diff --git a/modules/server/containers/apps/nextcloud.nix b/modules/server/containers/apps/nextcloud.nix index 1ba8c16..02d8b4e 100644 --- a/modules/server/containers/apps/nextcloud.nix +++ b/modules/server/containers/apps/nextcloud.nix @@ -114,6 +114,7 @@ in { ${lib.optionalString (serverCfg.containers ? collabora == false) ''$OCC app:install richdocumentscode || true''} # $OCC app:install side_menu || true $OCC app:install spreed || true + $OCC app:install teamfolders || true ${lib.optionalString (serverCfg.containers ? authentik) ''$OCC app:install user_saml || true''} echo "Applying Apps Settings..." @@ -134,20 +135,21 @@ in { $OCC config:app:set richdocuments wopi_allowlist --value="10.0.0.0/8" ''} ${lib.optionalString (serverCfg.containers ? authentik) '' - $OCC saml:config:set idp0 --general-idp0_display_name="authentik" - $OCC saml:config:set idp0 --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username" - $OCC saml:config:set idp0 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}" - $OCC saml:config:set idp0 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/" - $OCC saml:config:set idp0 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/" + $OCC saml:config:set 1 --general-idp0_display_name="authentik" + $OCC saml:config:set 1 --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username" + $OCC saml:config:set 1 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}" + $OCC saml:config:set 1 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/" + $OCC saml:config:set 1 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/" AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h localhost -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n') - $OCC saml:config:set idp0 --idp-x509cert="$AUTHENTIK_CERT" + $OCC saml:config:set 1 --idp-x509cert="$AUTHENTIK_CERT" - $OCC saml:config:set idp0 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" - $OCC saml:config:set idp0 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" - $OCC saml:config:set idp0 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group" - $OCC saml:config:set idp0 --general-group_provisioning="0" - $OCC config:app:set idp0 user_saml general-require_provisioning_groups --value="0" - # $OCC saml:config:set idp0 --general-allowed_groups="cloud,admin" + $OCC saml:config:set 1 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" + $OCC saml:config:set 1 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" + $OCC saml:config:set 1 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group" + + # $OCC saml:config:set 1 --general-allowed_groups="cloud,admin" + $OCC config:app:set user_saml general-group_provisioning --value="0" + $OCC config:app:set user_saml general-require_provisioning_groups --value="0" ''} # configure side_menu ... FOLDERS=$($OCC teamfolders:list --format=json)