vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

nextcloud: rework for automation

Browse Source
single-dockerfile
Ubuntu 3 years ago
parent 9dc35e4f5d
commit de29603e75
3 changed files with 82 additions and 41 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 35
      nextcloud/README.md
  2. 13
      nextcloud/docker-compose.yaml
  3. 75
      nextcloud/setup

35
nextcloud/README.md
Unescape View File

@ -1,35 +0,0 @@
Enable SSO:
```
( cd ../keycloak ; sudo docker-compose exec -T keycloak \
/opt/keycloak/bin/kcadm.sh \
create clients \
--realm master --user admin --password admin \
-r spacestation \
-f - ) <<EOF
{
"clientId": "nextcloud",
"rootUrl": "http://spacestation:9000/",
"adminUrl": "http://spacestation:9000/",
"redirectUris": [ "http://spacestation:9000/*" ],
"webOrigins": [ "http://spacestation:9000" ],
"clientAuthenticatorType": "client-secret",
"secret": "nextcloud-secret"
}
EOF
```
and configure the social login app:
```
sudo docker-compose exec -u www-data -T nextcloud \
./occ app:install sociallogin \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin prevent_create_email_exists --value=1 \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin update_profile_on_login --value=1 \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set \
sociallogin custom_providers \
--value='{"custom_oidc":[{"name":"keycloak","title":"Keycloak","authorizeUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/auth","tokenUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/token","displayNameClaim":"","userInfoUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/userinfo","logoutUrl":"","clientId":"nextcloud","clientSecret":"nextcloud-secret","scope":"openid","groupsClaim":"roles","style":"keycloak","defaultGroup":""}]}'
```

13
nextcloud/docker-compose.yaml
Unescape View File

@ -20,12 +20,13 @@ services:
- ../env.production - ../env.production
- env.production - env.production
environment: environment:
- POSTGRES_HOST=database POSTGRES_HOST: database
- POSTGRES_DB=nextcloud POSTGRES_DB: nextcloud
- POSTGRES_USER=nextcloud POSTGRES_USER: nextcloud
- POSTGRES_PASSWORD=nextcloud POSTGRES_PASSWORD: nextcloud
- NEXTCLOUD_TRUSTED_DOMAINS=spacestation #NEXTCLOUD_TRUSTED_DOMAINS: "${NEXTCLOUD_HOSTNAME}"
- NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_TRUSTED_DOMAINS: cloud.example.com
NEXTCLOUD_ADMIN_USER: admin
volumes: volumes:
- ./data/nextcloud:/var/www/html - ./data/nextcloud:/var/www/html
depends_on: depends_on:

75
nextcloud/setup
Unescape View File

@ -0,0 +1,75 @@
#!/bin/bash
die() { echo >&2 "$@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
[ -r env.production ] && source env.production
[ -r ../env.production ] && source ../env.production
sudo docker-compose exec -u www-data -T nextcloud \
./occ app:install sociallogin \
|| die "unable to install sociallogin app"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin prevent_create_email_exists --value=1 \
|| die "unable to config sociallogin"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin update_profile_on_login --value=1 \
|| die "unable to config sociallogin"
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
SECRET="$(openssl rand -hex 20)"
PROVIDER="$(jq -c . <<EOF
{
"custom_oidc": [
{
"name": "keycloak",
"title": "Keycloak",
"clientId": "nextcloud",
"clientSecret": "$SECRET",
"authorizeUrl": "$BASE/auth",
"tokenUrl": "$BASE/token",
"userInfoUrl": "$BASE/userinfo",
"logoutUrl": "",
"displayNameClaim": "",
"scope": "openid",
"groupsClaim": "roles",
"style": "keycloak",
"defaultGroup": ""
}
]
}
EOF
)"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set \
sociallogin custom_providers \
--value="$PROVIDER" \
|| die "unable to set keycloak parameters"
# create the keycloak side of the secret
cd ../keycloak
source env.production
sudo docker-compose exec -T keycloak \
/opt/keycloak/bin/kcadm.sh \
create clients \
--server http://localhost:8080/ \
--user admin \
--password "$KEYCLOAK_ADMIN_PASSWORD" \
--realm master \
-r "$REALM" \
-f - <<EOF || die "unable to create client id"
{
"clientId": "nextcloud",
"rootUrl": "https://$NEXTCLOUD_HOSTNAME/",
"adminUrl": "https://$NEXTCLOUD_HOSTNAME/",
"redirectUris": [ "https://$NEXTCLOUD_HOSTNAME/*" ],
"webOrigins": [ "https://$NEXTCLOUD_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$SECRET"
}
EOF
Write Preview
Loading…
Cancel
Save