forked from coop-cloud/nextcloud
Compare commits
33 Commits
authentik_
...
5.0.3+27.0
| Author | SHA1 | Date | |
|---|---|---|---|
| 9ca5244c1b | |||
| 6b702d46e2 | |||
| c54b975654 | |||
| e9a602cc78 | |||
| 90c7b87655 | |||
| 3a8c203b51 | |||
| 634a3553b9 | |||
| 24e9571ba1 | |||
| 6546a05cf9 | |||
| ad3059d518 | |||
| 92af4b9c01 | |||
| 92dca3fab7 | |||
| 201585bea8 | |||
| a0e8fdad40 | |||
| 6427ce181f | |||
| 37f575038b | |||
| 7e4c87346a | |||
| 944230afe0 | |||
| 63a1787ad6 | |||
| 1deee41205 | |||
| b8d209e531 | |||
| f48d314699 | |||
| a6ea635fd4 | |||
| c9b8aec108 | |||
| db39e8dee6 | |||
| ed68b3e57c | |||
| 78ea500d5e | |||
| 6f219781e5 | |||
| 162c056f07 | |||
| 5d537d5173 | |||
| 7a25bd4835 | |||
| eac7431b13 | |||
| fce0b9f7cb |
16
.drone.yml
16
.drone.yml
@ -31,3 +31,19 @@ steps:
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
17
.env.sample
17
.env.sample
@ -1,4 +1,6 @@
|
||||
TYPE=nextcloud
|
||||
TIMEOUT=500
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN=nextcloud.example.com
|
||||
## Domain aliases
|
||||
@ -9,6 +11,8 @@ COMPOSE_FILE="compose.yml"
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
|
||||
|
||||
#MAX_DB_CONNECTIONS=500
|
||||
|
||||
ADMIN_USER=admin
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
@ -17,11 +21,12 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||
|
||||
EXTRA_VOLUME=/dev/null:/tmp/.dummy
|
||||
|
||||
PHP_MEMORY_LIMIT=1G
|
||||
# fpm-tune, see: https://spot13.com/pmcalculator/
|
||||
FPM_MAX_CHILDREN=131
|
||||
FPM_START_SERVERS=32
|
||||
FPM_MIN_SPARE_SERVERS=32
|
||||
FPM_MAX_SPARE_SERVERS=98
|
||||
FPM_MAX_CHILDREN=16
|
||||
FPM_START_SERVERS=4
|
||||
FPM_MIN_SPARE_SERVERS=4
|
||||
FPM_MAX_SPARE_SERVERS=12
|
||||
|
||||
DEFAULT_QUOTA="10 GB"
|
||||
|
||||
@ -55,5 +60,5 @@ DEFAULT_QUOTA="10 GB"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
# AUTHENTIK_USER_PREFIX=authentik
|
||||
# AUTHENTIK_DOMAIN=authentik.example.com
|
||||
# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
|
||||
# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
|
||||
# SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
# SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
|
||||
@ -120,7 +120,7 @@ Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the
|
||||
```
|
||||
'oidc_login_client_id' => 'nextcloud',
|
||||
'oidc_login_client_secret' => 'mysecret',
|
||||
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
|
||||
'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
|
||||
'oidc_login_disable_registration' => false,
|
||||
'oidc_login_hide_password_form' => true,
|
||||
'oidc_login_button_text' => 'Log in with your myssodomain',
|
||||
|
||||
71
abra.sh
71
abra.sh
@ -2,62 +2,78 @@
|
||||
|
||||
export FPM_TUNE_VERSION=v5
|
||||
export NGINX_CONF_VERSION=v4
|
||||
export MY_CNF_VERSION=v4
|
||||
export MY_CNF_VERSION=v5
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
|
||||
run_occ(){
|
||||
run_occ() {
|
||||
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
||||
}
|
||||
|
||||
post_install_occ(){
|
||||
IFS='|' read -ra CMD <<< "$OCC_CMDS"
|
||||
post_install_occ() {
|
||||
IFS='|' read -ra CMD <<<"$OCC_CMDS"
|
||||
for cmd in "${CMD[@]}"; do
|
||||
run_occ "$cmd"
|
||||
run_occ "$cmd"
|
||||
done
|
||||
}
|
||||
|
||||
install_apps(){
|
||||
install_apps() {
|
||||
install_apps="$@"
|
||||
if [ -z "$install_apps" ]
|
||||
then
|
||||
if [ -z "$install_apps" ]; then
|
||||
install_apps=$APPS
|
||||
fi
|
||||
for app in $install_apps
|
||||
do
|
||||
for app in $install_apps; do
|
||||
run_occ "app:install $app"
|
||||
done
|
||||
}
|
||||
|
||||
set_app_config(){
|
||||
set_app_config() {
|
||||
APP=$1
|
||||
KEY=$2
|
||||
VALUE=$3
|
||||
run_occ "config:app:set $APP $KEY --value '$VALUE'"
|
||||
}
|
||||
|
||||
install_bbb(){
|
||||
set_system_config() {
|
||||
KEY=$1
|
||||
VALUE=$2
|
||||
run_occ "config:system:set $KEY --value '$VALUE'"
|
||||
}
|
||||
|
||||
set_trusted_proxies() {
|
||||
trusted_proxies="$@"
|
||||
if [ -z "$1" ]; then
|
||||
trusted_proxies="$TRUSTED_PROXIES"
|
||||
fi
|
||||
set_system_config trusted_proxies "$trusted_proxies"
|
||||
}
|
||||
|
||||
set_logfile_stdout() {
|
||||
set_system_config logfile '/dev/stdout'
|
||||
}
|
||||
|
||||
install_bbb() {
|
||||
install_apps bbb
|
||||
set_app_config bbb app.navigation true
|
||||
set_app_config bbb api.url "$BBB_URL"
|
||||
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
|
||||
}
|
||||
|
||||
install_onlyoffice(){
|
||||
install_onlyoffice() {
|
||||
install_apps onlyoffice
|
||||
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
|
||||
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
|
||||
set_app_config onlyoffice customizationForcesave true
|
||||
}
|
||||
|
||||
set_default_quota(){
|
||||
set_app_config files default_quota '"$DEFAULT_QUOTA"'
|
||||
set_default_quota() {
|
||||
set_app_config files default_quota "$DEFAULT_QUOTA"
|
||||
}
|
||||
|
||||
set_authentik(){
|
||||
install_apps sociallogin
|
||||
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
||||
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
||||
set_app_config sociallogin custom_providers "
|
||||
set_authentik() {
|
||||
install_apps sociallogin
|
||||
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
||||
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
||||
set_app_config sociallogin custom_providers "
|
||||
{
|
||||
\"custom_oidc\":[
|
||||
{
|
||||
@ -75,16 +91,17 @@ set_app_config sociallogin custom_providers "
|
||||
\"style\":\"openid\",
|
||||
\"defaultGroup\":\"\",
|
||||
\"groupMapping\": {
|
||||
\"admin\": \"admin\"
|
||||
\"admin\": \"admin\",
|
||||
\"authentik Admins\": \"admin\"
|
||||
}
|
||||
}
|
||||
]
|
||||
}"
|
||||
|
||||
set_app_config sociallogin update_profile_on_login 1
|
||||
set_app_config sociallogin auto_create_groups 1
|
||||
set_app_config sociallogin hide_default_login 1
|
||||
run_occ 'config:system:set social_login_auto_redirect --value true'
|
||||
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
|
||||
run_occ 'config:system:set lost_password_link --value=disabled'
|
||||
set_app_config sociallogin update_profile_on_login 1
|
||||
set_app_config sociallogin auto_create_groups 1
|
||||
set_app_config sociallogin hide_default_login 1
|
||||
run_occ 'config:system:set social_login_auto_redirect --value true'
|
||||
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
|
||||
run_occ 'config:system:set lost_password_link --value=disabled'
|
||||
}
|
||||
|
||||
@ -8,7 +8,7 @@ services:
|
||||
secrets:
|
||||
authentik_secret:
|
||||
external: true
|
||||
name: ${AUTHENTIK_SECRET_NAME}
|
||||
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
|
||||
authentik_id:
|
||||
external: true
|
||||
name: ${AUTHENTIK_ID_NAME}
|
||||
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
|
||||
|
||||
@ -15,6 +15,7 @@ services:
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
|
||||
configs:
|
||||
- source: my_tune
|
||||
target: /etc/mysql/conf.d/my-tune.cnf
|
||||
@ -28,9 +29,9 @@ services:
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/mysql/backup.sql"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping']
|
||||
interval: 30s
|
||||
@ -41,6 +42,7 @@ configs:
|
||||
my_tune:
|
||||
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
|
||||
file: my-tune.cnf
|
||||
template_driver: golang
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
||||
@ -11,27 +11,28 @@ services:
|
||||
|
||||
db:
|
||||
image: "postgres:12"
|
||||
command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
networks:
|
||||
- internal
|
||||
environment:
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_DB: nextcloud
|
||||
secrets:
|
||||
- db_password
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready"]
|
||||
test: ["CMD-SHELL", "pg_isready", "-U", "nextcloud"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/"
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
|
||||
28
compose.yml
28
compose.yml
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.23.3
|
||||
image: nginx:1.25.1
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
@ -33,6 +33,9 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "caddy=${DOMAIN}"
|
||||
- "caddy.reverse_proxy={{upstreams 80}}"
|
||||
- "caddy.tls.on_demand="
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
|
||||
interval: 30s
|
||||
@ -41,12 +44,12 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
app:
|
||||
image: nextcloud:25.0.4-fpm
|
||||
image: nextcloud:27.0.1-fpm
|
||||
depends_on:
|
||||
- db
|
||||
configs:
|
||||
- source: fpm_tune
|
||||
target: /usr/local/etc/php-fpm.d/fpm-tune.conf
|
||||
target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf
|
||||
- source: entrypoint
|
||||
target: /custom-entrypoint.sh
|
||||
mode: 555
|
||||
@ -64,14 +67,14 @@ services:
|
||||
- NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
|
||||
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
|
||||
- TRUSTED_PROXIES=traefik
|
||||
- TRUSTED_PROXIES=10.0.0.0/8
|
||||
- REDIS_HOST=cache
|
||||
- OVERWRITEPROTOCOL=https
|
||||
- PHP_MEMORY_LIMIT=1G
|
||||
- FPM_MAX_CHILDREN=131
|
||||
- FPM_START_SERVERS=32
|
||||
- FPM_MIN_SPARE_SERVERS=32
|
||||
- FPM_MAX_SPARE_SERVERS=98
|
||||
- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
|
||||
- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
|
||||
- FPM_START_SERVERS=${FPM_START_SERVERS:-32}
|
||||
- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
|
||||
- FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}
|
||||
- DEFAULT_QUOTA
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
@ -86,7 +89,8 @@ services:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.version=5.0.3+27.0.1-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
|
||||
healthcheck:
|
||||
@ -97,7 +101,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
cron:
|
||||
image: nextcloud:25.0.4-fpm
|
||||
image: nextcloud:27.0.1-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
@ -109,7 +113,7 @@ services:
|
||||
entrypoint: /cron.sh
|
||||
|
||||
cache:
|
||||
image: redis:7.0.9-alpine
|
||||
image: redis:7.0.12-alpine
|
||||
networks:
|
||||
- internal
|
||||
volumes:
|
||||
|
||||
@ -13,7 +13,7 @@ key_buffer_size = 16M
|
||||
innodb_log_file_size = 256M
|
||||
long_query_time = 1
|
||||
max_allowed_packet = 256M
|
||||
max_connections = 100
|
||||
max_connections = {{ env "MAX_DB_CONNECTIONS" }}
|
||||
max_heap_table_size = 64M
|
||||
max_user_connections = 0
|
||||
myisam_recover_options = BACKUP
|
||||
|
||||
11
release/3.2.0+25.0.4-fpm
Normal file
11
release/3.2.0+25.0.4-fpm
Normal file
@ -0,0 +1,11 @@
|
||||
If the authentik configuration should be handled by abra add the following to the env:
|
||||
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
AUTHENTIK_USER_PREFIX=authentik
|
||||
AUTHENTIK_DOMAIN=authentik.example.com
|
||||
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
|
||||
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
|
||||
|
||||
And run:
|
||||
|
||||
abra app cmd <app-name> app set_authentik
|
||||
1
release/next
Normal file
1
release/next
Normal file
@ -0,0 +1 @@
|
||||
The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more.
|
||||
Reference in New Issue
Block a user