Compare commits
	
		
			2 Commits
		
	
	
		
			improve_re
			...
			authentik_
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 97be5543f9 | |||
| 212559c8fc | 
| @ -51,3 +51,9 @@ DEFAULT_QUOTA="10 GB" | |||||||
| # OCC_CMDS="app:disable dashboard" | # OCC_CMDS="app:disable dashboard" | ||||||
| # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1" | # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1" | ||||||
| # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1" | # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1" | ||||||
|  |  | ||||||
|  | # COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" | ||||||
|  | # AUTHENTIK_USER_PREFIX=authentik | ||||||
|  | # AUTHENTIK_DOMAIN=authentik.example.com | ||||||
|  | # AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1  # the same as in authentik | ||||||
|  | # AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1  # the same as in authentik | ||||||
|  | |||||||
							
								
								
									
										88
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										88
									
								
								README.md
									
									
									
									
									
								
							| @ -15,34 +15,18 @@ Fully automated luxury Nextcloud via docker-swarm. | |||||||
| * **SSO**: 1 (OAuth) | * **SSO**: 1 (OAuth) | ||||||
| <!-- endmetadata --> | <!-- endmetadata --> | ||||||
|  |  | ||||||
| ## Basic usage | ## Quick start | ||||||
|  |  | ||||||
| 1. Set up Docker Swarm and [`abra`] |  | ||||||
| 2. Deploy [`coop-cloud/traefik`] |  | ||||||
| 3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like |  | ||||||
|    to save secrets in `pass`) |  | ||||||
| 4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to |  | ||||||
|    your Docker swarm box |  | ||||||
| 5. `abra app deploy YOURAPPDOMAIN` |  | ||||||
|  |  | ||||||
| ## How do I customise the default home page when logging in? |  | ||||||
|  |  | ||||||
| - Delete the dashboard app since it is so corporate |  | ||||||
| - Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app |  | ||||||
| - Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder) |  | ||||||
|  |  | ||||||
| ## Running `occ` |  | ||||||
|  |  | ||||||
| `abra app cmd YOURAPPDOMAIN app run_occ '"user:list --help"'` |  | ||||||
|  |  | ||||||
| ## Upgrading Nextcloud apps |  | ||||||
|  |  | ||||||
| `abra app cmd YOURAPPDOMAIN app run_occ '"app:update --all"'` |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Onlyoffice Integrating | * `abra app new nextcloud` | ||||||
|  | * `abra app config <app-name>` | ||||||
|  | * `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>` | ||||||
|  | * `abra app secret generate -a <app-name>` | ||||||
|  | * `abra app deploy <app-name>` | ||||||
|  |  | ||||||
| `abra app config <nextcloud_domain>`  | ### Onlyoffice Integration | ||||||
|  |  | ||||||
|  | `abra app config <app-name>`  | ||||||
| Configure the following envs: | Configure the following envs: | ||||||
| ``` | ``` | ||||||
| COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" | COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" | ||||||
| @ -50,12 +34,12 @@ ONLYOFFICE_URL=https://onlyoffice.example.com | |||||||
| SECRET_ONLYOFFICE_JWT_VERSION=v1 | SECRET_ONLYOFFICE_JWT_VERSION=v1 | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| `abra app secret insert <nextcloud_domain> onlyoffice_jwt v1 <jwt_secret>` | `abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>` | ||||||
| `abra app cmd <nextcloud_domain> app install_onlyoffice` | `abra app cmd <app-name> app install_onlyoffice` | ||||||
|  |  | ||||||
| ## BBB Integrating | ### BBB Integration | ||||||
|  |  | ||||||
| `abra app config <nextcloud_domain>`  | `abra app config <app-name>`  | ||||||
| Configure the following envs: | Configure the following envs: | ||||||
| ``` | ``` | ||||||
| COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" | COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" | ||||||
| @ -63,8 +47,50 @@ BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! | |||||||
| SECRET_BBB_SECRET_VERSION=v1 | SECRET_BBB_SECRET_VERSION=v1 | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| `abra app secret insert <nextcloud_domain> bbb_secret v1 <bbb_secret>` | `abra app secret insert <app-name> bbb_secret v1 <bbb_secret>` | ||||||
| `abra app cmd <nextcloud_domain> app install_bbb` | `abra app cmd <app-name> app install_bbb` | ||||||
|  |  | ||||||
|  | ### Authentik Integration | ||||||
|  |  | ||||||
|  |  | ||||||
|  | `abra app config <app-name>`  | ||||||
|  | Configure the following envs: | ||||||
|  | ``` | ||||||
|  | COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" | ||||||
|  | AUTHENTIK_USER_PREFIX=authentik | ||||||
|  | AUTHENTIK_DOMAIN=authentik.example.com | ||||||
|  | AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1  # the same as in authentik | ||||||
|  | AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1  # the same as in authentik | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | `abra app cmd <app-name> app set_authentik` | ||||||
|  |  | ||||||
|  | ### Disable Dashboard | ||||||
|  |  | ||||||
|  | Disable dashboard app since it is so corporate: | ||||||
|  |  | ||||||
|  | `abra app config <app-name>`  | ||||||
|  | Configure the following envs: | ||||||
|  | ``` | ||||||
|  | OCC_CMDS="app:disable dashboard" | ||||||
|  | ``` | ||||||
|  | `abra app cmd <app-name> app post_install_occ` | ||||||
|  |  | ||||||
|  | ## Running `occ` | ||||||
|  |  | ||||||
|  | `abra app cmd <app-name> app run_occ '"user:list --help"'` | ||||||
|  |  | ||||||
|  | ## Default user files | ||||||
|  |  | ||||||
|  | - Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app | ||||||
|  |  | ||||||
|  | ## Default App | ||||||
|  |  | ||||||
|  | - Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder) | ||||||
|  |  | ||||||
|  | ## Upgrading Nextcloud apps | ||||||
|  |  | ||||||
|  | `abra app cmd <app-name> app run_occ '"app:update --all"'` | ||||||
|  |  | ||||||
|  |  | ||||||
| ## How do I fix a Nextcloud version snafu? | ## How do I fix a Nextcloud version snafu? | ||||||
|  | |||||||
							
								
								
									
										38
									
								
								abra.sh
									
									
									
									
									
								
							
							
						
						
									
										38
									
								
								abra.sh
									
									
									
									
									
								
							| @ -32,7 +32,7 @@ set_app_config(){ | |||||||
|     APP=$1 |     APP=$1 | ||||||
|     KEY=$2 |     KEY=$2 | ||||||
|     VALUE=$3 |     VALUE=$3 | ||||||
|     run_occ "config:app:set $APP $KEY --value $VALUE" |     run_occ "config:app:set $APP $KEY --value '$VALUE'" | ||||||
| } | } | ||||||
|  |  | ||||||
| install_bbb(){ | install_bbb(){ | ||||||
| @ -52,3 +52,39 @@ install_onlyoffice(){ | |||||||
| set_default_quota(){ | set_default_quota(){ | ||||||
|     set_app_config files default_quota '"$DEFAULT_QUOTA"' |     set_app_config files default_quota '"$DEFAULT_QUOTA"' | ||||||
| } | } | ||||||
|  |  | ||||||
|  | set_authentik(){ | ||||||
|  | install_apps sociallogin | ||||||
|  | AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret) | ||||||
|  | AUTHENTIK_ID=$(cat /run/secrets/authentik_id) | ||||||
|  | set_app_config sociallogin custom_providers " | ||||||
|  | { | ||||||
|  |     \"custom_oidc\":[ | ||||||
|  |     { | ||||||
|  |         \"name\":\"$AUTHENTIK_USER_PREFIX\", | ||||||
|  |         \"title\":\"authentik\", | ||||||
|  |         \"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\", | ||||||
|  |         \"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\", | ||||||
|  |         \"displayNameClaim\":\"preferred_username\", | ||||||
|  |         \"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\", | ||||||
|  |         \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\", | ||||||
|  |         \"clientId\":\"$AUTHENTIK_ID\", | ||||||
|  |         \"clientSecret\":\"$AUTHENTIK_SECRET\", | ||||||
|  |         \"scope\":\"openid profile email nextcloud\", | ||||||
|  |         \"groupsClaim\":\"nextcloud_groups\", | ||||||
|  |         \"style\":\"openid\", | ||||||
|  |         \"defaultGroup\":\"\", | ||||||
|  |         \"groupMapping\": { | ||||||
|  |           \"admin\": \"admin\" | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | ] | ||||||
|  | }" | ||||||
|  |  | ||||||
|  | set_app_config sociallogin update_profile_on_login 1 | ||||||
|  | set_app_config sociallogin auto_create_groups 1 | ||||||
|  | set_app_config sociallogin hide_default_login 1 | ||||||
|  | run_occ 'config:system:set social_login_auto_redirect --value true' | ||||||
|  | run_occ 'config:system:set allow_user_to_change_display_name --value=false' | ||||||
|  | run_occ 'config:system:set lost_password_link --value=disabled' | ||||||
|  | } | ||||||
|  | |||||||
							
								
								
									
										14
									
								
								compose.authentik.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								compose.authentik.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,14 @@ | |||||||
|  | version: "3.8" | ||||||
|  | services: | ||||||
|  |   app: | ||||||
|  |     secrets: | ||||||
|  |       - authentik_secret | ||||||
|  |       - authentik_id | ||||||
|  |  | ||||||
|  | secrets: | ||||||
|  |   authentik_secret: | ||||||
|  |     external: true | ||||||
|  |     name: ${AUTHENTIK_SECRET_NAME} | ||||||
|  |   authentik_id: | ||||||
|  |     external: true | ||||||
|  |     name: ${AUTHENTIK_ID_NAME} | ||||||
		Reference in New Issue
	
	Block a user