kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved ldap reference bug for nextcloud and cleaned up

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-04-11 11:35:28 +02:00
parent 2dcf8159e5
commit 536c3091e5
24 changed files with 126 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
roles/docker-nextcloud/docs/Administration.md Normal file
View File

@@ -0,0 +1,16 @@
# Administration
Instructions for manual administrative operations like container login, config file edits, and post-update recovery actions.
## Modify Config 🔧
### Enter the Container
```bash
docker-compose exec -it application /bin/sh
```
### Modify the Configuration
Inside the container, install a text editor and edit the config:
```bash
apk add --no-cache nano && nano config/config.php
```

32
roles/docker-nextcloud/docs/Applications.md Normal file
View File

@@ -0,0 +1,32 @@
# Nextcloud Applications
Details on specific apps like Cospend, including related SQL queries and debugging tips.
## Recieve Plugin Information
To recieve the relevant configuration options for a plugin type:
```bash
docker compose exec -u www-data application php occ config:list oidc_login
```
## App Relevant Tables 🗃️
- `oc_appconfig`
- `oc_migrations`
## LDAP
## Cospend
### Relevant SQL Commands for Cospend
Debugguging Migrations:
https://github.com/julien-nc/cospend-nc/issues/325
```sql
-- Show all Cospend Tables
SHOW TABLES where Tables_in_nextcloud LIKE "%cospend%";
-- Show Cospend Configuration
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%cospend%";
-- Show Cospend Database Migrations
SELECT * FROM `oc_migrations` WHERE app LIKE "%cospend%";
```

4
roles/docker-nextcloud/docs/Architecture.md Normal file
View File

@@ -0,0 +1,4 @@
# Administration
## Other Resources
- [Nextcloud Docker Example with Nginx Proxy, MariaDB, and FPM](https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml)

15
roles/docker-nextcloud/docs/Database.md Normal file
View File

@@ -0,0 +1,15 @@
# Database Management (local)
To manage the database if you installed it locally use the following comments. If you have created the database via the central database option, look for the related documentation.
## Database Access
To access the database, execute:
```bash
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
```
### Recreate Database with New Volume
```bash
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
```

72
roles/docker-nextcloud/docs/IAM.md Normal file
View File

@@ -0,0 +1,72 @@
# Identity and Access Management
IAM(Identity and Access Management) is setup via Keycloak and LDAP.
## OpenID Connect (OIDC) Support 🔐
OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
### Verify OIDC Configuration
```bash
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
```
## LDAP
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
## Get LDAP Configuration
```bash
docker compose exec -u www-data application php occ ldap:show-config
```
## Get all relevant entries except password
```sql
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%ldap%" and configkey != "s01ldap_agent_password";
```
## Update User with LDAP values
```bash
docker compose exec -it -u www-data application php occ ldap:check-user --update {{username}}
```
## Update LDAP Sync
```bash
docker compose exec -u www-data application php occ user:sync-account-data
```
### Update Each User
If you want to update **every LDAP user**, run:
```bash
for user in $(docker compose exec -u www-data application php occ user:list --output=json | jq -r 'keys[]'); do
docker compose exec -u www-data application php occ ldap:check-user --update "$user"
done
```
### Unlink All
```bash
for user in $(docker compose exec -u www-data application php occ ldap:show-remnants | tail -n +3 | awk -F '|' '{print $2}' | tr -d ' ' | grep -v '^$'); do
echo "Unlinking user from LDAP: $user"
echo "y" | docker compose exec -T -u www-data application php occ ldap:reset-user "$user"
done
```
### Reset LDAP Links for Orphaned Users
Run this **corrected script**:
```bash
for user in $(docker compose exec -u www-data application php occ ldap:show-remnants | tail -n +3 | awk -F '|' '{print $2}' | tr -d ' ' | grep -v '^$'); do
echo "Resetting LDAP link for user: $user"
echo "y" | docker compose exec -T -u www-data application php occ ldap:reset-user "$user"
done
```
## Federation
If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.

71
roles/docker-nextcloud/docs/OCC.md Normal file
View File

@@ -0,0 +1,71 @@
# OCC (Nextcloud Command Line) 🔧
Reference for frequently used OCC commands, including user and app management.
## General Use
To use OCC, run:
```bash
docker-compose exec -it -u www-data application /var/www/html/occ
```
## User Administration
### List Users
```bash
docker compose exec -it -u www-data application php occ user:list
```
### Get User Info
```bash
docker compose exec -u www-data application php occ user:info {{username}}
```
### Sync Users
```bash
docker compose exec -it -u www-data application php occ user:sync
```
### Create user via CLI
```bash
docker compose exec -it -u www-data application php occ user:add {{username}}
```
### Make user admin via cli
```bash
docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
```
### Delete user via CLI
```bash
docker compose exec -it -u www-data application php occ user:delete {{username}}
```
### Delete all User (if no ldap is used)
```bash
for user in $(docker compose exec -u www-data application php occ user:list --output=json | jq -r 'keys[]'); do
docker compose exec -u www-data application php occ user:delete "$user"
done
```
### Identify users which exist still in nextcloud but not in LDAP anymore
```bash
occ ldap:show-remnants
```
## App Administration
```bash
docker compose exec -u www-data application php occ config:list {{app_name}}
```
## Initialize Duplicates
```bash
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
```
## Unlock Files
```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
```

14
roles/docker-nextcloud/docs/README.md Normal file
View File

@@ -0,0 +1,14 @@
# Nextcloud Docs for CyMaIS
This folder contains the Nextcloud Docs for CyMaIS.
## Index
Operational guidance can be found in the following supporting documentation files:
- [Applications.md](Applications.md)
- [Architecture.md](Architecture.md)
- [Administration.md](Administration.md)
- [Update.md](Update.md)
- [OCC.md](OCC.md)
- [Database.md](Database.md)
- [IAM.md](IAM.md)

53
roles/docker-nextcloud/docs/Update.md Normal file
View File

@@ -0,0 +1,53 @@
# Update 🔄
To update the Nextcloud container, execute the following commands on the server:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on &&
export COMPOSE_HTTP_TIMEOUT=600 &&
export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down
```
Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
> **Note:**
> It is only possible to update from one to the next major version at a time.
> Wait for the update to finish.
Verify the update by checking the logs:
```bash
docker-compose logs application
```
and
```bash
docker-compose exec -it application top
```
If Nextcloud remains in maintenance mode after the update, try the following:
```bash
docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
```
If the update process fails, execute:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:repair --include-expensive
```
and disable any non-functioning apps.
---
## Recover Latest Backup 💾
```bash
cd {{path_docker_compose_instances}}nextcloud &&
docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/backup-docker-to-local/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}backup-docker-to-local &&
bash ./recover-docker-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
```
## Other Resources
- [Nextcloud Upgrade via Docker by Goneuland](https://goneuland.de/nextcloud-upgrade-auf-neue-versionen-mittels-docker/)