Integrate with Gitpod

.gitignore

@@ -7,3 +7,6 @@
 3rdparty/vendor/onelogin/php-saml/endpoints/
 
 build
+
+gitpod/mariadb/prepopulate.sql
+gitpod/simplesamlphp/var-simplesamlphp/metadata/saml20-sp-remote.php

.gitpod.yml

@@ -0,0 +1,47 @@
+
+github:
+  prebuilds:
+    master: true
+    branches: true
+    pullRequests: true
+    pullRequestsFromForks: true
+    addCheck: true
+    addComment: false
+    addBadge: true
+
+tasks:
+  - name: Nextcloud Server
+    command: |
+      git config core.fileMode false
+      chmod -R 777 .
+      cd gitpod
+      export SIMPLESAML_URL=$(gp url 8082)/simplesaml
+      export NEXTCLOUD_URL=$(gp url 8080)
+      export HOSTIP=$(ip -4 addr show scope global dev eth0 | grep inet | awk '{print $2}' | cut -d / -f 1 | sed -n 1p)
+
+      curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
+      chmod +x envsubst
+      sudo mv envsubst /usr/local/bin
+
+      envsubst < mariadb/prepopulate.sql.template > mariadb/prepopulate.sql
+      envsubst < simplesamlphp/var-simplesamlphp/metadata/saml20-sp-remote.php.template > simplesamlphp/var-simplesamlphp/metadata/saml20-sp-remote.php
+      docker-compose up
+
+  - name: Terminal
+    command: clear
+
+ports:
+  - port: 8080
+    onOpen: open-browser
+    visibility: private
+  - port: 8081
+    visibility: private
+    onOpen: ignore
+  - port: 8082
+    visibility: private
+    onOpen: ignore
+
+vscode:
+  extensions:
+    - ms-azuretools.vscode-docker
+    - felixfbecker.php-debug

.vscode/launch.json

@@ -0,0 +1,11 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Listen for Xdebug",
+            "type": "php",
+            "request": "launch",
+            "port": 9003
+        },
+    ]
+}

gitpod/README.md

@@ -0,0 +1,56 @@
+# Try it on Gitpod
+[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/[user]/[repository/)
+
+It will automatically spin up and configure a full Nextcloud, MariaDB, PhpMyAdmin, SimpleSAMLphp and 389 Directory development server.
+
+## Usage
+- Open the Repository in gitpod
+- Wait about 4 minutes for all servers to start (progress can be followed in the Nextcloud Terminal)
+- If your browser doesn't block it, a new tab with the Nextcloud server opens automatically.
+- If not go to the Remote Explorer Tab and open port 8080
+
+## Ports
+- 8080: Nextcloud
+- 8081: PhpMyAdmin
+- 8082: SimpleSAMLphp Admin (/simplesaml subdirectory)
+
+## Nextcloud Direct Login:
+**URL:** [https://8080-[Workspace Name].gitpod.io/login?direct=1]()
+
+**Username:** dev
+
+**Password:** t2qQ1C6ktYUv7
+
+## Nextcloud Saml Login:
+### 1
+**Username:** test1
+
+**Password:** test1password
+
+### 2
+**Username:** test2
+
+**Password:** test2password
+
+### 3
+**Username:** bender
+
+**Password:** bender
+
+## PhpMyAdmin Login:
+**Username:** nextcloud
+
+**Password:** wdGq73jQB0p373gLdf6yLRj5
+
+(It is fine to have these static logins, because gitpod has acess control built in and no sensitive data is stored in these dev servers)
+
+## SimpleSAMLphp Admin Login:
+**Username:** admin
+
+**Password:** 1234
+
+# OCC Acess
+You can acess nextclouds occ shell using this command:
+```
+docker exec -it -u 33 gitpod_app_1 php occ
+````

gitpod/docker-compose.yml

@@ -0,0 +1,75 @@
+# This is for gitpod, DO NOT USE THIS TO HOST YOUR PRODUCTION NEXTCLOUD
+
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+  config:
+
+services:
+  db:
+    image: mariadb
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
+    volumes:
+      - db:/var/lib/mysql
+      - ./mariadb:/docker-entrypoint-initdb.d
+    environment:
+      - MYSQL_ROOT_PASSWORD=wdGq73jQB0p373gLdf6yLRj5
+      - MYSQL_PASSWORD=wdGq73jQB0p373gLdf6yLRj5
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  phpmyadmin:
+    image: phpmyadmin
+    container_name: pma
+    links:
+      - db
+    environment:
+      PMA_HOST: db
+      PMA_PORT: 3306
+    restart: always
+    ports:
+      - 8081:80
+
+  app:
+    image: nextcloud
+    build:
+      context: ./nextcloud
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - 8080:80
+    links:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+      - config:/var/www/html/config
+      - ${GITPOD_REPO_ROOT}:/var/www/html/custom_apps/user_saml
+    environment:
+      - MYSQL_PASSWORD=wdGq73jQB0p373gLdf6yLRj5
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+      - NEXTCLOUD_ADMIN_USER=dev
+      - NEXTCLOUD_ADMIN_PASSWORD=t2qQ1C6ktYUv7
+      - NEXTCLOUD_TRUSTED_DOMAINS=*.gitpod.io
+      - OVERWRITEPROTOCOL=https
+      - NEXTCLOUD_UPDATE=1
+    extra_hosts:
+      - host:${HOSTIP}
+
+  simplesamlphp:
+    build:
+      context: ./simplesamlphp/
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - 8082:80
+    environment:
+      - SIMPLESAML_URL
+      - NEXTCLOUD_URL
+
+  ldap:
+    build: ./ldap/

gitpod/ldap/Dockerfile

@@ -0,0 +1,27 @@
+FROM centos:centos7
+
+RUN yum install -y epel-release \
+    && yum update -y \
+    && yum install -y 389-ds-base 389-adminutil \
+    && yum clean all
+
+COPY ds-setup.inf /ds-setup.inf
+COPY users.ldif /users.ldif
+
+# The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install.
+RUN useradd ldapadmin \
+    && rm -fr /var/lock /usr/lib/systemd/system \
+    # The 389-ds setup will fail because the hostname can't reliable be determined, so we'll bypass it and then install. \
+    && sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm \
+    # Not doing SELinux \
+    && sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* \
+    # Do not restart at the end \
+    && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
+    && setup-ds.pl --silent --file /ds-setup.inf \
+    && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    ldapadd -H ldap:/// -f /users.ldif -x -D "cn=Directory Manager" -w password
+
+EXPOSE 389
+
+CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/access

gitpod/ldap/ds-setup.inf

@@ -0,0 +1,21 @@
+[General]
+AdminDomain = user_saml_gitpod
+ConfigDirectoryAdminID = admin
+ConfigDirectoryAdminPwd = admin
+ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
+FullMachineName = localhost
+ServerRoot = /usr/lib64/dirsrv
+SuiteSpotGroup = nobody
+SuiteSpotUserID = nobody
+
+[slapd]
+AddOrgEntries = Yes
+AddSampleEntries = No
+InstallLdifFile = suggest
+RootDN = cn=Directory Manager
+RootDNPwd = password
+ServerIdentifier = dir
+ServerPort = 389
+SlapdConfigForMC = yes
+Suffix = dc=user_saml_gitpod
+UseExistingMC = No

gitpod/ldap/users.ldif

@@ -0,0 +1,47 @@
+dn: cn=admin,dc=user_saml_gitpod
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+userPassword: password
+description: LDAP administrator
+
+
+dn: uid=test1,ou=People,dc=user_saml_gitpod
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+givenName: Test
+uid: test1
+sn: Person 1
+cn: test person 1
+mail: [email protected]/
+userPassword: test1password
+
+dn: uid=test2,ou=People,dc=user_saml_gitpod
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+givenName: Test
+uid: test2
+sn: Person 2
+cn: test person 2
+mail: [email protected]/
+userPassword: test2password
+
+dn: cn=Bender Bending Rodriguez,ou=People,dc=user_saml_gitpod
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Bender Bending Rodriguez
+description: Robot
+displayName: Bender
+employeeType: Ship's Robot
+givenName: Bender
+mail: [email protected]
+ou: People
+uid: bender
+userPassword: bender
+sn: Rodriguez

gitpod/mariadb/prepopulate.sql.template

@@ -0,0 +1,39 @@
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+CREATE TABLE `oc_appconfig` (
+  `appid` varchar(32) COLLATE utf8mb4_bin NOT NULL DEFAULT '',
+  `configkey` varchar(64) COLLATE utf8mb4_bin NOT NULL DEFAULT '',
+  `configvalue` longtext COLLATE utf8mb4_bin DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin ROW_FORMAT=COMPRESSED;
+
+INSERT INTO `oc_appconfig` (`appid`, `configkey`, `configvalue`) VALUES
+('user_saml', 'enabled', 'yes'),
+('user_saml', 'general-idp0_display_name', ''),
+('user_saml', 'general-uid_mapping', 'urn:oid:0.9.2342.19200300.100.1.1'),
+('user_saml', 'idp-entityId', '$SIMPLESAML_URL/saml2/idp/metadata.php'),
+('user_saml', 'idp-singleLogoutService.url', '${SIMPLESAML_URL}/saml2/idp/SingleLogoutService.php'),
+('user_saml', 'idp-singleSignOnService.url', '$SIMPLESAML_URL/saml2/idp/SSOService.php'),
+('user_saml', 'idp-x509cert', '-----BEGIN CERTIFICATE-----\nMIIEazCCAtOgAwIBAgIUVe3Ml/fwjyN00L5CrJGDT9FKHU0wDQYJKoZIhvcNAQEL\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA3MTkxMTM2MzNaFw0zMTA3\nMTkxMTM2MzNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggGiMA0GCSqGSIb3DQEB\nAQUAA4IBjwAwggGKAoIBgQDGxIo6wrrtHLYLLgVRne1cMjN3RdsSHZ18mvDF4Kov\nzqTS9jpP1qxWfAyC064Zk4S0sYXc2DCsjTEsibRb7LNBJpPDbzlAtavgsMS3H1v8\nTbYEW0tkTOGQR+HfFzvmprG8km28KFmYo4k3Ik092D12ff3sSEp7HifGQIz1k46G\n6Ac/kMiSVtaRn0JMWb9Z21T8rpntlI6/anDWgNjxjn9e38HmC4Thix6fr7u015ZP\nu26oAuA5PzJHju8mH6b+XY2jVNpUWg8YgmPX3bPWIbrVz82G7aGeFYodl+vn49dt\nUPH1k3bKWWU6vRgRXeXrQHZtMirDC3Nn008V+N5544jAjz3DatfRgYOux7zLQtBU\nb4XsFR8GLMxuCoqvX3TtcL73veOehio4eLEBikfM6MGpORxVMazzkcjQuQjqnA3n\nfCx8nMH7X+rbJFs7RzijZvIMkgwIYU2X/Lawaphj2cIBeFZdbmO7pJO0UTyhRc0u\nHMMvWRL6hAvxS9sxYyavn9ECAwEAAaNTMFEwHQYDVR0OBBYEFJvQolHQnd/B69q6\nTrnMMpkpkHmwMB8GA1UdIwQYMBaAFJvQolHQnd/B69q6TrnMMpkpkHmwMA8GA1Ud\nEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBADPs7uLp6wq1WOasxPSWTjvZ\nmdAuHep/+SlwII4hC3N/eaxgj3jS8N/EJve5nWEGRDBFvdIwizRTkXnX2IO8cqYE\n4qd9LMsi+0ONoDzh/CUeHjzRr/XX8rSw9fjGgfPQr2CWLG9IHAkj6mYUJf7dmULY\nnntiDvxGpow1WHUaihSIWj0Vni40V6S5YgW1WQwf5/Cz/CVUkUcO6ndtWBcc4Sl/\ntHVhFS/+Qefd/tf0Ms1TcgQBMRK6niDs7qW3snMy9M2hMJGhF2dqJD5iGHezeJNT\n5hNs2+v46y5qaq8X2nDlCiFpHKP8Lv1lHlb18j1l+MP9s9g4J2oEHjQy+bGIQQC9\nNt7bYroJ7IXNZMW4BMSpfafblpS7uF910l8/T0R8zGssjgfznWFV+xHonfC+rquv\nUgbNzfFyxVxTD06u/INdIA3ZYOiIssxpUjGlnpatbPs2vPF9Cu4byvdQhxatRXGs\nnyQRRqSHj2nuRltsjoeTQrpGBoXmaRPYCoPThnK2EQ==\n-----END CERTIFICATE-----'),
+('user_saml', 'installed_version', '4.2.0'),
+('user_saml', 'saml-attribute-mapping-displayName_mapping', 'urn:oid:2.16.840.1.113730.3.1.241'),
+('user_saml', 'saml-attribute-mapping-email_mapping', 'urn:oid:0.9.2342.19200300.100.1.3'),
+('user_saml', 'sp-privateKey', '-----BEGIN PRIVATE KEY-----\nMIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC1YvuoUvLGdQcH\nUXh1IkeeyG3aTxJPORd19b7r6PJFnQIhLcvjSDKqeyMJJUbNG+s12fp3X4M70xCZ\nM8T+DuRg7r1CXXQjQbr3ubTz49Z063AQf0Ng0Lv8wTWtA/Y2V74QUx8cs+W6BPk9\nhRGoEgmXsFf7+fEq135TvrqkB+huhpBGr3DS7zPfMtNce72RyT2nZyLBhKOfFXMa\nylgroV9WaBGb3t/0KBfWPMJz0kqLiuwUwvSceZO09gAZVK4PqW9H6vDKtcXE9pLQ\nQBWzISDB/HA0/G6UmS6RnjcV0uQcag856bfDgK+pVtVAOM4uWPExR/fC2WB5CqBb\nw7JLFis8de7conPb5VkQzhiFFF5U33nYKphuIWpIJsT681o39UQOgNb8gKPbTjPD\nt5P0rUKaSWy6ghwToADWeMzGubxUyOOjzULc5pqBt3EUFbp1SLu+ooSZwa+3PsKI\nTqPC1Vbb/+jIb59cffNBrNJVxobm5tj11T1HbadpzQr2lbqeQpUCAwEAAQKCAYA/\nICuk8Pk8yA2iJmBdo4h5YheZGlus5pmbm+LOB0wJnhLXqTCD8ORxIFmZHTf+ufCp\n1Sqt0LfDYjksmC++m0Av2+ZR6mQ4wO9ot2CaYHiKSEW/+Api70H9POCJTg+p6e9j\njwoM2y7gBksXdfAnJd/gwqZcMygTWNvGGWKrI3VowbwEXZpOTqEm1HFqhkX7LqYe\nVG5sGtU20Cg28qSsyoR7dcxrCq22Mx3YmVyzIkR/O+Hdd9vZeRZGrDZsmmPZX4Wc\nyUmGWpMnLHRESn7F5w6W48ZvE2btdmQuAsFWnjCnHWLTroYiIHrla6TdK7dBAx4k\nogPJ4oAf07owNfsECTtcitD+B4zu0t8SElVQb0JOMRSAS+0FJQ7hGouSR9bhp6D1\nRUB7t8//pICSzBxZZcP83lVTAkJx6psM9C5xIUPK3Hfdz8PbQb5pFfiiiR1o821E\ndatfYqPYs72ME3CQ3gFkxbAvpxmUSx07mI1xhi3ACD53oqH58NCOessTtfoJISEC\ngcEA4O1TWJnJo73eRXTTwPm0OaElT392wgktpsnJeC8HI8wp2pfWnBUNU7bJO3DM\nQb9J4IGP9IuWbmn5zAgX0RjGNCQg8dkR1vxbkrPgyKRCPeJk/8KXX7vsl+Vf65al\nf4Y0amJj95P0zWafgjv0HNWB9nOp/PfNLEMoatIoAdYZ2hcJoMyGimLb9KpBbmYL\ndJJlp9LfDhnmdT3YOavqBDTzKRefJfArHoT38BzLEArlpSTPkSrjAjn0POWWEIJv\ntA+nAoHBAM5x04FT/7Otqr8RQwTa9atwbIlt/roUQBULY4sl5EZPTiYbQ9RJos6X\nwqYLCIQN8e+0+xzNXNO4g1GBHKdgn2xHmHsT97jyiCrZNuWaAyfr5pYiWtZXnh/a\nK4nNNB65j1yS76Qf0vpHecZS9SysaWveLThKw2iEqGLcH0bpr3P1E3QlcTiuYJh+\n70KI+8CuL2O7Ff/etAd2kFYqzLt/8uM58ZPenvILdkKAkoSjH+KZjo7EGuo107A7\n2DoFIXDDYwKBwQCknm16kguW0JaF5Qw510eFSiCBf3uOZaNIx7SxRlIGbB1RxAEo\n+OtpEoVTAKotkG/kZU7Tnvn5U4ykPGQZ//TIIo0OFF3PJ6FpzEa+8iEdI73hxix9\nv49YWGMMjJQRskpYdixN/baUQgCKE5EFLWpR0rNd1osOUxSYobjwJx+Ck4vTaP0q\n+VGcTqNWxk6qAZ9u5ZGkw2X89sdy5hR/AbXZpFUxMgaM7qp7zMb9tcv/QuK7j1TX\nw0yy6SEcciqI8U8CgcEAmiT3jetQU7LqePvElM2A/d9Vy0+sEPip2IzGaNGEHtN8\nQIu/G7VXsPYzypMWarOW4Cq8DQdxtkxhEOxcnsVQhCL5QXzpTNkavxOtH8bdcGN9\nqsBAHycQ1Cusspnbvs1CtBaqhFuWxnW0AVdT5WVe2cHs9cktGs9ig15kpCg8b1Kg\nkeqbHX1mdrbgo0dw4q+shsTcak65EZF/uDcA40dn7i4HqSdieswAIyupOwwp9KI/\nhW37wsEqLL6idr/59h6NAoHANRK2a7U6sKaQkBRNw7xgVQCVsRQi3Cqq5Fs3exak\nVvtYOKto4N/W1ISArzHvTygbt9Q/LFZ80RAs7IltjGKbiunXh3fIuGx0OpFKUSwZ\ndy/nxwq5UtRqYUPCyDjgSC9DHO55kcNEUN9huJ/Ejo3Zx+eB8Hf8h/lF2VI8ZVjh\nDOnj19l9OHV7uqrV8CXhjy7TjkrEzFvT036wRfIQUGJ8izFLoUm4FoxeIZGZbRgB\nCiONbpiC7t7kh92JD11YmZwd\n-----END PRIVATE KEY-----'),
+('user_saml', 'sp-x509cert', '-----BEGIN CERTIFICATE-----\nMIIEazCCAtOgAwIBAgIUZEMlBQH5YU3J5ELRvGxy1EnjSGkwDQYJKoZIhvcNAQEL\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA3MTkxMjE2NTZaFw0zMTA3\nMTkxMjE2NTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggGiMA0GCSqGSIb3DQEB\nAQUAA4IBjwAwggGKAoIBgQC1YvuoUvLGdQcHUXh1IkeeyG3aTxJPORd19b7r6PJF\nnQIhLcvjSDKqeyMJJUbNG+s12fp3X4M70xCZM8T+DuRg7r1CXXQjQbr3ubTz49Z0\n63AQf0Ng0Lv8wTWtA/Y2V74QUx8cs+W6BPk9hRGoEgmXsFf7+fEq135TvrqkB+hu\nhpBGr3DS7zPfMtNce72RyT2nZyLBhKOfFXMaylgroV9WaBGb3t/0KBfWPMJz0kqL\niuwUwvSceZO09gAZVK4PqW9H6vDKtcXE9pLQQBWzISDB/HA0/G6UmS6RnjcV0uQc\nag856bfDgK+pVtVAOM4uWPExR/fC2WB5CqBbw7JLFis8de7conPb5VkQzhiFFF5U\n33nYKphuIWpIJsT681o39UQOgNb8gKPbTjPDt5P0rUKaSWy6ghwToADWeMzGubxU\nyOOjzULc5pqBt3EUFbp1SLu+ooSZwa+3PsKITqPC1Vbb/+jIb59cffNBrNJVxobm\n5tj11T1HbadpzQr2lbqeQpUCAwEAAaNTMFEwHQYDVR0OBBYEFA1R/XFcW/vjaocE\nepB+rx3QrQVaMB8GA1UdIwQYMBaAFA1R/XFcW/vjaocEepB+rx3QrQVaMA8GA1Ud\nEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGBAEBS4NL8u3hN2O5oWzv2LsTA\nhdPaqGQI8935KDn36NAVRQ3J+b5K1aFPfNsMdCPI2YgT78QlgIPQ8HVz6bVt+Q7l\nk1BybxLgnvHwIxviFkOPtzdKcMgPYocMREg+NjYSa2d6tu5u1ySb8mhECJI+9hcU\nkCCeARK2tm8x+A2uvvnUy2+O4i2nDvqDbophEUv8EETM+Gb9M+7kQ2hOLD7jwdm7\n5yBLNmAkVLALLpYS5rONJlSXzkJ+kQ/XxrOxfIf/QT+CvmeQ/FG6Hp/UBtbmPxKe\n928J5ZZ8dlGAdP2M7nX06aNM8lFSow/dCScF+VaUYSSEoGB3xpxZKdorVNpSBODj\nxN++2WeXpuN8mHaFMjM5MrcNnZ8P6xrPhlfsrbm4IFIJfxJxnQrzoqs+LogfPL30\n/C8UStRbrz4ljZ+Tq99DJQb+XtoCSGvlxvIsKjvx6IT1BRUCt0RJ5gHIv+7rds8X\nLKbQ2aXzQTav4+NxahMYyy/n4WMgwdC0s8I0D+xwQw==\n-----END CERTIFICATE-----'),
+('user_saml', 'type', 'saml'),
+('user_saml', 'types', 'authentication');
+
+ALTER TABLE `oc_appconfig`
+  ADD PRIMARY KEY (`appid`,`configkey`),
+  ADD KEY `appconfig_config_key_index` (`configkey`);
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

gitpod/nextcloud/Dockerfile

@@ -0,0 +1,17 @@
+FROM nextcloud
+
+RUN yes | pecl install xdebug \
+    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_autostart=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_host=host" >> /usr/local/etc/php/conf.d/xdebug.ini
+
+COPY custom-entrypoint.sh /custom-entrypoint.sh
+COPY after-install.sh /after-install.sh
+
+RUN chmod +x /custom-entrypoint.sh
+RUN chmod +x /after-install.sh
+
+ENTRYPOINT ["/custom-entrypoint.sh"]
+
+CMD ["/after-install.sh"]

gitpod/nextcloud/after-install.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+run_as() {
+    if [ "$(id -u)" = 0 ]; then
+        su -p www-data -s /bin/sh -c "$1"
+    else
+        sh -c "$1"
+    fi
+}
+
+run_as "php /var/www/html/occ config:system:set debug --value='true' --type=boolean"
+
+# Weirdly the Nextcloud docker activates user_saml app automatically but doesn't run the migration steps necessary for it to work
+run_as "php /var/www/html/occ migrations:migrate user_saml"
+
+run_as "php /var/www/html/occ app:disable firstrunwizard"
+
+run_as "php /var/www/html/occ config:system:set defaultapp --value='files'"
+
+apache2-foreground

gitpod/nextcloud/custom-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Both gitpod and Nextcloud need read/write acess
+# Obviously not recommended for a production system
+chmod -R 777 /var/www/html/custom_apps/
+
+# mv /debug.config.php /var/www/html/config
+
+# chmod -R 777 /var/www/html/config
+
+/entrypoint.sh "$@"

gitpod/simplesamlphp/Dockerfile

@@ -0,0 +1,6 @@
+FROM unicon/simplesamlphp
+
+COPY var-simplesamlphp /var/simplesamlphp/
+
+RUN chown apache:apache /var/simplesamlphp/log/ \
+    && chown -R apache:apache /var/simplesamlphp/cert/