generated from coop-cloud/example
42 lines
1.2 KiB
Bash
42 lines
1.2 KiB
Bash
#!/bin/bash
|
|
|
|
set -eu
|
|
|
|
file_env() {
|
|
local var="$1"
|
|
local fileVar="${var}_FILE"
|
|
local def="${2:-}"
|
|
|
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
|
exit 1
|
|
fi
|
|
local val="$def"
|
|
if [ "${!var:-}" ]; then
|
|
val="${!var}"
|
|
elif [ "${!fileVar:-}" ]; then
|
|
val="$(< "${!fileVar}")"
|
|
fi
|
|
export "$var"="$val"
|
|
unset "$fileVar"
|
|
}
|
|
|
|
file_env "PASSWORD"
|
|
|
|
{{ if eq (env "OIDC_ENABLED") "1" }}
|
|
echo 'auth-openid=1' >> /etc/rstudio/rserver.conf
|
|
echo 'auth-openid-issuer={{ env "OIDC_ISSUER_URL"}}' >> /etc/rstudio/rserver.conf
|
|
echo 'auth-openid-base-uri=https://{{ env "DOMAIN" }}' >> /etc/rstudio/rserver.conf
|
|
{{ end }}
|
|
|
|
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
|
apt install -y libpam-script
|
|
mkdir -p /opt/pam-exec-oauth2/
|
|
wget https://github.com/WASHNote/pam-exec-oauth2/releases/download/v0.0.1/pam-exec-oauth2 -O /opt/pam-exec-oauth2/pam-exec-oauth2
|
|
chmod +x /opt/pam-exec-oauth2/pam-exec-oauth2
|
|
echo 'auth requisite pam_exec.so log=/tmp/pam_exec.log expose_authtok /opt/pam-exec-oauth2/pam-exec-oauth2 --verbose' > /etc/pam.d/common-auth
|
|
echo 'auth requisite pam_script.so' >> /etc/pam.d/common-auth
|
|
{{ end }}
|
|
|
|
exec "$@"
|