chore: update readme

.drone.yml

@@ -31,19 +31,3 @@ steps:
 trigger:
   branch:
     - main
----
-kind: pipeline
-name: generate recipe catalogue
-steps:
-  - name: release a new version
-    image: plugins/downstream
-    settings:
-      server: https://build.coopcloud.tech
-      token:
-        from_secret: drone_abra-bot_token
-      fork: true
-      repositories:
-        - coop-cloud/auto-recipes-catalogue-json
-
-trigger:
-  event: tag

.env.sample

@@ -1,6 +1,4 @@
 TYPE=nextcloud
-TIMEOUT=500
-ENABLE_AUTO_UPDATE=true
 
 DOMAIN=nextcloud.example.com
 ## Domain aliases
@@ -11,8 +9,6 @@ COMPOSE_FILE="compose.yml"
 COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
 
-#MAX_DB_CONNECTIONS=500
-
 ADMIN_USER=admin
 
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
@@ -21,12 +17,11 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
 
 EXTRA_VOLUME=/dev/null:/tmp/.dummy
 
-PHP_MEMORY_LIMIT=1G
 # fpm-tune, see: https://spot13.com/pmcalculator/
-FPM_MAX_CHILDREN=16
+FPM_MAX_CHILDREN=131
-FPM_START_SERVERS=4
+FPM_START_SERVERS=32
-FPM_MIN_SPARE_SERVERS=4
+FPM_MIN_SPARE_SERVERS=32
-FPM_MAX_SPARE_SERVERS=12
+FPM_MAX_SPARE_SERVERS=98
 
 DEFAULT_QUOTA="10 GB"
 
@@ -60,5 +55,5 @@ DEFAULT_QUOTA="10 GB"
 # COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
 # AUTHENTIK_USER_PREFIX=authentik
 # AUTHENTIK_DOMAIN=authentik.example.com
-# SECRET_AUTHENTIK_SECRET_VERSION=v1
+# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1  # the same as in authentik
-# SECRET_AUTHENTIK_ID_VERSION=v1
+# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1  # the same as in authentik

README.md

@@ -120,7 +120,7 @@ Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the
 ```
   'oidc_login_client_id' => 'nextcloud',
   'oidc_login_client_secret' => 'mysecret',
-  'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
+  'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
   'oidc_login_disable_registration' => false,
   'oidc_login_hide_password_form' => true,
   'oidc_login_button_text' => 'Log in with your myssodomain',

abra.sh

@@ -2,78 +2,62 @@
 
 export FPM_TUNE_VERSION=v5
 export NGINX_CONF_VERSION=v4
-export MY_CNF_VERSION=v5
+export MY_CNF_VERSION=v4
 export ENTRYPOINT_VERSION=v3
 
-run_occ() {
+run_occ(){
     su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
 }
 
-post_install_occ() {
+post_install_occ(){
-    IFS='|' read -ra CMD <<<"$OCC_CMDS"
+    IFS='|' read -ra CMD <<< "$OCC_CMDS"
     for cmd in "${CMD[@]}"; do
-        run_occ "$cmd"
+      run_occ "$cmd"
     done
 }
 
-install_apps() {
+install_apps(){
     install_apps="$@"
-    if [ -z "$install_apps" ]; then
+    if [ -z "$install_apps" ]
+    then
         install_apps=$APPS
     fi
-    for app in $install_apps; do
+    for app in $install_apps
+    do
         run_occ "app:install $app"
     done
 }
 
-set_app_config() {
+set_app_config(){
     APP=$1
     KEY=$2
     VALUE=$3
     run_occ "config:app:set $APP $KEY --value '$VALUE'"
 }
 
-set_system_config() {
+install_bbb(){
-    KEY=$1
-    VALUE=$2
-    run_occ "config:system:set $KEY --value '$VALUE'"
-}
-
-set_trusted_proxies() {
-    trusted_proxies="$@"
-    if [ -z "$1" ]; then
-        trusted_proxies="$TRUSTED_PROXIES"
-    fi
-    set_system_config trusted_proxies "$trusted_proxies"
-}
-
-set_logfile_stdout() {
-    set_system_config logfile '/dev/stdout'
-}
-
-install_bbb() {
     install_apps bbb
     set_app_config bbb app.navigation true
     set_app_config bbb api.url "$BBB_URL"
     set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
 }
 
-install_onlyoffice() {
+install_onlyoffice(){
     install_apps onlyoffice
     set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
     set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
     set_app_config onlyoffice customizationForcesave true
 }
 
-set_default_quota() {
+set_default_quota(){
-    set_app_config files default_quota "$DEFAULT_QUOTA"
+    set_app_config files default_quota '"$DEFAULT_QUOTA"'
 }
 
-set_authentik() {
+set_authentik(){
-    install_apps sociallogin
+install_apps sociallogin
-    AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
+AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
-    AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
+AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
-    set_app_config sociallogin custom_providers "
+set_app_config sociallogin custom_providers "
 {
     \"custom_oidc\":[
     {
@@ -91,17 +75,16 @@ set_authentik() {
         \"style\":\"openid\",
         \"defaultGroup\":\"\",
         \"groupMapping\": {
-          \"admin\": \"admin\",
+          \"admin\": \"admin\"
-          \"authentik Admins\": \"admin\"
         }
     }
 ]
 }"
 
-    set_app_config sociallogin update_profile_on_login 1
+set_app_config sociallogin update_profile_on_login 1
-    set_app_config sociallogin auto_create_groups 1
+set_app_config sociallogin auto_create_groups 1
-    set_app_config sociallogin hide_default_login 1
+set_app_config sociallogin hide_default_login 1
-    run_occ 'config:system:set social_login_auto_redirect --value true'
+run_occ 'config:system:set social_login_auto_redirect --value true'
-    run_occ 'config:system:set allow_user_to_change_display_name --value=false'
+run_occ 'config:system:set allow_user_to_change_display_name --value=false'
-    run_occ 'config:system:set lost_password_link --value=disabled'
+run_occ 'config:system:set lost_password_link --value=disabled'
 }

compose.authentik.yml

@@ -8,7 +8,7 @@ services:
 secrets:
   authentik_secret:
     external: true
-    name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
+    name: ${AUTHENTIK_SECRET_NAME}
   authentik_id:
     external: true
-    name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
+    name: ${AUTHENTIK_ID_NAME}

compose.mariadb.yml

@@ -15,7 +15,6 @@ services:
       - MYSQL_USER=nextcloud
       - MYSQL_PASSWORD_FILE=/run/secrets/db_password
       - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-      - MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
     configs:
       - source: my_tune
         target: /etc/mysql/conf.d/my-tune.cnf
@@ -29,9 +28,9 @@ services:
     deploy:
       labels:
           backupbot.backup: "true"
-          backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
+          backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
-          backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
-          backupbot.backup.path: "/var/lib/mysql/backup.sql"
+          backupbot.backup.path: "/tmp/backup/"
     healthcheck:
       test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
       interval: 30s
@@ -42,7 +41,6 @@ configs:
   my_tune:
     name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
     file: my-tune.cnf
-    template_driver: golang
 
 volumes:
   mariadb:

compose.postgres.yml

@@ -11,28 +11,27 @@ services:
 
   db:
     image: "postgres:12"
-    command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
     volumes:
       - "postgres:/var/lib/postgresql/data"
     networks:
       - internal
     environment:
-      POSTGRES_USER: nextcloud
+      POSTGRES_USER: nextcloud 
       POSTGRES_PASSWORD_FILE: /run/secrets/db_password
-      POSTGRES_DB: nextcloud
+      POSTGRES_DB: nextcloud 
     secrets:
       - db_password
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready", "-U", "nextcloud"]
+      test: ["CMD-SHELL", "pg_isready"]
       interval: 10s
       timeout: 5s
       retries: 5
     deploy:
       labels:
             backupbot.backup: "true"
-            backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
+            backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
-            backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
+            backupbot.backup.post-hook: "rm -rf /tmp/backup"
-            backupbot.backup.path: "/var/lib/postgresql/data/"
+            backupbot.backup.path: "/tmp/backup/"
 
 volumes:
   postgres:

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   web:
-    image: nginx:1.25.1
+    image: nginx:1.23.3
     configs:
       - source: nginx_conf
         target: /etc/nginx/nginx.conf
@@ -33,9 +33,6 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "caddy=${DOMAIN}"
-        - "caddy.reverse_proxy={{upstreams 80}}"
-        - "caddy.tls.on_demand="
     healthcheck:
       test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php |  grep "installed\":true"']
       interval: 30s
@@ -44,12 +41,12 @@ services:
       start_period: 5m
 
   app:
-    image: nextcloud:27.0.1-fpm
+    image: nextcloud:25.0.4-fpm
     depends_on:
       - db
     configs:
       - source: fpm_tune
-        target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf
+        target: /usr/local/etc/php-fpm.d/fpm-tune.conf
       - source: entrypoint
         target: /custom-entrypoint.sh
         mode: 555
@@ -67,14 +64,14 @@ services:
       - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
       - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
       - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
-      - TRUSTED_PROXIES=10.0.0.0/8
+      - TRUSTED_PROXIES=traefik
       - REDIS_HOST=cache
       - OVERWRITEPROTOCOL=https
-      - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
+      - PHP_MEMORY_LIMIT=1G
-      - FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
+      - FPM_MAX_CHILDREN=131
-      - FPM_START_SERVERS=${FPM_START_SERVERS:-32}
+      - FPM_START_SERVERS=32
-      - FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
+      - FPM_MIN_SPARE_SERVERS=32
-      - FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}
+      - FPM_MAX_SPARE_SERVERS=98
       - DEFAULT_QUOTA
     volumes:
       - nextcloud:/var/www/html/
@@ -89,8 +86,7 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.version=5.0.3+27.0.1-fpm"
+        - "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
     healthcheck:
@@ -101,7 +97,7 @@ services:
       start_period: 5m
 
   cron:
-    image: nextcloud:27.0.1-fpm
+    image: nextcloud:25.0.4-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -113,7 +109,7 @@ services:
     entrypoint: /cron.sh
 
   cache:
-    image: redis:7.0.12-alpine
+    image: redis:7.0.9-alpine
     networks:
       - internal
     volumes:

my-tune.cnf

@@ -13,7 +13,7 @@ key_buffer_size                = 16M
 innodb_log_file_size           = 256M
 long_query_time                = 1
 max_allowed_packet             = 256M
-max_connections                = {{ env "MAX_DB_CONNECTIONS" }}
+max_connections                = 100
 max_heap_table_size            = 64M
 max_user_connections           = 0
 myisam_recover_options         = BACKUP

release/3.2.0+25.0.4-fpm

@@ -1,11 +0,0 @@
-If the authentik configuration should be handled by abra add the following to the env:
-
-    COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
-    AUTHENTIK_USER_PREFIX=authentik
-    AUTHENTIK_DOMAIN=authentik.example.com
-    AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1  # the same as in authentik
-    AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1  # the same as in authentik
-
-And run:
-
-    abra app cmd <app-name> app set_authentik

release/next

@@ -1 +0,0 @@
-The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more.