migrate baserow to laylotta

This includes backupbot support, which we were struggling with.
Yay!

.gitignore

@@ -0,0 +1 @@
+*~

auth.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=authentik
+TYPE=authentik:7.4.0+2025.6.3
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
 POST_DEPLOY_CMDS="worker set_admin_pass"
@@ -27,18 +27,18 @@ AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
 ## EMAIL
 AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
 AUTHENTIK_EMAIL__PORT=587
-AUTHENTIK_EMAIL__USERNAME="ammar@ammaratef45.ddns.net"
+AUTHENTIK_EMAIL__USERNAME="besties@resisttechmonopolies.online"
 AUTHENTIK_EMAIL__USE_TLS=true
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
-AUTHENTIK_EMAIL__FROM=ammar@ammaratef45.ddns.net
+AUTHENTIK_EMAIL__FROM=besties@resisttechmonopolies.online
 
 ## Secret Versions
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_TOKEN_VERSION=v1
 SECRET_ADMIN_PASS_VERSION=v1
-SECRET_EMAIL_PASS_VERSION=v1
+SECRET_EMAIL_PASS_VERSION=v2
 
 # X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
 
@@ -127,4 +127,4 @@ APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
 
 # APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
 # APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
-# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"
+# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"

loomio.resisttechmonopolies.online.env

@@ -0,0 +1,107 @@
+TYPE=loomio:5.1.2+v3.0.0
+COMPOSE_FILE="compose.yml"
+
+DOMAIN=loomio.resisttechmonopolies.online
+## Domain aliases
+#EXTRA_DOMAINS=', `www.loomio.resisttechmonopolies.online`'
+LETS_ENCRYPT_ENV=production
+
+# mail setup
+COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+SUPPORT_EMAIL=besties@resisttechmonopolies.online
+SMTP_AUTH=plain
+SMTP_DOMAIN=smtp.protonmail.ch
+SMTP_SERVER=smtp.protonmail.ch
+SMTP_PORT=587
+SMTP_USERNAME=besties@resisttechmonopolies.online
+# SMTP_USE_SSL=1
+# to disable SSL comment out line rather than changing to 0
+SECRET_SMTP_PASSWORD_VERSION=v2
+
+
+# From field for notification e-mails
+NOTIFICATIONS_EMAIL_ADDRESS=besties@resisttechmonopolies.online
+
+# reply-to in email notifications
+REPLY_HOSTNAME=$DOMAIN
+
+RAILS_ENV=production
+
+# Number of webserver processes and threads
+# threads are per worker. See https://github.com/puma/puma
+PUMA_WORKERS=2
+MIN_THREADS=12
+MAX_THREADS=12
+
+# Force all connections to be https
+FORCE_SSL=1
+
+# Enable rate limiting on group creation, other POST actions
+USE_RACK_ATTACK=1
+
+SECRET_DEVISE_SECRET_VERSION=v1 #length=64
+SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
+SECRET_DB_PASSWORD_VERSION=v1
+
+# Send catch up email (missed yesterday) weekly
+# EMAIL_CATCH_UP_WEEKLY=1
+
+# TODO 3wc: settings from here on aren't yet included in compose.yml
+
+# subscribe on participation default for new users
+# uncomment this to change "subscribe on participation" to be false for new users
+# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
+
+# Uncomment these to disable features
+# FEATURES_DISABLE_CREATE_USER=1     # users must be invited
+# FEATURES_DISABLE_CREATE_GROUP=1    # users cannot create groups
+# FEATURES_DISABLE_PUBLIC_GROUPS=1   # disable /explore
+# FEATURES_DISABLE_HELP_LINK=1       # disable the help link
+# MAX_PENDING_INVITATIONS=100        # maximum unaccepted invitations a group have have
+
+# Enable search engines to index public content
+# ALLOW_ROBOTS=1
+
+# Uncomment to enable SAML SSO
+# SAML_APP_KEY=1 # just a flag, keep value as 1
+# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
+#
+# Disable login via email (usually when you have enabled SSO of some kind)
+# FEATURES_DISABLE_EMAIL_LOGIN=1
+
+# oauth providers, to let your users login using external accounts
+# FACEBOOK_APP_KEY=REPLACE
+# FACEBOOK_APP_SECRET=REPLACE
+# TWITTER_APP_KEY=REPLACE
+# TWITTER_APP_SECRET=REPLACE
+# GOOGLE_APP_KEY=REPLACE
+# GOOGLE_APP_SECRET=REPLACE
+# SLACK_APP_KEY
+# SLACK_APP_SECRET
+
+# Theme images
+# images should be a multiple of 32px tall.
+# THEME_ICON_SRC=/files/icon.png
+# THEME_APP_LOGO_SRC=/files/logo.svg
+# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
+# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
+
+# used in emails. use rgb or hsl values, not hex
+# THEME_PRIMARY_COLOR=rgb(255,167,38)
+# THEME_ACCENT_COLOR=rgb(0,188,212)
+# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
+# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
+
+# env variables needed to enable OAuth2 authentication  
+COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
+OAUTH_ENABLED=1
+OAUTH_AUTH_URL="https://auth.resisttechmonopolies.online/application/o/authorize/"
+OAUTH_TOKEN_URL="https://auth.resisttechmonopolies.online/application/o/token/"
+OAUTH_PROFILE_URL="https://auth.resisttechmonopolies.online/application/o/userinfo/"
+OAUTH_SCOPE="openid email profile"
+OAUTH_APP_KEY="xNSKMmqA47TSgr7qKgzISV03reTnEmpqc0DZWmCa"
+OAUTH_ATTR_UID=email
+OAUTH_ATTR_NAME=name
+OAUTH_ATTR_EMAIL=email
+OAUTH_LOGIN_PROVIDER_NAME="loomio SSO"
+SECRET_OAUTH_APP_SECRET_VERSION=v2

nextcloud.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=nextcloud
+TYPE=nextcloud:12.0.1+31.0.6-fpm
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true
@@ -77,3 +77,8 @@ OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
 #SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
+
+# This will change the nginx configuration to add the header Strict-Transport-Security.
+# You can read more about it here: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
+# And you can check out the changes made to the recipe to allow for this here: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/48
+HSTS_ENABLED=1

nextcloud.resisttechmonopolies.online.occ

@@ -0,0 +1,21 @@
+#!/bin/bash
+# This is a script to run after a clean installation to restore all settings done over time.
+# The script is not supposed to be needed since a fresh installation is unlikely (even if migrating,
+#  a backup will be used and should maintain it's configs).
+# This script is more of a living documentation of configuration and what commands has been used to set them.
+
+# See: https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set maintenance_window_start --type=integer --value=1'"
+
+# The paragraph below shows as a warning to an admin user sometimes.
+# "One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types.
+# Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades.
+# Use the command `occ maintenance:repair --include-expensive` to perform the migrations."
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'maintenance:repair --include-expensive'"
+
+# Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them.
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'db:add-missing-indices'"
+
+#     Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
+# Solution found at: https://help.nextcloud.com/t/your-installation-has-no-default-phone-region-set/153632/3
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set default_phone_region --value=\"us\"'"

resisttechmonopolies.online.env

@@ -1,8 +1,10 @@
-TYPE=rtm-astro-recipe:02a95e68
+TYPE=rtm-astro-recipe:6e6418f
 
 DOMAIN=resisttechmonopolies.online
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
 
-LETS_ENCRYPT_ENV=production
+LETS_ENCRYPT_ENV=production
+
+VERSION=0.0.7

shlink.resisttechmonopolies.online.env

@@ -1,8 +1,8 @@
-TYPE=shlink
+TYPE=shlink:4fd9eb8b+U
 
 DOMAIN=shlink.resisttechmonopolies.online
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.shlink.resisttechmonopolies.online`'
 
-LETS_ENCRYPT_ENV=production
+LETS_ENCRYPT_ENV=production