aboutsummaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-07-05 22:54:47 +0200
committerAlex Auvolat <alex@adnab.me>2020-07-05 22:55:00 +0200
commitc344dacb65e967bef7a06e34adb02494d98cde77 (patch)
tree6da8818681683ceaaa6271f4023c2371e87a4b3f /man
parent5e83c8e5fe8f5b9566673e96c6d963bc8d0129d6 (diff)
downloadinfrastructure-c344dacb65e967bef7a06e34adb02494d98cde77.tar.gz
infrastructure-c344dacb65e967bef7a06e34adb02494d98cde77.zip
Add garage and nextcloud configuration
Diffstat (limited to 'man')
-rw-r--r--man/nextcloud/README.md60
1 files changed, 60 insertions, 0 deletions
diff --git a/man/nextcloud/README.md b/man/nextcloud/README.md
new file mode 100644
index 0000000..f68520b
--- /dev/null
+++ b/man/nextcloud/README.md
@@ -0,0 +1,60 @@
+# How to setup NextCloud
+
+## First setup
+
+It's complicated.
+
+First, create a service user `nextcloud` and a database `nextcloud` it owns. Also create a Garage access key and bucket `nextcloud` it is allowed to use.
+
+Fill in the following Consul keys with actual values:
+
+```
+secrets/nextcloud/db_user
+secrets/nextcloud/db_pass
+secrets/nextcloud/garage_access_key
+secrets/nextcloud/garage_secret_key
+```
+
+Create the following Consul keys with empty values:
+
+```
+secrets/nextcloud/instance_id
+secrets/nextcloud/password_salt
+secrets/nextcloud/secret
+```
+
+Start the nextcloud.hcl nomad service. Enter the container and call `occ maintenance:install` with the correct database parameters as user `www-data`.
+A possibility: call the admin user `nextcloud` and give it the same password as the `nextcloud` service user.
+
+Cat the newly generated `config.php` file and copy the instance id, password salt, and secret from there to Consul
+(they were generated by the install script and we want to keep them).
+
+Restart the Nextcloud Nomad server.
+
+You should now be able to log in to Nextcloud using the admin user (`nextcloud` if you called it that).
+
+Go to the apps settings and enable desired apps.
+
+## Configure LDAP login
+
+LDAP login has to be configured from the admin interface. First, enable the LDAP authentification application.
+
+Go to settings > LDAP/AD integration. Enter the following parameters:
+
+- ldap server: `bottin2.service.2.cluster.deuxfleurs.fr`
+- bind user: `cn=nextcloud,ou=services,ou=users,dc=deuxfleurs,dc=fr`
+- bind password: password of the nextcloud service user
+- base DN for users: `ou=users,dc=deuxfleurs,dc=fr`
+- check "manually enter LDAP filters"
+- in the users tab, edit LDAP query and set it to `(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))`
+- in the login attributes tab, edit LDAP query and set it to `(&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))(|(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid))))`
+- in the groups tab, edit the LDAP query and set it to `(|(objectclass=groupOfNames))`
+- in the advanced tab, enter the "directory setting" section and check/modify the following:
+ - user display name field: `displayname`
+ - base user tree: `ou=users,dc=deuxfleurs,dc=fr`
+ - user search attribute: `cn`
+ - groupe display name field: `displayname`
+ - **base group tree**: `ou=groups,dc=deuxfleurs,dc=fr`
+ - group search attribute: `cn`
+
+That should be it. Go to the login attributes tab and enter a username (which should have been added to the nextcloud group) to check that nextcloud is able to find it and allows it for login.