5.1 KiB
Nextcloud
im authentik: openid-provider anlegen app anlegen
git clone https://git.local-it.org/LIT/nextcloud ~/.abra/apps/nextcloud
abra app new --secrets --domain example.com --server servername --app-name servername_cloud cloud
abra config servername_cloud
abra deploy servername_cloud
Die Installation von Nextcloud kann eine Weile dauern. Der status kann so überprüft werden:
abra app run --user www-data servername_cloud app /var/www/html/occ status
Installation von Nextcloud Apps:
abra app run --user www-data servername_cloud app /var/www/html/occ app:install calendar
abra app run --user www-data servername_cloud app /var/www/html/occ app:install sociallogin
abra app run --user www-data servername_cloud app /var/www/html/occ app:install onlyoffice
Dashboard deaktivieren:
abra app run --user www-data servername_cloud app /var/www/html/occ app:disable dashboard
Nextcloud Social Login SSO konfigurieren
TODO: urls anpassen
abra app run --user www-data servername_cloud app /var/www/html/occ config:app:set sociallogin custom_providers --value='
{
"custom_oidc": [
{
"name": "authentik",
"title": "SKA",
"authorizeUrl": "https://sso.he.local-it.org/application/o/authorize/",
"tokenUrl": "https://sso.he.local-it.org/application/o/token/",
"displayNameClaim": "preferred_username",
"userInfoUrl": "https://sso.he.local-it.org/application/o/userinfo/",
"logoutUrl": "https://sso.he.local-it.org/application/o/nextcloud/end-session/",
"clientId": "nextcloud",
"clientSecret": "secret",
"scope": "openid profile email nextcloud",
"groupsClaim": "nextcloud_groups",
"style": "openid",
"defaultGroup": "",
"groupMapping": {
"admin": "admin"
}
}
]
}'
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin update_profile_on_login --value 1
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin auto_create_groups --value 1
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin hide_default_login --value 1
All Possbile Values:
'disable_registration',
'create_disabled_users',
'allow_login_connect',
'prevent_create_email_exists',
'update_profile_on_login',
'no_prune_user_groups',
'auto_create_groups',
'restrict_users_wo_mapped_groups',
'restrict_users_wo_assigned_groups',
'disable_notify_admins',
'hide_default_login',
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set allow_user_to_change_display_name --value=false
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set lost_password_link --value=disabled
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set social_login_auto_redirect --value=true
Konfiguration überprüfen
abra app run --user www-data servername_cloud bash
cat config/config.php
Custom Group Mapping
In Authentik:
- Customisation -> Property Mappings
- Create -> Scope Mapping
Scope-Name: "nextcloud"
Expression: return { "nextcloud_groups": [{"gid": group.name, "displayName": group.name} for group in request.user.ak_groups.all()], }
- Providers -> nextcloud
- Advanced Protocol Settings
- Scopes
- Advanced Protocol Settings
Scopes auswählen: "authentik default OAuth Mapping: OpenID {email, openid, profile}" , nextcloud
Backup
Nextcloud von einem Backup wiederherstellen
Offizieller Nextcloud-Guide
Wartungs-Modus aktivieren
abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:mode --on
Wiederherstellen von Dateien
restic restore --include /backups/yksflip-cloud_app -t restored latest
docker cp -a r/backups/yksflip-cloud_app/* $(docker ps -q -f name=cloud_app):/
Sicher stellen dass File-Permissions und Ownership stimmen:
docker exec -it $(docker ps -q -f name=cloud_app) bash
$ ls -la
$ chown -R www-data:www-data data config custom_apps
Datenbank wiederherstellen
restic restore --include /backups/yksflip-cloud_db -t r latest
docker exec -it $(docker ps -q -f name=cloud_db) bash
$ mysql -u root -p"$(cat /run/secrets/db_root_password)" -e "DROP DATABASE nextcloud"
$ mysql -u root -p"$(cat /run/secrets/db_root_password)" -e "CREATE DATABASE nextcloud"
$ mysql -u root -p"$(cat /run/secrets/db_root_password)" nextcloud < /tmp/backup/backup.sql
!!! note "Bei Postgres DB"
/usr/bin/pg_restore -c -U nextcloud -d nextcloud < /tmp/backup/dump.sql
TODO: Check this
git
Wartungs-Modus aktivieren
abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:data-fingerprint
abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:mode --on
Falls nötig kann auch ein repair gestartet werden:
abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:repair