add shellscript

This PR moves the db service into two override files `compose.mariadb.yml` and `compose.postgres.yml`.

Existing installations need to add:
```
COMPOSE_FILE="compose.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
```
to their .env file to ensure mariadb is still used.

Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de>
Reviewed-on: #26

.env.sample

@@ -5,6 +5,10 @@ DOMAIN=nextcloud.example.com
 #EXTRA_DOMAINS=', `www.nextcloud.example.com`'
 LETS_ENCRYPT_ENV=production
 
+COMPOSE_FILE="compose.yml"
+COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
+
 ADMIN_USER=admin
 
 SECRET_DB_ROOT_PASSWORD_VERSION=v1

compose.mariadb.yml

@@ -0,0 +1,40 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - MYSQL_HOST=db
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+
+  db:
+    image: "mariadb:10.5"
+    environment:
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    configs:
+      - source: my_tune
+        target: /etc/mysql/conf.d/my-tune.cnf
+    secrets:
+      - db_root_password
+      - db_password
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - internal
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"
+configs:
+  my_tune:
+    name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
+    file: my-tune.cnf
+
+volumes:
+  mariadb:

compose.postgres.yml

@@ -0,0 +1,38 @@
+version: '3.8'
+
+services:
+  app:
+    entrypoint: "sh -c 'sleep 10 && /entrypoint.sh php-fpm'" # tries to mitigate this error with postgres https://github.com/nextcloud/docker/issues/1204
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - NEXTCLOUD_UPDATE=1
+
+  db:
+    image: "postgres:12"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    networks:
+      - internal
+    environment:
+      POSTGRES_USER: nextcloud 
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+      POSTGRES_DB: nextcloud 
+    secrets:
+      - db_password
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    deploy:
+      labels:
+            backupbot.backup: "true"
+            backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+            backupbot.backup.post-hook: "rm -rf /tmp/backup"
+            backupbot.backup.path: "/tmp/backup/"
+
+volumes:
+  postgres:

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   web:
-    image: nginx:1.20.0
+    image: nginx:1.21.6
     configs:
       - source: nginx_conf
         target: /etc/nginx/nginx.conf
@@ -33,7 +33,7 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
 
   app:
-    image: nextcloud:23.0.1-fpm
+    image: nextcloud:24.0.0-fpm
     depends_on:
       - db
     configs:
@@ -45,10 +45,6 @@ services:
     environment:
       - DOMAIN
       - STACK_NAME
-      - MYSQL_HOST=db
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
       - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
       - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
       - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
@@ -73,28 +69,13 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.version=1.0.0+23.0.1-fpm"
+        - "coop-cloud.${STACK_NAME}.version=2.1.0+24.0.0-fpm"
+        - "backupbot.backup=true"
+        - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
 
-  db:
-    image: "mariadb:10.5"
-    environment:
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-    configs:
-      - source: my_tune
-        target: /etc/mysql/conf.d/my-tune.cnf
-    secrets:
-      - db_root_password
-      - db_password
-    volumes:
-      - "mariadb:/var/lib/mysql"
-    networks:
-      - internal
 
   cron:
-    image: nextcloud:23.0.1-fpm
+    image: nextcloud:24.0.0-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -106,7 +87,7 @@ services:
     entrypoint: /cron.sh
 
   cache:
-    image: redis:6.2.5-alpine
+    image: redis:7.0.0-alpine
     networks:
       - internal
     volumes:
@@ -128,7 +109,6 @@ volumes:
   nextapps:
   nextdata:
   nextconfig:
-  mariadb:
   redis:
 
 configs:
@@ -139,9 +119,6 @@ configs:
   fpm_tune:
     name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
     file: fpm-tune.ini
-  my_tune:
-    name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
-    file: my-tune.cnf
 
 networks:
   proxy:

configure_nextcloud.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+set -eu
+
+app_name=$1
+domain=$2
+secret=$3
+
+sub_occ(){
+abra app run --user www-data $app_name app /var/www/html/occ "$@"
+}
+
+# Install apps
+sub_occ app:install calendar || true
+sub_occ app:install sociallogin || true
+sub_occ app:install onlyoffice || true
+
+# Disable Dashboard
+sub_occ app:disable dashboard || true
+
+# Configure SSO
+
+sub_occ config:app:set sociallogin custom_providers --value="
+{
+  \"custom_oidc\": [
+    {
+      \"name\": \"authentik\",
+      \"title\": \"Login\",
+      \"authorizeUrl\": \"https://$domain/application/o/authorize/\",
+      \"tokenUrl\": \"https://$domain/application/o/token/\",
+      \"displayNameClaim\": \"preferred_username\",
+      \"userInfoUrl\": \"https://$domain/application/o/userinfo/\",
+      \"logoutUrl\": \"https://$domain/application/o/nextcloud/end-session/\",
+      \"clientId\": \"nextcloud\",
+      \"clientSecret\": \"$secret\",
+      \"scope\": \"openid profile email nextcloud\",
+      \"groupsClaim\": \"nextcloud_groups\",
+      \"style\": \"openid\",
+      \"defaultGroup\": \"\",
+      \"groupMapping\": {
+        \"admin\": \"admin\"
+      }
+    }
+  ]
+}"
+
+sub_occ config:app:set sociallogin update_profile_on_login --value 1
+sub_occ config:app:set sociallogin auto_create_groups --value 1
+sub_occ config:app:set sociallogin hide_default_login --value 1
+
+sub_occ config:system:set allow_user_to_change_display_name --value=false
+sub_occ config:system:set lost_password_link --value=disabled
+sub_occ config:system:set social_login_auto_redirect --value=true
+
+abra app run --user www-data $app_name app cat config/config.php

releases/2.0.0+23.0.3-fpm

@@ -0,0 +1,6 @@
+2.0.0 introduces a minor nextcloud update to 23.0.4 and moves the database service to a seperate override.yml file to support different database types (mariadb / postgres). This might break your installation. Please add the following snippet to your config .env to ensure the right db is used:
+
+```
+COMPOSE_FILE="compose.yml"
+COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
+```