From b8b859681264165a3340727ac8d36a922430cbba Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sat, 30 Oct 2021 18:14:00 +0200 Subject: [PATCH] Yeet the app config guide --- docs/app-config-guide.md | 198 ++------------------------------------- 1 file changed, 9 insertions(+), 189 deletions(-) diff --git a/docs/app-config-guide.md b/docs/app-config-guide.md index a09fd54..a7599c0 100644 --- a/docs/app-config-guide.md +++ b/docs/app-config-guide.md @@ -2,194 +2,14 @@ title: App config guide --- -## Keycloak +The tips that were previously on this page have moved to the relevant recipe README files, to keep everything in one place while we figure out the best long-term home for per-app documentation. Find the READMEs here: -#### How do I setup a custom theme? +- [Keycloak][keycloak] +- [Nextcloud][nextcloud] +- [Drone][drone] +- [Peertube][peertube] -Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space). - -#### How do I create another admin user? - -- Under the `Master` realm > `Users` > `Add user` -- Create the user and set a temporary password -- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles` - -## Nextcloud - -#### How do I customise the default home page when logging in? - -- Delete the dashboard app since it is so corporate -- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app -- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder) - -#### How do I integrate with Keycloak SSO? - -Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the plugin it's forked from, there is no configuration UI, so you'll need to edit `/var/www/html/config/config.php`: - -``` - 'oidc_login_client_id' => 'nextcloud', - 'oidc_login_client_secret' => 'mysecret', - 'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm', - 'oidc_login_disable_registration' => false, - 'oidc_login_hide_password_form' => true, - 'oidc_login_button_text' => 'Log in with your myssodomain', - 'oidc_login_default_group' => 'mygroup', - 'oidc_login_attributes' => - array ( - 'id' => 'sub', - 'name' => 'name', - 'mail' => 'email', - ), - 'oidc_create_groups' => true, -``` - -You can use [this trick](https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/) (see "Cryptic Usernames" work-around) to get proper usernames. - -You might also need the following "Why is my synchronisation.." change if you see an error `'redirect_uri' is invalid`. - -If you ever need to change the realm, you'll need to reset the cache with: - -``` -docker exec -u www-data php occ config:app:delete oidc_login last_updated_well_known -docker exec -u www-data php occ config:app:delete oidc_login last_updated_jwks -``` - -#### Why is my synchronisation client freezing on the "grant access" step? - -Please see [this ticket](https://git.autonomic.zone/coop-cloud/nextcloud/issues/5). - -#### How can I customise the CSS? - -There is some basic stuff in the admin settings. - -To go a little deeper, you can use [this handy app](https://apps.nextcloud.com/apps/theming_customcss). - -Here is an example CSS config which hides the local login and makes space for a central image: - -```css -#body-login .wrapper main form[name="login"], -#body-login .wrapper main form[name="login"] ~ a { - display: none; -} - -#body-login .logo { - visibility: hidden; -} - -#body-login #alternative-logins a.button[href*="oidc"] { - background: #233b4a; - color: #fff; - transition: all 0.2s ease-in-out; -} -#body-login #alternative-logins a.button[href*="oidc"]:hover { - background: linear-gradient(-35deg, #233b4a 40%, #486c83 100%); -} - -#body-login #alternative-logins a.button[href*="/sociallogin/oauth/google"] { - border: 0; - color: #db4437 !important; - background-color: #fff; -} - -#body-login - #alternative-logins - a.button[href*="/sociallogin/oauth/google"]::before { - width: 25px; - background-color: #db4437; - border-radius: 100%; - background-size: 60%; - background-position: center; - height: 25px; - vertical-align: middle; - margin-right: 4px; -} - -#body-login main { - padding: 50vh 0 0 0; -} - -#body-login a[href*="#body-login"] { - visibility: hidden; -} - -#body-login footer a, -#body-login footer p { - color: #233b4a; -} - -#body-login footer a:hover { - color: #fff; -} - -#body-login footer p.info { - text-shadow: none; -} -``` - -## Drone - -#### Generating deploy keys - -We normally do something like the following. - -```bash -ssh-keygen -t ed25519 -C drone@swarm.autonomic.zone -``` - -When you're loading them into Drone, make sure to use the right name of the organisation when using `drone orgsecret add`. - -#### How to change orgsecret values - -First, get your Drone CLI tool downloaded and the environment configured. - -```bash -export DRONE_SERVER=https://drone.example.com -export DRONE_TOKEN=$(pass show your-pass-store-path) -curl -L https://github.com/drone/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx -``` - -Then you can do things like: - -``` -./drone orgsecret ls -./drone orgsecret add someorg my_deploy_key @my_private_key_file -``` - -#### How to enable build failure notifications - -Add this to your `.drone.yml` file. See the [plugin docs](http://plugins.drone.io/drone-plugins/drone-slack/) for more. - -```yaml -- name: notify rocket chat - image: plugins/slack - depends_on: ["mybuild"] - settings: - webhook: - from_secret: rc_builds_url - username: foobar - channel: "builds" - template: "{{repo.owner}}/{{repo.name}} build failed: {{build.link}}" - when: - status: - - failure -``` - -!!! warning - - You must include valid names of pipelines in your `depends_on` list field. - This is so that the notification will wait until all other pipelines are - run before performing the notification logic. - -#### Skipping CI builds - -Add `[ci skip]` into the git commit message. You don't have to run builds if you don't want to. - -## Peertube - -#### How do I wire up Keycloak SSO? - -Use [this plugin](https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect). - -#### How do I develop a custom theme? - -See [this approach](https://git.autonomic.zone/ruangrupa/peertube-plugin-lumbung-space). +[keycloak]: https://git.coopcloud.tech/coop-cloud/keycloak +[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud +[drone]: https://git.coopcloud.tech/coop-cloud/drone +[peertube]: https://git.coopcloud.tech/coop-cloud/peertube