bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added SSO config to bookstack.sh

Browse Source
This commit is contained in:
root 2024-09-06 16:25:13 +00:00
parent 3e8244a4da
commit f6b7291921
1 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
lib/bookstack.sh
View File

@ -190,6 +190,76 @@ uninstall_bookstack() {
# Delete the app directory # Delete the app directory
rm -rf /federated/apps/bookstack rm -rf /federated/apps/bookstack
# Delete the image
docker image rm lscr.io/linuxserver/bookstack:$IMAGE_VERSION &> /dev/null
# Delete the DNS record
docker exec pdns pdnsutil delete-rrset $DOMAIN bookstack A
# Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
if [[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Bookstack/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Bookstack/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
fi
kill -9 $SPINPID &> /dev/null kill -9 $SPINPID &> /dev/null
echo -ne "done.\n" echo -ne "done.\n"
} }
configsso_bookstack() {
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Bookstack" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Bookstack configuration."
BOOKSTACK_CLIENT_SECRET=$(create_password);
BOOKSTACK_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $BOOKSTACK_CLIENT_SECRET | awk '{ print $2 }')
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
### Bookstack
- client_id: 'bookstack'
client_name: 'Bookstack'
client_secret: $BOOKSTACK_CLIENT_SECRET_HASH
consent_mode: 'implicit'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://bookstack.$DOMAIN/oidc/callback'
scopes:
- 'openid'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
cat >> /federated/apps/bookstack/.env <<EOF
AUTH_METHOD=oidc
AUTH_AUTO_INITIATE=false
OIDC_NAME=Authelia
OIDC_DISPLAY_NAME_CLAIMS=name
OIDC_CLIENT_ID=bookstack
OIDC_CLIENT_SECRET=$BOOKSTACK_CLIENT_SECRET
OIDC_ISSUER=https://authelia.$DOMAIN
OIDC_ISSUER_DISCOVER=true
OIDC_EXTERNAL_ID_CLAIM=email
OIDC_END_SESSION_ENDPOINT=https://authelia.$DOMAIN/logout
#APP_DEBUG=true
#OIDC_DUMP_USER_DETAILS=true
EOF
# Add in extra hosts config
[[ ! $(grep extra_hosts /federated/apps/bookstack/docker-compose.yml 2>/dev/null) ]] && sed -i "/172.99.0.36/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/bookstack/docker-compose.yml
# Setup external_auth_id for each user in bookstack users table
BOOKSTACK_SECRET=$(cat /federated/apps/bookstack/.env | grep "DB_PASS" | awk -F= '{ print $2 }')
for i in $(docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -sN -e "select email from users;"); do
docker exec pdnsmysql mysql -ubookstack -p${BOOKSTACK_SECRET} bookstack -e "update users set external_auth_id = '$i' where email = '$i'";
done
/federated/bin/stop bookstack
/federated/bin/start bookstack
}