forked from Deuxfleurs/infrastructure
60 lines
2.6 KiB
Markdown
60 lines
2.6 KiB
Markdown
# How to setup NextCloud
|
|
|
|
## First setup
|
|
|
|
It's complicated.
|
|
|
|
First, create a service user `nextcloud` and a database `nextcloud` it owns. Also create a Garage access key and bucket `nextcloud` it is allowed to use.
|
|
|
|
Fill in the following Consul keys with actual values:
|
|
|
|
```
|
|
secrets/nextcloud/db_user
|
|
secrets/nextcloud/db_pass
|
|
secrets/nextcloud/garage_access_key
|
|
secrets/nextcloud/garage_secret_key
|
|
```
|
|
|
|
Create the following Consul keys with empty values:
|
|
|
|
```
|
|
secrets/nextcloud/instance_id
|
|
secrets/nextcloud/password_salt
|
|
secrets/nextcloud/secret
|
|
```
|
|
|
|
Start the nextcloud.hcl nomad service. Enter the container and call `occ maintenance:install` with the correct database parameters as user `www-data`.
|
|
A possibility: call the admin user `nextcloud` and give it the same password as the `nextcloud` service user.
|
|
|
|
Cat the newly generated `config.php` file and copy the instance id, password salt, and secret from there to Consul
|
|
(they were generated by the install script and we want to keep them).
|
|
|
|
Restart the Nextcloud Nomad server.
|
|
|
|
You should now be able to log in to Nextcloud using the admin user (`nextcloud` if you called it that).
|
|
|
|
Go to the apps settings and enable desired apps.
|
|
|
|
## Configure LDAP login
|
|
|
|
LDAP login has to be configured from the admin interface. First, enable the LDAP authentification application.
|
|
|
|
Go to settings > LDAP/AD integration. Enter the following parameters:
|
|
|
|
- ldap server: `bottin2.service.2.cluster.deuxfleurs.fr`
|
|
- bind user: `cn=nextcloud,ou=services,ou=users,dc=deuxfleurs,dc=fr`
|
|
- bind password: password of the nextcloud service user
|
|
- base DN for users: `ou=users,dc=deuxfleurs,dc=fr`
|
|
- check "manually enter LDAP filters"
|
|
- in the users tab, edit LDAP query and set it to `(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))`
|
|
- in the login attributes tab, edit LDAP query and set it to `(&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))(|(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid))))`
|
|
- in the groups tab, edit the LDAP query and set it to `(|(objectclass=groupOfNames))`
|
|
- in the advanced tab, enter the "directory setting" section and check/modify the following:
|
|
- user display name field: `displayname`
|
|
- base user tree: `ou=users,dc=deuxfleurs,dc=fr`
|
|
- user search attribute: `cn`
|
|
- groupe display name field: `displayname`
|
|
- **base group tree**: `ou=groups,dc=deuxfleurs,dc=fr`
|
|
- group search attribute: `cn`
|
|
|
|
That should be it. Go to the login attributes tab and enter a username (which should have been added to the nextcloud group) to check that nextcloud is able to find it and allows it for login.
|