wiki-cafe
/
nextcloud
forked from coop-cloud/nextcloud
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: wiki-cafe:auto_configure_sso
Branches Tags
wiki-cafe:main
wiki-cafe:embed_nextcloud_in_iframe
wiki-cafe:auto_configure_sso
wiki-cafe:add-postgres-db
coop-cloud:main
coop-cloud:update-nginx-conf
coop-cloud:split-bbb-onlyoffice-compos
coop-cloud:split-onlyoffice-bbb-config
coop-cloud:authentik_sso
coop-cloud:healthchecks
coop-cloud:occ_cmds
coop-cloud:auto_app_install
coop-cloud:embed_nextcloud_in_iframe
coop-cloud:auto_configure_sso
coop-cloud:add-postgres-db
wiki-cafe:2.1.4+24.0.6-fpm
wiki-cafe:2.1.3+24.0.5-fpm
wiki-cafe:2.1.2+24.0.3-fpm
wiki-cafe:2.1.1+24.0.2-fpm
wiki-cafe:2.1.0+24.0.0-fpm
wiki-cafe:2.0.0+23.0.4-fpm
wiki-cafe:1.0.0+23.0.1-fpm
coop-cloud:9.0.0+29.0.5-fpm
coop-cloud:6.0.6+28.0.5-fpm
coop-cloud:8.0.0+29.0.1-fpm
coop-cloud:7.0.3+29.0.1-fpm
coop-cloud:6.0.5+28.0.5-fpm
coop-cloud:7.0.2+29.0.1-fpm
coop-cloud:7.0.1+29.0.1-fpm
coop-cloud:7.0.0+29.0.0-fpm
coop-cloud:6.0.4+28.0.5-fpm
coop-cloud:6.0.3+28.0.5-fpm
coop-cloud:6.0.2+28.0.5-fpm
coop-cloud:5.0.3+27.0.1-fpm
coop-cloud:6.0.1+28.0.2-fpm
coop-cloud:6.0.0+28.0.1-fpm
coop-cloud:5.2.0+27.1.5-fpm
coop-cloud:5.1.1+27.1.5-fpm
coop-cloud:5.1.0+27.1.3-fpm
coop-cloud:5.0.2+27.0.1-fpm
coop-cloud:5.0.1+27.0.1-fpm
coop-cloud:5.0.0+27.0.0-fpm
coop-cloud:4.0.7+26.0.2-fpm
coop-cloud:4.0.6+26.0.2-fpm
coop-cloud:4.0.5+26.0.2-fpm
coop-cloud:4.0.4+26.0.2-fpm
coop-cloud:4.0.3+26.0.2-fpm
coop-cloud:4.0.2+26.0.2-fpm
coop-cloud:4.0.1+26.0.1-fpm
coop-cloud:4.0.0+26.0.1-fpm
coop-cloud:3.3.2+25.0.6-fpm
coop-cloud:3.3.1+25.0.5-fpm
coop-cloud:3.3.0+25.0.5-fpm
coop-cloud:3.2.0+25.0.4-fpm
coop-cloud:3.1.2+25.0.4-fpm
coop-cloud:3.1.1+25.0.1-fpm
coop-cloud:3.1.0+25.0.1-fpm
coop-cloud:3.0.1+25.0.1-fpm
coop-cloud:3.0.0+25.0.1-fpm
coop-cloud:2.1.4+24.0.6-fpm
coop-cloud:2.1.3+24.0.5-fpm
coop-cloud:2.1.2+24.0.3-fpm
coop-cloud:2.1.1+24.0.2-fpm
coop-cloud:2.1.0+24.0.0-fpm
coop-cloud:2.0.0+23.0.4-fpm
coop-cloud:1.0.0+23.0.1-fpm
...
pull from: coop-cloud:main
Branches Tags
coop-cloud:main
coop-cloud:update-nginx-conf
coop-cloud:split-bbb-onlyoffice-compos
coop-cloud:split-onlyoffice-bbb-config
coop-cloud:authentik_sso
coop-cloud:healthchecks
coop-cloud:occ_cmds
coop-cloud:auto_app_install
coop-cloud:embed_nextcloud_in_iframe
coop-cloud:auto_configure_sso
coop-cloud:add-postgres-db
wiki-cafe:main
wiki-cafe:embed_nextcloud_in_iframe
wiki-cafe:auto_configure_sso
wiki-cafe:add-postgres-db
coop-cloud:9.0.0+29.0.5-fpm
coop-cloud:6.0.6+28.0.5-fpm
coop-cloud:8.0.0+29.0.1-fpm
coop-cloud:7.0.3+29.0.1-fpm
coop-cloud:6.0.5+28.0.5-fpm
coop-cloud:7.0.2+29.0.1-fpm
coop-cloud:7.0.1+29.0.1-fpm
coop-cloud:7.0.0+29.0.0-fpm
coop-cloud:6.0.4+28.0.5-fpm
coop-cloud:6.0.3+28.0.5-fpm
coop-cloud:6.0.2+28.0.5-fpm
coop-cloud:5.0.3+27.0.1-fpm
coop-cloud:6.0.1+28.0.2-fpm
coop-cloud:6.0.0+28.0.1-fpm
coop-cloud:5.2.0+27.1.5-fpm
coop-cloud:5.1.1+27.1.5-fpm
coop-cloud:5.1.0+27.1.3-fpm
coop-cloud:5.0.2+27.0.1-fpm
coop-cloud:5.0.1+27.0.1-fpm
coop-cloud:5.0.0+27.0.0-fpm
coop-cloud:4.0.7+26.0.2-fpm
coop-cloud:4.0.6+26.0.2-fpm
coop-cloud:4.0.5+26.0.2-fpm
coop-cloud:4.0.4+26.0.2-fpm
coop-cloud:4.0.3+26.0.2-fpm
coop-cloud:4.0.2+26.0.2-fpm
coop-cloud:4.0.1+26.0.1-fpm
coop-cloud:4.0.0+26.0.1-fpm
coop-cloud:3.3.2+25.0.6-fpm
coop-cloud:3.3.1+25.0.5-fpm
coop-cloud:3.3.0+25.0.5-fpm
coop-cloud:3.2.0+25.0.4-fpm
coop-cloud:3.1.2+25.0.4-fpm
coop-cloud:3.1.1+25.0.1-fpm
coop-cloud:3.1.0+25.0.1-fpm
coop-cloud:3.0.1+25.0.1-fpm
coop-cloud:3.0.0+25.0.1-fpm
coop-cloud:2.1.4+24.0.6-fpm
coop-cloud:2.1.3+24.0.5-fpm
coop-cloud:2.1.2+24.0.3-fpm
coop-cloud:2.1.1+24.0.2-fpm
coop-cloud:2.1.0+24.0.0-fpm
coop-cloud:2.0.0+23.0.4-fpm
coop-cloud:1.0.0+23.0.1-fpm
wiki-cafe:2.1.4+24.0.6-fpm
wiki-cafe:2.1.3+24.0.5-fpm
wiki-cafe:2.1.2+24.0.3-fpm
wiki-cafe:2.1.1+24.0.2-fpm
wiki-cafe:2.1.0+24.0.0-fpm
wiki-cafe:2.0.0+23.0.4-fpm
wiki-cafe:1.0.0+23.0.1-fpm

113 Commits
auto_confi ... main

Author SHA1 Message Date
Javielico c94ffed09d chore: publish 9.0.0+29.0.5-fpm release
continuous-integration/drone/push Build is failing Details
2024-08-26 18:11:43 +01:00
decentral1se 7a863573c9 Merge pull request 'add abra command for disabling the skeleton directory' (#42) from Apfelwurm/nextcloud:main into main
continuous-integration/drone/push Build is failing Details 
Reviewed-on: coop-cloud/nextcloud#42
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
 2024-07-21 15:56:43 +00:00
p4u1 c930bbcf56 chore: publish 8.0.1+29.0.3-fpm release
continuous-integration/drone/push Build is failing Details
2024-07-19 18:51:54 +02:00
Apfelwurm a13e7a509c add abra command for disabling the skeleton directory
continuous-integration/drone/pr Build is failing Details
2024-07-19 17:58:06 +02:00
Moritz 0f9aba3e9e alaconnect: replace 'execute' with 'initial-hooks'
continuous-integration/drone/push Build is failing Details
2024-07-15 13:57:58 +02:00
Simon eb3e2486ce chore: publish 8.0.0+29.0.1-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-06-19 18:53:22 +02:00
iexos 2b4e63ef31 Reapply "split bbb and onlyoffice compose.yml"
continuous-integration/drone/push Build is failing Details 
This reverts commit 180c269337.
 2024-06-19 18:36:05 +02:00
iexos c056687849 chore: publish 7.0.3+29.0.1-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-06-19 18:35:19 +02:00
iexos 180c269337 Revert "split bbb and onlyoffice compose.yml" 
This reverts commit 9be859db25.
Accidentally introduced a breaking change into a patch release
 2024-06-19 18:34:02 +02:00
iexos 7eea2e0785 chore: publish 7.0.2+29.0.1-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-06-19 16:42:46 +02:00
iexos be915272b4 fix multi-file downloads, see https://github.com/nextcloud/server/issues/42617#issuecomment-1881958718 2024-06-19 16:41:55 +02:00
Simon 9be859db25 split bbb and onlyoffice compose.yml
continuous-integration/drone/push Build is failing Details
2024-06-19 15:40:27 +02:00
Simon 97e1d72604 Revert "wip split config"
continuous-integration/drone/push Build is failing Details 
This reverts commit 8a1fae2bac.
 2024-06-14 16:00:14 +02:00
Simon 8a1fae2bac wip split config
continuous-integration/drone/push Build is failing Details
2024-06-06 17:14:50 +02:00
3wc ce817e3928 chore: publish 7.0.1+29.0.1-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-06-01 15:05:05 -05:00
Moritz 7a64d3c6a7 add alakazam integration file alaconnect.yml
continuous-integration/drone/push Build is failing Details
2024-05-13 17:30:26 +02:00
3wc bb781e654b chore: publish 7.0.0+29.0.0-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-12 14:08:32 -03:00
Moritz cb5cd5f7b2 fix release note 5.0.1+27.0.1-fpm
continuous-integration/drone/push Build is failing Details
2024-05-08 11:05:05 +02:00
3wc 0a3e943b26 chore: publish 6.0.4+28.0.5-fpm release
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/tag Build is passing Details
2024-05-07 19:31:54 -03:00
3wc 4f1aaf5d1d Increase memory limit for cron
continuous-integration/drone/push Build is failing Details 
Re coop-cloud/nextcloud#41
 2024-05-07 19:30:49 -03:00
3wc 019b71fde1 chore: publish 6.0.3+28.0.5-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-05-07 15:18:19 -03:00
3wc 7527399da0 Add mjs as a mimetype for javascript 2024-05-07 15:18:19 -03:00
3wc 94e84122ed chore: publish 6.0.2+28.0.5-fpm release
continuous-integration/drone/tag Build is passing Details
2024-05-07 15:18:19 -03:00
p4u1 0d9ab936a0 fulltextsearch: rename and update image 2024-05-07 15:18:19 -03:00
iexos 09ec6f842c update to 28.0.5
continuous-integration/drone/push Build is passing Details
2024-04-30 15:50:17 +02:00
3wc b5d40aa428 Update metadata
continuous-integration/drone/push Build is passing Details
2024-03-30 15:48:50 -03:00
Moritz eead80b60a add env MAX_DB_CONNECTIONS to set the database connection limit
continuous-integration/drone/push Build is passing Details
2024-02-27 09:47:26 +01:00
3wc 24670cdb6b chore: publish 6.0.1+28.0.2-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-02-08 14:51:39 -03:00
3wc 7e4ab9288c chore: publish 6.0.0+28.0.1-fpm release
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2024-01-20 21:51:02 -03:00
p4u1 199bf61300 chore: publish 5.2.0+27.1.5-fpm release
continuous-integration/drone/push Build is passing Details
2023-12-22 13:19:26 +01:00
p4u1 99514b5991 feat: add fulltextsearch using elasticsearch (#36)
continuous-integration/drone/push Build is failing Details 
Reviewed-on: coop-cloud/nextcloud#36
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-22 12:09:58 +00:00
p4u1 eefb14e150 refactor: move db_root_password to mariadb (#38)
continuous-integration/drone/push Build is passing Details 
It is only used by mariadb and not by postgres

Closes coop-cloud/nextcloud#34

Reviewed-on: coop-cloud/nextcloud#38
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-22 12:09:07 +00:00
iexos a34e100bd7 chore: publish 5.1.1+27.1.5-fpm release
continuous-integration/drone/push Build is passing Details
2023-12-21 23:23:20 +01:00
p4u1 24ca6b22bc fix: noindex, nofollow instead of none robots header (#37)
continuous-integration/drone/push Build is passing Details 
This fixes a warning shown on the administration page.
More info on: https://help.nextcloud.com/t/x-robots-tag-http-header-not-configured-with-noindex-nofollow-since-nc-26-0-0/158300/1

Reviewed-on: coop-cloud/nextcloud#37
Co-authored-by: p4u1 <p4u1_f4u1@riseup.net>
Co-committed-by: p4u1 <p4u1_f4u1@riseup.net>
 2023-12-19 14:50:46 +00:00
Moritz c4ea5e053e increase default timeout
continuous-integration/drone/push Build is passing Details
2023-12-07 16:33:15 +01:00
Moritz 9d2e5cc05b increase healthcheck start_period for long updates
continuous-integration/drone/push Build is passing Details
2023-11-28 14:39:50 +01:00
Moritz 72bb75a49f add container depedency to avoid restart of web container
continuous-integration/drone/push Build is passing Details
2023-11-28 11:29:55 +01:00
3wc 5014bcb276 chore: publish 5.1.0+27.1.3-fpm release
continuous-integration/drone/push Build encountered an error Details
continuous-integration/drone/tag Build is passing Details
2023-11-06 13:44:44 +00:00
Moritz 88fc62bcd0 automating collabora installation
continuous-integration/drone/push Build is passing Details
2023-08-24 11:01:50 +02:00
3wc c54b975654 chore: publish 5.0.2+27.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-08-22 21:14:50 +02:00
3wc e9a602cc78 Add Caddy labels
continuous-integration/drone/push Build is passing Details
2023-08-22 19:08:56 +02:00
3wc 90c7b87655 Trigger catalogue rebuild on tag push
continuous-integration/drone/push Build is passing Details
2023-08-04 15:00:09 +02:00
3wc 3a8c203b51 chore: publish 5.0.1+27.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-08-04 14:57:31 +02:00
Philipp Rothmann 634a3553b9 fix: use saner fpm defaults
continuous-integration/drone/push Build is passing Details
2023-07-31 13:42:52 +02:00
Moritz 24e9571ba1 fix install_apps cmd
continuous-integration/drone/push Build is passing Details
2023-07-19 13:34:50 +02:00
Moritz 6546a05cf9 use standalone authentik secrets
continuous-integration/drone/push Build is passing Details
2023-07-18 16:51:37 +02:00
Philipp Rothmann ad3059d518 chore: publish 5.0.0+27.0.0-fpm release
continuous-integration/drone/push Build is passing Details
2023-07-11 11:33:11 +02:00
Philipp Rothmann 92af4b9c01 chore: publish 4.0.7+26.0.2-fpm release
continuous-integration/drone/push Build is passing Details
2023-06-26 17:54:13 +02:00
Philipp Rothmann 92dca3fab7 chore: point backup to a volume directory 2023-06-26 16:44:06 +02:00
Philipp Rothmann 201585bea8 feat: add set logfile to stdout cmd
continuous-integration/drone/push Build is passing Details
2023-06-26 11:56:10 +02:00
Philipp Rothmann a0e8fdad40 chore: publish 4.0.6+26.0.2-fpm release
continuous-integration/drone/push Build is failing Details
2023-06-14 14:59:20 +02:00
Philipp Rothmann 6427ce181f fix postgres healtcheck
continuous-integration/drone/push Build is passing Details
2023-06-14 14:59:03 +02:00
Philipp Rothmann 37f575038b chore: publish 4.0.5+26.0.2-fpm release
continuous-integration/drone/push Build is passing Details
2023-06-13 13:46:45 +02:00
Philipp Rothmann 7e4c87346a fix: release the fpm handbrake
continuous-integration/drone/push Build is passing Details 
it seems like php-fpm applys configs in aphabetical order, so that our
fpm-tune was overwritten by the www.conf with default values.

so let's go on highspeed now! :)
 2023-06-13 13:20:26 +02:00
Philipp Rothmann 944230afe0 chore: publish 4.0.4+26.0.2-fpm release
continuous-integration/drone/push Build is passing Details
2023-06-09 15:42:40 +02:00
Philipp Rothmann 63a1787ad6 fix env fpm default values overwriteable
continuous-integration/drone/push Build is passing Details
2023-06-09 15:38:52 +02:00
3wc 1deee41205 chore: publish 4.0.3+26.0.2-fpm release
continuous-integration/drone/push Build is passing Details
2023-06-09 10:31:49 +01:00
KawaiiPunk b8d209e531 chore: publish 4.0.2+26.0.2-fpm release
continuous-integration/drone/push Build is passing Details
2023-06-08 17:52:27 +01:00
Philipp Rothmann f48d314699 chore: publish 4.0.1+26.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-05-08 11:45:20 +02:00
Philipp Rothmann a6ea635fd4 chore: autoformatting abra.sh
continuous-integration/drone/push Build is passing Details
2023-05-08 11:43:45 +02:00
Philipp Rothmann c9b8aec108 fix: set trusted proxies to 10.0.0.0/8 2023-05-08 11:43:24 +02:00
3wc db39e8dee6 chore: publish 4.0.0+26.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-04-27 16:59:58 -04:00
3wc ed68b3e57c chore: publish 3.3.2+25.0.6-fpm release
continuous-integration/drone/push Build is passing Details
2023-04-27 16:40:59 -04:00
Moritz 78ea500d5e add auto update and timeout env
continuous-integration/drone/push Build is passing Details
2023-04-18 18:21:48 +02:00
Moritz 6f219781e5 default authentik admin mapping
continuous-integration/drone/push Build is passing Details
2023-04-18 15:24:25 +02:00
Moritz 162c056f07 add default timeout
continuous-integration/drone/push Build is passing Details
2023-04-13 19:52:12 +02:00
3wc 5d537d5173 Drop /auth/ from Keycloak example URL 
[ci skip]
 2023-04-07 16:42:02 -04:00
Moritz 7a25bd4835 chore: publish 3.3.0+25.0.5-fpm release
continuous-integration/drone/push Build is passing Details
2023-04-05 17:22:32 +02:00
Moritz eac7431b13 chore: publish 3.2.0+25.0.4-fpm release
continuous-integration/drone/push Build was killed Details
2023-03-22 18:06:06 +01:00
Moritz fce0b9f7cb feat: authentik autoconfiguration 2023-03-22 17:47:06 +01:00
Moritz 7b0a0741b6 chore: update readme
continuous-integration/drone/push Build was killed Details
2023-03-13 19:07:49 +01:00
Moritz e1bc039b09 fix release note path
continuous-integration/drone/push Build is passing Details
2023-03-07 17:10:35 +01:00
3wc a52515e63e chore: publish 3.1.2+25.0.4-fpm release
continuous-integration/drone/push Build is passing Details
2023-03-06 16:04:10 -05:00
3wc cff544c554 Fix `occ` commands in README
continuous-integration/drone/push Build is passing Details 
[ci skip]
 2023-01-24 14:13:14 -08:00
3wc f086d1bc77 Switch to self-hosted stack-ssh-deploy image [mass update]
continuous-integration/drone/push Build is passing Details
2023-01-21 11:49:56 -08:00
Moritz 897d787d86 chore: publish 3.1.1+25.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-01-20 15:04:23 +01:00
Moritz 35b36d8c30 increase healthcheck start_period for long updates
continuous-integration/drone/push Build is passing Details
2023-01-20 15:03:11 +01:00
Moritz 738f71e6de chore: publish 3.1.0+25.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2023-01-20 11:16:56 +01:00
Moritz 5c80e759e5 update release file for next release 2023-01-20 11:14:10 +01:00
3wc 782593c07c Update abra syntax in examples (finally) [mass update]
continuous-integration/drone/push Build is passing Details
2023-01-19 16:02:28 -08:00
moritz 19c260b8da healthchecks (#32)
continuous-integration/drone/push Build is passing Details 
Adding healthchecks for nginx, mariadb, redis and php-fpm

Co-authored-by: Moritz <moritz.m@local-it.org>
Reviewed-on: coop-cloud/nextcloud#32
 2023-01-12 21:16:31 +00:00
Moritz 3156757fee feat: run occ commands from env variables as post deploy command
continuous-integration/drone/push Build is passing Details
2023-01-10 18:09:11 +01:00
Philipp Rothmann 012e9c2310 feat: set default quota via abra app cmd
continuous-integration/drone/push Build is passing Details
2022-12-14 12:12:41 +01:00
Philipp Rothmann 805b29d918 feat: template fpm settings
continuous-integration/drone/push Build is passing Details 
this closes #25
 2022-12-13 15:31:38 +01:00
Philipp Rothmann 9148747de6 chore: clean up .env.sample
continuous-integration/drone/push Build is passing Details
2022-12-07 16:18:37 +01:00
Philipp Rothmann c646f95706 refactor: move nc-app secrets to seperate overwrite yml
continuous-integration/drone/push Build is passing Details
2022-12-07 16:15:26 +01:00
Philipp Rothmann f0bbb28626 feat: make smtp settings configurable in .env 2022-12-07 15:51:57 +01:00
Moritz 0e8c5ecd17 fix CI deployment: set bbb and onlyoffice secret version
continuous-integration/drone/push Build is passing Details
2022-12-06 15:11:01 +01:00
Moritz f87f9fc4da use docker secrets for bbb
continuous-integration/drone/push Build is failing Details
2022-12-06 14:47:29 +01:00
Moritz 1b76b6211f add install_onlyoffice command
continuous-integration/drone/push Build is failing Details
2022-12-06 13:27:45 +01:00
Philipp Rothmann 17bedc79e5 chore: publish 3.0.1+25.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2022-12-02 11:26:02 +01:00
3wc 26bd2225d4 Fix typo in db_password versioning
continuous-integration/drone/push Build is passing Details
2022-11-22 18:43:52 -08:00
decentral1se 832655e360 chore: publish 3.0.0+25.0.1-fpm release
continuous-integration/drone/push Build is passing Details
2022-11-18 17:33:04 +01:00
3wc b86b044e5e Return to <recipe>.example.com templating
continuous-integration/drone/push Build is passing Details
2022-11-18 07:25:03 -08:00
Philipp Rothmann 8a3e9f1317 Add install_bbb app command
continuous-integration/drone/push Build is passing Details
2022-11-16 15:48:21 +01:00
Moritz 0278daa5b6 refactor: clean abra.sh file from old unused functions
continuous-integration/drone/push Build is passing Details
2022-11-15 11:04:35 +01:00
3wc 0f6b38557c Set config versions for CI deployment
continuous-integration/drone/push Build is passing Details
2022-11-12 19:38:10 -08:00
3wc d3d1aee6a3 Auto-create `proxy` network during CI test
continuous-integration/drone/push Build is failing Details
2022-11-12 19:29:06 -08:00
decentral1se 63ce9a6fb9 Merge pull request 'Automatically install apps specified via env variable.' (#29) from auto_app_install into main
continuous-integration/drone/push Build is failing Details 
Reviewed-on: coop-cloud/nextcloud#29
 2022-11-09 09:48:22 +00:00
Moritz 827cb16964 abra.sh post-deployment command to install apps
continuous-integration/drone/pr Build is failing Details
2022-11-08 16:39:32 +01:00
Moritz 992992d678 Revert "Automatically install apps specified via env variable." for entrypoint.sh.tmpl 
This reverts commit 20f0a45baf for entrypoint.sh.tmpl
 2022-11-08 15:41:37 +01:00
Moritz 20f0a45baf Automatically install apps specified via env variable.
continuous-integration/drone/pr Build is failing Details
2022-11-08 12:31:24 +01:00
Philipp Rothmann e996b5c057 chore: publish 2.1.4+24.0.6-fpm release
continuous-integration/drone/push Build is failing Details
2022-10-13 17:12:29 +02:00
Philipp Rothmann 0aabef8f7b let app container wait for db init 2022-10-13 16:58:10 +02:00
Philipp Rothmann 2be42d0a84 fix frame ancestors
continuous-integration/drone/push Build is failing Details
2022-10-11 16:12:04 +02:00
Philipp Rothmann e76454c4fd .env.sample template domain 2022-09-13 16:37:55 +02:00
Philipp Rothmann ec39fd5fed chore: publish 2.1.3+24.0.5-fpm release
continuous-integration/drone/push Build is failing Details
2022-09-13 15:44:24 +02:00
yksflip 16ad6c22ea add headers to embed nextcloud in frame on external site (#28)
continuous-integration/drone/push Build is failing Details 
This introduces new env variables to configure nextloud to be embedded via
iframe on an external site.
Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to
set X-Frame-Options and CSP headers to allow the domain configured in
X_FRAME_OPTIONS_ALLOW_FROM.

I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D

Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de>
Reviewed-on: coop-cloud/nextcloud#28
 2022-09-02 14:32:04 +00:00
Philipp Rothmann daa57eece9 chore: publish 2.1.2+24.0.3-fpm release
continuous-integration/drone/push Build is failing Details
2022-08-04 18:39:44 +02:00
decentral1se 2ddf11728f
add note about broken-ness
continuous-integration/drone/push Build is failing Details
2022-08-03 13:39:31 +03:00
decentral1se 71d15ef4df
fix typo
continuous-integration/drone/push Build is failing Details
2022-08-03 11:51:35 +03:00
decentral1se 0d4f060e94
add note on previewgenerator
continuous-integration/drone/push Build is failing Details
2022-08-03 11:50:15 +03:00
decentral1se 1e1977a2b4 chore: publish 2.1.1+24.0.2-fpm release
continuous-integration/drone/push Build is failing Details
2022-07-14 10:51:54 +02:00
23 changed files with 677 additions and 144 deletions
Show Stats Expand all files Collapse all files

26
.drone.yml
View File

@ -3,7 +3,7 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone
steps:
- name: deployment
image: decentral1se/stack-ssh-deploy:latest
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings:
host: swarm-test.autonomic.zone
stack: nextcloud
@ -11,15 +11,39 @@ steps:
purge: true
deploy_key:
from_secret: drone_ssh_swarm_test
networks:
- proxy
environment:
DOMAIN: nextcloud.swarm-test.autonomic.zone
STACK_NAME: nextcloud
LETS_ENCRYPT_ENV: production
ADMIN_USER: foobar
FPM_TUNE_VERSION: v1
NGINX_CONF_VERSION: v1
MY_CNF_VERSION: v1
ENTRYPOINT_VERSION: v1
SECRET_DB_PASSWORD_VERSION: v1
SECRET_DB_ROOT_PASSWORD_VERSION: v1
SECRET_ADMIN_PASSWORD_VERSION: v1
SECRET_ONLYOFFICE_JWT_VERSION: v1
SECRET_BBB_SECRET_VERSION: v1
EXTRA_VOLUME: "/dev/null:/tmp/.dummy"
trigger:
branch:
- main
---
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

53
.env.sample
View File

@ -1,4 +1,6 @@
TYPE=nextcloud
TIMEOUT=900
ENABLE_AUTO_UPDATE=true
DOMAIN=nextcloud.example.com
## Domain aliases
@ -9,6 +11,8 @@ COMPOSE_FILE="compose.yml"
COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
#MAX_DB_CONNECTIONS=500
ADMIN_USER=admin
SECRET_DB_ROOT_PASSWORD_VERSION=v1
@ -16,3 +20,52 @@ SECRET_DB_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1
EXTRA_VOLUME=/dev/null:/tmp/.dummy
PHP_MEMORY_LIMIT=1G
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=16
FPM_START_SERVERS=4
FPM_MIN_SPARE_SERVERS=4
FPM_MAX_SPARE_SERVERS=12
DEFAULT_QUOTA="10 GB"
# X_FRAME_OPTIONS_ENABLED=1
# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
# SMTP_AUTHTYPE=
# SMTP_HOST=
# SMTP_SECURE=
# SMTP_NAME=
# SMTP_PORT=
# MAIL_FROM_ADDRESS=
# MAIL_DOMAIN=
# SECRET_SMTP_PASSWORD_VERSION=v1
# APPS="calendar"
# COLLABORA_URL=https://collabora.example.com
# COMPOSE_FILE="$COMPOSE_FILE:compose.onlyoffice.yml"
# ONLYOFFICE_URL=https://onlyoffice.example.com
# APPS="$APPS onlyoffice"
# SECRET_ONLYOFFICE_JWT_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.bbb.yml"
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
# APPS="$APPS sociallogin"
# AUTHENTIK_USER_PREFIX=authentik
# AUTHENTIK_DOMAIN=authentik.example.com
# SECRET_AUTHENTIK_SECRET_VERSION=v1
# SECRET_AUTHENTIK_ID_VERSION=v1
# OCC_CMDS="app:disable dashboard"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1

149
README.md
View File

@ -6,38 +6,91 @@ Fully automated luxury Nextcloud via docker-swarm.
<!-- metadata -->
* **Category**: Apps
* **Status**: 2, beta
* **Status**: 5
* **Image**: [`nextcloud`](https://hub.docker.com/_/nextcloud), 4, upstream
* **Healthcheck**: Yes
* **Backups**: No
* **Backups**: Yes
* **Email**: 3
* **Tests**: 2
* **SSO**: 1 (OAuth)
<!-- endmetadata -->
## Basic usage
## Quick start
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
* `abra app new nextcloud`
* `abra app config <app-name>`
* `abra app secret insert <app-name> smtp_password v1 <SMTP_PASSWORD>`
* `abra app secret generate -a <app-name>`
* `abra app deploy <app-name>`
## How do I customise the default home page when logging in?
### Onlyoffice Integration
- Delete the dashboard app since it is so corporate
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
ONLYOFFICE_URL=https://onlyoffice.example.com
SECRET_ONLYOFFICE_JWT_VERSION=v1
```
`abra app secret insert <app-name> onlyoffice_jwt v1 <jwt_secret>`
`abra app cmd <app-name> app install_onlyoffice`
### BBB Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
SECRET_BBB_SECRET_VERSION=v1
```
`abra app secret insert <app-name> bbb_secret v1 <bbb_secret>`
`abra app cmd <app-name> app install_bbb`
### Authentik Integration
`abra app config <app-name>`
Configure the following envs:
```
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
```
`abra app cmd <app-name> app set_authentik`
### Disable Dashboard
Disable dashboard app since it is so corporate:
`abra app config <app-name>`
Configure the following envs:
```
OCC_CMDS="app:disable dashboard"
```
`abra app cmd <app-name> app post_install_occ`
## Running `occ`
`abra app run --user www-data YOURAPPDOMAIN app occ user:list --help`
`abra app cmd <app-name> app run_occ '"user:list --help"'`
## Default user files
- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app
## Default App
- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder)
## Upgrading Nextcloud apps
`abra app run --user www-data YOURAPPDOMAIN app occ app:update --all`
`abra app cmd <app-name> app run_occ '"app:update --all"'`
## How do I fix a Nextcloud version snafu?
@ -66,7 +119,7 @@ Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the
```
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => 'mysecret',
'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm',
'oidc_login_provider_url' => 'https://example.com/realms/myrealm',
'oidc_login_disable_registration' => false,
'oidc_login_hide_password_form' => true,
'oidc_login_button_text' => 'Log in with your myssodomain',
@ -166,3 +219,65 @@ Here is an example CSS config which hides the local login and makes space for a
[nextcloud-docker]: https://hub.docker.com/_/nextcloud/
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
## Using [`previewgenerator`](https://github.com/nextcloud/previewgenerator) app
> Beware, this appp has been known to not work...
After you install, enable etc. then you need to run the generation (**warning**: it can take a long time!):
```
abra app run <domain> app bash -u www-data
./occ preview:generate-all
```
To set up the cron to run again, there is [no clear solution in the context of
containers](https://github.com/nextcloud/previewgenerator/issues/1). So, a
pretty dodgy hack is to run it from the system directly:
```
root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate
#!/bin/bash
docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate
```
This app will improve performance of image browsing at the cost of storage space.
## Fulltextsearch using elasticsearch
1. Uncomment the following lines in your env file:
```
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
```
2. Generate the secret for elasticsearch:
```bash
abra app secret generate <domain> elasticsearch_password v1
```
3. Deploy your app:
```bash
abra app deploy <domain>
```
4. Install the apps and configure them:
```
abra app cmd <domain> app install_fulltextsearch
```
5. You might need to configure the files_fulltextsearch app. run this command to check its settings:
```
abra app cmd <domain> app run_occ '"config:list files_fulltextsearch"
```
6. You can check if the nextcloud can connect to elasticsearch:
```
abra app cmd <domain> app run_occ '"fulltextsearch:test"'
```
And you can populate the index manually and check if any errors occur:
```
abra app cmd <domain> app run_occ '"fulltextsearch:index"'
```

197
abra.sh
View File

@ -1,105 +1,128 @@
export FPM_TUNE_VERSION=v4
export NGINX_CONF_VERSION=v2
export MY_CNF_VERSION=v4
#!/bin/bash
NC_APP_DIR="app:/var/www/html"
export FPM_TUNE_VERSION=v5
export NGINX_CONF_VERSION=v7
export MY_CNF_VERSION=v5
export ENTRYPOINT_VERSION=v3
export CRONTAB_VERSION=v1
sub_occ(){
# shellcheck disable=SC2034
abra__service_="app"
# shellcheck disable=SC2034
abra___user="www-data"
sub_app_run php /var/www/html/occ "$@"
run_occ() {
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
}
_backup_app() {
# Copied _abra_backup_dir to make UX better on restore and backup
{
abra__src_="$1"
abra__dst_="-"
}
# shellcheck disable=SC2154
FILENAME="$(basename "$1").tar"
debug "Copying '$1' to '$FILENAME'"
silence
mkdir -p /tmp/abra
sub_app_cp > /tmp/abra/$FILENAME
unsilence
post_install_occ() {
IFS='|' read -ra CMD <<<"$OCC_CMDS"
for cmd in "${CMD[@]}"; do
run_occ "$cmd"
done
}
next_maintenance_on() {
silence
sub_occ maintenance:mode --on > /dev/null
unsilence
debug "Nextcloud maintenance mode enabled"
install_apps() {
install_apps="$@"
if [ -z "$install_apps" ]; then
install_apps=$APPS
fi
for app in $install_apps; do
run_occ "app:install $app"
done
}
next_maintenance_off() {
silence
sub_occ maintenance:mode --off > /dev/null
unsilence
debug "Nextcloud maintenance mode disabled"
set_app_config() {
APP=$1
KEY=$2
VALUE=$3
run_occ "config:app:set $APP $KEY --value '$VALUE'"
}
abra_backup_app() {
# shellcheck disable=SC2154
ARK_FILENAME="$ABRA_BACKUP_DIR/${abra__app_}_app_$(date +%F).tar.gz"
# Cant be FILENAME as that gets changed by something
next_maintenance_on
_backup_app $NC_APP_DIR/config
_backup_app $NC_APP_DIR/data
_backup_app $NC_APP_DIR/themes
# Combine archives
tar -Af /tmp/abra/config.tar /tmp/abra/data.tar
tar -Af /tmp/abra/config.tar /tmp/abra/themes.tar
gzip /tmp/abra/config.tar -c > "$ARK_FILENAME"
rm /tmp/abra/*.tar
success "Backed up 'app' to $ARK_FILENAME"
next_maintenance_off
set_system_config() {
KEY=$1
VALUE=$2
run_occ "config:system:set $KEY --value '$VALUE'"
}
abra_backup_db() {
next_maintenance_on
_abra_backup_mysql "db" "nextcloud"
next_maintenance_off
set_trusted_proxies() {
trusted_proxies="$@"
if [ -z "$1" ]; then
trusted_proxies="$TRUSTED_PROXIES"
fi
set_system_config trusted_proxies "$trusted_proxies"
}
abra_backup() {
abra_backup_app && abra_backup_db
set_logfile_stdout() {
set_system_config logfile '/dev/stdout'
}
install_bbb() {
install_apps bbb
set_app_config bbb app.navigation true
set_app_config bbb api.url "$BBB_URL"
set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)"
}
install_onlyoffice() {
install_apps onlyoffice
set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL"
set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)"
set_app_config onlyoffice customizationForcesave true
}
install_collabora() {
install_apps richdocuments
set_app_config richdocuments wopi_url "$COLLABORA_URL"
}
install_fulltextsearch() {
install_apps fulltextsearch
install_apps fulltextsearch_elasticsearch
install_apps files_fulltextsearch
set_app_config fulltextsearch search_platform "OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"
set_app_config fulltextsearch_elasticsearch elastic_host "http://elastic:$(cat /run/secrets/elasticsearch_password)@elasticsearch:9200/"
set_app_config fulltextsearch_elasticsearch elastic_index "nextcloud"
set_app_config files_fulltextsearch files_local "1"
}
set_default_quota() {
set_app_config files default_quota "$DEFAULT_QUOTA"
}
set_authentik() {
install_apps sociallogin
AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
set_app_config sociallogin custom_providers "
{
\"custom_oidc\":[
{
\"name\":\"$AUTHENTIK_USER_PREFIX\",
\"title\":\"authentik\",
\"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
\"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
\"displayNameClaim\":\"preferred_username\",
\"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
\"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
\"clientId\":\"$AUTHENTIK_ID\",
\"clientSecret\":\"$AUTHENTIK_SECRET\",
\"scope\":\"openid profile email nextcloud\",
\"groupsClaim\":\"nextcloud_groups\",
\"style\":\"openid\",
\"defaultGroup\":\"\",
\"groupMapping\": {
\"admin\": \"admin\",
\"authentik Admins\": \"admin\"
}
}
]
}"
set_app_config sociallogin update_profile_on_login 1
set_app_config sociallogin auto_create_groups 1
set_app_config sociallogin hide_default_login 1
run_occ 'config:system:set social_login_auto_redirect --value true'
run_occ 'config:system:set allow_user_to_change_display_name --value=false'
run_occ 'config:system:set lost_password_link --value=disabled'
}
abra_restore_app() {
next_maintenance_on
# shellcheck disable=SC2034
{
abra__src_="-"
abra__dst_=$NC_APP_DIR
}
zcat "$@" | sub_app_cp
next_maintenance_off
sub_occ files:scan --all > /dev/null # Needs to be run in normal mode
success "Restored 'app'"
disable_skeletondirectory() {
run_occ "config:system:set skeletondirectory --value ''"
}
# abra_restore_db() {
# warning "Restoring the database is on a existing app and not a new one has not been tested. Use with caution."
# next_maintenance_on
# # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
# # got this far..
# # shellcheck disable=SC2034
# abra___no_tty="true"
# DB_PASSWORD=$(sub_app_run cat /run/secrets/db_password)
# zcat "$@" | sub_app_run mysql -u root -p"$DB_PASSWORD" wordpress
# success "Restored 'db'"
# next_maintenance_off
# }

24
alaconnect.yml Normal file
View File

@ -0,0 +1,24 @@
authentik:
uncomment:
- compose.authentik.yml
- AUTHENTIK_USER_PREFIX
- AUTHENTIK_DOMAIN
- SECRET_AUTHENTIK_SECRET_VERSION
- SECRET_AUTHENTIK_ID_VERSION
initial-hooks:
- app set_authentik
shared_secrets:
nextcloud_secret: authentik_secret
nextcloud_id: authentik_id
onlyoffice:
uncomment:
- compose.onlyoffice.yml
- ONLYOFFICE_URL
- SECRET_ONLYOFFICE_JWT_VERSION
initial-hooks:
- app install_onlyoffice
collabora:
uncomment:
- COLLABORA_URL
initial-hooks:
- app install_collabora

14
compose.authentik.yml Normal file
View File

@ -0,0 +1,14 @@
version: "3.8"
services:
app:
secrets:
- authentik_secret
- authentik_id
secrets:
authentik_secret:
external: true
name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
authentik_id:
external: true
name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}

12
compose.bbb.yml Normal file
View File

@ -0,0 +1,12 @@
version: "3.8"
services:
app:
secrets:
- bbb_secret
environment:
- BBB_URL
secrets:
bbb_secret:
external: true
name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION}

55
compose.fulltextsearch.yml Normal file
View File

@ -0,0 +1,55 @@
version: "3.8"
services:
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch:8.15.0"
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.type=single-node
# Disable authentication and ssl completely
# - xpack.security.enabled=false
# Use this to enable Basic Authentication:
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- ELASTIC_PASSWORD_FILE=/var/run/secrets/elasticsearch_password
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- elasticsearch:/usr/share/elasticsearch/data
networks:
- internal
secrets:
- source: elasticsearch_password
uid: "1000"
gid: "1000"
mode: 0600
searchindexer:
image: nextcloud:29.0.5-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
- nextdata:/var/www/html/data:cached
- nextconfig:/var/www/html/config:cached
- ${EXTRA_VOLUME}
networks:
- internal
entrypoint: su -p www-data -s /bin/sh -c '/var/www/html/occ fulltextsearch:live'
# Add the secret to the app service so it is avaiable in the
# install_fulltextsearch command
app:
secrets:
- elasticsearch_password
secrets:
elasticsearch_password:
external: true
name: ${STACK_NAME}_elasticsearch_password_${SECRET_ELASTICSEARCH_PASSWORD_VERSION}
volumes:
elasticsearch:

19
compose.mariadb.yml
View File

@ -15,6 +15,7 @@ services:
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
- MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-100}
configs:
- source: my_tune
target: /etc/mysql/conf.d/my-tune.cnf
@ -28,13 +29,25 @@ services:
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
backupbot.backup.post-hook: "rm -rf /tmp/backup"
backupbot.backup.path: "/tmp/backup/"
backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
backupbot.backup.path: "/var/lib/mysql/backup.sql"
healthcheck:
test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping']
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
configs:
my_tune:
name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
file: my-tune.cnf
template_driver: golang
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
volumes:
mariadb:

12
compose.onlyoffice.yml Normal file
View File

@ -0,0 +1,12 @@
version: "3.8"
services:
app:
secrets:
- onlyoffice_jwt
environment:
- ONLYOFFICE_URL
secrets:
onlyoffice_jwt:
external: true
name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION}

16
compose.postgres.yml
View File

@ -2,7 +2,6 @@ version: '3.8'
services:
app:
entrypoint: "sh -c 'sleep 10 && /entrypoint.sh php-fpm'" # tries to mitigate this error with postgres https://github.com/nextcloud/docker/issues/1204
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
@ -11,28 +10,29 @@ services:
- NEXTCLOUD_UPDATE=1
db:
image: "postgres:12"
image: "postgres:13"
command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
volumes:
- "postgres:/var/lib/postgresql/data"
networks:
- internal
environment:
POSTGRES_USER: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: nextcloud
POSTGRES_DB: nextcloud
secrets:
- db_password
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
test: ["CMD-SHELL", "pg_isready", "-U", "nextcloud"]
interval: 10s
timeout: 5s
retries: 5
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
backupbot.backup.post-hook: "rm -rf /tmp/backup"
backupbot.backup.path: "/tmp/backup/"
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
backupbot.backup.path: "/var/lib/postgresql/data/"
volumes:
postgres:

19
compose.smtp.yml Normal file
View File

@ -0,0 +1,19 @@
version: "3.8"
services:
app:
secrets:
- smtp_password
environment:
- SMTP_AUTHTYPE
- SMTP_HOST
- SMTP_SECURE
- SMTP_NAME
- SMTP_PORT
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
secrets:
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

77
compose.yml
View File

@ -1,11 +1,15 @@
version: "3.8"
services:
web:
image: nginx:1.21.6
image: nginx:1.27.1
depends_on:
- app
configs:
- source: nginx_conf
target: /etc/nginx/nginx.conf
environment:
- X_FRAME_OPTIONS_ALLOW_FROM
- X_FRAME_OPTIONS_ENABLED
- DOMAIN
- STACK_NAME
volumes:
@ -31,31 +35,49 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "caddy=${DOMAIN}"
- "caddy.reverse_proxy={{upstreams 80}}"
- "caddy.tls.on_demand="
healthcheck:
test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 5m
app:
image: nextcloud:24.0.0-fpm
image: nextcloud:29.0.5-fpm
depends_on:
- db
configs:
- source: fpm_tune
target: /usr/local/etc/php-fpm.d/fpm-tune.conf
target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf
- source: entrypoint
target: /custom-entrypoint.sh
mode: 555
entrypoint: /custom-entrypoint.sh
secrets:
- db_password
- admin_password
environment:
- APPS
- OCC_CMDS
- X_FRAME_OPTIONS_ALLOW_FROM
- X_FRAME_OPTIONS_ENABLED
- DOMAIN
- STACK_NAME
- NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
- TRUSTED_PROXIES=traefik
- TRUSTED_PROXIES=10.0.0.0/8
- REDIS_HOST=cache
- SMTP_HOST
- MAIL_FROM_ADDRESS
- MAIL_DOMAIN
- SMTP_AUTHTYPE=PLAIN
- OVERWRITEPROTOCOL=https
- PHP_MEMORY_LIMIT=1G
- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
- FPM_START_SERVERS=${FPM_START_SERVERS:-32}
- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
- FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}
- DEFAULT_QUOTA
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -69,13 +91,19 @@ services:
failure_action: rollback
order: start-first
labels:
- "coop-cloud.${STACK_NAME}.version=2.1.0+24.0.0-fpm"
- "coop-cloud.${STACK_NAME}.version=9.0.0+29.0.5-fpm"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "backupbot.backup=true"
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
healthcheck:
test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
interval: 30s
timeout: 10s
retries: 10
start_period: 15m
cron:
image: nextcloud:24.0.0-fpm
image: nextcloud:29.0.5-fpm
volumes:
- nextcloud:/var/www/html/
- nextapps:/var/www/html/custom_apps:cached
@ -85,21 +113,27 @@ services:
networks:
- internal
entrypoint: /cron.sh
configs:
- source: crontab
target: /var/spool/cron/crontabs/www-data
cache:
image: redis:7.0.0-alpine
image: redis:7.4.0-alpine
networks:
- internal
volumes:
- "redis:/data"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 3s
timeout: 5s
retries: 20
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
admin_password:
external: true
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
@ -111,6 +145,7 @@ volumes:
nextconfig:
redis:
configs:
nginx_conf:
name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
@ -119,6 +154,14 @@ configs:
fpm_tune:
name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
file: fpm-tune.ini
template_driver: golang
entrypoint:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
crontab:
name: ${STACK_NAME}_crontab_${CRONTAB_VERSION}
file: crontab
networks:
proxy:

1
crontab Normal file
View File

@ -0,0 +1 @@
*/5 * * * * php -d memory_limit=1G -f /var/www/html/cron.php

41
entrypoint.sh.tmpl Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "SMTP_PASSWORD"
echo "Giving the db container some time to come up"; sleep 20
# see this issue with postgres db https://github.com/nextcloud/docker/issues/1204
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Http/ContentSecurityPolicy.php) ]]; then
sed -i "91 a\\\t\t'{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}', " lib/public/AppFramework/Http/ContentSecurityPolicy.php
fi
{{ end }}
# Required for healthcheck
which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
/entrypoint.sh php-fpm

8
fpm-tune.ini
View File

@ -1,5 +1,5 @@
pm = dynamic
pm.max_children = 131
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 98
pm.max_children = {{ env "FPM_MAX_CHILDREN" }}
pm.start_servers = {{ env "FPM_START_SERVERS" }}
pm.min_spare_servers = {{ env "FPM_MIN_SPARE_SERVERS" }}
pm.max_spare_servers = {{ env "FPM_MAX_SPARE_SERVERS" }}

2
my-tune.cnf
View File

@ -13,7 +13,7 @@ key_buffer_size = 16M
innodb_log_file_size = 256M
long_query_time = 1
max_allowed_packet = 256M
max_connections = 100
max_connections = {{ env "MAX_DB_CONNECTIONS" }}
max_heap_table_size = 64M
max_user_connections = 0
myisam_recover_options = BACKUP

26
nginx.conf.tmpl
View File

@ -11,6 +11,10 @@ events {
http {
include /etc/nginx/mime.types;
# See https://github.com/nextcloud/forms/issues/1838#issuecomment-1860497200
types {
application/javascript js mjs;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -41,6 +45,7 @@ http {
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
@ -58,13 +63,19 @@ http {
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
{{ else }}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
{{ end }}
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
@ -125,6 +136,9 @@ http {
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;

0
releases/2.0.0+23.0.3-fpm → release/2.0.0+23.0.3-fpm
View File

57
release/3.1.0+25.0.1-fpm Normal file
View File

@ -0,0 +1,57 @@
## FPM Tune
The fpm-tune.ini settings are now configurable by `.env`. Please add this to your servers configs:
```
# fpm-tune, see: https://spot13.com/pmcalculator/
FPM_MAX_CHILDREN=131
FPM_START_SERVERS=32
FPM_MIN_SPARE_SERVERS=32
FPM_MAX_SPARE_SERVERS=98
```
## SMTP
Add SMTP Config to your .env file:
```
# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values
# SMTP_AUTHTYPE=
# SMTP_HOST=
# SMTP_SECURE=
# SMTP_NAME=
# SMTP_PORT=
# MAIL_FROM_ADDRESS=
# MAIL_DOMAIN=
# SECRET_SMTP_PASSWORD_VERSION=v1
abra app secret insert example.com smtp_password v1 example_password
```
## Post Deploy Commands
Some Apps can also be managed with abra app cmd!
```
# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml"
# APPS="calendar sociallogin onlyoffice"
abra app cmd example.com app install_apps
# ONLYOFFICE_URL=https://onlyoffice.example.com
# SECRET_ONLYOFFICE_JWT_VERSION=v1
abra app secret insert example.com onlyoffice_jwt v1 example_password
abra app cmd example.com app install_onlyoffice
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
# SECRET_BBB_SECRET_VERSION=v1
abra app secret insert example.com bbb_secret v1 example_password
abra app cmd example.com app install_bbb
```
## Set Quota
```
# DEFAULT_QUOTA="10 GB"
abra app cmd example.com app set_default_quota
```

11
release/3.2.0+25.0.4-fpm Normal file
View File

@ -0,0 +1,11 @@
If the authentik configuration should be handled by abra add the following to the env:
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
AUTHENTIK_USER_PREFIX=authentik
AUTHENTIK_DOMAIN=authentik.example.com
AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik
AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik
And run:
abra app cmd <app-name> app set_authentik

1
release/5.0.1+27.0.1-fpm Normal file
View File

@ -0,0 +1 @@
The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more.

1
release/8.0.0+29.0.1-fpm Normal file
View File

@ -0,0 +1 @@
BREAKING CHANGE: compose.apps.yml is now split for bbb and onlyoffice, configs must be updated