feat: run occ commands from env variables as post deploy command

feat: set default quota via abra app cmd
feat: template fpm settings
2023-01-10 18:09:11 +01:00 · 2022-12-14 12:12:41 +01:00 · 2022-12-13 15:31:38 +01:00 · 2022-12-07 16:18:37 +01:00 · 2022-12-07 16:15:26 +01:00 · 2022-12-07 15:51:57 +01:00
9 changed files with 171 additions and 15 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -25,6 +25,8 @@ steps:
      SECRET_DB_PASSWORD_VERSION: v1
      SECRET_DB_ROOT_PASSWORD_VERSION: v1
      SECRET_ADMIN_PASSWORD_VERSION: v1
+      SECRET_ONLYOFFICE_JWT_VERSION: v1
+      SECRET_BBB_SECRET_VERSION: v1
      EXTRA_VOLUME: "/dev/null:/tmp/.dummy"
 trigger:
  branch:
--- a/.env.sample
+++ b/.env.sample
@ -17,7 +17,37 @@ SECRET_ADMIN_PASSWORD_VERSION=v1

 EXTRA_VOLUME=/dev/null:/tmp/.dummy

+# fpm-tune, see: https://spot13.com/pmcalculator/
+FPM_MAX_CHILDREN=131
+FPM_START_SERVERS=32
+FPM_MIN_SPARE_SERVERS=32
+FPM_MAX_SPARE_SERVERS=98
+
+DEFAULT_QUOTA="10 GB"
+
 # X_FRAME_OPTIONS_ENABLED=1
 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
-# APPS="calendar sociallogin onlyoffice"

+# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
+# SMTP_AUTHTYPE=
+# SMTP_HOST=
+# SMTP_SECURE=
+# SMTP_NAME=
+# SMTP_PORT=
+# MAIL_FROM_ADDRESS=
+# MAIL_DOMAIN=
+# SECRET_SMTP_PASSWORD_VERSION=v1
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
+# APPS="calendar sociallogin onlyoffice"
+#
+# ONLYOFFICE_URL=https://onlyoffice.example.com
+# SECRET_ONLYOFFICE_JWT_VERSION=v1
+#
+# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
+# SECRET_BBB_SECRET_VERSION=v1
+#
+# OCC_CMDS="app:disable dashboard"
+# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
+# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
--- a/abra.sh
+++ b/abra.sh
@ -1,14 +1,21 @@
 #!/bin/bash

-export FPM_TUNE_VERSION=v4
+export FPM_TUNE_VERSION=v5
 export NGINX_CONF_VERSION=v4
 export MY_CNF_VERSION=v4
-export ENTRYPOINT_VERSION=v2
+export ENTRYPOINT_VERSION=v3

 run_occ(){
    su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
 }

+post_install_occ(){
+    IFS='|' read -ra CMD <<< "$OCC_CMDS"
+    for cmd in "${CMD[@]}"; do
+      run_occ "$cmd"
+    done
+}
+
 install_apps(){
    install_apps="$@"
    if [ -z "$install_apps" ]
@ -29,10 +36,19 @@ set_app_config(){
 }

 install_bbb(){
-    URL=$1 # https://talk.example.org/bigbluebutton/ (trailing slash!)
-    SECRET=$2 # bbb secret key
    install_apps bbb
    set_app_config bbb app.navigation true
-    set_app_config bbb api.url "$URL"
-    set_app_config bbb api.secret "$SECRET"
+    set_app_config bbb api.url "$BBB_URL"
+    set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
+}
+
+install_onlyoffice(){
+    install_apps onlyoffice
+    set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
+    set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
+    set_app_config onlyoffice customizationForcesave true
+}
+
+set_default_quota(){
+    set_app_config files default_quota '"$DEFAULT_QUOTA"'
 }
--- a/compose.apps.yml
+++ b/compose.apps.yml
@ -0,0 +1,18 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - onlyoffice_jwt
+      - bbb_secret
+    environment:
+      - APPS
+      - ONLYOFFICE_URL
+      - BBB_URL
+
+secrets:
+  onlyoffice_jwt:
+    external: true
+    name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION}
+  bbb_secret:
+    external: true
+    name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION}
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -0,0 +1,19 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - smtp_password
+    environment:
+      - SMTP_AUTHTYPE
+      - SMTP_HOST
+      - SMTP_SECURE
+      - SMTP_NAME
+      - SMTP_PORT
+      - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
+      - MAIL_FROM_ADDRESS
+      - MAIL_DOMAIN
+
+secrets:
+  smtp_password:
+    external: true
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
--- a/compose.yml
+++ b/compose.yml
@ -50,6 +50,7 @@ services:
      - admin_password
    environment:
      - APPS
+      - OCC_CMDS
      - X_FRAME_OPTIONS_ALLOW_FROM
      - X_FRAME_OPTIONS_ENABLED
      - DOMAIN
@ -59,12 +60,13 @@ services:
      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
      - TRUSTED_PROXIES=traefik
      - REDIS_HOST=cache
-      - SMTP_HOST
-      - MAIL_FROM_ADDRESS
-      - MAIL_DOMAIN
-      - SMTP_AUTHTYPE=PLAIN
      - OVERWRITEPROTOCOL=https
      - PHP_MEMORY_LIMIT=1G
+      - FPM_MAX_CHILDREN=131
+      - FPM_START_SERVERS=32
+      - FPM_MIN_SPARE_SERVERS=32
+      - FPM_MAX_SPARE_SERVERS=98
+      - DEFAULT_QUOTA
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
@ -128,6 +130,7 @@ configs:
  fpm_tune:
    name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
    file: fpm-tune.ini
+    template_driver: golang
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,5 +1,30 @@
 #!/bin/bash

+set -eu
+
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+file_env "SMTP_PASSWORD"
+
 echo "Giving the db container some time to come up"; sleep 20
 # see this issue with postgres db https://github.com/nextcloud/docker/issues/1204

@ -9,4 +34,6 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht
 fi
 {{ end }}

+
+
 /entrypoint.sh php-fpm
--- a/fpm-tune.ini
+++ b/fpm-tune.ini
@ -1,5 +1,5 @@
 pm = dynamic
-pm.max_children = 131
-pm.start_servers = 32
-pm.min_spare_servers = 32
-pm.max_spare_servers = 98
+pm.max_children = {{ env "FPM_MAX_CHILDREN" }}
+pm.start_servers = {{ env "FPM_START_SERVERS" }}
+pm.min_spare_servers = {{ env "FPM_MIN_SPARE_SERVERS" }}
+pm.max_spare_servers = {{ env "FPM_MAX_SPARE_SERVERS" }}
--- a/releases/next
+++ b/releases/next
@ -0,0 +1,41 @@
+
+## FPM Tune
+
+The fpm-tune.ini settings are now configurable by `.env`. Please add this to your servers configs:
+
+```
+# fpm-tune, see: https://spot13.com/pmcalculator/
+FPM_MAX_CHILDREN=131
+FPM_START_SERVERS=32
+FPM_MIN_SPARE_SERVERS=32
+FPM_MAX_SPARE_SERVERS=98
+```
+
+## SMTP
+
+Add SMTP Config to your .env file:
+
+```
+# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
+# SMTP_AUTHTYPE=
+# SMTP_HOST=
+# SMTP_SECURE=
+# SMTP_NAME=
+# SMTP_PORT=
+# MAIL_FROM_ADDRESS=
+# MAIL_DOMAIN=
+# SECRET_SMTP_PASSWORD_VERSION=v1
+```
+
+
+## Post Deploy Commands
+
+Some Apps can also be managed with abra app cmd!
+
+```
+# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
+# APPS="calendar sociallogin onlyoffice"
+# ONLYOFFICE_URL=https://onlyoffice.example.com
+# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
+```
Author	SHA1	Message	Date
Moritz	3156757fee	feat: run occ commands from env variables as post deploy command	2023-01-10 18:09:11 +01:00
Philipp Rothmann	012e9c2310	feat: set default quota via abra app cmd	2022-12-14 12:12:41 +01:00
Philipp Rothmann	805b29d918	feat: template fpm settings this closes #25	2022-12-13 15:31:38 +01:00
Philipp Rothmann	9148747de6	chore: clean up .env.sample	2022-12-07 16:18:37 +01:00
Philipp Rothmann	c646f95706	refactor: move nc-app secrets to seperate overwrite yml	2022-12-07 16:15:26 +01:00
Philipp Rothmann	f0bbb28626	feat: make smtp settings configurable in .env	2022-12-07 15:51:57 +01:00
Moritz	0e8c5ecd17	fix CI deployment: set bbb and onlyoffice secret version	2022-12-06 15:11:01 +01:00
Moritz	f87f9fc4da	use docker secrets for bbb	2022-12-06 14:47:29 +01:00
Moritz	1b76b6211f	add install_onlyoffice command	2022-12-06 13:27:45 +01:00