chore: publish 11.4.0+30.0.6-fpm release

Reviewed-on: coop-cloud/nextcloud#48
Reviewed-by: moritz <moritz@noreply.git.coopcloud.tech>

.drone.yml

@@ -45,7 +45,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -65,6 +65,10 @@ DEFAULT_QUOTA="10 GB"
 # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
 # SECRET_BBB_SECRET_VERSION=v1
 
+# COMPOSE_FILE="$COMPOSE_FILE:compose.whiteboard.yml"
+# APPS="$APPS whiteboard"
+# SECRET_WHITEBOARD_JWT_VERSION=v1
+
 # COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
 # APPS="$APPS sociallogin"
 # AUTHENTIK_USER_PREFIX=authentik
@@ -77,3 +81,9 @@ DEFAULT_QUOTA="10 GB"
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
 #SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
+
+# HSTS Options
+# Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
+#HSTS_ENABLED=1
+# Uncomment this line to add the `preload` part
+#HSTS_PRELOAD=1

README.md

@@ -286,3 +286,11 @@ And you can populate the index manually and check if any errors occur:
 ```
 abra app cmd <domain> app run_occ '"fulltextsearch:index"'
 ```
+
+### Troubleshooting fulltextsearch
+
+The fulltextsearch plugin might be stuck with this error: "Index is already running". In that case the following command can get things runing again:
+
+```
+abra app run <domain> db /bin/sh -- -c 'echo "delete from oc_fulltextsearch_ticks;" | mariadb -u root -p$(cat /run/secrets/db_root_password) nextcloud'
+```

abra.sh

@@ -1,9 +1,10 @@
 #!/bin/bash
 
 export FPM_TUNE_VERSION=v5
-export NGINX_CONF_VERSION=v7
+export NGINX_CONF_VERSION=v8
 export MY_CNF_VERSION=v5
 export ENTRYPOINT_VERSION=v3
+export ENTRYPOINT_WHITEBOARD_VERSION=v1
 export CRONTAB_VERSION=v1
 export PG_BACKUP_VERSION=v2
 
@@ -93,6 +94,13 @@ install_collabora() {
     set_app_config richdocuments wopi_url "$COLLABORA_URL"
 }
 
+install_whiteboard() {
+    install_apps whiteboard
+    set_app_config whiteboard collabBackendUrl "https://${DOMAIN}/whiteboard"
+    set_app_config whiteboard jwt_secret_key "$(cat /run/secrets/whiteboard_jwt)"
+}
+
+
 install_fulltextsearch() {
     install_apps fulltextsearch
     install_apps fulltextsearch_elasticsearch

compose.fulltextsearch.yml

@@ -2,7 +2,7 @@ version: "3.8"
 
 services:
   elasticsearch:
-    image: "docker.elastic.co/elasticsearch/elasticsearch:8.17.0"
+    image: "docker.elastic.co/elasticsearch/elasticsearch:8.17.2"
     environment:
       - cluster.name=docker-cluster
       - bootstrap.memory_lock=true
@@ -29,7 +29,7 @@ services:
         mode: 0600
 
   searchindexer:
-    image: nextcloud:30.0.4-fpm
+    image: nextcloud:30.0.6-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached

compose.mariadb.yml

@@ -28,9 +28,9 @@ services:
       - internal
     deploy:
       labels:
-        backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
+        backupbot.backup.pre-hook: 'mariadb-dump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
         backupbot.backup.volumes.mariadb.path: "backup.sql"
-        backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
+        backupbot.restore.post-hook: 'mariadb -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
     healthcheck:
       test: ["CMD-SHELL", 'mariadb-admin -p"$$(cat /run/secrets/db_root_password)"  ping']
       interval: 30s

compose.whiteboard.yml

@@ -0,0 +1,44 @@
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - whiteboard_jwt
+
+  whiteboard:
+    image: ghcr.io/nextcloud-releases/whiteboard:v1.0.5
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=proxy
+        - traefik.http.services.${STACK_NAME}_whiteboard.loadbalancer.server.port=3002
+        - traefik.http.routers.${STACK_NAME}_whiteboard.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && PathPrefix(`/whiteboard`)
+        - traefik.http.routers.${STACK_NAME}_whiteboard.entrypoints=web-secure
+        - traefik.http.routers.${STACK_NAME}_whiteboard.tls.certresolver=${LETS_ENCRYPT_ENV}
+        - traefik.http.middlewares.${STACK_NAME}_whiteboard-stripprefix.stripprefix.prefixes=/whiteboard
+        - traefik.http.routers.${STACK_NAME}_whiteboard.middlewares=${STACK_NAME}_whiteboard-stripprefix
+    configs:
+      - source: entrypoint_whiteboard
+        target: /custom-entrypoint.sh
+    entrypoint: ["sh", "/custom-entrypoint.sh"]
+    user: root
+    networks:
+     - proxy
+    ports:
+      - 3002:3002
+    secrets:
+      - whiteboard_jwt
+    environment:
+      - NEXTCLOUD_URL=https://$DOMAIN
+      - JWT_SECRET_KEY_FILE=/run/secrets/whiteboard_jwt
+
+secrets:
+  whiteboard_jwt:
+    external: true
+    name: ${STACK_NAME}_whiteboard_jwt_${SECRET_WHITEBOARD_JWT_VERSION}
+
+configs:
+  entrypoint_whiteboard:
+    name: ${STACK_NAME}_entrypoint_whiteboard_${ENTRYPOINT_WHITEBOARD_VERSION}
+    file: entrypoint.whiteboard.sh.tmpl
+    template_driver: golang

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   web:
-    image: nginx:1.27.2
+    image: nginx:1.27.4
     depends_on:
       - app
     configs:
@@ -12,6 +12,8 @@ services:
       - X_FRAME_OPTIONS_ENABLED
       - DOMAIN
       - STACK_NAME
+      - HSTS_ENABLED
+      - HSTS_PRELOAD
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -46,7 +48,7 @@ services:
       start_period: 5m
 
   app:
-    image: nextcloud:30.0.4-fpm
+    image: nextcloud:30.0.6-fpm
     depends_on:
       - db
     configs:
@@ -91,7 +93,7 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.version=11.0.0+30.0.4-fpm"
+        - "coop-cloud.${STACK_NAME}.version=11.4.0+30.0.6-fpm"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
         - "backupbot.backup.volumes.redis=false"
@@ -105,7 +107,7 @@ services:
       start_period: 15m
 
   cron:
-    image: nextcloud:30.0.4-fpm
+    image: nextcloud:30.0.6-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -121,7 +123,7 @@ services:
 
 
   cache:
-    image: redis:7.4.1-alpine
+    image: redis:7.4.2-alpine
     networks:
       - internal
     volumes:

entrypoint.whiteboard.sh.tmpl

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+export JWT_SECRET_KEY=$(cat /run/secrets/whiteboard_jwt)
+
+exec npm run server:start

nginx.conf.tmpl

@@ -45,6 +45,13 @@ http {
         # could take several months.
         #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
 
+        {{ if eq (env "HSTS_ENABLED") "1" }}
+        {{ if eq (env "HSTS_PRELOAD") "1" }}
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        {{ else }}
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
+        {{ end }}
+        {{ end }}
 
         # set max upload size
         client_max_body_size 512M;