forked from coop-cloud/nextcloud
Compare commits
13 Commits
authentik_
...
4.0.2+26.0
| Author | SHA1 | Date | |
|---|---|---|---|
| b8d209e531 | |||
| f48d314699 | |||
| a6ea635fd4 | |||
| c9b8aec108 | |||
| db39e8dee6 | |||
| ed68b3e57c | |||
| 78ea500d5e | |||
| 6f219781e5 | |||
| 162c056f07 | |||
| 5d537d5173 | |||
| 7a25bd4835 | |||
| eac7431b13 | |||
| fce0b9f7cb |
@ -1,4 +1,6 @@
|
||||
TYPE=nextcloud
|
||||
TIMEOUT=500
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN=nextcloud.example.com
|
||||
## Domain aliases
|
||||
|
||||
@ -120,7 +120,7 @@ Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the
|
||||
```
|
||||
'oidc_login_client_id' => 'nextcloud',
|
||||
'oidc_login_client_secret' => 'mysecret',
|
||||
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
|
||||
'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
|
||||
'oidc_login_disable_registration' => false,
|
||||
'oidc_login_hide_password_form' => true,
|
||||
'oidc_login_button_text' => 'Log in with your myssodomain',
|
||||
|
||||
65
abra.sh
65
abra.sh
@ -5,59 +5,71 @@ export NGINX_CONF_VERSION=v4
|
||||
export MY_CNF_VERSION=v4
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
|
||||
run_occ(){
|
||||
run_occ() {
|
||||
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
||||
}
|
||||
|
||||
post_install_occ(){
|
||||
IFS='|' read -ra CMD <<< "$OCC_CMDS"
|
||||
post_install_occ() {
|
||||
IFS='|' read -ra CMD <<<"$OCC_CMDS"
|
||||
for cmd in "${CMD[@]}"; do
|
||||
run_occ "$cmd"
|
||||
run_occ "$cmd"
|
||||
done
|
||||
}
|
||||
|
||||
install_apps(){
|
||||
install_apps() {
|
||||
install_apps="$@"
|
||||
if [ -z "$install_apps" ]
|
||||
then
|
||||
if [ -z "$install_apps" ]; then
|
||||
install_apps=$APPS
|
||||
fi
|
||||
for app in $install_apps
|
||||
do
|
||||
for app in $install_apps; do
|
||||
run_occ "app:install $app"
|
||||
done
|
||||
}
|
||||
|
||||
set_app_config(){
|
||||
set_app_config() {
|
||||
APP=$1
|
||||
KEY=$2
|
||||
VALUE=$3
|
||||
run_occ "config:app:set $APP $KEY --value '$VALUE'"
|
||||
}
|
||||
|
||||
install_bbb(){
|
||||
set_system_config() {
|
||||
KEY=$1
|
||||
VALUE=$2
|
||||
run_occ "config:system:set $KEY --value '$VALUE'"
|
||||
}
|
||||
|
||||
set_trusted_proxies() {
|
||||
trusted_proxies="$@"
|
||||
if [ -z "$1" ]; then
|
||||
trusted_proxies="$TRUSTED_PROXIES"
|
||||
fi
|
||||
set_system_config trusted_proxies "$trusted_proxies"
|
||||
}
|
||||
|
||||
install_bbb() {
|
||||
install_apps bbb
|
||||
set_app_config bbb app.navigation true
|
||||
set_app_config bbb api.url "$BBB_URL"
|
||||
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
|
||||
}
|
||||
|
||||
install_onlyoffice(){
|
||||
install_onlyoffice() {
|
||||
install_apps onlyoffice
|
||||
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
|
||||
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
|
||||
set_app_config onlyoffice customizationForcesave true
|
||||
}
|
||||
|
||||
set_default_quota(){
|
||||
set_app_config files default_quota '"$DEFAULT_QUOTA"'
|
||||
set_default_quota() {
|
||||
set_app_config files default_quota "$DEFAULT_QUOTA"
|
||||
}
|
||||
|
||||
set_authentik(){
|
||||
install_apps sociallogin
|
||||
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
||||
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
||||
set_app_config sociallogin custom_providers "
|
||||
set_authentik() {
|
||||
install_apps sociallogin
|
||||
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
||||
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
||||
set_app_config sociallogin custom_providers "
|
||||
{
|
||||
\"custom_oidc\":[
|
||||
{
|
||||
@ -75,16 +87,17 @@ set_app_config sociallogin custom_providers "
|
||||
\"style\":\"openid\",
|
||||
\"defaultGroup\":\"\",
|
||||
\"groupMapping\": {
|
||||
\"admin\": \"admin\"
|
||||
\"admin\": \"admin\",
|
||||
\"authentik Admins\": \"admin\"
|
||||
}
|
||||
}
|
||||
]
|
||||
}"
|
||||
|
||||
set_app_config sociallogin update_profile_on_login 1
|
||||
set_app_config sociallogin auto_create_groups 1
|
||||
set_app_config sociallogin hide_default_login 1
|
||||
run_occ 'config:system:set social_login_auto_redirect --value true'
|
||||
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
|
||||
run_occ 'config:system:set lost_password_link --value=disabled'
|
||||
set_app_config sociallogin update_profile_on_login 1
|
||||
set_app_config sociallogin auto_create_groups 1
|
||||
set_app_config sociallogin hide_default_login 1
|
||||
run_occ 'config:system:set social_login_auto_redirect --value true'
|
||||
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
|
||||
run_occ 'config:system:set lost_password_link --value=disabled'
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ services:
|
||||
- NEXTCLOUD_UPDATE=1
|
||||
|
||||
db:
|
||||
image: "postgres:12"
|
||||
image: "postgres:15"
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
networks:
|
||||
|
||||
13
compose.yml
13
compose.yml
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.23.3
|
||||
image: nginx:1.25.0
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
@ -41,7 +41,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
app:
|
||||
image: nextcloud:25.0.4-fpm
|
||||
image: nextcloud:26.0.2-fpm
|
||||
depends_on:
|
||||
- db
|
||||
configs:
|
||||
@ -64,7 +64,7 @@ services:
|
||||
- NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
|
||||
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
|
||||
- TRUSTED_PROXIES=traefik
|
||||
- TRUSTED_PROXIES=10.0.0.0/8
|
||||
- REDIS_HOST=cache
|
||||
- OVERWRITEPROTOCOL=https
|
||||
- PHP_MEMORY_LIMIT=1G
|
||||
@ -86,7 +86,8 @@ services:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.version=4.0.2+26.0.2-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
|
||||
healthcheck:
|
||||
@ -97,7 +98,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
cron:
|
||||
image: nextcloud:25.0.4-fpm
|
||||
image: nextcloud:26.0.2-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
@ -109,7 +110,7 @@ services:
|
||||
entrypoint: /cron.sh
|
||||
|
||||
cache:
|
||||
image: redis:7.0.9-alpine
|
||||
image: redis:7.0.11-alpine
|
||||
networks:
|
||||
- internal
|
||||
volumes:
|
||||
|
||||
11
release/3.2.0+25.0.4-fpm
Normal file
11
release/3.2.0+25.0.4-fpm
Normal file
@ -0,0 +1,11 @@
|
||||
If the authentik configuration should be handled by abra add the following to the env:
|
||||
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
AUTHENTIK_USER_PREFIX=authentik
|
||||
AUTHENTIK_DOMAIN=authentik.example.com
|
||||
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
|
||||
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
|
||||
|
||||
And run:
|
||||
|
||||
abra app cmd <app-name> app set_authentik
|
||||
Reference in New Issue
Block a user