diff --git a/templates/_nextcloud-specs.tpl b/templates/_nextcloud-specs.tpl
index f77fb433da6b582f045e0f9a17dbc8695abb138a..d29c779034acde9ab7a1b195807fb922fabb9f13 100644
--- a/templates/_nextcloud-specs.tpl
+++ b/templates/_nextcloud-specs.tpl
@@ -22,7 +22,7 @@ runAsGroup: 33
- name: nextcloud-data
mountPath: /var/www/html/themes
subPath: themes
-- name: onlyoffice-config
+- name: nextcloud-config
mountPath: /var/local
{{- end }}
{{/* Set environment variables that are needed for the nextcloud setup */}}
@@ -83,7 +83,7 @@ runAsGroup: 33
{{- else }}
emptyDir: {}
{{- end }}
-- name: onlyoffice-config
+- name: nextcloud-config
configMap:
- name: {{ .Release.Name }}-onlyoffice-config
+ name: {{ .Release.Name }}-nextcloud-config
{{- end}}
diff --git a/templates/onlyoffice-config.yaml b/templates/nextcloud-config.yaml
similarity index 75%
rename from templates/onlyoffice-config.yaml
rename to templates/nextcloud-config.yaml
index 00cf189759cc6f9f904bb460baf27adc0f65487a..dd143590d3463ff819221cd84c43f2dbe18421a1 100644
--- a/templates/onlyoffice-config.yaml
+++ b/templates/nextcloud-config.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: "{{ .Release.Name }}-onlyoffice-config"
+ name: "{{ .Release.Name }}-nextcloud-config"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
@@ -25,12 +25,23 @@ data:
}
}
}
+ social-login-config.json: |
+ {
+ "apps": {
+ "sociallogin": {
+ "auto_create_groups": "1",
+ "custom_oidc_providers": "[{\"name\":\"oas\",\"title\":\"OpenAppStack\",\"authorizeUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name }}\\\/oauth2\\\/auth\",\"tokenUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name}}\\\/oauth2\\\/token\",\"userInfoUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name }}\\\/userinfo\",\"logoutUrl\":\"\",\"clientId\":\"{{ .Values.sociallogin.client_id }}\",\"clientSecret\":\"{{ .Values.sociallogin.client_secret | default "" }}\",\"scope\":\"openid profile email openappstack_roles\",\"groupsClaim\":\"{{ .Values.sociallogin.groups_claim }}\",\"style\":\"\",\"defaultGroup\":\"\",\"groupMapping\":{\"admin\":\"admin\"}}]",
+ "update_profile_on_login": "1"
+ }
+ }
+ }
setup-apps.sh: |
#!/bin/bash
set -ev
# Debug: place the json file in a persistent location for reuse
cp /var/local/onlyoffice-config.json /var/www/html/
+ cp /var/local/social-login-config.json /var/www/html/
{{- range .Values.apps }}
# -- Begin {{ .name }}
# Only install {{ .name }} if it's not installed already
@@ -45,6 +56,7 @@ data:
# Config settings from the configmap above
php occ config:import /var/local/onlyoffice-config.json
+ php occ config:import /var/local/social-login-config.json
#
# All values in config.json are applied by the nextcloud occ command
# config:import.
diff --git a/templates/onlyoffice-deployment.yaml b/templates/onlyoffice-deployment.yaml
index faba968d3678825ca1c99941092f224f3cbb5642..2d8533162b3808ad1084ae14091ac8cc086f4b0e 100644
--- a/templates/onlyoffice-deployment.yaml
+++ b/templates/onlyoffice-deployment.yaml
@@ -73,10 +73,15 @@ spec:
value: "{{ .Values.postgresql.service.port }}"
- name: POSTGRESQL_SERVER_DB_NAME
value: "{{ .Values.postgresql.postgresqlDatabase }}"
+ - name: SKIP_FONTS_GENERATION
+ value: "{{ .Values.onlyoffice.skipFontsGeneration }}"
ports:
- name: http
containerPort: {{ .Values.onlyoffice.containerPort }}
protocol: TCP
+ - name: spellchecker
+ containerPort: 8080
+ protocol: TCP
resources:
{{- toYaml .Values.onlyoffice.resources | nindent 12 }}
securityContext:
diff --git a/templates/onlyoffice-ingress.yaml b/templates/onlyoffice-ingress.yaml
index 01ce893edb667c387530ed94540a7a7ba8ddebf9..88329d13f34add01b8f7936345d93dec31b8dbce 100644
--- a/templates/onlyoffice-ingress.yaml
+++ b/templates/onlyoffice-ingress.yaml
@@ -30,11 +30,13 @@ spec:
- host: {{ . | quote }}
http:
paths:
- {{- range $ingressPaths }}
- - path: {{ . }}
+ - path: "/"
backend:
serviceName: {{ $fullName }}
servicePort: http
- {{- end }}
+ - path: "/spellchecker"
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: spellchecker
{{- end }}
{{- end }}
diff --git a/templates/onlyoffice-service.yaml b/templates/onlyoffice-service.yaml
index 0519adc143dd716b0a85ddf9893c476ac981410f..9de08f419025883a50315b28c749e5ca2271e0a7 100644
--- a/templates/onlyoffice-service.yaml
+++ b/templates/onlyoffice-service.yaml
@@ -14,6 +14,10 @@ spec:
targetPort: http
protocol: TCP
name: http
+ - port: 8080
+ targetPort: spellchecker
+ protocol: TCP
+ name: spellchecker
selector:
app.kubernetes.io/name: {{ include "onlyoffice-documentserver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/values-local.yaml.example b/values-local.yaml.example
index b9b2a2c0f06d05b4b51a5702d3dff99d565ffbec..3206a7f1ff162cf73cc180b27cf561d704c241ac 100644
--- a/values-local.yaml.example
+++ b/values-local.yaml.example
@@ -31,8 +31,6 @@ onlyoffice:
jwtSecret: Set any random secret for JWT here
ingress:
enabled: true
- paths:
- - "/"
hosts:
- "office.your.domain"
@@ -42,3 +40,33 @@ postgresql:
rabbitmq:
rabbitmq:
password: Set a password for rabbitmq here
+
+# apps controls which apps will be installed and enabled in nextcloud
+apps:
+ - name: sociallogin
+ # apps[0].enabled needs to be set to true if you want to enable login via an external
+ # oauth server. In that case you need to configure all the values in `sociallogin`
+ enabled: false
+ - name: onlyoffice
+ enabled: true
+
+# sociallogin enables login via oAuth/Open-ID Connect
+sociallogin:
+ # sociallogin.server_name is the FQDN of you oAuth server. The oAuth server needs to
+ # provide the endpoints `/userinfo`, `/oauth2/token` and `/oauth2/auth` and according
+ # to the oauth2 standard it needs to be accessible via https with valid certificates
+ server_name: sso.oas.example.net
+ # sociallogin.client_id is the client name nextcloud will use to communicate with the
+ # oAuth server
+ client_id: nextcloud
+
+ ## sociallogin.client_secret is the password that nextcloud uses when communicating with
+ ## the oauth server
+ # client_secret: "YouReallyNeedToChangeThis"
+
+ # sociallogin.groups_claim is the name of a claim that the nextcloud server can retrieve
+ # by querying the `/userinfo` enfpoint of the openID Connect server. For every value in
+ # the groups_claim a corresponding group with a `oas_` prefix will be created if they don't
+ # exist yet. The user will then be added to those groups.
+ # If the claim contains the value `admin` the user will be added granted admin privileges.
+ groups_claim: "openappstack_roles"
diff --git a/values.yaml b/values.yaml
index 100e1a5abd8d18d3f2fb6765de10c04daee2f538..2d0868394dc079e189a59c7b7e61db828d7eb5a1 100644
--- a/values.yaml
+++ b/values.yaml
@@ -25,7 +25,7 @@ nextcloud:
apps:
# OIDC consumer
- name: sociallogin
- enabled: false
+ enabled: true
# List of applications that are installed *and enabled*
- name: onlyoffice
enabled: true
@@ -48,6 +48,13 @@ onlyoffice:
jwtSecret: "secret"
+ # Disable font generation during startup.
+ # This takes a long time and is not needed if you don't provide custom
+ # fonts.
+ # See https://0xacab.org/infrared/platform_wg/docker-onlyoffice-documentserver/issues/10
+ # for context.
+ skipFontsGeneration: true
+
# Port of onlyoffice server inside docker container.
containerPort: 8000
@@ -56,7 +63,7 @@ onlyoffice:
image:
repository: infrarednetwork/onlyoffice-documentserver
- tag: 5.4.0-2-1
+ tag: 5.4.1-2
pullPolicy: Always
strategy: Recreate
@@ -126,3 +133,9 @@ postgresql:
rabbitmq:
rabbitmq:
password: password
+
+sociallogin:
+ server_name: sso.oas.example.net
+ client_id: nextcloud
+ groups_claim: "openappstack_roles"
+ # client_secret: "YouReallyNeedToChangeThis"