forked from coop-cloud/nextcloud
Apfelwurm
c952020194
This implements the high performance backend for Nextcloud Talk, which is nessecary if it needs to handle more people (video) calling. More Details about it: https://nextcloud-talk.readthedocs.io/en/latest/quick-install/ The current implementation is sadly limited to be used once per host, so this might need some additional love in the future, if someone needs it more flexible. The related traefik pr: coop-cloud/traefik#66 Reviewed-on: coop-cloud/nextcloud#56 Co-authored-by: Apfelwurm <Alexander@volzit.de> Co-committed-by: Apfelwurm <Alexander@volzit.de>
179 lines
5.9 KiB
Bash
179 lines
5.9 KiB
Bash
#!/bin/bash
|
|
|
|
export FPM_TUNE_VERSION=v5
|
|
export NGINX_CONF_VERSION=v8
|
|
export MY_CNF_VERSION=v6
|
|
export ENTRYPOINT_VERSION=v3
|
|
export ENTRYPOINT_WHITEBOARD_VERSION=v1
|
|
export ENTRYPOINT_TALK_VERSION=v1
|
|
export CRONTAB_VERSION=v1
|
|
export PG_BACKUP_VERSION=v2
|
|
|
|
run_occ() {
|
|
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
|
}
|
|
|
|
install_apps() {
|
|
install_apps="$@"
|
|
if [ -z "$install_apps" ]; then
|
|
install_apps=$APPS
|
|
fi
|
|
for app in $install_apps; do
|
|
run_occ "app:install $app"
|
|
done
|
|
}
|
|
|
|
set_app_config() {
|
|
APP=$1
|
|
KEY=$2
|
|
VALUE=$3
|
|
run_occ "config:app:set $APP $KEY --value '$VALUE'"
|
|
}
|
|
|
|
set_system_config() {
|
|
KEY=$1
|
|
VALUE=$2
|
|
run_occ "config:system:set $KEY --value '$VALUE'"
|
|
}
|
|
|
|
set_trusted_proxies() {
|
|
trusted_proxies="$@"
|
|
if [ -z "$1" ]; then
|
|
trusted_proxies="$TRUSTED_PROXIES"
|
|
fi
|
|
set_system_config trusted_proxies "$trusted_proxies"
|
|
}
|
|
|
|
set_logfile_stdout() {
|
|
set_system_config logfile '/dev/stdout'
|
|
}
|
|
|
|
customize() {
|
|
if [ -z "$1" ]
|
|
then
|
|
echo "Usage: ... customize <assets_path>"
|
|
exit 1
|
|
fi
|
|
asset_dir=$1
|
|
for asset in $COPY_ASSETS; do
|
|
source=$(echo $asset | cut -d "|" -f1)
|
|
target=$(echo $asset | cut -d "|" -f2)
|
|
echo copy $source to $target
|
|
abra app cp $APP_NAME $asset_dir/$source $target
|
|
done
|
|
|
|
abra app cmd -T $APP_NAME app set_app_config theming color \"$THEMING_COLOR\"
|
|
abra app cmd -T $APP_NAME app set_app_config theming slogan \"$THEMING_SLOGAN\"
|
|
abra app cmd -T $APP_NAME app run_occ '"theming:config background \"/var/www/html/themes/flow_background.jpg\""'
|
|
abra app cmd -T $APP_NAME app run_occ '"theming:config logo \"/var/www/html/themes/icon_left_brand.svg\""'
|
|
abra app cmd -T $APP_NAME app run_occ '"theming:config logoheader \"/var/www/html/themes/icon.png\""'
|
|
}
|
|
|
|
install_bbb() {
|
|
install_apps bbb
|
|
set_app_config bbb app.navigation true
|
|
set_app_config bbb api.url "$BBB_URL"
|
|
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
|
|
}
|
|
|
|
install_onlyoffice() {
|
|
install_apps onlyoffice
|
|
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
|
|
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
|
|
set_app_config onlyoffice customizationForcesave true
|
|
}
|
|
|
|
install_collabora() {
|
|
install_apps richdocuments
|
|
set_app_config richdocuments wopi_url "$COLLABORA_URL"
|
|
# important for security reaosns
|
|
# https://docs.nextcloud.com/server/latest/admin_manual/office/configuration.html#wopi-settings
|
|
set_app_config richdocuments wopi_allowlist "$COLLABORA_ALLOWLIST"
|
|
}
|
|
|
|
install_whiteboard() {
|
|
install_apps whiteboard
|
|
set_app_config whiteboard collabBackendUrl "https://${DOMAIN}/whiteboard"
|
|
set_app_config whiteboard jwt_secret_key "$(cat /run/secrets/whiteboard_jwt)"
|
|
}
|
|
|
|
|
|
install_talk() {
|
|
install_apps spreed
|
|
run_occ "talk:signaling:add --verify 'wss://${TALK_DOMAIN}' '$(cat /run/secrets/talk_signaling_secret)'"
|
|
run_occ "talk:stun:add '${TALK_DOMAIN}:3478'"
|
|
run_occ "talk:stun:add '${TALK_DOMAIN}:443'"
|
|
run_occ "talk:turn:add --secret='$(cat /run/secrets/talk_turn_secret)' turn '${TALK_DOMAIN}:3478' udp,tcp"
|
|
|
|
}
|
|
|
|
install_fulltextsearch() {
|
|
install_apps fulltextsearch
|
|
install_apps fulltextsearch_elasticsearch
|
|
install_apps files_fulltextsearch
|
|
set_app_config fulltextsearch search_platform "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"
|
|
set_app_config fulltextsearch_elasticsearch elastic_host "http://elastic:$(cat /run/secrets/elasticsearch_password)@elasticsearch:9200/"
|
|
set_app_config fulltextsearch_elasticsearch elastic_index "nextcloud"
|
|
set_app_config files_fulltextsearch files_local "1"
|
|
}
|
|
|
|
set_default_quota() {
|
|
set_app_config files default_quota "$DEFAULT_QUOTA"
|
|
}
|
|
|
|
set_authentik() {
|
|
install_apps sociallogin
|
|
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
|
|
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
|
|
set_system_config logo_url https://$AUTHENTIK_DOMAIN
|
|
set_app_config sociallogin custom_providers "
|
|
{
|
|
\"custom_oidc\":[
|
|
{
|
|
\"name\":\"$AUTHENTIK_USER_PREFIX\",
|
|
\"title\":\"authentik\",
|
|
\"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
|
|
\"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
|
|
\"displayNameClaim\":\"preferred_username\",
|
|
\"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
|
|
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/nextcloud/end-session/\",
|
|
\"clientId\":\"$AUTHENTIK_ID\",
|
|
\"clientSecret\":\"$AUTHENTIK_SECRET\",
|
|
\"scope\":\"openid profile email nextcloud\",
|
|
\"groupsClaim\":\"nextcloud_groups\",
|
|
\"style\":\"openid\",
|
|
\"defaultGroup\":\"\",
|
|
\"groupMapping\": {
|
|
\"admin\": \"admin\",
|
|
\"authentik Admins\": \"admin\"
|
|
}
|
|
}
|
|
]
|
|
}"
|
|
|
|
set_app_config sociallogin update_profile_on_login 1
|
|
set_app_config sociallogin auto_create_groups 1
|
|
set_app_config sociallogin hide_default_login 1
|
|
run_occ 'config:system:set social_login_auto_redirect --value true'
|
|
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
|
|
run_occ 'config:system:set lost_password_link --value=disabled'
|
|
}
|
|
|
|
disable_skeletondirectory() {
|
|
run_occ "config:system:set skeletondirectory --value ''"
|
|
}
|
|
|
|
set_windowsfriendly_filenames() {
|
|
run_occ 'config:system:set forbidden_filename_characters 0 --value=?'
|
|
run_occ 'config:system:set forbidden_filename_characters 1 --value=\<'
|
|
run_occ 'config:system:set forbidden_filename_characters 2 --value=\>'
|
|
run_occ 'config:system:set forbidden_filename_characters 3 --value=:'
|
|
run_occ 'config:system:set forbidden_filename_characters 4 --value=*'
|
|
run_occ 'config:system:set forbidden_filename_characters 5 --value=\|'
|
|
run_occ 'config:system:set forbidden_filename_characters 6 --value=\"'
|
|
}
|
|
|
|
upgrade_mariadb() {
|
|
mariadb-upgrade -p`cat /run/secrets/db_root_password`
|
|
}
|