Re structured nextcloud to use .init instead of building image. Fixed postgres to use its own nextcloud login

2023-03-10 19:23:27 +00:00 · 2023-03-10 19:23:27 +00:00 · d0d5bb5805
commit d0d5bb5805
parent 1bdca5a2d8
2 changed files with 121 additions and 154 deletions
--- a/lib/nextcloud.sh
+++ b/lib/nextcloud.sh
@ -10,7 +10,12 @@ config_nextcloud() {
  SPINPID=$!
  if [ ! -d "/federated/apps/nextcloud" ]; then
    mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
    mkdir -p /federated/apps/nextcloud/data/home &> /dev/null
    mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
    mkdir -p /federated/apps/nextcloud/data/var/www/html/custom_apps &> /dev/null
    mkdir -p /federated/apps/nextcloud/data/var/www/config &> /dev/null
    mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
  fi
  DOMAIN_ARRAY=(${DOMAIN//./ })
@ -27,21 +32,25 @@ services:
    hostname: nextcloud.$DOMAIN
    domainname: $DOMAIN
    restart: always
-    build:
+#    working_dir: /var/www/html
      context: .
      dockerfile: Dockerfile
    networks:
      federated:
        ipv4_address: 172.99.0.16
    extra_hosts:
      - "collabora.$DOMAIN:$EXTERNALIP"
    volumes:
      - ./data/root:/root
      - ./data/home:/home
      - ./data/var/www/html:/var/www/html
      - ./data/var/www/html/custom_apps:/var/www/html/custom_apps
      - ./data/var/www/config:/var/www/config
      - ./data/var/www/data:/var/www/data
    env_file:
      - ./.env
    secrets:
      - federated_psql_password
      - federated_nextcloud_password
    command: [ "/root/nextcloud.sh" ]
 secrets:
  federated_psql_password:
@ -53,12 +62,13 @@ networks:
    external: true
 EOF
-cp /federated/apps/postgresql/.postgresql.secret /federated/apps/nextcloud/
+echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
 echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
 chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
 cat > /federated/apps/nextcloud/.env <<EOF
 IMAGE_VERSION="25.0.3"
 NEXTCLOUD_UPDATE=1
 VIRTUAL_PROTO=http
 VIRTUAL_PORT=80
 VIRTUAL_HOST=nextcloud.$DOMAIN
@ -73,7 +83,7 @@ POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
 EOF
 chmod 600 /federated/apps/nextcloud/.env
-cat > /federated/apps/nextcloud/supervisord.conf <<EOF
+cat > /federated/apps/nextcloud/data/root/supervisord.conf <<'EOF'
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@ -98,26 +108,35 @@ stderr_logfile_maxbytes=0
 command=service ssh start
 EOF
-cat > /federated/apps/nextcloud/Dockerfile <<EOF
+cat > /federated/apps/nextcloud/data/root/nextcloud.sh <<'EOF'
-FROM nextcloud:latest
+#!/bin/sh -x
-RUN apt update -y && apt-get install ssh -y \ 
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-&& apt-get install python3 -y && apt-get install sudo -y
+
-RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
+if [ ! -e /root/.init ]; then
  echo "First start and initialization"
  apt update -y && apt-get install ssh -y
  apt-get install python3 -y && apt-get install sudo -y
  echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
  && useradd -m ansible -s /bin/bash \
  && sudo -u ansible mkdir /home/ansible/.ssh \
  && mkdir -p /var/run/sshd
-RUN apt-get install -y supervisor \
+  apt-get install -y supervisor \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord
-COPY supervisord.conf /
+  touch /root/.init
-
+  export NEXTCLOUD_UPDATE=1
-ENV NEXTCLOUD_UPDATE=1
+  /usr/bin/supervisord -c /root/supervisord.conf
-
+else
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+  echo "Already Initialized, running supervisord"
  export NEXTCLOUD_UPDATE=1
  /usr/bin/supervisord -c /root/supervisord.conf
 fi
 EOF
 chmod +x /federated/apps/nextcloud/data/root/nextcloud.sh
 cat > /federated/apps/nextcloud/data/configs.json <<EOF
 {
@ -189,121 +208,94 @@ cat > /federated/apps/nextcloud/data/configs.json <<EOF
 }
 EOF
-cat > /federated/apps/nextcloud/data/nextcloud.sh <<EOF
+cat > /federated/apps/nextcloud/data/config.sh <<EOF
 #!/bin/sh
 PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
-./occ app:enable user_ldap
+/var/www/html/occ app:enable user_ldap
-./occ ldap:create-empty-config
+/var/www/html/occ ldap:create-empty-config
-./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
+/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
-./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
+/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapEmailAttribute mail
+/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
-./occ ldap:set-config s01 ldapGidNumber gidNumber
+/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
-./occ ldap:set-config s01 ldapGroupDisplayName cn
+/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
-./occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
+/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
-./occ ldap:set-config s01 ldapGroupFilterMode 0
+/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
-./occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
+/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
-./occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
+/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
-./occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
+/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
-./occ ldap:set-config s01 ldapLoginFilterEmail 0
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-./occ ldap:set-config s01 ldapLoginFilterMode 0
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
-./occ ldap:set-config s01 ldapLoginFilterUsername 1
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
-./occ ldap:set-config s01 ldapLoginFilterEmail 0
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-./occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
+/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
-./occ ldap:set-config s01 ldapNestedGroups 0
+/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
-./occ ldap:set-config s01 ldapPagingSize 500 
+/var/www/html/occ ldap:set-config s01 ldapPagingSize 500 
-./occ ldap:set-config s01 ldapPort 636
+/var/www/html/occ ldap:set-config s01 ldapPort 636
-./occ ldap:set-config s01 ldapTLS 1 
+/var/www/html/occ ldap:set-config s01 ldapTLS 1 
-./occ ldap:set-config s01 ldapUserAvatarRule default
+/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
-./occ ldap:set-config s01 ldapUserDisplayName cn
+/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
-./occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
+/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
-./occ ldap:set-config s01 ldapUserFilterMode 0 
+/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0 
-./occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
+/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
-./occ ldap:set-config s01 ldapUuidGroupAttribute auto
+/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
-./occ ldap:set-config s01 ldapUuidUserAttribute auto 
+/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto 
-./occ ldap:set-config s01 turnOffCertCheck 0 
+/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0 
-./occ ldap:set-config s01 turnOnPasswordChange 0 
+/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0 
-./occ ldap:set-config s01 useMemberOfToDetectMembership 1 
+/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1 
-./occ ldap:set-config s01 ldapConfigurationActive 1 
+/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1 
-./occ ldap:set-config s01 ldap_expert_username_attr uid
+/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
-./occ ldap:set-config s01 ldap_display_name givenName
+/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
-./occ config:system:set overwriteprotocol --value=https
+/var/www/html/occ config:system:set overwriteprotocol --value=https
-./occ config:system:set default_phone_region --value="$COUNTRY"
+/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
-./occ config:system:delete trusted_domains
+/var/www/html/occ config:system:delete trusted_domains
-./occ config:system:set trusted_domains 1 --value=*
+/var/www/html/occ config:system:set trusted_domains 1 --value=*
-ADMINUUID=\`./occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
+ADMINUUID=\`./var/www/html/occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
-./occ group:adduser admin \$ADMINUUID
+/var/www/html/occ group:adduser admin \$ADMINUUID
-./occ user:delete nextcloud
+/var/www/html/occ user:delete nextcloud
-./occ app:enable mail
+/var/www/html/occ app:enable mail
-./occ app:enable calendar
+/var/www/html/occ app:enable calendar
-./occ app:enable contacts
+/var/www/html/occ app:enable contacts
-./occ app:enable notes
+/var/www/html/occ app:enable notes
-./occ app:enable deck
+/var/www/html/occ app:enable deck
-./occ app:enable tasks
+/var/www/html/occ app:enable tasks
-./occ app:enable bookmarks
+/var/www/html/occ app:enable bookmarks
-./occ app:enable forms
+/var/www/html/occ app:enable forms
-./occ app:enable spreed
+/var/www/html/occ app:enable spreed
-./occ app:enable side_menu
+/var/www/html/occ app:enable side_menu
-./occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
+/var/www/html/occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
-./occ app:enable richdocuments
+/var/www/html/occ app:enable richdocuments
-./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
+/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
-./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
+/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
-./occ config:app:set --value ooxml richdocuments doc_format
+/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
-./occ config:app:set --value "" richdocuments disable_certificate_verification
+/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
-./occ config:import configs.json
+/var/www/html/occ config:import configs.json
 EOF
-chmod +x /federated/apps/nextcloud/data/nextcloud.sh
+chmod +x /federated/apps/nextcloud/data/config.sh
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
 }
 start_nextcloud() {
-  echo -ne "\n* Starting /federated/apps/nextcloud service.."
+  # Start service with command to make sure it's up before proceeding
-  spin &
+  start_service "nextcloud" "nc -z 172.99.0.16 80 &> /dev/null"
  SPINPID=$!
-  if [ $DEBUG ]; then
+  # Move config.sh and sidemenu config, set config.sh executable
-    # Start /federated/apps/nextcloud with output to console for debug
+  mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
-    docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build
+  docker exec -it nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
-    [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/nextcloud"
+  docker exec -it nextcloud chmod 755 /var/www/html/config.sh
-  else
+  [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
    docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build -d &> /dev/null
-    # Keep trying nextcloud port 80 to make sure it's up
+  # Run config.sh - Setup LDAP, configuration for nextcloud
-    # before we proceed
+  docker exec -it -u 33 nextcloud /var/www/html/config.sh &> /dev/null
-    RETRY="35"
+  [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
    while [ $RETRY -gt 0 ]; do
      nc -z 172.99.0.16 80 &> /dev/null
      if [ $? -eq 0 ]; then
        break
      else
        if [ "$RETRY" == 1 ]; then
          docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud down &> /dev/null
          kill -9 $SPINPID &> /dev/null
          fail "There was a problem starting service /federated/apps/nextcloud\nCheck the output of 'docker logs nextcloud' or turn on\ndebug with -d"
        fi
        ((RETRY--))
        sleep 7
      fi
    done
  fi
  # Move nextcloud.sh and sidemenu config, set nextcloud.sh executable
  mv /federated/apps/nextcloud/data/nextcloud.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
  docker exec -it nextcloud chown www-data:root /var/www/html/nextcloud.sh /var/www/html/configs.json
  docker exec -it nextcloud chmod 755 /var/www/html/nextcloud.sh
  [ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in /federated/apps/nextcloud container"
  # Run nextcloud.sh - Setup LDAP, configuration for nextcloud
  docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside /federated/apps/nextcloud container"
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
--- a/lib/postgresql.sh
+++ b/lib/postgresql.sh
@ -48,7 +48,7 @@ services:
      -c ssl_cert_file=/var/lib/postgresql/server.crt
      -c ssl_key_file=/var/lib/postgresql/server.key
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U nextcloud"]
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
@ -63,8 +63,8 @@ EOF
 cat > /federated/apps/postgresql/.env <<EOF
 IMAGE_VERSION="14"
-POSTGRES_DB=nextcloud
+POSTGRES_DB=postgres
-POSTGRES_USER=nextcloud
+POSTGRES_USER=postgres
 POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
 POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
 EOF
@ -73,6 +73,7 @@ chmod 600 /federated/apps/postgresql/.env
 PSQL_SECRET=$(create_password);
 echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
 chmod 600 /federated/apps/postgresql/.postgresql.secret
 NEXTCLOUD_SECRET=$(create_password);
 VAULTWARDEN_SECRET=$(create_password);
 LISTMONK_SECRET=$(create_password);
 MATRIX_SECRET=$(create_password);
@ -81,6 +82,9 @@ CALCOM_SECRET=$(create_password);
 # cat postgresql/data/docker-entrypoint-initdb.d/init.sql
 cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
 CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
 CREATE DATABASE nextcloud;
 GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
 CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
 CREATE DATABASE vaultwarden;
 GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
@ -101,38 +105,9 @@ EOF
 kill -9 $SPINPID &> /dev/null
 echo -ne "done."
 }
 start_postgresql() {
-  # Start /federated/apps/postgresql with output to /dev/null
+  # Start service with command to make sure it's up before proceeding
-  echo -ne "\n* Starting /federated/apps/postgresql service.."
+  start_service "postgresql" "nc -z 172.99.0.11 5432 &> /dev/null"
  spin &
  SPINPID=$!
  if [ $DEBUG ]; then
    # Start /federated/apps/postgresql with output to console for debug
    docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql up
    [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/postgresql"
  else
    docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql up -d &> /dev/null
    # Keep trying postgresql port 5432 to make sure it's up
    # before we proceed
    RETRY="30"
    while [ $RETRY -gt 0 ]; do
      nc -z 172.99.0.11 5432 &> /dev/null
      if [ $? -eq 0 ]; then
        break
      else
        if [ "$RETRY" == 1 ]; then
          docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql down &> /dev/null
          kill -9 $SPINPID &> /dev/null
          fail "There was a problem starting service /federated/apps/postgresql\nCheck the output of 'docker logs postgresql' or turn on\ndebug with -d"
        fi
        ((RETRY--))
        sleep 7
      fi
    done
  fi
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."