forked from toolshed/docs.coopcloud.tech
Yeet the app config guide
This commit is contained in:
@ -2,194 +2,14 @@
|
||||
title: App config guide
|
||||
---
|
||||
|
||||
## Keycloak
|
||||
The tips that were previously on this page have moved to the relevant recipe README files, to keep everything in one place while we figure out the best long-term home for per-app documentation. Find the READMEs here:
|
||||
|
||||
#### How do I setup a custom theme?
|
||||
- [Keycloak][keycloak]
|
||||
- [Nextcloud][nextcloud]
|
||||
- [Drone][drone]
|
||||
- [Peertube][peertube]
|
||||
|
||||
Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space).
|
||||
|
||||
#### How do I create another admin user?
|
||||
|
||||
- Under the `Master` realm > `Users` > `Add user`
|
||||
- Create the user and set a temporary password
|
||||
- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles`
|
||||
|
||||
## Nextcloud
|
||||
|
||||
#### How do I customise the default home page when logging in?
|
||||
|
||||
- Delete the dashboard app since it is so corporate
|
||||
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
|
||||
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
|
||||
|
||||
#### How do I integrate with Keycloak SSO?
|
||||
|
||||
Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit `/var/www/html/config/config.php`:
|
||||
|
||||
```
|
||||
'oidc_login_client_id' => 'nextcloud',
|
||||
'oidc_login_client_secret' => 'mysecret',
|
||||
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
|
||||
'oidc_login_disable_registration' => false,
|
||||
'oidc_login_hide_password_form' => true,
|
||||
'oidc_login_button_text' => 'Log in with your myssodomain',
|
||||
'oidc_login_default_group' => 'mygroup',
|
||||
'oidc_login_attributes' =>
|
||||
array (
|
||||
'id' => 'sub',
|
||||
'name' => 'name',
|
||||
'mail' => 'email',
|
||||
),
|
||||
'oidc_create_groups' => true,
|
||||
```
|
||||
|
||||
You can use [this trick](https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/) (see "Cryptic Usernames" work-around) to get proper usernames.
|
||||
|
||||
You might also need the following "Why is my synchronisation.." change if you see an error `'redirect_uri' is invalid`.
|
||||
|
||||
If you ever need to change the realm, you'll need to reset the cache with:
|
||||
|
||||
```
|
||||
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_well_known
|
||||
docker exec -u www-data <container-id> php occ config:app:delete oidc_login last_updated_jwks
|
||||
```
|
||||
|
||||
#### Why is my synchronisation client freezing on the "grant access" step?
|
||||
|
||||
Please see [this ticket](https://git.autonomic.zone/coop-cloud/nextcloud/issues/5).
|
||||
|
||||
#### How can I customise the CSS?
|
||||
|
||||
There is some basic stuff in the admin settings.
|
||||
|
||||
To go a little deeper, you can use [this handy app](https://apps.nextcloud.com/apps/theming_customcss).
|
||||
|
||||
Here is an example CSS config which hides the local login and makes space for a central image:
|
||||
|
||||
```css
|
||||
#body-login .wrapper main form[name="login"],
|
||||
#body-login .wrapper main form[name="login"] ~ a {
|
||||
display: none;
|
||||
}
|
||||
|
||||
#body-login .logo {
|
||||
visibility: hidden;
|
||||
}
|
||||
|
||||
#body-login #alternative-logins a.button[href*="oidc"] {
|
||||
background: #233b4a;
|
||||
color: #fff;
|
||||
transition: all 0.2s ease-in-out;
|
||||
}
|
||||
#body-login #alternative-logins a.button[href*="oidc"]:hover {
|
||||
background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%);
|
||||
}
|
||||
|
||||
#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] {
|
||||
border: 0;
|
||||
color: #db4437 !important;
|
||||
background-color: #fff;
|
||||
}
|
||||
|
||||
#body-login
|
||||
#alternative-logins
|
||||
a.button[href*="/sociallogin/oauth/google"]::before {
|
||||
width: 25px;
|
||||
background-color: #db4437;
|
||||
border-radius: 100%;
|
||||
background-size: 60%;
|
||||
background-position: center;
|
||||
height: 25px;
|
||||
vertical-align: middle;
|
||||
margin-right: 4px;
|
||||
}
|
||||
|
||||
#body-login main {
|
||||
padding: 50vh 0 0 0;
|
||||
}
|
||||
|
||||
#body-login a[href*="#body-login"] {
|
||||
visibility: hidden;
|
||||
}
|
||||
|
||||
#body-login footer a,
|
||||
#body-login footer p {
|
||||
color: #233b4a;
|
||||
}
|
||||
|
||||
#body-login footer a:hover {
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
#body-login footer p.info {
|
||||
text-shadow: none;
|
||||
}
|
||||
```
|
||||
|
||||
## Drone
|
||||
|
||||
#### Generating deploy keys
|
||||
|
||||
We normally do something like the following.
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -C drone@swarm.autonomic.zone
|
||||
```
|
||||
|
||||
When you're loading them into Drone, make sure to use the right name of the organisation when using `drone orgsecret add`.
|
||||
|
||||
#### How to change orgsecret values
|
||||
|
||||
First, get your Drone CLI tool downloaded and the environment configured.
|
||||
|
||||
```bash
|
||||
export DRONE_SERVER=https://drone.example.com
|
||||
export DRONE_TOKEN=$(pass show your-pass-store-path)
|
||||
curl -L https://github.com/drone/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
|
||||
```
|
||||
|
||||
Then you can do things like:
|
||||
|
||||
```
|
||||
./drone orgsecret ls
|
||||
./drone orgsecret add someorg my_deploy_key @my_private_key_file
|
||||
```
|
||||
|
||||
#### How to enable build failure notifications
|
||||
|
||||
Add this to your `.drone.yml` file. See the [plugin docs](http://plugins.drone.io/drone-plugins/drone-slack/) for more.
|
||||
|
||||
```yaml
|
||||
- name: notify rocket chat
|
||||
image: plugins/slack
|
||||
depends_on: ["mybuild"]
|
||||
settings:
|
||||
webhook:
|
||||
from_secret: rc_builds_url
|
||||
username: foobar
|
||||
channel: "builds"
|
||||
template: "{{repo.owner}}/{{repo.name}} build failed: {{build.link}}"
|
||||
when:
|
||||
status:
|
||||
- failure
|
||||
```
|
||||
|
||||
!!! warning
|
||||
|
||||
You must include valid names of pipelines in your `depends_on` list field.
|
||||
This is so that the notification will wait until all other pipelines are
|
||||
run before performing the notification logic.
|
||||
|
||||
#### Skipping CI builds
|
||||
|
||||
Add `[ci skip]` into the git commit message. You don't have to run builds if you don't want to.
|
||||
|
||||
## Peertube
|
||||
|
||||
#### How do I wire up Keycloak SSO?
|
||||
|
||||
Use [this plugin](https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect).
|
||||
|
||||
#### How do I develop a custom theme?
|
||||
|
||||
See [this approach](https://git.autonomic.zone/ruangrupa/peertube-plugin-lumbung-space).
|
||||
[keycloak]: https://git.coopcloud.tech/coop-cloud/keycloak
|
||||
[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud
|
||||
[drone]: https://git.coopcloud.tech/coop-cloud/drone
|
||||
[peertube]: https://git.coopcloud.tech/coop-cloud/peertube
|
||||
|
||||
Reference in New Issue
Block a user