Added sso fixes clean up for nextcloud
This commit is contained in:
root
parent
866e1875cf
commit
f47b90acda
@ -5,7 +5,7 @@
|
|||||||
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
config_nextcloud() {
|
config_nextcloud() {
|
||||||
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
|
echo -ne "* Configuring nextcloud container.."
|
||||||
|
|
||||||
if [ ! -d "/federated/apps/nextcloud" ]; then
|
if [ ! -d "/federated/apps/nextcloud" ]; then
|
||||||
mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
|
mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
|
||||||
@ -272,52 +272,48 @@ EOF
|
|||||||
|
|
||||||
chmod +x /federated/apps/nextcloud/data/config.sh
|
chmod +x /federated/apps/nextcloud/data/config.sh
|
||||||
|
|
||||||
echo -ne "done."
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
start_nextcloud() {
|
start_nextcloud() {
|
||||||
# Start service with command to make sure it's up before proceeding
|
# Start service with command to make sure it's up before proceeding
|
||||||
start_service "nextcloud" "nc -z 192.168.0.18 80 &> /dev/null" "60"
|
start_service "nextcloud" "nc -z 192.168.0.18 80 &> /dev/null" "60"
|
||||||
|
|
||||||
# Move config.sh and sidemenu config, set config.sh executable
|
# Move config.sh and sidemenu config, set config.sh executable
|
||||||
mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
|
run_command "mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/"
|
||||||
docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
|
run_command "docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json"
|
||||||
docker exec nextcloud chmod 755 /var/www/html/config.sh
|
run_command "docker exec nextcloud chmod 755 /var/www/html/config.sh"
|
||||||
[ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
|
|
||||||
|
|
||||||
# Run config.sh - Setup LDAP, configuration for nextcloud
|
# Run config.sh - Setup LDAP, configuration for nextcloud
|
||||||
docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
|
run_command "docker exec -u 33 nextcloud /var/www/html/config.sh"
|
||||||
[ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
|
|
||||||
|
|
||||||
# Add admin user to group
|
# Add admin user to group
|
||||||
# Have to do it this many times so it will query LDAP and populate admin user first
|
# Have to do it this many times so it will query LDAP and populate admin user first
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ group:list
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ group:list
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ group:list"
|
||||||
|
|
||||||
# Setup admin email account
|
# Setup admin email account
|
||||||
docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null
|
# docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password" &> /dev/null || failts "ERROR - There was an error running occ mail:account:create"
|
||||||
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ mail:account:create admin admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password"
|
||||||
|
|
||||||
# Add missing indexes and disable activity app
|
# Add missing indexes and disable activity app
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ db:add-missing-indices"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ app:disable activity
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ app:disable activity"
|
||||||
|
|
||||||
docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP &> /dev/null
|
run_command "docker exec pdns pdnsutil add-record $DOMAIN nextcloud A 86400 $EXTERNALIP"
|
||||||
[ $? -ne 0 ] && fail "Couldn't add dns record for nextcloud"
|
|
||||||
|
|
||||||
# Remove configs
|
# Remove configs
|
||||||
rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
|
run_command "rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json"
|
||||||
|
|
||||||
# Truncate nextcloud log file
|
# Truncate nextcloud log file
|
||||||
docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0
|
run_command "docker exec -u 33 nextcloud truncate /var/www/html/data/nextcloud.log --size 0"
|
||||||
|
|
||||||
echo -ne "done."
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
uninstall_nextcloud() {
|
uninstall_nextcloud() {
|
||||||
echo -ne "* Uninstalling nextcloud container.."
|
echo -ne "* Uninstalling nextcloud container.."
|
||||||
spin &
|
|
||||||
SPINPID=$!
|
|
||||||
|
|
||||||
# First stop the service
|
# First stop the service
|
||||||
cd /federated/apps/nextcloud && docker-compose -f docker-compose.yml -p nextcloud down &> /dev/null
|
cd /federated/apps/nextcloud && docker-compose -f docker-compose.yml -p nextcloud down &> /dev/null
|
||||||
@ -339,14 +335,15 @@ uninstall_nextcloud() {
|
|||||||
if [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
if [[ $(grep "### Nextcloud" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
|
||||||
sed -i '/### Nextcloud/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Nextcloud/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
sed -i '/### Nextcloud/d' /federated/apps/authelia/data/config/idproviders.yml
|
sed -i '/### Nextcloud/d' /federated/apps/authelia/data/config/idproviders.yml
|
||||||
/federated/bin/stop authelia
|
/federated/bin/stop authelia &> /dev/null
|
||||||
/federated/bin/start authelia
|
/federated/bin/start authelia &> /dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
kill -9 $SPINPID &> /dev/null
|
|
||||||
echo -ne "done.\n"
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
configsso_nextcloud() {
|
configsso_nextcloud() {
|
||||||
|
echo -ne "* Configuring nextcloud container with SSO.."
|
||||||
|
|
||||||
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
||||||
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
||||||
get_appvars
|
get_appvars
|
||||||
@ -373,20 +370,22 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
|||||||
- 'email'
|
- 'email'
|
||||||
- 'groups'
|
- 'groups'
|
||||||
userinfo_signed_response_alg: 'none'
|
userinfo_signed_response_alg: 'none'
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
token_endpoint_auth_method: 'client_secret_post'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
add_authelia_config_to_dockercompose "$APP"
|
add_authelia_config_to_dockercompose "$APP"
|
||||||
|
|
||||||
# Restart Authelia for changes to take the above configuration
|
# Restart Authelia for changes to take the above configuration
|
||||||
/federated/bin/stop authelia
|
run_command "/federated/bin/stop authelia"
|
||||||
/federated/bin/start authelia
|
run_command "/federated/bin/start authelia"
|
||||||
|
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce"
|
||||||
docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout
|
run_command "docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN/logout"
|
||||||
|
|
||||||
/federated/bin/stop nextcloud
|
run_command "/federated/bin/stop nextcloud"
|
||||||
/federated/bin/start nextcloud
|
run_command "/federated/bin/start nextcloud"
|
||||||
|
|
||||||
|
echo -ne "done.\n"
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user