|
|
|
|
#!/bin/bash
|
|
|
|
|
die() { echo >&2 "$@" ; exit 1 ; }
|
|
|
|
|
|
|
|
|
|
DIRNAME="$(dirname $0)"
|
|
|
|
|
cd "$DIRNAME"
|
|
|
|
|
source ../env.production || die "no top level env?"
|
|
|
|
|
source env.production || die "no local env?"
|
|
|
|
|
|
|
|
|
|
SECRETS="../data/nextcloud/env.secrets"
|
|
|
|
|
if [ -r "$SECRETS" ]; then
|
|
|
|
|
docker-compose up -d || die "nextcloud: unable to start"
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
docker-compose down 2>/dev/null
|
|
|
|
|
|
|
|
|
|
NEXTCLOUD_CLIENT_SECRET="$(openssl rand -hex 32)"
|
|
|
|
|
NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 6)"
|
|
|
|
|
|
|
|
|
|
echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD"
|
|
|
|
|
mkdir -p "$(dirname "$SECRETS")"
|
|
|
|
|
cat <<EOF > "$SECRETS"
|
|
|
|
|
# Do not check in!
|
|
|
|
|
NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
|
|
|
|
|
NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME
|
|
|
|
|
NEXTCLOUD_CLIENT_SECRET=$NEXTCLOUD_CLIENT_SECRET
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
|
|
|
|
|
PROVIDER="$(jq -c . <<EOF
|
|
|
|
|
{
|
|
|
|
|
"custom_oidc": [
|
|
|
|
|
{
|
|
|
|
|
"name": "keycloak",
|
|
|
|
|
"title": "Keycloak",
|
|
|
|
|
"clientId": "nextcloud",
|
|
|
|
|
"clientSecret": "$NEXTCLOUD_CLIENT_SECRET",
|
|
|
|
|
"authorizeUrl": "$BASE/auth",
|
|
|
|
|
"tokenUrl": "$BASE/token",
|
|
|
|
|
"userInfoUrl": "$BASE/userinfo",
|
|
|
|
|
"logoutUrl": "$BASE/logout",
|
|
|
|
|
"scope": "openid",
|
|
|
|
|
"groupsClaim": "roles",
|
|
|
|
|
"style": "keycloak",
|
|
|
|
|
"displayNameClaim": "",
|
|
|
|
|
"defaultGroup": ""
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
)"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
docker-compose up -d || die "unable to bring up docker"
|
|
|
|
|
|
|
|
|
|
# wait for the nextcloud instance to be responsive
|
|
|
|
|
# TODO: how to find out if it is ready?
|
|
|
|
|
echo "Sleeping a minute while nextcloud installs"
|
|
|
|
|
sleep 60
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
docker-compose exec -u www-data -T nextcloud bash -x <<EOF || die "unable to configure sociallogin"
|
|
|
|
|
./occ app:install calendar
|
|
|
|
|
./occ app:install sociallogin
|
|
|
|
|
./occ config:app:set sociallogin prevent_create_email_exists --value=1 || exit 1
|
|
|
|
|
./occ config:app:set sociallogin update_profile_on_login --value=1 || exit 1
|
|
|
|
|
./occ config:app:set sociallogin custom_providers --value='$PROVIDER' || exit 1
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
../keycloak/client-delete 'nextcloud' || echo "client did not exist?"
|
|
|
|
|
|
|
|
|
|
../keycloak/client-create << EOF || die "unable to create client id"
|
|
|
|
|
{
|
|
|
|
|
"clientId": "nextcloud",
|
|
|
|
|
"rootUrl": "https://$NEXTCLOUD_HOSTNAME/",
|
|
|
|
|
"adminUrl": "https://$NEXTCLOUD_HOSTNAME/",
|
|
|
|
|
"redirectUris": [ "https://$NEXTCLOUD_HOSTNAME/*" ],
|
|
|
|
|
"webOrigins": [ "https://$NEXTCLOUD_HOSTNAME" ],
|
|
|
|
|
"clientAuthenticatorType": "client-secret",
|
|
|
|
|
"secret": "$NEXTCLOUD_CLIENT_SECRET"
|
|
|
|
|
}
|
|
|
|
|
EOF
|
