From 110ff98df97b9d15ebaef6ef54ccdb11602bbb2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@federated.computer>
Date: Thu, 16 Jan 2025 02:32:51 +0100
Subject: [PATCH] Try converting nextcloud without redoing its config
---
bin/convertdomain | 208 ++++++++--------------------------------------
1 file changed, 34 insertions(+), 174 deletions(-)
diff --git a/bin/convertdomain b/bin/convertdomain
index 3b3ca88..a8235f3 100755
--- a/bin/convertdomain
+++ b/bin/convertdomain
@@ -285,146 +285,40 @@ convert_nextcloud() {
convert_generic nextcloud
sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php
-
- # Make new nextcloud config
- cat > /federated/apps/nextcloud/data/configs.json <<EOF
-{
- "system": {
- "mail_smtpmode": "smtp",
- "mail_smtpsecure": "tls",
- "mail_sendmailmode": "smtp",
- "mail_from_address": "nextcloud",
- "mail_domain": "$DOMAIN_NEW",
- "mail_smtpauthtype": "LOGIN",
- "mail_smtpauth": 1,
- "mail_smtphost": "mail.$DOMAIN_NEW",
- "mail_smtpport": "587",
- "mail_smtpname": "$SMTPUSER",
- "mail_smtppassword": "$ADMINPASS"
- },
- "apps": {
- "side_menu": {
- "background-color-opacity": "100",
- "current-app-background-color": "#005b8d",
- "types": "",
- "enabled": "yes",
- "text-color": "#ffffff",
- "loader-color": "#339bd4",
- "types": "",
- "always-displayed": "0",
- "big-menu": "0",
- "side-with-categories": "0",
- "background-color": "#0068a1",
- "background-color-to": "#0068a1",
- "icon-invert-filter": "0",
- "icon-opacity": "100",
- "opener": "side-menu-opener",
- "dark-mode-background-color": "#0068a1",
- "dark-mode-background-color-to": "#0068a1",
- "dark-mode-background-color-opacity": "100",
- "dark-mode-current-app-background-color": "#005b8d",
- "dark-mode-text-color": "#ffffff",
- "dark-mode-loader-color": "#ffffff",
- "dark-mode-icon-invert-filter": "0",
- "dark-mode-icon-opacity": "100",
- "dark-mode-opener": "side-menu-opener",
- "opener-position": "before",
- "opener-only": "0",
- "hide-when-no-apps": "0",
- "opener-hover": "0",
- "display-logo": "1",
- "use-avatar": "0",
- "add-logo-link": "1",
- "big-menu-hidden-apps": "[]",
- "show-settings": "0",
- "size-icon": "normal",
- "size-text": "normal",
- "target-blank-apps": "[]",
- "loader-enabled": "1",
- "top-side-menu-apps": "[]",
- "top-menu-mouse-over-hidden-label": "0",
- "apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
- "categories-order-type": "default",
- "categories-custom": "[]",
- "apps-categories-custom": "[]",
- "categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
- "default-enabled": "1",
- "force": "0",
- "top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
- "cache": "2"
- }
- }
-}
-EOF
-
-cat > /federated/apps/nextcloud/data/config.sh <<EOF
-#!/bin/sh
-
-PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
-
-/var/www/html/occ app:enable user_ldap
-/var/www/html/occ ldap:create-empty-config
-/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN_NEW'
-/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
-/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
-/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=posixGroup)))'
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
-/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
-/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
-/var/www/html/occ ldap:set-config s01 ldapPagingSize 500
-/var/www/html/occ ldap:set-config s01 ldapPort 636
-/var/www/html/occ ldap:set-config s01 ldapTLS 1
-/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
-/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
-/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
-/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto
-/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0
-/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0
-/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1
-/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
-/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
-/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
-/var/www/html/occ config:system:set overwriteprotocol --value=https
-/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
-/var/www/html/occ config:system:delete trusted_domains
-/var/www/html/occ config:system:set trusted_domains 1 --value=*
-/var/www/html/occ group:adduser admin admin
-/var/www/html/occ user:delete nextcloud
-/var/www/html/occ app:enable mail
-/var/www/html/occ app:enable calendar
-/var/www/html/occ app:enable contacts
-/var/www/html/occ app:enable notes
-/var/www/html/occ app:enable deck
-/var/www/html/occ app:enable tasks
-/var/www/html/occ app:enable bookmarks
-/var/www/html/occ app:enable forms
-/var/www/html/occ app:enable spreed
-/var/www/html/occ app:enable side_menu
-/var/www/html/occ app:enable external
-/var/www/html/occ app:enable richdocuments
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments public_wopi_url
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments wopi_url
-/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
-/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
-/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN_NEW\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN_NEW\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN_NEW\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN_NEW\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN_NEW\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN_NEW\"}}"
-/var/www/html/occ config:import configs.json
-EOF
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_accounts SET data=REPLACE(data, '$DOMAIN', '$DOMAIN_NEW') WHERE data LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_accounts_data SET value=REPLACE(value, '$DOMAIN', '$DOMAIN_NEW') WHERE value LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_appconfig SET configvalue=REPLACE(configvalue, '$DOMAIN', '$DOMAIN_NEW') WHERE configvalue LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET inbound_host=REPLACE(inbound_host, '$DOMAIN', '$DOMAIN_NEW') WHERE inbound_host LIKE '%$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_preferences SET configvalue=REPLACE(configvalue, '$DOMAIN', '$DOMAIN_NEW') WHERE configvalue LIKE '%$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_richdocuments_wopi SET server_host=REPLACE(server_host, '$DOMAIN', '$DOMAIN_NEW') WHERE server_host LIKE '%$DOMAIN%'"
+ # Authelia integration...
+ # FIXME should we just wipe oc_user_oidc_sessions, given they will probably be invalid
+ # with reconfigured authelia anyway?
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_providers SET discovery_endpoint=REPLACE(discovery_endpoint, '$DOMAIN', '$DOMAIN_NEW') WHERE discovery_endpoint LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_providers SET end_session_endpoint=REPLACE(end_session_endpoint, '$DOMAIN', '$DOMAIN_NEW') WHERE end_session_endpoint LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_sessions SET iss=REPLACE(iss, '$DOMAIN', '$DOMAIN_NEW') WHERE iss LIKE '%$DOMAIN%'"
+ # DAV links...
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendars SET uri=REPLACE(uri, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE uri LIKE '%/$DOMAIN/%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendars SET displayname=REPLACE(displayname, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE displayname LIKE '%/$DOMAIN/%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET uri=REPLACE(uri, '$DOMAIN', '$DOMAIN_NEW') WHERE uri LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET displayname=REPLACE(displayname, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE displayname LIKE '%/$DOMAIN/%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET source=REPLACE(source, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE source LIKE '%/$DOMAIN/%'"
+ # Email addresses (for authentication and otherwise)...
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_authtoken SET login_name=REPLACE(login_name, '@$DOMAIN', '@$DOMAIN_NEW') WHERE login_name LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_invitations SET attendee=REPLACE(attendee, '@$DOMAIN', '@$DOMAIN_NEW') WHERE attendee LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_invitations SET organizer=REPLACE(organizer, '@$DOMAIN', '@$DOMAIN_NEW') WHERE attendee LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_cards_properties SET value=REPLACE(value, '@$DOMAIN', '@$DOMAIN_NEW') WHERE value LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET inbound_user=REPLACE(inbound_user, '@$DOMAIN', '@$DOMAIN_NEW') WHERE inbound_user LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_coll_addresses SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_recipients SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_trusted_senders SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_recent_contact SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+ # May contain links to dashboard.$DOMAIN etc.
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_bookmarks SET url=REPLACE(url, '$DOMAIN', '$DOMAIN_NEW') WHERE url LIKE '%$DOMAIN%'"
+ # This can contain Jitsi links
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_appt_configs SET location=REPLACE(location, '$DOMAIN', '$DOMAIN_NEW') WHERE location LIKE '%$DOMAIN%'"
+ docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarobjects_props SET value=REPLACE(value, '$DOMAIN', '$DOMAIN_NEW') WHERE value LIKE '%$DOMAIN%'"
# Grab the container IP from docker-compose
SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
@@ -432,40 +326,6 @@ EOF
# Start service with command to make sure it's up before proceeding
start_service_convert "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null"
- # Move config.sh and sidemenu config, set config.sh executable
- mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
- docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
- docker exec nextcloud chmod 755 /var/www/html/config.sh
- [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
-
- # Run config.sh - Setup LDAP, configuration for nextcloud
- # DEBUG docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
- docker exec -u 33 nextcloud /var/www/html/config.sh
- [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
-
- # Add admin user to group
- # Have to do it this many times so it will query LDAP and populate admin user first
- docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
- docker exec -u 33 nextcloud /var/www/html/occ group:list
- docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
- docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
- docker exec -u 33 nextcloud /var/www/html/occ group:list
-
- # Config admin email
- docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN_NEW mail.$DOMAIN_NEW 993 ssl admin@$DOMAIN_NEW $ADMINPASS mail.$DOMAIN_NEW 465 ssl admin@$DOMAIN_NEW $ADMINPASS password"
-
- # Remove configs
- # DEBUG rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
-
- # Configure SSO to Authelia
- NEXTCLOUD_CLIENT_SECRET=$(cat /federated/apps/nextcloud/.nextcloud.client.secret)
- docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider:delete Authelia -f
- docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true
- docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
- docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
- docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN_NEW/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN_NEW/logout
- docker exec -u 33 nextcloud /var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(uid=%uid))'
-
echo -ne "done."
}
convert_matrix() {