remove abra bloatware

This commit is contained in:
Christian Galo 2023-08-30 04:58:02 +00:00
parent 827e03bc52
commit 392b859110
9 changed files with 6 additions and 196 deletions

View File

@ -29,7 +29,7 @@ Fully automated luxury Nextcloud via docker-swarm.
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yaml"
ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1
```
@ -42,7 +42,7 @@ SECRET_ONLYOFFICE_JWT_VERSION=v1
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yaml"
BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1
```
@ -56,7 +56,7 @@ SECRET_BBB_SECRET_VERSION=v1
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yaml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
@ -100,16 +100,16 @@ OCC_CMDS="app:disable dashboard"
Solution:
- Look at log files to determine the old Nextcloud version
- Change your local `~/.abra/recipes/nextcloud/compose.yml` to the highest minor
- Change your local `~/.abra/recipes/nextcloud/compose.yaml` to the highest minor
version in the old version -- e.g. choose `22.2.5` for `22`, if you're
upgrading to `23`.
- Then, do one of (both bad):
1. `abra app deploy --chaos ...`, then `app run` to go in and manually lower the version number in PHP (shell in, `apt install vim-core && vi version.php`), then try `php ./occ upgrade`
2. `abra app undeploy ...`, `abra volume rm`, CAREFULLY only choose the volume
ENDING `_nextcloud`, then `abra app deploy --chaos ...`, then edit the
`compose.yml` to add `entrypoint: ['tail', '-f', '/dev/null']` to `app`,
`compose.yaml` to add `entrypoint: ['tail', '-f', '/dev/null']` to `app`,
then `app deploy --chaos` again, then `app run --user=www-data ... app bash` to get in and run `./occ maintenance:repair`, and `./occ upgrade`.
- Change `compose.yml` to the new version number; `git checkout compose.yml`
- Change `compose.yaml` to the new version number; `git checkout compose.yaml`
- `abra app deploy --force`
- This wasn't even multiplle major versions was it 😾

107
abra.sh
View File

@ -1,107 +0,0 @@
#!/bin/bash
export FPM_TUNE_VERSION=v5
export NGINX_CONF_VERSION=v4
export MY_CNF_VERSION=v4
export ENTRYPOINT_VERSION=v3
run_occ() {
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
}
post_install_occ() {
IFS='|' read -ra CMD <<<"$OCC_CMDS"
for cmd in "${CMD[@]}"; do
run_occ "$cmd"
done
}
install_apps() {
install_apps="$@"
if [ -z "$install_apps" ]; then
install_apps=$APPS
fi
for app in $install_apps; do
run_occ "app:install $app"
done
}
set_app_config() {
APP=$1
KEY=$2
VALUE=$3
run_occ "config:app:set $APP $KEY --value '$VALUE'"
}
set_system_config() {
KEY=$1
VALUE=$2
run_occ "config:system:set $KEY --value '$VALUE'"
}
set_trusted_proxies() {
trusted_proxies="$@"
if [ -z "$1" ]; then
trusted_proxies="$TRUSTED_PROXIES"
fi
set_system_config trusted_proxies "$trusted_proxies"
}
set_logfile_stdout() {
set_system_config logfile '/dev/stdout'
}
install_bbb() {
install_apps bbb
set_app_config bbb app.navigation true
set_app_config bbb api.url "$BBB_URL"
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
}
install_onlyoffice() {
install_apps onlyoffice
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
set_app_config onlyoffice customizationForcesave true
}
set_default_quota() {
set_app_config files default_quota "$DEFAULT_QUOTA"
}
set_authentik() {
install_apps sociallogin
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
set_app_config sociallogin custom_providers "
{
\"custom_oidc\":[
{
\"name\":\"$AUTHENTIK_USER_PREFIX\",
\"title\":\"authentik\",
\"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
\"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
\"displayNameClaim\":\"preferred_username\",
\"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
\"clientId\":\"$AUTHENTIK_ID\",
\"clientSecret\":\"$AUTHENTIK_SECRET\",
\"scope\":\"openid profile email nextcloud\",
\"groupsClaim\":\"nextcloud_groups\",
\"style\":\"openid\",
\"defaultGroup\":\"\",
\"groupMapping\": {
\"admin\": \"admin\",
\"authentik Admins\": \"admin\"
}
}
]
}"
set_app_config sociallogin update_profile_on_login 1
set_app_config sociallogin auto_create_groups 1
set_app_config sociallogin hide_default_login 1
run_occ 'config:system:set social_login_auto_redirect --value true'
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
run_occ 'config:system:set lost_password_link --value=disabled'
}

View File

@ -1,18 +0,0 @@
version: "3.8"
services:
app:
secrets:
- onlyoffice_jwt
- bbb_secret
environment:
- APPS
- ONLYOFFICE_URL
- BBB_URL
secrets:
onlyoffice_jwt:
external: true
name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION}
bbb_secret:
external: true
name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION}

View File

@ -1,14 +0,0 @@
version: "3.8"
services:
app:
secrets:
- authentik_secret
- authentik_id
secrets:
authentik_secret:
external: true
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
authentik_id:
external: true
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}

View File

@ -1,5 +1,3 @@
version: "3.8"
services:
app:
environment:

View File

@ -1,37 +0,0 @@
version: '3.8'
services:
app:
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- NEXTCLOUD_UPDATE=1
db:
image: "postgres:12"
volumes:
- "postgres:/var/lib/postgresql/data"
networks:
- internal
environment:
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: nextcloud
secrets:
- db_password
healthcheck:
test: ["CMD-SHELL", "pg_isready", "-U", "nextcloud"]
interval: 10s
timeout: 5s
retries: 5
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
backupbot.backup.path: "/var/lib/postgresql/data/"
volumes:
postgres:

View File

@ -1,4 +1,3 @@
version: "3.8"
services:
app:
secrets:

View File

@ -1,4 +1,3 @@
version: "3.8"
services:
web:
image: nginx:1.25.1
@ -56,7 +55,6 @@ services:
- admin_password
environment:
- APPS
- OCC_CMDS
- X_FRAME_OPTIONS_ALLOW_FROM
- X_FRAME_OPTIONS_ENABLED
- DOMAIN

View File

@ -1,9 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"ignoreDeps": [
"mariadb:10.6"
],
"extends": [
"config:base"
]
}