310 lines
11 KiB
Bash
310 lines
11 KiB
Bash
#!/bin/bash
|
|
#
|
|
# NextCloud Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_nextcloud() {
|
|
echo -ne "\n* Configuring /federated/apps/nextcloud container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/nextcloud" ]; then
|
|
mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
|
|
fi
|
|
|
|
DOMAIN_ARRAY=(${DOMAIN//./ })
|
|
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
|
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
|
|
|
cat > /federated/apps/nextcloud/docker-compose.yml <<EOF
|
|
version: '3.7'
|
|
|
|
services:
|
|
nextcloud:
|
|
image: nextcloud:\${IMAGE_VERSION}
|
|
container_name: nextcloud
|
|
hostname: nextcloud.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.16
|
|
extra_hosts:
|
|
- "collabora.$DOMAIN:$EXTERNALIP"
|
|
volumes:
|
|
- ./data/var/www/html:/var/www/html
|
|
env_file:
|
|
- ./.env
|
|
secrets:
|
|
- federated_psql_password
|
|
- federated_nextcloud_password
|
|
|
|
secrets:
|
|
federated_psql_password:
|
|
file: ./.postgresql.secret
|
|
federated_nextcloud_password:
|
|
file: ./.nextcloud.secret
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cp /federated/apps/postgresql/.postgresql.secret /federated/apps/nextcloud/
|
|
echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
|
|
chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
|
|
|
|
cat > /federated/apps/nextcloud/.env <<EOF
|
|
IMAGE_VERSION="25.0.3"
|
|
VIRTUAL_PROTO=http
|
|
VIRTUAL_PORT=80
|
|
VIRTUAL_HOST=nextcloud.$DOMAIN
|
|
PHP_MEMORY_LIMIT=2048M
|
|
PHP_UPLOAD_LIMIT=2048M
|
|
NEXTCLOUD_ADMIN_USER=nextcloud
|
|
NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/federated_nextcloud_password
|
|
POSTGRES_HOST=postgresql.$DOMAIN
|
|
POSTGRES_DB=nextcloud
|
|
POSTGRES_USER=nextcloud
|
|
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
|
|
EOF
|
|
chmod 600 /federated/apps/nextcloud/.env
|
|
|
|
cat > /federated/apps/nextcloud/supervisord.conf <<EOF
|
|
[supervisord]
|
|
nodaemon=true
|
|
logfile=/var/log/supervisord/supervisord.log
|
|
pidfile=/var/run/supervisord/supervisord.pid
|
|
childlogdir=/var/log/supervisord/
|
|
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
|
logfile_backups=10 ; number of backed up logfiles
|
|
loglevel=error
|
|
|
|
[program:apache2]
|
|
stdout_logfile=/dev/stdout
|
|
stdout_logfile_maxbytes=0
|
|
stderr_logfile=/dev/stderr
|
|
stderr_logfile_maxbytes=0
|
|
command=apache2-foreground
|
|
|
|
[program:sshd]
|
|
stdout_logfile=/dev/stdout
|
|
stdout_logfile_maxbytes=0
|
|
stderr_logfile=/dev/stderr
|
|
stderr_logfile_maxbytes=0
|
|
command=service ssh start
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/Dockerfile <<EOF
|
|
FROM nextcloud:latest
|
|
|
|
RUN apt update -y && apt-get install ssh -y \
|
|
&& apt-get install python3 -y && apt-get install sudo -y
|
|
RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
|
|
&& useradd -m ansible -s /bin/bash \
|
|
&& sudo -u ansible mkdir /home/ansible/.ssh \
|
|
&& mkdir -p /var/run/sshd
|
|
|
|
RUN apt-get install -y supervisor \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& mkdir /var/log/supervisord /var/run/supervisord
|
|
|
|
COPY supervisord.conf /
|
|
|
|
ENV NEXTCLOUD_UPDATE=1
|
|
|
|
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/data/configs.json <<EOF
|
|
{
|
|
"system": {
|
|
"mail_smtpmode": "smtp",
|
|
"mail_smtpsecure": "tls",
|
|
"mail_sendmailmode": "smtp",
|
|
"mail_from_address": "nextcloud",
|
|
"mail_domain": "$DOMAIN",
|
|
"mail_smtpauthtype": "LOGIN",
|
|
"mail_smtpauth": 1,
|
|
"mail_smtphost": "mail.$DOMAIN",
|
|
"mail_smtpport": "587",
|
|
"mail_smtpname": "admin",
|
|
"mail_smtppassword": "$ADMINPASS"
|
|
},
|
|
"apps": {
|
|
"side_menu": {
|
|
"background-color-opacity": "100",
|
|
"current-app-background-color": "#005b8d",
|
|
"types": "",
|
|
"enabled": "yes",
|
|
"text-color": "#ffffff",
|
|
"loader-color": "#339bd4",
|
|
"types": "",
|
|
"always-displayed": "0",
|
|
"big-menu": "0",
|
|
"side-with-categories": "0",
|
|
"background-color": "#0068a1",
|
|
"background-color-to": "#0068a1",
|
|
"icon-invert-filter": "0",
|
|
"icon-opacity": "100",
|
|
"opener": "side-menu-opener",
|
|
"dark-mode-background-color": "#0068a1",
|
|
"dark-mode-background-color-to": "#0068a1",
|
|
"dark-mode-background-color-opacity": "100",
|
|
"dark-mode-current-app-background-color": "#005b8d",
|
|
"dark-mode-text-color": "#ffffff",
|
|
"dark-mode-loader-color": "#ffffff",
|
|
"dark-mode-icon-invert-filter": "0",
|
|
"dark-mode-icon-opacity": "100",
|
|
"dark-mode-opener": "side-menu-opener",
|
|
"opener-position": "before",
|
|
"opener-only": "0",
|
|
"hide-when-no-apps": "0",
|
|
"opener-hover": "0",
|
|
"display-logo": "1",
|
|
"use-avatar": "0",
|
|
"add-logo-link": "1",
|
|
"big-menu-hidden-apps": "[]",
|
|
"show-settings": "0",
|
|
"size-icon": "normal",
|
|
"size-text": "normal",
|
|
"target-blank-apps": "[]",
|
|
"loader-enabled": "1",
|
|
"top-side-menu-apps": "[]",
|
|
"top-menu-mouse-over-hidden-label": "0",
|
|
"apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
|
|
"categories-order-type": "default",
|
|
"categories-custom": "[]",
|
|
"apps-categories-custom": "[]",
|
|
"categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
|
|
"default-enabled": "1",
|
|
"force": "0",
|
|
"top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
|
|
"cache": "2"
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
cat > /federated/apps/nextcloud/data/nextcloud.sh <<EOF
|
|
#!/bin/sh
|
|
|
|
PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
|
|
|
|
./occ app:enable user_ldap
|
|
./occ ldap:create-empty-config
|
|
./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
|
|
./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
|
|
./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
./occ ldap:set-config s01 ldapEmailAttribute mail
|
|
./occ ldap:set-config s01 ldapGidNumber gidNumber
|
|
./occ ldap:set-config s01 ldapGroupDisplayName cn
|
|
./occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
|
|
./occ ldap:set-config s01 ldapGroupFilterMode 0
|
|
./occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
|
|
./occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
|
|
./occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
|
|
./occ ldap:set-config s01 ldapLoginFilterEmail 0
|
|
./occ ldap:set-config s01 ldapLoginFilterMode 0
|
|
./occ ldap:set-config s01 ldapLoginFilterUsername 1
|
|
./occ ldap:set-config s01 ldapLoginFilterEmail 0
|
|
./occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
|
|
./occ ldap:set-config s01 ldapNestedGroups 0
|
|
./occ ldap:set-config s01 ldapPagingSize 500
|
|
./occ ldap:set-config s01 ldapPort 636
|
|
./occ ldap:set-config s01 ldapTLS 1
|
|
./occ ldap:set-config s01 ldapUserAvatarRule default
|
|
./occ ldap:set-config s01 ldapUserDisplayName cn
|
|
./occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
|
|
./occ ldap:set-config s01 ldapUserFilterMode 0
|
|
./occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
|
|
./occ ldap:set-config s01 ldapUuidGroupAttribute auto
|
|
./occ ldap:set-config s01 ldapUuidUserAttribute auto
|
|
./occ ldap:set-config s01 turnOffCertCheck 0
|
|
./occ ldap:set-config s01 turnOnPasswordChange 0
|
|
./occ ldap:set-config s01 useMemberOfToDetectMembership 1
|
|
./occ ldap:set-config s01 ldapConfigurationActive 1
|
|
./occ ldap:set-config s01 ldap_expert_username_attr uid
|
|
./occ config:system:set overwriteprotocol --value=https
|
|
./occ config:system:set default_phone_region --value="$COUNTRY"
|
|
./occ config:system:delete trusted_domains
|
|
./occ config:system:set trusted_domains 1 --value=*
|
|
ADMINUUID=\`./occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
|
|
./occ group:adduser admin \$ADMINUUID
|
|
./occ user:delete nextcloud
|
|
./occ app:enable mail
|
|
./occ app:enable calendar
|
|
./occ app:enable contacts
|
|
./occ app:enable notes
|
|
./occ app:enable deck
|
|
./occ app:enable tasks
|
|
./occ app:enable bookmarks
|
|
./occ app:enable forms
|
|
./occ app:enable spreed
|
|
./occ app:enable side_menu
|
|
./occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
|
|
./occ app:enable richdocuments
|
|
./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
|
|
./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
|
|
./occ config:app:set --value ooxml richdocuments doc_format
|
|
./occ config:app:set --value "" richdocuments disable_certificate_verification
|
|
./occ config:import configs.json
|
|
EOF
|
|
|
|
chmod +x /federated/apps/nextcloud/data/nextcloud.sh
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
|
|
start_nextcloud() {
|
|
echo -ne "\n* Starting /federated/apps/nextcloud service.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ $DEBUG ]; then
|
|
# Start /federated/apps/nextcloud with output to console for debug
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build
|
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/nextcloud"
|
|
else
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build -d &> /dev/null
|
|
|
|
# Keep trying nextcloud port 80 to make sure it's up
|
|
# before we proceed
|
|
RETRY="35"
|
|
while [ $RETRY -gt 0 ]; do
|
|
nc -z 172.99.0.16 80 &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
break
|
|
else
|
|
if [ "$RETRY" == 1 ]; then
|
|
docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud down &> /dev/null
|
|
kill -9 $SPINPID &> /dev/null
|
|
fail "There was a problem starting service /federated/apps/nextcloud\nCheck the output of 'docker logs nextcloud' or turn on\ndebug with -d"
|
|
fi
|
|
((RETRY--))
|
|
sleep 7
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# Move nextcloud.sh and sidemenu config, set nextcloud.sh executable
|
|
mv /federated/apps/nextcloud/data/nextcloud.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
|
|
docker exec -it nextcloud chown www-data:root /var/www/html/nextcloud.sh /var/www/html/configs.json
|
|
docker exec -it nextcloud chmod 755 /var/www/html/nextcloud.sh
|
|
[ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in /federated/apps/nextcloud container"
|
|
|
|
# Run nextcloud.sh - Setup LDAP, configuration for nextcloud
|
|
docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside /federated/apps/nextcloud container"
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|