diff --git a/services/nextcloud/deployment.yaml b/services/nextcloud/deployment.yaml index 8cad32f..bbdd824 100644 --- a/services/nextcloud/deployment.yaml +++ b/services/nextcloud/deployment.yaml @@ -65,6 +65,14 @@ spec: fi installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)" if [ "${installed}" = "true" ]; then + configure_oidc() { + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_provider_url --value='https://sso.bstein.dev/realms/atlas'" + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_client_id --value='${OIDC_CLIENT_ID}'" + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_client_secret --value='${OIDC_CLIENT_SECRET}'" + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_auto_redirect --type=boolean --value=true" + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_hide_password_form --type=boolean --value=true" + su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_disable_registration --type=boolean --value=true" + } ensure_mime_defaults() { cfg_dir="/var/www/html/resources/config" mkdir -p "${cfg_dir}" @@ -92,6 +100,7 @@ spec: install_app oidc_login https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.2/oidc_login.tar.gz install_app external https://github.com/nextcloud-releases/external/releases/download/v5.4.1/external-v5.4.1.tar.gz install_app mail https://github.com/nextcloud-releases/mail/releases/download/v3.7.24/mail-stable3.7.tar.gz + configure_oidc fi env: - name: POSTGRES_HOST @@ -121,6 +130,16 @@ spec: secretKeyRef: name: nextcloud-admin key: admin-password + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: nextcloud-oidc + key: client-id + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: nextcloud-oidc + key: client-secret volumeMounts: - name: nextcloud-data mountPath: /var/www/html