chore: publish 6.0.11+28.0.10-fpm release

.drone.yml

@@ -22,8 +22,6 @@ steps:
       NGINX_CONF_VERSION: v1
       MY_CNF_VERSION: v1
       ENTRYPOINT_VERSION: v1
-      CRONTAB_VERSION: v1
-      PG_BACKUP_VERSION: v2
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_DB_ROOT_PASSWORD_VERSION: v1
       SECRET_ADMIN_PASSWORD_VERSION: v1
@@ -45,7 +43,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -65,10 +65,6 @@ DEFAULT_QUOTA="10 GB"
 # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
 # SECRET_BBB_SECRET_VERSION=v1
 
-# COMPOSE_FILE="$COMPOSE_FILE:compose.whiteboard.yml"
-# APPS="$APPS whiteboard"
-# SECRET_WHITEBOARD_JWT_VERSION=v1
-
 # COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
 # APPS="$APPS sociallogin"
 # AUTHENTIK_USER_PREFIX=authentik
@@ -81,9 +77,3 @@ DEFAULT_QUOTA="10 GB"
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
 #SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
-
-# HSTS Options
-# Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
-#HSTS_ENABLED=1
-# Uncomment this line to add the `preload` part
-#HSTS_PRELOAD=1

README.md

@@ -87,12 +87,7 @@ OCC_CMDS="app:disable dashboard"
 
 - Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
 
-## Upgrading Nextcloud
-Upgrading Nextcloud can be a hair raising experiance. They [don't support downgrading](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/upgrade.html) even for minor versions.
-
-Many of us  have found that jumping major versions when upgrading is also a bad idea. We have however found that it's ok to skip minor version upgrades and go to the last minor version before a major version (e.g. 24.0.0 to 24.9.9 before going to 25.0.0). To extra cautious just upgrade one release at a time. Read the release notes and check your logs.
-
-## Upgrading Nextcloud apps (plug-ins)
+## Upgrading Nextcloud apps
 
 `abra app cmd <app-name> app run_occ '"app:update --all"'`
 
@@ -286,11 +281,3 @@ And you can populate the index manually and check if any errors occur:
 ```
 abra app cmd <domain> app run_occ '"fulltextsearch:index"'
 ```
-
-### Troubleshooting fulltextsearch
-
-The fulltextsearch plugin might be stuck with this error: "Index is already running". In that case the following command can get things runing again:
-
-```
-abra app run <domain> db /bin/sh -- -c 'echo "delete from oc_fulltextsearch_ticks;" | mariadb -u root -p$(cat /run/secrets/db_root_password) nextcloud'
-```

abra.sh

@@ -1,12 +1,11 @@
 #!/bin/bash
 
 export FPM_TUNE_VERSION=v5
-export NGINX_CONF_VERSION=v8
+export NGINX_CONF_VERSION=v7
 export MY_CNF_VERSION=v5
 export ENTRYPOINT_VERSION=v3
-export ENTRYPOINT_WHITEBOARD_VERSION=v1
 export CRONTAB_VERSION=v1
-export PG_BACKUP_VERSION=v2
+export PG_BACKUP_VERSION=v1
 
 run_occ() {
     su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
@@ -94,13 +93,6 @@ install_collabora() {
     set_app_config richdocuments wopi_url "$COLLABORA_URL"
 }
 
-install_whiteboard() {
-    install_apps whiteboard
-    set_app_config whiteboard collabBackendUrl "https://${DOMAIN}/whiteboard"
-    set_app_config whiteboard jwt_secret_key "$(cat /run/secrets/whiteboard_jwt)"
-}
-
-
 install_fulltextsearch() {
     install_apps fulltextsearch
     install_apps fulltextsearch_elasticsearch
@@ -130,7 +122,7 @@ set_authentik() {
         \"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
         \"displayNameClaim\":\"preferred_username\",
         \"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
-        \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/nextcloud/end-session/\",
+        \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
         \"clientId\":\"$AUTHENTIK_ID\",
         \"clientSecret\":\"$AUTHENTIK_SECRET\",
         \"scope\":\"openid profile email nextcloud\",
@@ -156,17 +148,3 @@ set_authentik() {
 disable_skeletondirectory() {
     run_occ "config:system:set skeletondirectory --value ''"
 }
-
-set_windowsfriendly_filenames() {
-    run_occ 'config:system:set forbidden_filename_characters 0 --value=?'
-    run_occ 'config:system:set forbidden_filename_characters 1 --value=\<'
-    run_occ 'config:system:set forbidden_filename_characters 2 --value=\>'
-    run_occ 'config:system:set forbidden_filename_characters 3 --value=:'
-    run_occ 'config:system:set forbidden_filename_characters 4 --value=*'
-    run_occ 'config:system:set forbidden_filename_characters 5 --value=\|'
-    run_occ 'config:system:set forbidden_filename_characters 6 --value=\"'
-}
-
-upgrade_mariadb() {
-    mariadb-upgrade -p`cat /run/secrets/db_root_password`
-}

compose.fulltextsearch.yml

@@ -2,7 +2,7 @@ version: "3.8"
 
 services:
   elasticsearch:
-    image: "docker.elastic.co/elasticsearch/elasticsearch:8.17.2"
+    image: "docker.elastic.co/elasticsearch/elasticsearch:8.15.0"
     environment:
       - cluster.name=docker-cluster
       - bootstrap.memory_lock=true
@@ -29,7 +29,7 @@ services:
         mode: 0600
 
   searchindexer:
-    image: nextcloud:31.0.6-fpm
+    image: nextcloud:28.0.10-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached

compose.mariadb.yml

@@ -9,7 +9,7 @@ services:
       - MYSQL_PASSWORD_FILE=/run/secrets/db_password
 
   db:
-    image: "mariadb:11.4"
+    image: "mariadb:10.5"
     environment:
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
@@ -28,11 +28,11 @@ services:
       - internal
     deploy:
       labels:
-        backupbot.backup.pre-hook: 'mariadb-dump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
+        backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
         backupbot.backup.volumes.mariadb.path: "backup.sql"
-        backupbot.restore.post-hook: 'mariadb -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
+        backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
     healthcheck:
-      test: ["CMD-SHELL", 'mariadb-admin -p"$$(cat /run/secrets/db_root_password)"  ping']
+      test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
       interval: 30s
       timeout: 10s
       retries: 10

compose.whiteboard.yml

@@ -1,44 +0,0 @@
-version: "3.8"
-
-services:
-  app:
-    secrets:
-      - whiteboard_jwt
-
-  whiteboard:
-    image: ghcr.io/nextcloud-releases/whiteboard:v1.1.2
-    deploy:
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network=proxy
-        - traefik.http.services.${STACK_NAME}_whiteboard.loadbalancer.server.port=3002
-        - traefik.http.routers.${STACK_NAME}_whiteboard.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && PathPrefix(`/whiteboard`)
-        - traefik.http.routers.${STACK_NAME}_whiteboard.entrypoints=web-secure
-        - traefik.http.routers.${STACK_NAME}_whiteboard.tls.certresolver=${LETS_ENCRYPT_ENV}
-        - traefik.http.middlewares.${STACK_NAME}_whiteboard-stripprefix.stripprefix.prefixes=/whiteboard
-        - traefik.http.routers.${STACK_NAME}_whiteboard.middlewares=${STACK_NAME}_whiteboard-stripprefix
-    configs:
-      - source: entrypoint_whiteboard
-        target: /custom-entrypoint.sh
-    entrypoint: ["sh", "/custom-entrypoint.sh"]
-    user: root
-    networks:
-     - proxy
-    ports:
-      - 3002:3002
-    secrets:
-      - whiteboard_jwt
-    environment:
-      - NEXTCLOUD_URL=https://$DOMAIN
-      - JWT_SECRET_KEY_FILE=/run/secrets/whiteboard_jwt
-
-secrets:
-  whiteboard_jwt:
-    external: true
-    name: ${STACK_NAME}_whiteboard_jwt_${SECRET_WHITEBOARD_JWT_VERSION}
-
-configs:
-  entrypoint_whiteboard:
-    name: ${STACK_NAME}_entrypoint_whiteboard_${ENTRYPOINT_WHITEBOARD_VERSION}
-    file: entrypoint.whiteboard.sh.tmpl
-    template_driver: golang

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   web:
-    image: nginx:1.29.0
+    image: nginx:1.27.1
     depends_on:
       - app
     configs:
@@ -12,8 +12,6 @@ services:
       - X_FRAME_OPTIONS_ENABLED
       - DOMAIN
       - STACK_NAME
-      - HSTS_ENABLED
-      - HSTS_PRELOAD
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -48,7 +46,7 @@ services:
       start_period: 5m
 
   app:
-    image: nextcloud:31.0.6-fpm
+    image: nextcloud:28.0.10-fpm
     depends_on:
       - db
     configs:
@@ -74,7 +72,6 @@ services:
       - TRUSTED_PROXIES=10.0.0.0/8
       - REDIS_HOST=cache
       - OVERWRITEPROTOCOL=https
-      - OVERWRITECLIURL=https://${DOMAIN}
       - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
       - FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
       - FPM_START_SERVERS=${FPM_START_SERVERS:-32}
@@ -94,7 +91,7 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.version=12.0.0+31.0.6-fpm"
+        - "coop-cloud.${STACK_NAME}.version=6.0.11+28.0.10-fpm"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
         - "backupbot.backup.volumes.redis=false"
@@ -108,7 +105,7 @@ services:
       start_period: 15m
 
   cron:
-    image: nextcloud:31.0.6-fpm
+    image: nextcloud:28.0.10-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -124,7 +121,7 @@ services:
 
 
   cache:
-    image: redis:8.0.2-alpine
+    image: redis:7.4.0-alpine
     networks:
       - internal
     volumes:

entrypoint.whiteboard.sh.tmpl

@@ -1,6 +0,0 @@
-#!/bin/sh
-set -e
-
-export JWT_SECRET_KEY=$(cat /run/secrets/whiteboard_jwt)
-
-exec npm run server:start

nginx.conf.tmpl

@@ -45,13 +45,6 @@ http {
         # could take several months.
         #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
 
-        {{ if eq (env "HSTS_ENABLED") "1" }}
-        {{ if eq (env "HSTS_PRELOAD") "1" }}
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-        {{ else }}
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
-        {{ end }}
-        {{ end }}
 
         # set max upload size
         client_max_body_size 512M;

pg_backup.sh

@@ -11,24 +11,17 @@ function backup {
 
 function restore {
     cd /var/lib/postgresql/data/
-    restore_config(){
-        # Restore allowed connections
-        cat pg_hba.conf.bak > pg_hba.conf
-        su postgres -c 'pg_ctl reload'
-    }
     # Don't allow any other connections than local
     cp pg_hba.conf pg_hba.conf.bak
     echo "local all all trust" > pg_hba.conf
     su postgres -c 'pg_ctl reload'
-    trap restore_config EXIT INT TERM
-
     # Recreate Database
     psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
     createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
     psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
-
-    trap - EXIT INT TERM
-    restore_config
+    # Restore allowed connections
+    cat pg_hba.conf.bak > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
 }
 
 $@

release/10.0.0+30.0.4-fpm

@@ -1 +0,0 @@
-https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_30.html

release/11.0.0+30.0.4-fpm

@@ -1,4 +0,0 @@
-Upgrades mariadb from 10.5 to 11.4
-NOTE: If your Nextcloud instance is using mariadb, after running this update you MUST run the database upgrade command:
-`abra app command nextcloud.yourserver.org db upgrade_mariadb`
-More info: https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-4/