espocrm() {
   echo -ne "done.\n"
 }
 configsso_espocrm() {
+  if [[ "${PLUS}" != "true" ]]; then
   echo -ne "* Configuring espocrm container with SSO.."
 
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
@@ -270,4 +274,37 @@ EOF
   run_command "/federated/bin/start espocrm"
 
   echo -ne "done.\n"
+  fi
+}
+configsso_espocrm_plus() {
+  ESPOCRM_CLIENT_SECRET=$(cat /federated/apps/espocrm/.espocrm.client.secret)
+
+cat >> /federated/apps/espocrm/.env <<EOF
+ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Oidc
+ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM=preferred_username
+ESPOCRM_CONFIG_OIDC_FALLBACK=true
+ESPOCRM_CONFIG_OIDC_CLIENT_ID=espocrm
+ESPOCRM_CONFIG_OIDC_CLIENT_SECRET=$ESPOCRM_CLIENT_SECRET
+ESPOCRM_CONFIG_OIDC_AUTHORIZATION_ENDPOINT=https://authelia.$DOMAIN/api/oidc/authorization
+ESPOCRM_CONFIG_OIDC_TOKEN_ENDPOINT=https://authelia.$DOMAIN/api/oidc/token
+ESPOCRM_CONFIG_OIDC_JWKS_ENDPOINT=https://authelia.$DOMAIN/jwks.json
+ESPOCRM_CONFIG_OIDC_LOGOUT_URL=https://authelia.$DOMAIN/logout?rd=https://dashboard.$DOMAIN
+ESPOCRM_CONFIG_OIDC_CREATE_USER=true
+ESPOCRM_CONFIG_OIDC_ALLOW_ADMIN_USER=true
+ESPOCRM_CONFIG_OIDC_SYNC=false
+ESPOCRM_CONFIG_OIDC_SYNC_TEAMS=false
+ESPOCRM_CONFIG_OIDC_ALLOW_REGULAR_USER_FALLBACK=false
+ESPOCRM_CONFIG_OIDC_AUTHORIZATION_PROMPT=consent
+EOF
+
+  # Add in Scopes after authenticationMethod
+  sed -i "/oidcScopes/{n;N;N;N;d}" /federated/apps/espocrm/data/var/www/html/data/config.php
+  sed -i "/oidcScopes/d" /federated/apps/espocrm/data/var/www/html/data/config.php
+  sed -i "/authenticationMethod/a  \  'oidcScopes' => [\n\    0 => 'profile',\n\    1 => 'email',\n\    2 => 'groups',\n\    3 => 'openid'\n\  ]," /federated/apps/espocrm/data/var/www/html/data/config.php
+
+  # Set auth method to Oidc only
+  sed -i "s/ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/#ESPOCRM_CONFIG_AUTHENTICATION_METHOD=LDAP/g" /federated/apps/espocrm/.env
+
+  run_command "/federated/bin/stop espocrm"
+  run_command "/federated/bin/start espocrm"
 }