docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
env/nextcloud/setup

79 lines
2.2 KiB

#!/bin/bash
die() { echo >&2 "$@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production || die "no top level env?"
source env.production || die "no local env?"
if [ ! -r "env.secrets" ]; then
NEXTCLOUD_CLIENT_SECRET="$(openssl rand -hex 32)"
NEXTCLOUD_ADMIN_PASSWORD="$(openssl rand -hex 4)"
echo "Generating secrets: admin password $NEXTCLOUD_ADMIN_PASSWORD"
cat <<EOF > env.secrets
# Do not check in!
NEXTCLOUD_ADMIN_PASSWORD=$NEXTCLOUD_ADMIN_PASSWORD
NEXTCLOUD_TRUSTED_DOMAINS=$NEXTCLOUD_HOSTNAME
NEXTCLOUD_CLIENT_SECRET=$NEXTCLOUD_CLIENT_SECRET
EOF
else
source env.secrets || die "no secret env?"
fi
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
PROVIDER="$(jq -c . <<EOF
{
"custom_oidc": [
{
"name": "keycloak",
"title": "Keycloak",
"clientId": "nextcloud",
"clientSecret": "$NEXTCLOUD_CLIENT_SECRET",
"authorizeUrl": "$BASE/auth",
"tokenUrl": "$BASE/token",
"userInfoUrl": "$BASE/userinfo",
"logoutUrl": "$BASE/logout",
"scope": "openid",
"groupsClaim": "roles",
"style": "keycloak",
"displayNameClaim": "",
"defaultGroup": ""
}
]
}
EOF
)"
docker-compose up -d || die "unable to bring up docker"
# wait for the nextcloud instance to be responsive
# TODO: how to find out if it is ready?
echo "SLEEPING..."
sleep 30
docker-compose exec -u www-data -T nextcloud bash -x <<EOF || die "unable to configure sociallogin"
./occ app:remove sociallogin || echo "not yet installed"
./occ app:install sociallogin || exit 1
./occ config:app:set sociallogin prevent_create_email_exists --value=1 || exit 1
./occ config:app:set sociallogin update_profile_on_login --value=1 || exit 1
./occ config:app:set sociallogin custom_providers --value='$PROVIDER' || exit 1
EOF
../keycloak/client-delete 'nextcloud' || echo "client did not exist?"
../keycloak/client-create << EOF || die "unable to create client id"
{
"clientId": "nextcloud",
"rootUrl": "https://$NEXTCLOUD_HOSTNAME/",
"adminUrl": "https://$NEXTCLOUD_HOSTNAME/",
"redirectUris": [ "https://$NEXTCLOUD_HOSTNAME/*" ],
"webOrigins": [ "https://$NEXTCLOUD_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$NEXTCLOUD_CLIENT_SECRET"
}
EOF