Adapt for vo_federation development

Author: smesterheide

README.md

@@ -4,6 +4,8 @@
 
 Nextcloud's development environment using Docker Compose providing a large variety of services for Nextcloud server and app development and testing.
 
+Adapted for [VO Federation app](https://github.com/nextcloud/vo_federation) development.
+
 ⚠ **DO NOT USE THIS IN PRODUCTION** Various settings in this setup are considered insecure and default passwords and secrets are used all over the place
 
 - ☁ Nextcloud containers for running multiple versions
@@ -31,7 +33,7 @@ In detail explanation of the setup and its features and configuration options ca
 
 To start the setup run the following commands to clone the repository and bootstrap the setup. This will prepare your setup and clone the Nextcloud server repository and required apps into the `workspace` folder.
 ```bash
-git clone https://github.com/juliusknorr/nextcloud-docker-dev
+git clone https://github.com/smesterheide/nextcloud-docker-dev
 cd nextcloud-docker-dev
 ./bootstrap.sh
 ```
@@ -40,6 +42,8 @@ Depending on your docker version you will need to use `docker-compose` instead o
 
 This may take some time depending on your internet connection speed.
 
+**See [VO Federation app](#vo-federation-app) before continuing**
+
 Once done you can start the Nextcloud container using:
 ```bash
 docker compose up nextcloud
@@ -59,6 +63,37 @@ You can then access your Nextcloud instance at [http://nextcloud.local](http://n
 > git fetch origin
 > ```
 
+#### VO Federation app
+
+**Nextcloud Server patches**
+
+Checkout the Nextcloud Server version that has support for the federated group share type:
+
+```
+cd workspace/server
+git remote add publicplan https://github.com/publicplan/nextcloud-server.git
+git fetch publicplan
+git checkout -t publicplan/vo-federation
+```
+
+**Clone the app**
+
+From your parent directory clone the `vo_federation` app repository:
+
+```
+git clone -b develop https://github.com/nextcloud/vo_federation
+```
+
+**SSL server certificates**
+
+Install [mkcert](https://github.com/FiloSottile/mkcert), go to `data/ssl` and generate the server cerfificates:
+
+```
+CAROOT=$(pwd) mkcert -cert-file nextcloud.local.crt -key-file nextcloud.local.key nextcloud.local
+CAROOT=$(pwd) mkcert -cert-file nextcloud2.local.crt -key-file nextcloud2.local.key nextcloud2.local
+CAROOT=$(pwd) mkcert -cert-file nextcloud3.local.crt -key-file nextcloud3.local.key nextcloud3.local
+CAROOT=$(pwd) mkcert -cert-file keycloak.local.crt -key-file keycloak.local.key keycloak.local
+```
 
 ### Standalone containers
 

data/shared/config.php

@@ -0,0 +1,8 @@
+<?php
+$CONFIG = array(
+    'htaccess.RewriteBase' => '/',
+    'overwriteprotocol' => 'https',
+    'log_type' => 'file',
+    'logfile' => 'nextcloud.log',
+    'loglevel' => 2,
+);

data/shared/hooks/after-install.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+export OC_PASS="${OC_PASS_ADMIN:-admin}"
+occ user:resetpassword --password-from-env admin
+
+occ config:app:set files_sharing incoming_server2server_group_share_enabled --value="yes"
+occ config:app:set files_sharing outgoing_server2server_group_share_enabled --value="yes"
+
+INSTANCENAME=$(echo "$VIRTUAL_HOST" | cut -d '.' -f1)
+DOMAIN_SUFFIX=".$(echo "$VIRTUAL_HOST" | cut -d '.' -f2-)"
+
+if [ "$INSTANCENAME" == "nextcloud" ]; then
+    echo "Adding Keycloak as an OIDC provider for nexcloud, trusting nexcloud2, nextcloud3"
+    occ vo_federation:provider:add Keycloak \
+        --clientid="nextcloud" \
+        --clientsecret="nextcloud" \
+        --authorization-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/auth" \
+        --token-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/token" \
+        --jwks-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/certs" \
+        --userinfo-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/userinfo" \
+        --scope="openid email profile groups" \
+        --mapping-uid="sub" \
+        --mapping-display-name="preferred_username" \
+        --mapping-groups="groups" \
+        --regex-pattern=".*" \
+        --trusted-instance="https://nextcloud2${DOMAIN_SUFFIX}" \
+        --trusted-instance="https://nextcloud3${DOMAIN_SUFFIX}"
+fi
+
+if [ "$INSTANCENAME" == "nextcloud2" ]; then
+    echo "Adding Keycloak as an OIDC provider for nexcloud2, trusting nexcloud, nextcloud3"
+    occ vo_federation:provider:add Keycloak \
+        --clientid="nextcloud" \
+        --clientsecret="nextcloud" \
+        --authorization-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/auth" \
+        --token-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/token" \
+        --jwks-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/certs" \
+        --userinfo-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/userinfo" \
+        --scope="openid email profile groups" \
+        --mapping-uid="sub" \
+        --mapping-display-name="preferred_username" \
+        --mapping-groups="groups" \
+        --regex-pattern=".*" \
+        --trusted-instance="https://nextcloud${DOMAIN_SUFFIX}" \
+        --trusted-instance="https://nextcloud3${DOMAIN_SUFFIX}"
+fi
+
+if [ "$INSTANCENAME" == "nextcloud2" ]; then
+    echo "Adding Keycloak as an OIDC provider for nexcloud3, trusting nexcloud, nextcloud2"
+    occ vo_federation:provider:add Keycloak \
+        --clientid="nextcloud" \
+        --clientsecret="nextcloud" \
+        --authorization-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/auth" \
+        --token-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/token" \
+        --jwks-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/certs" \
+        --userinfo-endpoint="https://keycloak${DOMAIN_SUFFIX}/realms/nextcloud/protocol/openid-connect/userinfo" \
+        --scope="openid email profile groups" \
+        --mapping-uid="sub" \
+        --mapping-display-name="preferred_username" \
+        --mapping-groups="groups" \
+        --regex-pattern=".*" \
+        --trusted-instance="https://nextcloud${DOMAIN_SUFFIX}" \
+        --trusted-instance="https://nextcloud2${DOMAIN_SUFFIX}"
+fi
+
+# Reload mounted crontab 
+crontab /etc/nc-cron.conf

docker-compose.yml

@@ -76,25 +76,30 @@ services:
     environment:
       SQL: ${SQL:-mysql}
       NEXTCLOUD_AUTOINSTALL: ${NEXTCLOUD_AUTOINSTALL:-YES}
-      NEXTCLOUD_AUTOINSTALL_APPS:
+      NEXTCLOUD_AUTOINSTALL_APPS: "${NEXTCLOUD_AUTOINSTALL_APPS} vo_federation"
       WITH_REDIS: "YES"
       VIRTUAL_HOST: "nextcloud${DOMAIN_SUFFIX}"
       ADDITIONAL_APPS_PATH:
-      NEXTCLOUD_TRUSTED_DOMAINS:
+      NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.local nextcloud2.local nextcloud3.local"
       BLACKFIRE_CLIENT_ID:
       BLACKFIRE_CLIENT_TOKEN:
       PRIMARY: ${PRIMARY:-local}
       PHP_XDEBUG_MODE: ${PHP_XDEBUG_MODE:-develop}
+      PROTOCOL: https
     volumes:
       - '${REPO_PATH_SERVER}:/var/www/html'
       - '${REPO_PATH_SERVER}/apps-extra:/var/www/html/apps-extra'
+      - '${STABLE_ROOT_PATH}/../../vo_federation:/var/www/html/apps-extra/vo_federation'
       - '${ADDITIONAL_APPS_PATH:-./data/apps-extra}:/var/www/html/apps-shared'
       - data:/var/www/html/data
       - config:/var/www/html/config
       - apps-writable:/var/www/html/apps-writable
       - ./data/skeleton/:/skeleton
       - ./data/additional.config.php:/var/www/html/config/additional.config.php:ro
       - ./data/shared:/shared
+      - ./data/ssl/rootCA.pem:/usr/local/share/ca-certificates/rootCA.crt
+      - ./docker/configs/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini
+      - ./docker/configs/cron.conf:/etc/nc-cron.conf
     depends_on:
       - database-${SQL:-mysql}
       - redis
@@ -109,16 +114,24 @@ services:
       SQL: 'mysql'
       VIRTUAL_HOST: "nextcloud2${DOMAIN_SUFFIX}"
       PHP_XDEBUG_MODE: ${PHP_XDEBUG_MODE:-develop}
+      NEXTCLOUD_AUTOINSTALL: ${NEXTCLOUD_AUTOINSTALL:-YES}
+      NEXTCLOUD_AUTOINSTALL_APPS: "${NEXTCLOUD_AUTOINSTALL_APPS} vo_federation"
+      NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.local nextcloud2.local nextcloud3.local"
+      PROTOCOL: https      
     volumes:
       - '${REPO_PATH_SERVER}:/var/www/html'
       - '${REPO_PATH_SERVER}/apps-extra:/var/www/html/apps-extra'
+      - '${STABLE_ROOT_PATH}/../../vo_federation:/var/www/html/apps-extra/vo_federation'
       - '${ADDITIONAL_APPS_PATH:-./data/apps-extra}:/var/www/html/apps-shared'
       - data2:/var/www/html/data
       - config2:/var/www/html/config
       - apps-writable2:/var/www/html/apps-writable
       - ./data/skeleton/:/skeleton
       - ./data/additional.config.php:/var/www/html/config/additional.config.php:ro
       - ./data/shared:/shared
+      - ./data/ssl/rootCA.pem:/usr/local/share/ca-certificates/rootCA.crt
+      - ./docker/configs/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini
+      - ./docker/configs/cron.conf:/etc/nc-cron.conf
     ports:
       - "${IP_BIND:-127.0.0.1}:${PORTBASE:-800}1:80"
     depends_on:
@@ -135,16 +148,24 @@ services:
       SQL: ${SQL:-mysql}
       VIRTUAL_HOST: "nextcloud3${DOMAIN_SUFFIX}"
       PHP_XDEBUG_MODE: ${PHP_XDEBUG_MODE:-develop}
+      NEXTCLOUD_AUTOINSTALL: ${NEXTCLOUD_AUTOINSTALL:-YES}
+      NEXTCLOUD_AUTOINSTALL_APPS: "${NEXTCLOUD_AUTOINSTALL_APPS} vo_federation"
+      NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.local nextcloud2.local nextcloud3.local"
+      PROTOCOL: https      
     volumes:
       - '${REPO_PATH_SERVER}:/var/www/html'
       - '${REPO_PATH_SERVER}/apps-extra:/var/www/html/apps-extra'
+      - '${STABLE_ROOT_PATH}/../../vo_federation:/var/www/html/apps-extra/vo_federation'
       - '${ADDITIONAL_APPS_PATH:-./data/apps-extra}:/var/www/html/apps-shared'
       - data3:/var/www/html/data
       - config3:/var/www/html/config
       - apps-writable3:/var/www/html/apps-writable
       - ./data/skeleton/:/skeleton
       - ./data/additional.config.php:/var/www/html/config/additional.config.php:ro
       - ./data/shared:/shared
+      - ./data/ssl/rootCA.pem:/usr/local/share/ca-certificates/rootCA.crt
+      - ./docker/configs/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini
+      - ./docker/configs/cron.conf:/etc/nc-cron.conf
     depends_on:
       - database-${SQL:-mysql}
       - redis
@@ -925,7 +946,7 @@ services:
     expose:
       - 8080
     volumes:
-      - ./docker/configs/keycloak:/opt/keycloak/data/import
+      - ./docker/configs/keycloak/realm-export.json:/opt/keycloak/data/import/realm-export.json
     command: start-dev --import-realm
     environment:
       VIRTUAL_HOST: "keycloak${DOMAIN_SUFFIX}"

docker/configs/cron.conf

@@ -1,2 +1,2 @@
 # m   h  dom mon dow   command
-*/5  *  *   *   *     sudo -E -u www-data php -f /var/www/html/cron.php >> /var/log/cron/nextcloud.log 2>&1
+*   *  *   *   *     sudo -E -u www-data php -f /var/www/html/cron.php >> /var/log/cron/nextcloud.log 2>&1