MIR/nextcloud
0
0
Fork 0
forked from coop-cloud/nextcloud
Code Pull Requests Activity

Compare commits

base: MIR:authentik_sso
Branches Tags
MIR:main MIR:kc_stable MIR:nextcloud-v28 MIR:add-theming-v28.0.5 MIR:add-theming MIR:update-nginx-conf MIR:split-bbb-onlyoffice-compos MIR:split-onlyoffice-bbb-config MIR:authentik_sso MIR:healthchecks MIR:occ_cmds MIR:auto_app_install MIR:embed_nextcloud_in_iframe MIR:auto_configure_sso MIR:add-postgres-db coop-cloud:main coop-cloud:kc_stable coop-cloud:nextcloud-v28 coop-cloud:add-theming-v28.0.5 coop-cloud:add-theming coop-cloud:update-nginx-conf coop-cloud:split-bbb-onlyoffice-compos coop-cloud:split-onlyoffice-bbb-config coop-cloud:authentik_sso coop-cloud:healthchecks coop-cloud:occ_cmds coop-cloud:auto_app_install coop-cloud:embed_nextcloud_in_iframe coop-cloud:auto_configure_sso coop-cloud:add-postgres-db
MIR:11.0.0+30.0.4-fpm MIR:10.0.0+30.0.4-fpm MIR:9.2.0+29.0.8-fpm MIR:6.0.11+28.0.10-fpm MIR:6.0.10+28.0.10-fpm MIR:6.0.9+28.0.10-fpm MIR:9.1.2+29.0.5-fpm MIR:6.0.8+28.0.5-fpm MIR:6.0.7+28.0.5-fpm MIR:9.1.0+29.0.5-fpm MIR:9.0.0+29.0.5-fpm MIR:6.0.6+28.0.5-fpm MIR:8.0.1+29.0.3-fpm MIR:8.0.0+29.0.1-fpm MIR:7.0.3+29.0.1-fpm MIR:6.0.5+28.0.5-fpm MIR:7.0.2+29.0.1-fpm MIR:7.0.1+29.0.1-fpm MIR:7.0.0+29.0.0-fpm MIR:6.0.4+28.0.5-fpm MIR:6.0.3+28.0.5-fpm MIR:6.0.2+28.0.5-fpm MIR:5.0.3+27.0.1-fpm MIR:6.0.1+28.0.2-fpm MIR:6.0.0+28.0.1-fpm MIR:5.2.0+27.1.5-fpm MIR:5.1.1+27.1.5-fpm MIR:5.1.0+27.1.3-fpm MIR:5.0.2+27.0.1-fpm MIR:5.0.1+27.0.1-fpm MIR:5.0.0+27.0.0-fpm MIR:4.0.7+26.0.2-fpm MIR:4.0.6+26.0.2-fpm MIR:4.0.5+26.0.2-fpm MIR:4.0.4+26.0.2-fpm MIR:4.0.3+26.0.2-fpm MIR:4.0.2+26.0.2-fpm MIR:4.0.1+26.0.1-fpm MIR:4.0.0+26.0.1-fpm MIR:3.3.2+25.0.6-fpm MIR:3.3.1+25.0.5-fpm MIR:3.3.0+25.0.5-fpm MIR:3.2.0+25.0.4-fpm MIR:3.1.2+25.0.4-fpm MIR:3.1.1+25.0.1-fpm MIR:3.1.0+25.0.1-fpm MIR:3.0.1+25.0.1-fpm MIR:3.0.0+25.0.1-fpm MIR:2.1.4+24.0.6-fpm MIR:2.1.3+24.0.5-fpm MIR:2.1.2+24.0.3-fpm MIR:2.1.1+24.0.2-fpm MIR:2.1.0+24.0.0-fpm MIR:2.0.0+23.0.4-fpm MIR:1.0.0+23.0.1-fpm coop-cloud:11.4.0+30.0.6-fpm coop-cloud:11.3.0+30.0.6-fpm coop-cloud:11.2.0+30.0.6-fpm coop-cloud:11.1.0+30.0.6-fpm coop-cloud:11.0.1+30.0.4-fpm coop-cloud:11.0.0+30.0.4-fpm coop-cloud:10.0.0+30.0.4-fpm coop-cloud:9.2.0+29.0.8-fpm coop-cloud:6.0.11+28.0.10-fpm coop-cloud:6.0.10+28.0.10-fpm coop-cloud:6.0.9+28.0.10-fpm coop-cloud:9.1.2+29.0.5-fpm coop-cloud:6.0.8+28.0.5-fpm coop-cloud:6.0.7+28.0.5-fpm coop-cloud:9.1.0+29.0.5-fpm coop-cloud:9.0.0+29.0.5-fpm coop-cloud:6.0.6+28.0.5-fpm coop-cloud:8.0.1+29.0.3-fpm coop-cloud:8.0.0+29.0.1-fpm coop-cloud:7.0.3+29.0.1-fpm coop-cloud:6.0.5+28.0.5-fpm coop-cloud:7.0.2+29.0.1-fpm coop-cloud:7.0.1+29.0.1-fpm coop-cloud:7.0.0+29.0.0-fpm coop-cloud:6.0.4+28.0.5-fpm coop-cloud:6.0.3+28.0.5-fpm coop-cloud:6.0.2+28.0.5-fpm coop-cloud:5.0.3+27.0.1-fpm coop-cloud:6.0.1+28.0.2-fpm coop-cloud:6.0.0+28.0.1-fpm coop-cloud:5.2.0+27.1.5-fpm coop-cloud:5.1.1+27.1.5-fpm coop-cloud:5.1.0+27.1.3-fpm coop-cloud:5.0.2+27.0.1-fpm coop-cloud:5.0.1+27.0.1-fpm coop-cloud:5.0.0+27.0.0-fpm coop-cloud:4.0.7+26.0.2-fpm coop-cloud:4.0.6+26.0.2-fpm coop-cloud:4.0.5+26.0.2-fpm coop-cloud:4.0.4+26.0.2-fpm coop-cloud:4.0.3+26.0.2-fpm coop-cloud:4.0.2+26.0.2-fpm coop-cloud:4.0.1+26.0.1-fpm coop-cloud:4.0.0+26.0.1-fpm coop-cloud:3.3.2+25.0.6-fpm coop-cloud:3.3.1+25.0.5-fpm coop-cloud:3.3.0+25.0.5-fpm coop-cloud:3.2.0+25.0.4-fpm coop-cloud:3.1.2+25.0.4-fpm coop-cloud:3.1.1+25.0.1-fpm coop-cloud:3.1.0+25.0.1-fpm coop-cloud:3.0.1+25.0.1-fpm coop-cloud:3.0.0+25.0.1-fpm coop-cloud:2.1.4+24.0.6-fpm coop-cloud:2.1.3+24.0.5-fpm coop-cloud:2.1.2+24.0.3-fpm coop-cloud:2.1.1+24.0.2-fpm coop-cloud:2.1.0+24.0.0-fpm coop-cloud:2.0.0+23.0.4-fpm coop-cloud:1.0.0+23.0.1-fpm
..
compare: MIR:embed_nextcloud_in_iframe
Branches Tags
MIR:main MIR:kc_stable MIR:nextcloud-v28 MIR:add-theming-v28.0.5 MIR:add-theming MIR:update-nginx-conf MIR:split-bbb-onlyoffice-compos MIR:split-onlyoffice-bbb-config MIR:authentik_sso MIR:healthchecks MIR:occ_cmds MIR:auto_app_install MIR:embed_nextcloud_in_iframe MIR:auto_configure_sso MIR:add-postgres-db coop-cloud:main coop-cloud:kc_stable coop-cloud:nextcloud-v28 coop-cloud:add-theming-v28.0.5 coop-cloud:add-theming coop-cloud:update-nginx-conf coop-cloud:split-bbb-onlyoffice-compos coop-cloud:split-onlyoffice-bbb-config coop-cloud:authentik_sso coop-cloud:healthchecks coop-cloud:occ_cmds coop-cloud:auto_app_install coop-cloud:embed_nextcloud_in_iframe coop-cloud:auto_configure_sso coop-cloud:add-postgres-db
MIR:11.0.0+30.0.4-fpm MIR:10.0.0+30.0.4-fpm MIR:9.2.0+29.0.8-fpm MIR:6.0.11+28.0.10-fpm MIR:6.0.10+28.0.10-fpm MIR:6.0.9+28.0.10-fpm MIR:9.1.2+29.0.5-fpm MIR:6.0.8+28.0.5-fpm MIR:6.0.7+28.0.5-fpm MIR:9.1.0+29.0.5-fpm MIR:9.0.0+29.0.5-fpm MIR:6.0.6+28.0.5-fpm MIR:8.0.1+29.0.3-fpm MIR:8.0.0+29.0.1-fpm MIR:7.0.3+29.0.1-fpm MIR:6.0.5+28.0.5-fpm MIR:7.0.2+29.0.1-fpm MIR:7.0.1+29.0.1-fpm MIR:7.0.0+29.0.0-fpm MIR:6.0.4+28.0.5-fpm MIR:6.0.3+28.0.5-fpm MIR:6.0.2+28.0.5-fpm MIR:5.0.3+27.0.1-fpm MIR:6.0.1+28.0.2-fpm MIR:6.0.0+28.0.1-fpm MIR:5.2.0+27.1.5-fpm MIR:5.1.1+27.1.5-fpm MIR:5.1.0+27.1.3-fpm MIR:5.0.2+27.0.1-fpm MIR:5.0.1+27.0.1-fpm MIR:5.0.0+27.0.0-fpm MIR:4.0.7+26.0.2-fpm MIR:4.0.6+26.0.2-fpm MIR:4.0.5+26.0.2-fpm MIR:4.0.4+26.0.2-fpm MIR:4.0.3+26.0.2-fpm MIR:4.0.2+26.0.2-fpm MIR:4.0.1+26.0.1-fpm MIR:4.0.0+26.0.1-fpm MIR:3.3.2+25.0.6-fpm MIR:3.3.1+25.0.5-fpm MIR:3.3.0+25.0.5-fpm MIR:3.2.0+25.0.4-fpm MIR:3.1.2+25.0.4-fpm MIR:3.1.1+25.0.1-fpm MIR:3.1.0+25.0.1-fpm MIR:3.0.1+25.0.1-fpm MIR:3.0.0+25.0.1-fpm MIR:2.1.4+24.0.6-fpm MIR:2.1.3+24.0.5-fpm MIR:2.1.2+24.0.3-fpm MIR:2.1.1+24.0.2-fpm MIR:2.1.0+24.0.0-fpm MIR:2.0.0+23.0.4-fpm MIR:1.0.0+23.0.1-fpm coop-cloud:11.4.0+30.0.6-fpm coop-cloud:11.3.0+30.0.6-fpm coop-cloud:11.2.0+30.0.6-fpm coop-cloud:11.1.0+30.0.6-fpm coop-cloud:11.0.1+30.0.4-fpm coop-cloud:11.0.0+30.0.4-fpm coop-cloud:10.0.0+30.0.4-fpm coop-cloud:9.2.0+29.0.8-fpm coop-cloud:6.0.11+28.0.10-fpm coop-cloud:6.0.10+28.0.10-fpm coop-cloud:6.0.9+28.0.10-fpm coop-cloud:9.1.2+29.0.5-fpm coop-cloud:6.0.8+28.0.5-fpm coop-cloud:6.0.7+28.0.5-fpm coop-cloud:9.1.0+29.0.5-fpm coop-cloud:9.0.0+29.0.5-fpm coop-cloud:6.0.6+28.0.5-fpm coop-cloud:8.0.1+29.0.3-fpm coop-cloud:8.0.0+29.0.1-fpm coop-cloud:7.0.3+29.0.1-fpm coop-cloud:6.0.5+28.0.5-fpm coop-cloud:7.0.2+29.0.1-fpm coop-cloud:7.0.1+29.0.1-fpm coop-cloud:7.0.0+29.0.0-fpm coop-cloud:6.0.4+28.0.5-fpm coop-cloud:6.0.3+28.0.5-fpm coop-cloud:6.0.2+28.0.5-fpm coop-cloud:5.0.3+27.0.1-fpm coop-cloud:6.0.1+28.0.2-fpm coop-cloud:6.0.0+28.0.1-fpm coop-cloud:5.2.0+27.1.5-fpm coop-cloud:5.1.1+27.1.5-fpm coop-cloud:5.1.0+27.1.3-fpm coop-cloud:5.0.2+27.0.1-fpm coop-cloud:5.0.1+27.0.1-fpm coop-cloud:5.0.0+27.0.0-fpm coop-cloud:4.0.7+26.0.2-fpm coop-cloud:4.0.6+26.0.2-fpm coop-cloud:4.0.5+26.0.2-fpm coop-cloud:4.0.4+26.0.2-fpm coop-cloud:4.0.3+26.0.2-fpm coop-cloud:4.0.2+26.0.2-fpm coop-cloud:4.0.1+26.0.1-fpm coop-cloud:4.0.0+26.0.1-fpm coop-cloud:3.3.2+25.0.6-fpm coop-cloud:3.3.1+25.0.5-fpm coop-cloud:3.3.0+25.0.5-fpm coop-cloud:3.2.0+25.0.4-fpm coop-cloud:3.1.2+25.0.4-fpm coop-cloud:3.1.1+25.0.1-fpm coop-cloud:3.1.0+25.0.1-fpm coop-cloud:3.0.1+25.0.1-fpm coop-cloud:3.0.0+25.0.1-fpm coop-cloud:2.1.4+24.0.6-fpm coop-cloud:2.1.3+24.0.5-fpm coop-cloud:2.1.2+24.0.3-fpm coop-cloud:2.1.1+24.0.2-fpm coop-cloud:2.1.0+24.0.0-fpm coop-cloud:2.0.0+23.0.4-fpm coop-cloud:1.0.0+23.0.1-fpm

1 Commits
authentik_ ... embed_next

Author SHA1 Message Date
Philipp Rothmann
e8a8f636d0 add headers to embed nextcloud in frame on external site 
This introduces new env variables to configure nextloud to be embedded via
iframe on an external site.
Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to
set X-Frame-Options and CSP headers to allow the domain configured in
X_FRAME_OPTIONS_ALLOW_FROM.
 2022-08-31 15:40:18 +02:00
15 changed files with 120 additions and 369 deletions
Expand all files Collapse all files

10
.drone.yml
View File

@ -3,7 +3,7 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone name: deploy to swarm-test.autonomic.zone
steps: steps:
- name: deployment - name: deployment
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest image: decentral1se/stack-ssh-deploy:latest
settings: settings:
host: swarm-test.autonomic.zone host: swarm-test.autonomic.zone
stack: nextcloud stack: nextcloud
@ -11,22 +11,14 @@ steps:
purge: true purge: true
deploy_key: deploy_key:
from_secret: drone_ssh_swarm_test from_secret: drone_ssh_swarm_test
networks:
- proxy
environment: environment:
DOMAIN: nextcloud.swarm-test.autonomic.zone DOMAIN: nextcloud.swarm-test.autonomic.zone
STACK_NAME: nextcloud STACK_NAME: nextcloud
LETS_ENCRYPT_ENV: production LETS_ENCRYPT_ENV: production
ADMIN_USER: foobar ADMIN_USER: foobar
FPM_TUNE_VERSION: v1
NGINX_CONF_VERSION: v1
MY_CNF_VERSION: v1
ENTRYPOINT_VERSION: v1
SECRET_DB_PASSWORD_VERSION: v1 SECRET_DB_PASSWORD_VERSION: v1
SECRET_DB_ROOT_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1
SECRET_ADMIN_PASSWORD_VERSION: v1 SECRET_ADMIN_PASSWORD_VERSION: v1
SECRET_ONLYOFFICE_JWT_VERSION: v1
SECRET_BBB_SECRET_VERSION: v1
EXTRA_VOLUME: "/dev/null:/tmp/.dummy" EXTRA_VOLUME: "/dev/null:/tmp/.dummy"
trigger: trigger:
branch: branch:

38
.env.sample
View File

@ -17,43 +17,5 @@ SECRET_ADMIN_PASSWORD_VERSION=v1
EXTRA_VOLUME=/dev/null:/tmp/.dummy EXTRA_VOLUME=/dev/null:/tmp/.dummy
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=131
FPM_START_SERVERS=32
FPM_MIN_SPARE_SERVERS=32
FPM_MAX_SPARE_SERVERS=98
DEFAULT_QUOTA="10 GB"
# X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ENABLED=1
# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
# SMTP_AUTHTYPE=
# SMTP_HOST=
# SMTP_SECURE=
# SMTP_NAME=
# SMTP_PORT=
# MAIL_FROM_ADDRESS=
# MAIL_DOMAIN=
# SECRET_SMTP_PASSWORD_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
# APPS="calendar sociallogin onlyoffice"
#
# ONLYOFFICE_URL=https://onlyoffice.example.com
# SECRET_ONLYOFFICE_JWT_VERSION=v1
#
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
#
# OCC_CMDS="app:disable dashboard"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
# AUTHENTIK_USER_PREFIX=authentik
# AUTHENTIK_DOMAIN=authentik.example.com
# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik

82
README.md
View File

@ -15,83 +15,29 @@ Fully automated luxury Nextcloud via docker-swarm.
* **SSO**: 1 (OAuth) * **SSO**: 1 (OAuth)
<!-- endmetadata --> <!-- endmetadata -->
## Quick start ## Basic usage
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
* `abra app new nextcloud` ## How do I customise the default home page when logging in?
* `abra app config <app-name>`
* `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>`
* `abra app secret generate -a <app-name>`
* `abra app deploy <app-name>`
### Onlyoffice Integration - Delete the dashboard app since it is so corporate
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
`abra app config <app-name>` - Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1
```
`abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>`
`abra app cmd <app-name> app install_onlyoffice`
### BBB Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1
```
`abra app secret insert <app-name> bbb_secret v1 <bbb_secret>`
`abra app cmd <app-name> app install_bbb`
### Authentik Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
```
`abra app cmd <app-name> app set_authentik`
### Disable Dashboard
Disable dashboard app since it is so corporate:
`abra app config <app-name>`
Configure the following envs:
```
OCC_CMDS="app:disable dashboard"
```
`abra app cmd <app-name> app post_install_occ`
## Running `occ` ## Running `occ`
`abra app cmd <app-name> app run_occ '"user:list --help"'` `abra app run --user www-data YOURAPPDOMAIN app occ user:list --help`
## Default user files
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
## Default App
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
## Upgrading Nextcloud apps ## Upgrading Nextcloud apps
`abra app cmd <app-name> app run_occ '"app:update --all"'` `abra app run --user www-data YOURAPPDOMAIN app occ app:update --all`
## How do I fix a Nextcloud version snafu? ## How do I fix a Nextcloud version snafu?

160
abra.sh
View File

@ -1,90 +1,106 @@
#!/bin/bash export FPM_TUNE_VERSION=v4
export NGINX_CONF_VERSION=v3
export FPM_TUNE_VERSION=v5
export NGINX_CONF_VERSION=v4
export MY_CNF_VERSION=v4 export MY_CNF_VERSION=v4
export ENTRYPOINT_VERSION=v3 export ENTRYPOINT_VERSION=v1
run_occ(){ NC_APP_DIR="app:/var/www/html"
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
sub_occ(){
# shellcheck disable=SC2034
abra__service_="app"
# shellcheck disable=SC2034
abra___user="www-data"
sub_app_run php /var/www/html/occ "$@"
} }
post_install_occ(){ _backup_app() {
IFS='|' read -ra CMD <<< "$OCC_CMDS" # Copied _abra_backup_dir to make UX better on restore and backup
for cmd in "${CMD[@]}"; do {
run_occ "$cmd" abra__src_="$1"
done abra__dst_="-"
}
# shellcheck disable=SC2154
FILENAME="$(basename "$1").tar"
debug "Copying '$1' to '$FILENAME'"
silence
mkdir -p /tmp/abra
sub_app_cp > /tmp/abra/$FILENAME
unsilence
} }
install_apps(){ next_maintenance_on() {
install_apps="$@" silence
if [ -z "$install_apps" ] sub_occ maintenance:mode --on > /dev/null
then unsilence
install_apps=$APPS debug "Nextcloud maintenance mode enabled"
fi
for app in $install_apps
do
run_occ "app:install $app"
done
} }
set_app_config(){ next_maintenance_off() {
APP=$1 silence
KEY=$2 sub_occ maintenance:mode --off > /dev/null
VALUE=$3 unsilence
run_occ "config:app:set $APP $KEY --value '$VALUE'" debug "Nextcloud maintenance mode disabled"
} }
install_bbb(){ abra_backup_app() {
install_apps bbb # shellcheck disable=SC2154
set_app_config bbb app.navigation true ARK_FILENAME="$ABRA_BACKUP_DIR/${abra__app_}_app_$(date +%F).tar.gz"
set_app_config bbb api.url "$BBB_URL" # Cant be FILENAME as that gets changed by something
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)" next_maintenance_on
_backup_app $NC_APP_DIR/config
_backup_app $NC_APP_DIR/data
_backup_app $NC_APP_DIR/themes
# Combine archives
tar -Af /tmp/abra/config.tar /tmp/abra/data.tar
tar -Af /tmp/abra/config.tar /tmp/abra/themes.tar
gzip /tmp/abra/config.tar -c > "$ARK_FILENAME"
rm /tmp/abra/*.tar
success "Backed up 'app' to $ARK_FILENAME"
next_maintenance_off
} }
install_onlyoffice(){ abra_backup_db() {
install_apps onlyoffice next_maintenance_on
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL" _abra_backup_mysql "db" "nextcloud"
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)" next_maintenance_off
set_app_config onlyoffice customizationForcesave true
} }
set_default_quota(){ abra_backup() {
set_app_config files default_quota '"$DEFAULT_QUOTA"' abra_backup_app && abra_backup_db
} }
set_authentik(){
install_apps sociallogin
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
set_app_config sociallogin custom_providers "
{
\"custom_oidc\":[
{
\"name\":\"$AUTHENTIK_USER_PREFIX\",
\"title\":\"authentik\",
\"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
\"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
\"displayNameClaim\":\"preferred_username\",
\"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
\"clientId\":\"$AUTHENTIK_ID\",
\"clientSecret\":\"$AUTHENTIK_SECRET\",
\"scope\":\"openid profile email nextcloud\",
\"groupsClaim\":\"nextcloud_groups\",
\"style\":\"openid\",
\"defaultGroup\":\"\",
\"groupMapping\": {
\"admin\": \"admin\"
}
}
]
}"
set_app_config sociallogin update_profile_on_login 1 abra_restore_app() {
set_app_config sociallogin auto_create_groups 1 next_maintenance_on
set_app_config sociallogin hide_default_login 1 # shellcheck disable=SC2034
run_occ 'config:system:set social_login_auto_redirect --value true' {
run_occ 'config:system:set allow_user_to_change_display_name --value=false' abra__src_="-"
run_occ 'config:system:set lost_password_link --value=disabled' abra__dst_=$NC_APP_DIR
}
zcat "$@" | sub_app_cp
next_maintenance_off
sub_occ files:scan --all > /dev/null # Needs to be run in normal mode
success "Restored 'app'"
} }
# abra_restore_db() {
# warning "Restoring the database is on a existing app and not a new one has not been tested. Use with caution."
# next_maintenance_on
# # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
# # got this far..
# # shellcheck disable=SC2034
# abra___no_tty="true"
# DB_PASSWORD=$(sub_app_run cat /run/secrets/db_password)
# zcat "$@" | sub_app_run mysql -u root -p"$DB_PASSWORD" wordpress
# success "Restored 'db'"
# next_maintenance_off
# }

18
compose.apps.yml
View File

@ -1,18 +0,0 @@
version: "3.8"
services:
app:
secrets:
- onlyoffice_jwt
- bbb_secret
environment:
- APPS
- ONLYOFFICE_URL
- BBB_URL
secrets:
onlyoffice_jwt:
external: true
name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION}
bbb_secret:
external: true
name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION}

14
compose.authentik.yml
View File

@ -1,14 +0,0 @@
version: "3.8"
services:
app:
secrets:
- authentik_secret
- authentik_id
secrets:
authentik_secret:
external: true
name: ${AUTHENTIK_SECRET_NAME}
authentik_id:
external: true
name: ${AUTHENTIK_ID_NAME}

6
compose.mariadb.yml
View File

@ -31,12 +31,6 @@ services:
backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql' backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
backupbot.backup.post-hook: "rm -rf /tmp/backup" backupbot.backup.post-hook: "rm -rf /tmp/backup"
backupbot.backup.path: "/tmp/backup/" backupbot.backup.path: "/tmp/backup/"
healthcheck:
test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping']
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
configs: configs:
my_tune: my_tune:
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION} name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}

1
compose.postgres.yml
View File

@ -2,6 +2,7 @@ version: '3.8'
services: services:
app: app:
entrypoint: "sh -c 'sleep 10 && /entrypoint.sh php-fpm'" # tries to mitigate this error with postgres https://github.com/nextcloud/docker/issues/1204
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud - POSTGRES_DB=nextcloud

19
compose.smtp.yml
View File

@ -1,19 +0,0 @@
version: "3.8"
services:
app:
secrets:
- smtp_password
environment:
- SMTP_AUTHTYPE
- SMTP_HOST
- SMTP_SECURE
- SMTP_NAME
- SMTP_PORT
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
secrets:
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

41
compose.yml
View File

@ -1,7 +1,7 @@
version: "3.8" version: "3.8"
services: services:
web: web:
image: nginx:1.23.3 image: nginx:1.23.1
configs: configs:
- source: nginx_conf - source: nginx_conf
target: /etc/nginx/nginx.conf target: /etc/nginx/nginx.conf
@ -33,15 +33,9 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
healthcheck:
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
app: app:
image: nextcloud:25.0.4-fpm image: nextcloud:24.0.3-fpm
depends_on: depends_on:
- db - db
configs: configs:
@ -55,8 +49,6 @@ services:
- db_password - db_password
- admin_password - admin_password
environment: environment:
- APPS
- OCC_CMDS
- X_FRAME_OPTIONS_ALLOW_FROM - X_FRAME_OPTIONS_ALLOW_FROM
- X_FRAME_OPTIONS_ENABLED - X_FRAME_OPTIONS_ENABLED
- DOMAIN - DOMAIN
@ -66,13 +58,12 @@ services:
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
- TRUSTED_PROXIES=traefik - TRUSTED_PROXIES=traefik
- REDIS_HOST=cache - REDIS_HOST=cache
- SMTP_HOST
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
- SMTP_AUTHTYPE=PLAIN
- OVERWRITEPROTOCOL=https - OVERWRITEPROTOCOL=https
- PHP_MEMORY_LIMIT=1G - PHP_MEMORY_LIMIT=1G
- FPM_MAX_CHILDREN=131
- FPM_START_SERVERS=32
- FPM_MIN_SPARE_SERVERS=32
- FPM_MAX_SPARE_SERVERS=98
- DEFAULT_QUOTA
volumes: volumes:
- nextcloud:/var/www/html/ - nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached - nextapps:/var/www/html/custom_apps:cached
@ -86,18 +77,12 @@ services:
failure_action: rollback failure_action: rollback
order: start-first order: start-first
labels: labels:
- "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm" - "coop-cloud.${STACK_NAME}.version=2.1.2+24.0.3-fpm"
- "backupbot.backup=true" - "backupbot.backup=true"
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
healthcheck:
test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
cron: cron:
image: nextcloud:25.0.4-fpm image: nextcloud:24.0.3-fpm
volumes: volumes:
- nextcloud:/var/www/html/ - nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached - nextapps:/var/www/html/custom_apps:cached
@ -109,16 +94,11 @@ services:
entrypoint: /cron.sh entrypoint: /cron.sh
cache: cache:
image: redis:7.0.9-alpine image: redis:7.0.4-alpine
networks: networks:
- internal - internal
volumes: volumes:
- "redis:/data" - "redis:/data"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 3s
timeout: 5s
retries: 20
secrets: secrets:
db_root_password: db_root_password:
@ -126,7 +106,7 @@ secrets:
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password: db_password:
external: true external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
admin_password: admin_password:
external: true external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
@ -147,7 +127,6 @@ configs:
fpm_tune: fpm_tune:
name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION} name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
file: fpm-tune.ini file: fpm-tune.ini
template_driver: golang
entrypoint: entrypoint:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: entrypoint.sh.tmpl file: entrypoint.sh.tmpl

32
entrypoint.sh.tmpl
View File

@ -1,41 +1,9 @@
#!/bin/bash #!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "SMTP_PASSWORD"
echo "Giving the db container some time to come up"; sleep 20
# see this issue with postgres db https://github.com/nextcloud/docker/issues/1204
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }} {{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Http/ContentSecurityPolicy.php) ]]; then if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Http/ContentSecurityPolicy.php) ]]; then
sed -i "91 a\\\t\t'{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}', " lib/public/AppFramework/Http/ContentSecurityPolicy.php sed -i "91 a\\\t\t'{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}', " lib/public/AppFramework/Http/ContentSecurityPolicy.php
fi fi
{{ end }} {{ end }}
# Required for healthcheck
which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
/entrypoint.sh php-fpm /entrypoint.sh php-fpm

8
fpm-tune.ini
View File

@ -1,5 +1,5 @@
pm = dynamic pm = dynamic
pm.max_children = {{ env "FPM_MAX_CHILDREN" }} pm.max_children = 131
pm.start_servers = {{ env "FPM_START_SERVERS" }} pm.start_servers = 32
pm.min_spare_servers = {{ env "FPM_MIN_SPARE_SERVERS" }} pm.min_spare_servers = 32
pm.max_spare_servers = {{ env "FPM_MAX_SPARE_SERVERS" }} pm.max_spare_servers = 98

3
nginx.conf.tmpl
View File

@ -67,7 +67,8 @@ http {
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }} {{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}"; add_header X-Frame-Options "{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}" always;
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}";
{{ else }} {{ else }}
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
{{ end }} {{ end }}

57
release/3.1.0+25.0.1-fpm
View File

@ -1,57 +0,0 @@
## FPM Tune
The fpm-tune.ini settings are now configurable by `.env`. Please add this to your servers configs:
```
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=131
FPM_START_SERVERS=32
FPM_MIN_SPARE_SERVERS=32
FPM_MAX_SPARE_SERVERS=98
```
## SMTP
Add SMTP Config to your .env file:
```
# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
# SMTP_AUTHTYPE=
# SMTP_HOST=
# SMTP_SECURE=
# SMTP_NAME=
# SMTP_PORT=
# MAIL_FROM_ADDRESS=
# MAIL_DOMAIN=
# SECRET_SMTP_PASSWORD_VERSION=v1
abra app secret insert example.com smtp_password v1 example_password
```
## Post Deploy Commands
Some Apps can also be managed with abra app cmd!
```
# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
# APPS="calendar sociallogin onlyoffice"
abra app cmd example.com app install_apps
# ONLYOFFICE_URL=https://onlyoffice.example.com
# SECRET_ONLYOFFICE_JWT_VERSION=v1
abra app secret insert example.com onlyoffice_jwt v1 example_password
abra app cmd example.com app install_onlyoffice
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
abra app secret insert example.com bbb_secret v1 example_password
abra app cmd example.com app install_bbb
```
## Set Quota
```
# DEFAULT_QUOTA="10 GB"
abra app cmd example.com app set_default_quota
```

0
release/2.0.0+23.0.3-fpm → releases/2.0.0+23.0.3-fpm
View File