docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
env/nextcloud/setup

83 lines
2.3 KiB

#!/bin/bash
die() { echo >&2 "$@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production || die "no top level env?"
source env.production || die "no local env?"
SECRETS="../data/nextcloud/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "nextcloud: unable to start"
exit 0
fi
docker-compose down 2>/dev/null
NEXTCLOUD_CLIENT_SECRET="$(openssl rand -hex 32)"
NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 6)"
echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD"
mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# Do not check in!
NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME
NEXTCLOUD_CLIENT_SECRET=$NEXTCLOUD_CLIENT_SECRET
EOF
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
PROVIDER="$(jq -c . <<EOF
{
"custom_oidc": [
{
"name": "keycloak",
"title": "Keycloak",
"clientId": "nextcloud",
"clientSecret": "$NEXTCLOUD_CLIENT_SECRET",
"authorizeUrl": "$BASE/auth",
"tokenUrl": "$BASE/token",
"userInfoUrl": "$BASE/userinfo",
"logoutUrl": "$BASE/logout",
"scope": "openid",
"groupsClaim": "roles",
"style": "keycloak",
"displayNameClaim": "",
"defaultGroup": ""
}
]
}
EOF
)"
docker-compose up -d || die "unable to bring up docker"
# wait for the nextcloud instance to be responsive
# TODO: how to find out if it is ready?
echo "Sleeping a minute while nextcloud installs"
sleep 60
docker-compose exec -u www-data -T nextcloud bash -x <<EOF || die "unable to configure sociallogin"
./occ app:install calendar
./occ app:install sociallogin
./occ config:app:set sociallogin prevent_create_email_exists --value=1 || exit 1
./occ config:app:set sociallogin update_profile_on_login --value=1 || exit 1
./occ config:app:set sociallogin custom_providers --value='$PROVIDER' || exit 1
EOF
../keycloak/client-delete 'nextcloud' || echo "client did not exist?"
../keycloak/client-create << EOF || die "unable to create client id"
{
"clientId": "nextcloud",
"rootUrl": "https://$NEXTCLOUD_HOSTNAME/",
"adminUrl": "https://$NEXTCLOUD_HOSTNAME/",
"redirectUris": [ "https://$NEXTCLOUD_HOSTNAME/*" ],
"webOrigins": [ "https://$NEXTCLOUD_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$NEXTCLOUD_CLIENT_SECRET"
}
EOF