crowetic/Qortal-Nextcloud-Integration
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Qortal-Nextcloud-Integration/start-devprod.sh
T
crowetic 61b442a280 fixed auto-config for broker
2026-02-13 18:47:57 -08:00

209 lines
7.6 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
env_file="${repo_root}/.env.devprod"
template_file="${repo_root}/.env.devprod.example"
if [[ ! -f "${template_file}" ]]; then
echo "Missing ${template_file}. Run from the repo root."
exit 1
fi
if [[ -f "${env_file}" ]]; then
read -r -p ".env.devprod already exists. Overwrite? (y/N): " overwrite
if [[ "${overwrite}" =~ ^[Yy]$ ]]; then
cp "${template_file}" "${env_file}"
fi
else
cp "${template_file}" "${env_file}"
fi
set_kv() {
local key="$1"
local value="$2"
local esc
esc="${value//\\/\\\\}"
esc="${esc//&/\\&}"
esc="${esc//|/\\|}"
if grep -q "^${key}=" "${env_file}"; then
sed -i -E "s|^${key}=.*|${key}=${esc}|" "${env_file}"
else
echo "${key}=${value}" >> "${env_file}"
fi
}
read_kv() {
local key="$1"
local line
line="$(grep -m1 -E "^${key}=" "${env_file}" || true)"
if [[ -z "${line}" ]]; then
return 1
fi
echo "${line#*=}"
}
prompt() {
local key="$1"
local default="$2"
local label="$3"
local value
read -r -p "${label} [${default}]: " value
value="${value:-$default}"
set_kv "${key}" "${value}"
}
echo "Configure dev-prod settings (press Enter to keep defaults)."
read -r -p "Use internal Caddy TLS? (y/N): " use_internal_tls
use_internal_tls="${use_internal_tls:-N}"
prompt "NEXTCLOUD_DOMAIN" "cloud.example.test" "Nextcloud domain"
prompt "BROKER_DOMAIN" "qortalbroker.example.test" "Broker domain"
if [[ "${use_internal_tls}" =~ ^[Yy]$ ]]; then
prompt "CADDY_EMAIL" "admin@example.test" "Caddy/Let's Encrypt email"
prompt "CADDY_HTTP_PORT" "80" "Caddy HTTP port"
prompt "CADDY_HTTPS_PORT" "443" "Caddy HTTPS port"
prompt "CADDY_TLS" "tls internal" "Caddy TLS directive"
else
set_kv "CADDY_EMAIL" "admin@example.test"
set_kv "CADDY_HTTP_PORT" "80"
set_kv "CADDY_HTTPS_PORT" "443"
set_kv "CADDY_TLS" ""
prompt "PUBLIC_HTTPS_PORT" "443" "Public HTTPS port (external proxy)"
prompt "DEVPROD_HTTP_PORT" "8081" "Internal Nextcloud HTTP port (no-SSL stack)"
prompt "DEVPROD_BROKER_PORT" "3001" "Internal broker HTTP port (no-SSL stack)"
fi
prompt "NEXTCLOUD_ADMIN_USER" "admin" "Nextcloud admin user"
prompt "NEXTCLOUD_ADMIN_PASSWORD" "admin123" "Nextcloud admin password"
read -r -p "Start bundled External Auth container? (y/N): " start_ext_auth
start_ext_auth="${start_ext_auth:-N}"
if [[ "${start_ext_auth}" =~ ^[Yy]$ ]]; then
set_kv "QORTAL_EXTERNAL_AUTH_BASE_URL" "http://external_auth:3191"
set_kv "EXTERNAL_AUTH_CONTEXT" "../Qortal-External-Auth"
set_kv "EXTERNAL_AUTH_DOCKERFILE" "Dockerfile"
set_kv "EXTERNAL_AUTH_PORT" "3191"
read -r -p "Qortal node API key for External Auth (leave blank if not required): " qortal_auth_node_api_key
set_kv "QORTAL_AUTH_NODE_API_KEY" "${qortal_auth_node_api_key}"
set_kv "QORTAL_AUTH_NODE_API_KEY_MODE" "paths"
set_kv "QORTAL_AUTH_NODE_API_KEY_PATHS" "/"
set_kv "COMPOSE_PROFILES" "external-auth"
mkdir -p "${repo_root}/external-auth/data"
else
set_kv "COMPOSE_PROFILES" ""
prompt "QORTAL_EXTERNAL_AUTH_BASE_URL" "http://gateway.docker.internal:3191" "External Auth base URL"
fi
read -r -p "External Auth app ID (leave blank to set later): " app_id
set_kv "QORTAL_EXTERNAL_AUTH_APP_ID" "${app_id}"
read -r -p "External Auth app secret (leave blank to set later): " app_secret
set_kv "QORTAL_EXTERNAL_AUTH_APP_SECRET" "${app_secret}"
nc_domain="$(grep -E "^NEXTCLOUD_DOMAIN=" "${env_file}" | cut -d= -f2-)"
broker_domain="$(grep -E "^BROKER_DOMAIN=" "${env_file}" | cut -d= -f2-)"
if [[ "${use_internal_tls}" =~ ^[Yy]$ ]]; then
https_port="$(grep -E "^CADDY_HTTPS_PORT=" "${env_file}" | cut -d= -f2-)"
else
https_port="$(grep -E "^PUBLIC_HTTPS_PORT=" "${env_file}" | cut -d= -f2-)"
fi
if [[ "${https_port}" == "443" ]]; then
nc_url="https://${nc_domain}"
broker_url="https://${broker_domain}"
else
nc_url="https://${nc_domain}:${https_port}"
broker_url="https://${broker_domain}:${https_port}"
fi
set_kv "NEXTCLOUD_TRUSTED_DOMAINS" "${nc_domain}"
set_kv "NEXTCLOUD_PUBLIC_URL" "${nc_url}"
set_kv "BROKER_CORS_ALLOWED_ORIGINS" "${nc_url}"
set_kv "OIDC_ISSUER" "${broker_url}"
set_kv "OIDC_REDIRECT_URI_ALLOWLIST" "${nc_url}/apps/user_oidc/code"
if [[ -x "${repo_root}/scripts/select-qortal-p2p-port.sh" ]]; then
"${repo_root}/scripts/select-qortal-p2p-port.sh" "${env_file}"
fi
if [[ -f "${repo_root}/scripts/ensure-broker-internal-token.sh" ]]; then
bash "${repo_root}/scripts/ensure-broker-internal-token.sh" "${env_file}"
fi
broker_internal_api_token="$(read_kv "BROKER_INTERNAL_API_TOKEN" || true)"
if [[ -z "${broker_internal_api_token}" ]]; then
echo "BROKER_INTERNAL_API_TOKEN is missing in ${env_file}"
echo "Run: bash scripts/ensure-broker-internal-token.sh ${env_file}"
exit 1
fi
export BROKER_INTERNAL_API_TOKEN="${broker_internal_api_token}"
broker_cors_allowed_origins="$(read_kv "BROKER_CORS_ALLOWED_ORIGINS" || true)"
if [[ -n "${broker_cors_allowed_origins}" ]]; then
export BROKER_CORS_ALLOWED_ORIGINS="${broker_cors_allowed_origins}"
fi
echo "Broker auth env loaded from ${env_file}: token_set=yes cors_origins=${broker_cors_allowed_origins:-<empty>}"
echo
if [[ "${use_internal_tls}" =~ ^[Yy]$ ]]; then
stack_label="devprod"
mkdir -p "${repo_root}/nextcloud/html" "${repo_root}/nextcloud/data" "${repo_root}/qortal/data"
if [[ -x "${repo_root}/scripts/ensure-qortal-settings.sh" ]]; then
"${repo_root}/scripts/ensure-qortal-settings.sh"
fi
if [[ -x "${repo_root}/scripts/ensure-qortal-start-args.sh" ]]; then
"${repo_root}/scripts/ensure-qortal-start-args.sh" "${env_file}"
fi
echo "Starting dev-prod stack (internal Caddy)..."
if [[ "${start_ext_auth}" =~ ^[Yy]$ ]]; then
(cd "${repo_root}" && COMPOSE_PROFILES=external-auth make up-devprod)
else
(cd "${repo_root}" && make up-devprod)
fi
else
stack_label="devprod-nossl"
mkdir -p "${repo_root}/nextcloud/html" "${repo_root}/nextcloud/data" "${repo_root}/qortal/data"
if [[ -x "${repo_root}/scripts/ensure-qortal-settings.sh" ]]; then
"${repo_root}/scripts/ensure-qortal-settings.sh"
fi
if [[ -x "${repo_root}/scripts/ensure-qortal-start-args.sh" ]]; then
"${repo_root}/scripts/ensure-qortal-start-args.sh" "${env_file}"
fi
echo "Starting dev-prod stack (no SSL; use external proxy)..."
if [[ "${start_ext_auth}" =~ ^[Yy]$ ]]; then
(cd "${repo_root}" && COMPOSE_PROFILES=external-auth make up-devprod-nossl)
else
(cd "${repo_root}" && make up-devprod-nossl)
fi
fi
echo
read -r -p "Install/enable user_oidc app now? (y/N): " install_oidc
if [[ "${install_oidc}" =~ ^[Yy]$ ]]; then
if [[ "${use_internal_tls}" =~ ^[Yy]$ ]]; then
(cd "${repo_root}" && make install-oidc-devprod)
else
(cd "${repo_root}" && make install-oidc-devprod-nossl)
fi
fi
echo
read -r -p "Set Nextcloud trusted domain to ${nc_domain}? (y/N): " trust_domain
if [[ "${trust_domain}" =~ ^[Yy]$ ]]; then
if [[ "${use_internal_tls}" =~ ^[Yy]$ ]]; then
(cd "${repo_root}" && make trust-domain-devprod domain="${nc_domain}") || true
else
(cd "${repo_root}" && make trust-domain-devprod-nossl domain="${nc_domain}") || true
fi
echo "If this failed (e.g. Nextcloud still installing), rerun later:"
echo " make trust-domain-${stack_label} domain=${nc_domain}"
fi
cat <<EOF
Next steps:
1) Wait for Nextcloud to finish installing (watch logs):
make logs-${stack_label}
2) Configure OIDC provider (if not already):
make occ-${stack_label} cmd="user_oidc:provider qortal -c nextcloud-local -s dev-secret -d ${broker_url}/.well-known/openid-configuration --scope='openid profile email' --mapping-uid=sub --mapping-display-name=name --mapping-email=email"
If using tls internal, trust the Caddy CA before testing in a browser.
EOF
Reference in New Issue View Git Blame Copy Permalink