217 lines
7.5 KiB
Bash
217 lines
7.5 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Federated Computer NextCloud Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_nextcloud() {
|
|
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/nextcloud" ]; then
|
|
mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
|
|
fi
|
|
|
|
DOMAIN_ARRAY=(${DOMAIN//./ })
|
|
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
|
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
|
|
|
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
|
|
version: '3.7'
|
|
|
|
services:
|
|
nextcloud:
|
|
image: nextcloud:latest
|
|
container_name: nextcloud
|
|
hostname: nextcloud.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.15
|
|
extra_hosts:
|
|
- "collabora.$DOMAIN:$EXTERNALIP"
|
|
volumes:
|
|
- ./data/var/www/html:/var/www/html
|
|
environment:
|
|
- VIRTUAL_PROTO=http
|
|
- VIRTUAL_PORT=80
|
|
- VIRTUAL_HOST=nextcloud.$DOMAIN
|
|
- PHP_MEMORY_LIMIT=2048M
|
|
- PHP_UPLOAD_LIMIT=2048M
|
|
- NEXTCLOUD_ADMIN_USER=nextcloud
|
|
- NEXTCLOUD_ADMIN_PASSWORD=$ADMINPASS
|
|
- POSTGRES_HOST=postgresql.$DOMAIN
|
|
- POSTGRES_DB=nextcloud
|
|
- POSTGRES_USER=nextcloud
|
|
- POSTGRES_PASSWORD=$ADMINPASS
|
|
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/supervisord.conf <<EOF
|
|
[supervisord]
|
|
nodaemon=true
|
|
logfile=/var/log/supervisord/supervisord.log
|
|
pidfile=/var/run/supervisord/supervisord.pid
|
|
childlogdir=/var/log/supervisord/
|
|
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
|
logfile_backups=10 ; number of backed up logfiles
|
|
loglevel=error
|
|
|
|
[program:apache2]
|
|
stdout_logfile=/dev/stdout
|
|
stdout_logfile_maxbytes=0
|
|
stderr_logfile=/dev/stderr
|
|
stderr_logfile_maxbytes=0
|
|
command=apache2-foreground
|
|
|
|
[program:sshd]
|
|
stdout_logfile=/dev/stdout
|
|
stdout_logfile_maxbytes=0
|
|
stderr_logfile=/dev/stderr
|
|
stderr_logfile_maxbytes=0
|
|
command=service ssh start
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/Dockerfile <<EOF
|
|
FROM nextcloud:latest
|
|
|
|
RUN apt update -y && apt-get install ssh -y \
|
|
&& apt-get install python3 -y && apt-get install sudo -y
|
|
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
|
|
&& useradd -m ansible -s /bin/bash \
|
|
&& sudo -u ansible mkdir /home/ansible/.ssh \
|
|
&& mkdir -p /var/run/sshd
|
|
|
|
RUN apt-get install -y supervisor \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& mkdir /var/log/supervisord /var/run/supervisord
|
|
|
|
COPY supervisord.conf /
|
|
|
|
ENV NEXTCLOUD_UPDATE=1
|
|
|
|
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/data/nextcloud.sh <<EOF
|
|
#!/bin/sh
|
|
|
|
PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
|
|
|
|
./occ app:enable user_ldap
|
|
./occ ldap:create-empty-config
|
|
./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
|
|
./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapAgentPassword $ADMINPASS
|
|
./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapEmailAttribute mail
|
|
./occ ldap:set-config s01 ldapGidNumber gidNumber
|
|
./occ ldap:set-config s01 ldapGroupDisplayName cn
|
|
./occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
|
|
./occ ldap:set-config s01 ldapGroupFilterMode 0
|
|
./occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
|
|
./occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
|
|
./occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
|
|
./occ ldap:set-config s01 ldapLoginFilterEmail 0
|
|
./occ ldap:set-config s01 ldapLoginFilterMode 0
|
|
./occ ldap:set-config s01 ldapLoginFilterUsername 1
|
|
./occ ldap:set-config s01 ldapLoginFilterEmail 0
|
|
./occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
|
|
./occ ldap:set-config s01 ldapNestedGroups 0
|
|
./occ ldap:set-config s01 ldapPagingSize 500
|
|
./occ ldap:set-config s01 ldapPort 636
|
|
./occ ldap:set-config s01 ldapTLS 1
|
|
./occ ldap:set-config s01 ldapUserAvatarRule default
|
|
./occ ldap:set-config s01 ldapUserDisplayName cn
|
|
./occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
|
|
./occ ldap:set-config s01 ldapUserFilterMode 0
|
|
./occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
|
|
./occ ldap:set-config s01 ldapUuidGroupAttribute auto
|
|
./occ ldap:set-config s01 ldapUuidUserAttribute auto
|
|
./occ ldap:set-config s01 turnOffCertCheck 0
|
|
./occ ldap:set-config s01 turnOnPasswordChange 0
|
|
./occ ldap:set-config s01 useMemberOfToDetectMembership 1
|
|
./occ ldap:set-config s01 ldapConfigurationActive 1
|
|
./occ config:system:delete trusted_domains
|
|
./occ config:system:set trusted_domains 1 --value=*
|
|
ADMINUUID=\`./occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
|
|
./occ group:adduser admin \$ADMINUUID
|
|
./occ user:delete nextcloud
|
|
./occ app:enable mail
|
|
./occ app:enable calendar
|
|
./occ app:enable contacts
|
|
./occ app:enable notes
|
|
./occ app:enable deck
|
|
./occ app:enable tasks
|
|
./occ app:enable bookmarks
|
|
./occ app:enable forms
|
|
./occ app:enable spreed
|
|
./occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
|
|
./occ app:enable richdocuments
|
|
./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
|
|
./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
|
|
./occ config:app:set --value ooxml richdocuments doc_format
|
|
./occ config:app:set --value "" richdocuments disable_certificate_verification
|
|
EOF
|
|
|
|
chmod +x /federated/apps/nextcloud/data/nextcloud.sh
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
|
|
start_nextcloud() {
|
|
echo -ne "\n* Starting /federated/apps/nextcloud service.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ $DEBUG ]; then
|
|
# Start /federated/apps/nextcloud with output to console for debug
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build
|
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/nextcloud"
|
|
else
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build -d &> /dev/null
|
|
|
|
# Keep trying nextcloud port 80 to make sure it's up
|
|
# before we proceed
|
|
RETRY="35"
|
|
while [ $RETRY -gt 0 ]; do
|
|
nc -z 172.99.0.15 80 &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
break
|
|
else
|
|
if [ "$RETRY" == 1 ]; then
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud down &> /dev/null
|
|
kill -9 $SPINPID &> /dev/null
|
|
fail "There was a problem starting service /federated/apps/nextcloud\nCheck the output of 'docker logs nextcloud' or turn on\ndebug with -d"
|
|
fi
|
|
((RETRY--))
|
|
sleep 7
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# Move nextcloud.sh and set nextcloud.sh executable
|
|
mv /federated/apps/nextcloud/data/nextcloud.sh apps/nextcloud/data/var/www/html/
|
|
docker exec -it nextcloud chown www-data:root /var/www/html/nextcloud.sh
|
|
docker exec -it nextcloud chmod 755 /var/www/html/nextcloud.sh
|
|
[ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in /federated/apps/nextcloud container"
|
|
|
|
# Run nextcloud.sh - Setup LDAP, configuration for nextcloud
|
|
docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside /federated/apps/nextcloud container"
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|