local-it
/
docs
0
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
docs/docs/apps/nextcloud.md

5.2 KiB
Raw Blame History

Nextcloud

im authentik: openid-provider anlegen app anlegen

!!! note "Auf lit.cloud Infrastruktur" git clone https://git.local-it.org/LIT/nextcloud ~/.abra/apps/nextcloud

abra app new --secrets --domain example.com --server servername --app-name servername_cloud cloud
abra config servername_cloud
abra deploy servername_cloud

Die Installation von Nextcloud kann eine Weile dauern. Der status kann so überprüft werden:
abra app run --user www-data servername_cloud app /var/www/html/occ status

Installation von Nextcloud Apps:

abra app run --user www-data servername_cloud app /var/www/html/occ app:install calendar
abra app run --user www-data servername_cloud app /var/www/html/occ app:install sociallogin
abra app run --user www-data servername_cloud app /var/www/html/occ app:install onlyoffice

Dashboard deaktivieren:

abra app run --user www-data servername_cloud app /var/www/html/occ app:disable dashboard

Nextcloud Social Login SSO konfigurieren

TODO: urls anpassen

abra app run --user www-data servername_cloud app /var/www/html/occ config:app:set sociallogin custom_providers --value='
{
  "custom_oidc": [
    {
      "name": "authentik",
      "title": "SKA",
      "authorizeUrl": "https://sso.he.local-it.org/application/o/authorize/",
      "tokenUrl": "https://sso.he.local-it.org/application/o/token/",
      "displayNameClaim": "preferred_username",
      "userInfoUrl": "https://sso.he.local-it.org/application/o/userinfo/",
      "logoutUrl": "https://sso.he.local-it.org/application/o/nextcloud/end-session/",
      "clientId": "nextcloud",
      "clientSecret": "secret",
      "scope": "openid profile email nextcloud",
      "groupsClaim": "nextcloud_groups",
      "style": "openid",
      "defaultGroup": "",
      "groupMapping": {
        "admin": "admin"
      }
    }
  ]
}'


abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin update_profile_on_login --value 1
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin auto_create_groups --value 1
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:app:set sociallogin hide_default_login --value 1

All Possbile Values:
        'disable_registration',
        'create_disabled_users',
        'allow_login_connect',
        'prevent_create_email_exists',
        'update_profile_on_login',
        'no_prune_user_groups',
        'auto_create_groups',
        'restrict_users_wo_mapped_groups',
        'restrict_users_wo_assigned_groups',
        'disable_notify_admins',
        'hide_default_login',


abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set allow_user_to_change_display_name --value=false
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set lost_password_link --value=disabled
abra app run --user www-data swe-hospiz-cloud app /var/www/html/occ config:system:set social_login_auto_redirect --value=true

Konfiguration überprüfen

abra app run --user www-data servername_cloud bash
cat config/config.php

Custom Group Mapping

In Authentik:

  • Customisation -> Property Mappings
    • Create -> Scope Mapping

Scope-Name: "nextcloud"
Expression: return { "nextcloud_groups": [{"gid": group.name, "displayName": group.name} for group in request.user.ak_groups.all()], }

  • Providers -> nextcloud
    • Advanced Protocol Settings
      • Scopes

Scopes auswählen: "authentik default OAuth Mapping: OpenID {email, openid, profile}" , nextcloud

Backup

Nextcloud von einem Backup wiederherstellen

Offizieller Nextcloud-Guide

Wartungs-Modus aktivieren

abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:mode --on

Wiederherstellen von Dateien

restic restore --include /backups/yksflip-cloud_app -t restored latest 
docker cp -a r/backups/yksflip-cloud_app/* $(docker ps -q -f name=cloud_app):/

Sicher stellen dass File-Permissions und Ownership stimmen:

docker exec -it $(docker ps -q -f name=cloud_app) bash
$ ls -la 
$ chown -R www-data:www-data data config custom_apps

Datenbank wiederherstellen


restic restore --include /backups/yksflip-cloud_db -t r latest
docker exec -it  $(docker ps -q -f name=cloud_db) bash
$ mysql -u root -p"$(cat /run/secrets/db_root_password)"  -e "DROP DATABASE nextcloud"
$ mysql -u root -p"$(cat /run/secrets/db_root_password)"  -e "CREATE DATABASE nextcloud"
$ mysql -u root -p"$(cat /run/secrets/db_root_password)" nextcloud < /tmp/backup/backup.sql

!!! note "Bei Postgres DB" /usr/bin/pg_restore -c -U nextcloud -d nextcloud < /tmp/backup/dump.sql TODO: Check this git Wartungs-Modus aktivieren

abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:data-fingerprint  
abra app run --user www-data yksflip-cloud app /var/www/html/occ maintenance:mode --on

Falls nötig kann auch ein repair gestartet werden:

abra app run --user www-data yksflip-cloud app /var/www/html/occ  maintenance:repair