nextcloud: rework for automation

single-dockerfile
Ubuntu 3 years ago
parent 9dc35e4f5d
commit de29603e75
  1. 35
      nextcloud/README.md
  2. 13
      nextcloud/docker-compose.yaml
  3. 75
      nextcloud/setup

@ -1,35 +0,0 @@
Enable SSO:
```
( cd ../keycloak ; sudo docker-compose exec -T keycloak \
/opt/keycloak/bin/kcadm.sh \
create clients \
--realm master --user admin --password admin \
-r spacestation \
-f - ) <<EOF
{
"clientId": "nextcloud",
"rootUrl": "http://spacestation:9000/",
"adminUrl": "http://spacestation:9000/",
"redirectUris": [ "http://spacestation:9000/*" ],
"webOrigins": [ "http://spacestation:9000" ],
"clientAuthenticatorType": "client-secret",
"secret": "nextcloud-secret"
}
EOF
```
and configure the social login app:
```
sudo docker-compose exec -u www-data -T nextcloud \
./occ app:install sociallogin \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin prevent_create_email_exists --value=1 \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin update_profile_on_login --value=1 \
&& sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set \
sociallogin custom_providers \
--value='{"custom_oidc":[{"name":"keycloak","title":"Keycloak","authorizeUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/auth","tokenUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/token","displayNameClaim":"","userInfoUrl":"http://spacestation:8080/realms/spacestation/protocol/openid-connect/userinfo","logoutUrl":"","clientId":"nextcloud","clientSecret":"nextcloud-secret","scope":"openid","groupsClaim":"roles","style":"keycloak","defaultGroup":""}]}'
```

@ -20,12 +20,13 @@ services:
- ../env.production - ../env.production
- env.production - env.production
environment: environment:
- POSTGRES_HOST=database POSTGRES_HOST: database
- POSTGRES_DB=nextcloud POSTGRES_DB: nextcloud
- POSTGRES_USER=nextcloud POSTGRES_USER: nextcloud
- POSTGRES_PASSWORD=nextcloud POSTGRES_PASSWORD: nextcloud
- NEXTCLOUD_TRUSTED_DOMAINS=spacestation #NEXTCLOUD_TRUSTED_DOMAINS: "${NEXTCLOUD_HOSTNAME}"
- NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_TRUSTED_DOMAINS: cloud.example.com
NEXTCLOUD_ADMIN_USER: admin
volumes: volumes:
- ./data/nextcloud:/var/www/html - ./data/nextcloud:/var/www/html
depends_on: depends_on:

@ -0,0 +1,75 @@
#!/bin/bash
die() { echo >&2 "$@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
[ -r env.production ] && source env.production
[ -r ../env.production ] && source ../env.production
sudo docker-compose exec -u www-data -T nextcloud \
./occ app:install sociallogin \
|| die "unable to install sociallogin app"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin prevent_create_email_exists --value=1 \
|| die "unable to config sociallogin"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set sociallogin update_profile_on_login --value=1 \
|| die "unable to config sociallogin"
BASE="https://$KEYCLOAK_HOSTNAME/realms/$REALM/protocol/openid-connect"
SECRET="$(openssl rand -hex 20)"
PROVIDER="$(jq -c . <<EOF
{
"custom_oidc": [
{
"name": "keycloak",
"title": "Keycloak",
"clientId": "nextcloud",
"clientSecret": "$SECRET",
"authorizeUrl": "$BASE/auth",
"tokenUrl": "$BASE/token",
"userInfoUrl": "$BASE/userinfo",
"logoutUrl": "",
"displayNameClaim": "",
"scope": "openid",
"groupsClaim": "roles",
"style": "keycloak",
"defaultGroup": ""
}
]
}
EOF
)"
sudo docker-compose exec -u www-data -T nextcloud \
./occ config:app:set \
sociallogin custom_providers \
--value="$PROVIDER" \
|| die "unable to set keycloak parameters"
# create the keycloak side of the secret
cd ../keycloak
source env.production
sudo docker-compose exec -T keycloak \
/opt/keycloak/bin/kcadm.sh \
create clients \
--server http://localhost:8080/ \
--user admin \
--password "$KEYCLOAK_ADMIN_PASSWORD" \
--realm master \
-r "$REALM" \
-f - <<EOF || die "unable to create client id"
{
"clientId": "nextcloud",
"rootUrl": "https://$NEXTCLOUD_HOSTNAME/",
"adminUrl": "https://$NEXTCLOUD_HOSTNAME/",
"redirectUris": [ "https://$NEXTCLOUD_HOSTNAME/*" ],
"webOrigins": [ "https://$NEXTCLOUD_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$SECRET"
}
EOF
Loading…
Cancel
Save