From 20f0a45baf110a6b5575b2403f6c8cd5dab714c8 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 8 Nov 2022 12:31:24 +0100 Subject: [PATCH 01/60] Automatically install apps specified via env variable. --- .env.sample | 1 + compose.yml | 1 + entrypoint.sh.tmpl | 21 +++++++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/.env.sample b/.env.sample index 89587e4..3155405 100644 --- a/.env.sample +++ b/.env.sample @@ -19,3 +19,4 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org +# APPS="calendar" "sociallogin" "onlyoffice" diff --git a/compose.yml b/compose.yml index f193a40..71c123d 100644 --- a/compose.yml +++ b/compose.yml @@ -49,6 +49,7 @@ services: - db_password - admin_password environment: + - APPS - X_FRAME_OPTIONS_ALLOW_FROM - X_FRAME_OPTIONS_ENABLED - DOMAIN diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 30d21e8..e8fdaba 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -9,4 +9,25 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht fi {{ end }} +run_occ(){ + su -p www-data -s /bin/sh -c "/var/www/html/occ $@" +} + +if [ ! -f /var/www/html/version.php ] +then + # Install nextcloud, without executing php-fpm + sed 's/exec "$@"/#exec "$@"/' -i /entrypoint.sh + /entrypoint.sh php-fpm + sed 's/#exec "$@"/exec "$@"/' -i /entrypoint.sh +fi + +installed=$(run_occ status | grep installed | grep true) +if [[ -n $installed ]] +then + for app in $APPS + do + run_occ "app:install $app" + done +fi + /entrypoint.sh php-fpm -- 2.47.2 From 992992d6787b880c2a5259edf159765d2d369b17 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 8 Nov 2022 15:41:37 +0100 Subject: [PATCH 02/60] Revert "Automatically install apps specified via env variable." for entrypoint.sh.tmpl This reverts commit 20f0a45baf110a6b5575b2403f6c8cd5dab714c8 for entrypoint.sh.tmpl --- entrypoint.sh.tmpl | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index e8fdaba..30d21e8 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -9,25 +9,4 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht fi {{ end }} -run_occ(){ - su -p www-data -s /bin/sh -c "/var/www/html/occ $@" -} - -if [ ! -f /var/www/html/version.php ] -then - # Install nextcloud, without executing php-fpm - sed 's/exec "$@"/#exec "$@"/' -i /entrypoint.sh - /entrypoint.sh php-fpm - sed 's/#exec "$@"/exec "$@"/' -i /entrypoint.sh -fi - -installed=$(run_occ status | grep installed | grep true) -if [[ -n $installed ]] -then - for app in $APPS - do - run_occ "app:install $app" - done -fi - /entrypoint.sh php-fpm -- 2.47.2 From 827cb16964f367f531d6ae93766c11e4f6388178 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 8 Nov 2022 15:46:13 +0100 Subject: [PATCH 03/60] abra.sh post-deployment command to install apps --- .env.sample | 3 ++- abra.sh | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 3155405..415d88d 100644 --- a/.env.sample +++ b/.env.sample @@ -19,4 +19,5 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org -# APPS="calendar" "sociallogin" "onlyoffice" +# APPS="calendar sociallogin onlyoffice" + diff --git a/abra.sh b/abra.sh index d8dd9df..bcb4af5 100644 --- a/abra.sh +++ b/abra.sh @@ -13,6 +13,22 @@ sub_occ(){ sub_app_run php /var/www/html/occ "$@" } +run_occ(){ + su -p www-data -s /bin/sh -c "/var/www/html/occ $@" +} + +install_apps(){ + install_apps="$@" + if [ -z "$install_apps" ] + then + install_apps=$APPS + fi + for app in $install_apps + do + run_occ "app:install $app" + done +} + _backup_app() { # Copied _abra_backup_dir to make UX better on restore and backup { -- 2.47.2 From d3d1aee6a3cfd0e40c899a2ea4212b0089071c50 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sat, 12 Nov 2022 19:24:09 -0800 Subject: [PATCH 04/60] Auto-create `proxy` network during CI test --- .drone.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index b7b6066..94c6b7a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -11,6 +11,8 @@ steps: purge: true deploy_key: from_secret: drone_ssh_swarm_test + networks: + - proxy environment: DOMAIN: nextcloud.swarm-test.autonomic.zone STACK_NAME: nextcloud -- 2.47.2 From 0f6b38557cd21c1f10128038089df040816aa2d7 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sat, 12 Nov 2022 19:35:04 -0800 Subject: [PATCH 05/60] Set config versions for CI deployment --- .drone.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.drone.yml b/.drone.yml index 94c6b7a..0149cb5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -18,6 +18,10 @@ steps: STACK_NAME: nextcloud LETS_ENCRYPT_ENV: production ADMIN_USER: foobar + FPM_TUNE_VERSION: v1 + NGINX_CONF_VERSION: v1 + MY_CNF_VERSION: v1 + ENTRYPOINT_VERSION: v1 SECRET_DB_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1 SECRET_ADMIN_PASSWORD_VERSION: v1 -- 2.47.2 From 0278daa5b6fe255bf985673dfa46f3b9f6c82620 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 15 Nov 2022 11:04:35 +0100 Subject: [PATCH 06/60] refactor: clean abra.sh file from old unused functions --- abra.sh | 102 -------------------------------------------------------- 1 file changed, 102 deletions(-) diff --git a/abra.sh b/abra.sh index bcb4af5..b12de65 100644 --- a/abra.sh +++ b/abra.sh @@ -3,16 +3,6 @@ export NGINX_CONF_VERSION=v4 export MY_CNF_VERSION=v4 export ENTRYPOINT_VERSION=v2 -NC_APP_DIR="app:/var/www/html" - -sub_occ(){ - # shellcheck disable=SC2034 - abra__service_="app" - # shellcheck disable=SC2034 - abra___user="www-data" - sub_app_run php /var/www/html/occ "$@" -} - run_occ(){ su -p www-data -s /bin/sh -c "/var/www/html/occ $@" } @@ -28,95 +18,3 @@ install_apps(){ run_occ "app:install $app" done } - -_backup_app() { - # Copied _abra_backup_dir to make UX better on restore and backup - { - abra__src_="$1" - abra__dst_="-" - } - - # shellcheck disable=SC2154 - FILENAME="$(basename "$1").tar" - - debug "Copying '$1' to '$FILENAME'" - - silence - mkdir -p /tmp/abra - sub_app_cp > /tmp/abra/$FILENAME - unsilence -} - -next_maintenance_on() { - silence - sub_occ maintenance:mode --on > /dev/null - unsilence - debug "Nextcloud maintenance mode enabled" -} - -next_maintenance_off() { - silence - sub_occ maintenance:mode --off > /dev/null - unsilence - debug "Nextcloud maintenance mode disabled" -} - -abra_backup_app() { - # shellcheck disable=SC2154 - ARK_FILENAME="$ABRA_BACKUP_DIR/${abra__app_}_app_$(date +%F).tar.gz" - # Cant be FILENAME as that gets changed by something - next_maintenance_on - _backup_app $NC_APP_DIR/config - _backup_app $NC_APP_DIR/data - _backup_app $NC_APP_DIR/themes - # Combine archives - tar -Af /tmp/abra/config.tar /tmp/abra/data.tar - tar -Af /tmp/abra/config.tar /tmp/abra/themes.tar - gzip /tmp/abra/config.tar -c > "$ARK_FILENAME" - rm /tmp/abra/*.tar - success "Backed up 'app' to $ARK_FILENAME" - next_maintenance_off -} - -abra_backup_db() { - next_maintenance_on - _abra_backup_mysql "db" "nextcloud" - next_maintenance_off -} - -abra_backup() { - abra_backup_app && abra_backup_db -} - - -abra_restore_app() { - next_maintenance_on - # shellcheck disable=SC2034 - { - abra__src_="-" - abra__dst_=$NC_APP_DIR - } - - zcat "$@" | sub_app_cp - - next_maintenance_off - sub_occ files:scan --all > /dev/null # Needs to be run in normal mode - success "Restored 'app'" -} - -# abra_restore_db() { -# warning "Restoring the database is on a existing app and not a new one has not been tested. Use with caution." -# next_maintenance_on -# # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we -# # got this far.. - -# # shellcheck disable=SC2034 -# abra___no_tty="true" - -# DB_PASSWORD=$(sub_app_run cat /run/secrets/db_password) - -# zcat "$@" | sub_app_run mysql -u root -p"$DB_PASSWORD" wordpress - -# success "Restored 'db'" -# next_maintenance_off -# } -- 2.47.2 From 8a3e9f13179c73362a21afa8662ef954b30ef7fd Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 16 Nov 2022 15:48:21 +0100 Subject: [PATCH 07/60] Add install_bbb app command --- abra.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/abra.sh b/abra.sh index b12de65..5ce711e 100644 --- a/abra.sh +++ b/abra.sh @@ -1,3 +1,5 @@ +#!/bin/bash + export FPM_TUNE_VERSION=v4 export NGINX_CONF_VERSION=v4 export MY_CNF_VERSION=v4 @@ -18,3 +20,19 @@ install_apps(){ run_occ "app:install $app" done } + +set_app_config(){ + APP=$1 + KEY=$2 + VALUE=$3 + run_occ "config:app:set $APP $KEY --value $VALUE" +} + +install_bbb(){ + URL=$1 # https://talk.example.org/bigbluebutton/ (trailing slash!) + SECRET=$2 # bbb secret key + install_apps bbb + set_app_config bbb app.navigation true + set_app_config bbb api.url "$URL" + set_app_config bbb api.secret "$SECRET" +} -- 2.47.2 From b86b044e5efd20126404a3a5337e98dfed1387c0 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Wed, 16 Nov 2022 20:42:51 -0800 Subject: [PATCH 08/60] Return to .example.com templating --- .env.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 415d88d..2135b60 100644 --- a/.env.sample +++ b/.env.sample @@ -1,6 +1,6 @@ TYPE=nextcloud -DOMAIN={{ .Domain }} +DOMAIN=nextcloud.example.com ## Domain aliases #EXTRA_DOMAINS=', `www.nextcloud.example.com`' LETS_ENCRYPT_ENV=production -- 2.47.2 From 832655e3601f195c9ef901d418232867f63f8586 Mon Sep 17 00:00:00 2001 From: decentral1se Date: Fri, 18 Nov 2022 17:33:04 +0100 Subject: [PATCH 09/60] chore: publish 3.0.0+25.0.1-fpm release --- compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose.yml b/compose.yml index 71c123d..c99e810 100644 --- a/compose.yml +++ b/compose.yml @@ -35,7 +35,7 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" app: - image: nextcloud:24.0.6-fpm + image: nextcloud:25.0.1-fpm depends_on: - db configs: @@ -78,12 +78,12 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=2.1.4+24.0.6-fpm" + - "coop-cloud.${STACK_NAME}.version=3.0.0+25.0.1-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" cron: - image: nextcloud:24.0.6-fpm + image: nextcloud:25.0.1-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached -- 2.47.2 From 26bd2225d49fd8098ca878c3728102b27f1f7d36 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Mon, 21 Nov 2022 21:37:36 -0800 Subject: [PATCH 10/60] Fix typo in db_password versioning --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index c99e810..5027477 100644 --- a/compose.yml +++ b/compose.yml @@ -107,7 +107,7 @@ secrets: name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} db_password: external: true - name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} admin_password: external: true name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} -- 2.47.2 From 17bedc79e5866dee68f066fdf98d451035a69c33 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Fri, 2 Dec 2022 11:26:02 +0100 Subject: [PATCH 11/60] chore: publish 3.0.1+25.0.1-fpm release --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index 5027477..0e47ba9 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.23.1 + image: nginx:1.23.2 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -78,7 +78,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.0.0+25.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=3.0.1+25.0.1-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From 1b76b6211f508f8f8a1cfe9844c6df2fc9e90318 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 6 Dec 2022 13:27:45 +0100 Subject: [PATCH 12/60] add install_onlyoffice command --- .env.sample | 3 ++- abra.sh | 8 ++++++++ compose.yml | 5 +++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 2135b60..7317c06 100644 --- a/.env.sample +++ b/.env.sample @@ -14,10 +14,11 @@ ADMIN_USER=admin SECRET_DB_ROOT_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 SECRET_ADMIN_PASSWORD_VERSION=v1 +# SECRET_ONLYOFFICE_JWT_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy # X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org # APPS="calendar sociallogin onlyoffice" - +# ONLYOFFICE_URL=https://onlyoffice.example.com diff --git a/abra.sh b/abra.sh index 5ce711e..24f3b5d 100644 --- a/abra.sh +++ b/abra.sh @@ -36,3 +36,11 @@ install_bbb(){ set_app_config bbb api.url "$URL" set_app_config bbb api.secret "$SECRET" } + + +install_onlyoffice(){ + install_apps onlyoffice + set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL" + set_app_config onlyoffice jwt_secret $(cat /run/secrets/onlyoffice_jwt) + set_app_config onlyoffice customizationForcesave true +} diff --git a/compose.yml b/compose.yml index 0e47ba9..372ceec 100644 --- a/compose.yml +++ b/compose.yml @@ -48,6 +48,7 @@ services: secrets: - db_password - admin_password + - onlyoffice_jwt environment: - APPS - X_FRAME_OPTIONS_ALLOW_FROM @@ -65,6 +66,7 @@ services: - SMTP_AUTHTYPE=PLAIN - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G + - ONLYOFFICE_URL volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -111,6 +113,9 @@ secrets: admin_password: external: true name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} + onlyoffice_jwt: + external: true + name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION} volumes: nextcloud: -- 2.47.2 From f87f9fc4da00c6a1cc2f6b2d1b0d350c2d3d986d Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 6 Dec 2022 14:47:29 +0100 Subject: [PATCH 13/60] use docker secrets for bbb --- .env.sample | 4 +++- abra.sh | 8 +++----- compose.yml | 5 +++++ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.env.sample b/.env.sample index 7317c06..6c95e1b 100644 --- a/.env.sample +++ b/.env.sample @@ -14,7 +14,8 @@ ADMIN_USER=admin SECRET_DB_ROOT_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 SECRET_ADMIN_PASSWORD_VERSION=v1 -# SECRET_ONLYOFFICE_JWT_VERSION=v1 +SECRET_ONLYOFFICE_JWT_VERSION=v1 +SECRET_BBB_SECRET_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy @@ -22,3 +23,4 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org # APPS="calendar sociallogin onlyoffice" # ONLYOFFICE_URL=https://onlyoffice.example.com +# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! diff --git a/abra.sh b/abra.sh index 24f3b5d..7c12215 100644 --- a/abra.sh +++ b/abra.sh @@ -29,18 +29,16 @@ set_app_config(){ } install_bbb(){ - URL=$1 # https://talk.example.org/bigbluebutton/ (trailing slash!) - SECRET=$2 # bbb secret key install_apps bbb set_app_config bbb app.navigation true - set_app_config bbb api.url "$URL" - set_app_config bbb api.secret "$SECRET" + set_app_config bbb api.url "$BBB_URL" + set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)" } install_onlyoffice(){ install_apps onlyoffice set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL" - set_app_config onlyoffice jwt_secret $(cat /run/secrets/onlyoffice_jwt) + set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)" set_app_config onlyoffice customizationForcesave true } diff --git a/compose.yml b/compose.yml index 372ceec..2e249cf 100644 --- a/compose.yml +++ b/compose.yml @@ -49,6 +49,7 @@ services: - db_password - admin_password - onlyoffice_jwt + - bbb_secret environment: - APPS - X_FRAME_OPTIONS_ALLOW_FROM @@ -67,6 +68,7 @@ services: - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G - ONLYOFFICE_URL + - BBB_URL volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -116,6 +118,9 @@ secrets: onlyoffice_jwt: external: true name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION} + bbb_secret: + external: true + name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION} volumes: nextcloud: -- 2.47.2 From 0e8c5ecd177a64e4eae550d3fc0d8a981eb4a346 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 6 Dec 2022 15:11:01 +0100 Subject: [PATCH 14/60] fix CI deployment: set bbb and onlyoffice secret version --- .drone.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index 0149cb5..231c1e7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -25,6 +25,8 @@ steps: SECRET_DB_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1 SECRET_ADMIN_PASSWORD_VERSION: v1 + SECRET_ONLYOFFICE_JWT_VERSION: v1 + SECRET_BBB_SECRET_VERSION: v1 EXTRA_VOLUME: "/dev/null:/tmp/.dummy" trigger: branch: -- 2.47.2 From f0bbb2862617d3ea787abed06f53e3193503f640 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 7 Dec 2022 15:21:30 +0100 Subject: [PATCH 15/60] feat: make smtp settings configurable in .env --- .env.sample | 11 +++++++++++ abra.sh | 2 +- compose.smtp.yml | 19 +++++++++++++++++++ compose.yml | 4 ---- entrypoint.sh.tmpl | 27 +++++++++++++++++++++++++++ releases/next | 14 ++++++++++++++ 6 files changed, 72 insertions(+), 5 deletions(-) create mode 100644 compose.smtp.yml create mode 100644 releases/next diff --git a/.env.sample b/.env.sample index 6c95e1b..131d164 100644 --- a/.env.sample +++ b/.env.sample @@ -19,6 +19,17 @@ SECRET_BBB_SECRET_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy +# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" +# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values +# SMTP_AUTHTYPE= +# SMTP_HOST= +# SMTP_SECURE= +# SMTP_NAME= +# SMTP_PORT= +# MAIL_FROM_ADDRESS= +# MAIL_DOMAIN= +# SECRET_SMTP_PASSWORD_VERSION=v1 + # X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org # APPS="calendar sociallogin onlyoffice" diff --git a/abra.sh b/abra.sh index 7c12215..8f018e4 100644 --- a/abra.sh +++ b/abra.sh @@ -3,7 +3,7 @@ export FPM_TUNE_VERSION=v4 export NGINX_CONF_VERSION=v4 export MY_CNF_VERSION=v4 -export ENTRYPOINT_VERSION=v2 +export ENTRYPOINT_VERSION=v3 run_occ(){ su -p www-data -s /bin/sh -c "/var/www/html/occ $@" diff --git a/compose.smtp.yml b/compose.smtp.yml new file mode 100644 index 0000000..cd7436b --- /dev/null +++ b/compose.smtp.yml @@ -0,0 +1,19 @@ +version: "3.8" +services: + app: + secrets: + - smtp_password + environment: + - SMTP_AUTHTYPE + - SMTP_HOST + - SMTP_SECURE + - SMTP_NAME + - SMTP_PORT + - SMTP_PASSWORD_FILE=/run/secrets/smtp_password + - MAIL_FROM_ADDRESS + - MAIL_DOMAIN + +secrets: + smtp_password: + external: true + name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} diff --git a/compose.yml b/compose.yml index 2e249cf..c9f733e 100644 --- a/compose.yml +++ b/compose.yml @@ -61,10 +61,6 @@ services: - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} - TRUSTED_PROXIES=traefik - REDIS_HOST=cache - - SMTP_HOST - - MAIL_FROM_ADDRESS - - MAIL_DOMAIN - - SMTP_AUTHTYPE=PLAIN - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G - ONLYOFFICE_URL diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 30d21e8..742ccb9 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -1,5 +1,30 @@ #!/bin/bash +set -eu + +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + + export "$var"="$val" + unset "$fileVar" +} + +file_env "SMTP_PASSWORD" + echo "Giving the db container some time to come up"; sleep 20 # see this issue with postgres db https://github.com/nextcloud/docker/issues/1204 @@ -9,4 +34,6 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht fi {{ end }} + + /entrypoint.sh php-fpm diff --git a/releases/next b/releases/next new file mode 100644 index 0000000..f55314a --- /dev/null +++ b/releases/next @@ -0,0 +1,14 @@ +Add SMTP Config to your .env file: + +``` +# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" +# See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values +# SMTP_AUTHTYPE= +# SMTP_HOST= +# SMTP_SECURE= +# SMTP_NAME= +# SMTP_PORT= +# MAIL_FROM_ADDRESS= +# MAIL_DOMAIN= +# SECRET_SMTP_PASSWORD_VERSION=v1 +``` -- 2.47.2 From c646f95706fa60a197361823f36d7b86e45a94c2 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 7 Dec 2022 16:15:26 +0100 Subject: [PATCH 16/60] refactor: move nc-app secrets to seperate overwrite yml --- .env.sample | 3 +++ compose.apps.yml | 18 ++++++++++++++++++ compose.yml | 10 ---------- releases/next | 9 +++++++++ 4 files changed, 30 insertions(+), 10 deletions(-) create mode 100644 compose.apps.yml diff --git a/.env.sample b/.env.sample index 131d164..9fc92ad 100644 --- a/.env.sample +++ b/.env.sample @@ -32,6 +32,9 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # X_FRAME_OPTIONS_ENABLED=1 # X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org + +# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" # APPS="calendar sociallogin onlyoffice" # ONLYOFFICE_URL=https://onlyoffice.example.com # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! + diff --git a/compose.apps.yml b/compose.apps.yml new file mode 100644 index 0000000..b892636 --- /dev/null +++ b/compose.apps.yml @@ -0,0 +1,18 @@ +version: "3.8" +services: + app: + secrets: + - onlyoffice_jwt + - bbb_secret + environment: + - APPS + - ONLYOFFICE_URL + - BBB_URL + +secrets: + onlyoffice_jwt: + external: true + name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION} + bbb_secret: + external: true + name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION} diff --git a/compose.yml b/compose.yml index c9f733e..ca80a7f 100644 --- a/compose.yml +++ b/compose.yml @@ -48,8 +48,6 @@ services: secrets: - db_password - admin_password - - onlyoffice_jwt - - bbb_secret environment: - APPS - X_FRAME_OPTIONS_ALLOW_FROM @@ -63,8 +61,6 @@ services: - REDIS_HOST=cache - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G - - ONLYOFFICE_URL - - BBB_URL volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -111,12 +107,6 @@ secrets: admin_password: external: true name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} - onlyoffice_jwt: - external: true - name: ${STACK_NAME}_onlyoffice_jwt_${SECRET_ONLYOFFICE_JWT_VERSION} - bbb_secret: - external: true - name: ${STACK_NAME}_bbb_secret_${SECRET_BBB_SECRET_VERSION} volumes: nextcloud: diff --git a/releases/next b/releases/next index f55314a..112b1f9 100644 --- a/releases/next +++ b/releases/next @@ -12,3 +12,12 @@ Add SMTP Config to your .env file: # MAIL_DOMAIN= # SECRET_SMTP_PASSWORD_VERSION=v1 ``` + +Some Apps can also be managed with abra app cmd! + +``` +# COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" +# APPS="calendar sociallogin onlyoffice" +# ONLYOFFICE_URL=https://onlyoffice.example.com +# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! +``` -- 2.47.2 From 9148747de6aa3ee22749901553be4a9e972249ed Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 7 Dec 2022 16:18:37 +0100 Subject: [PATCH 17/60] chore: clean up .env.sample --- .env.sample | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index 9fc92ad..4388ad9 100644 --- a/.env.sample +++ b/.env.sample @@ -14,8 +14,6 @@ ADMIN_USER=admin SECRET_DB_ROOT_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 SECRET_ADMIN_PASSWORD_VERSION=v1 -SECRET_ONLYOFFICE_JWT_VERSION=v1 -SECRET_BBB_SECRET_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy @@ -35,6 +33,10 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" # APPS="calendar sociallogin onlyoffice" +# # ONLYOFFICE_URL=https://onlyoffice.example.com +# SECRET_ONLYOFFICE_JWT_VERSION=v1 +# # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! +# SECRET_BBB_SECRET_VERSION=v1 -- 2.47.2 From 805b29d918f122977ce32eed43943edae4d7226d Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Tue, 13 Dec 2022 15:20:57 +0100 Subject: [PATCH 18/60] feat: template fpm settings this closes #25 --- .env.sample | 10 ++++++++-- abra.sh | 2 +- compose.yml | 5 +++++ fpm-tune.ini | 8 ++++---- releases/next | 20 +++++++++++++++++++- 5 files changed, 37 insertions(+), 8 deletions(-) diff --git a/.env.sample b/.env.sample index 4388ad9..0b019a0 100644 --- a/.env.sample +++ b/.env.sample @@ -17,6 +17,13 @@ SECRET_ADMIN_PASSWORD_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy +# fpm-tune, see: https://spot13.com/pmcalculator/ +FPM_MAX_CHILDREN=131 +FPM_START_SERVERS=32 +FPM_MIN_SPARE_SERVERS=32 +FPM_MAX_SPARE_SERVERS=98 + + # COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" # See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values # SMTP_AUTHTYPE= @@ -36,7 +43,6 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy # # ONLYOFFICE_URL=https://onlyoffice.example.com # SECRET_ONLYOFFICE_JWT_VERSION=v1 -# +# # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! # SECRET_BBB_SECRET_VERSION=v1 - diff --git a/abra.sh b/abra.sh index 8f018e4..bac609d 100644 --- a/abra.sh +++ b/abra.sh @@ -1,6 +1,6 @@ #!/bin/bash -export FPM_TUNE_VERSION=v4 +export FPM_TUNE_VERSION=v5 export NGINX_CONF_VERSION=v4 export MY_CNF_VERSION=v4 export ENTRYPOINT_VERSION=v3 diff --git a/compose.yml b/compose.yml index ca80a7f..86b786e 100644 --- a/compose.yml +++ b/compose.yml @@ -61,6 +61,10 @@ services: - REDIS_HOST=cache - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G + - FPM_MAX_CHILDREN=131 + - FPM_START_SERVERS=32 + - FPM_MIN_SPARE_SERVERS=32 + - FPM_MAX_SPARE_SERVERS=98 volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -124,6 +128,7 @@ configs: fpm_tune: name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION} file: fpm-tune.ini + template_driver: golang entrypoint: name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} file: entrypoint.sh.tmpl diff --git a/fpm-tune.ini b/fpm-tune.ini index 8e0fc5c..af0f58d 100644 --- a/fpm-tune.ini +++ b/fpm-tune.ini @@ -1,5 +1,5 @@ pm = dynamic -pm.max_children = 131 -pm.start_servers = 32 -pm.min_spare_servers = 32 -pm.max_spare_servers = 98 +pm.max_children = {{ env "FPM_MAX_CHILDREN" }} +pm.start_servers = {{ env "FPM_START_SERVERS" }} +pm.min_spare_servers = {{ env "FPM_MIN_SPARE_SERVERS" }} +pm.max_spare_servers = {{ env "FPM_MAX_SPARE_SERVERS" }} diff --git a/releases/next b/releases/next index 112b1f9..684f01f 100644 --- a/releases/next +++ b/releases/next @@ -1,6 +1,21 @@ + +## FPM Tune + +The fpm-tune.ini settings are now configurable by `.env`. Please add this to your servers configs: + +``` +# fpm-tune, see: https://spot13.com/pmcalculator/ +FPM_MAX_CHILDREN=131 +FPM_START_SERVERS=32 +FPM_MIN_SPARE_SERVERS=32 +FPM_MAX_SPARE_SERVERS=98 +``` + +## SMTP + Add SMTP Config to your .env file: -``` +``` # COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" # See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values # SMTP_AUTHTYPE= @@ -13,6 +28,9 @@ Add SMTP Config to your .env file: # SECRET_SMTP_PASSWORD_VERSION=v1 ``` + +## Post Deploy Commands + Some Apps can also be managed with abra app cmd! ``` -- 2.47.2 From 012e9c2310ed15e612b3e27584c2f9b73c38e7aa Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 14 Dec 2022 12:12:41 +0100 Subject: [PATCH 19/60] feat: set default quota via abra app cmd --- .env.sample | 7 ++++--- abra.sh | 5 ++++- compose.yml | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.env.sample b/.env.sample index 0b019a0..a284819 100644 --- a/.env.sample +++ b/.env.sample @@ -23,6 +23,10 @@ FPM_START_SERVERS=32 FPM_MIN_SPARE_SERVERS=32 FPM_MAX_SPARE_SERVERS=98 +DEFAULT_QUOTA="10 GB" + +# X_FRAME_OPTIONS_ENABLED=1 +# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org # COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml" # See https://github.com/nextcloud/docker#auto-configuration-via-environment-variables for default values @@ -35,9 +39,6 @@ FPM_MAX_SPARE_SERVERS=98 # MAIL_DOMAIN= # SECRET_SMTP_PASSWORD_VERSION=v1 -# X_FRAME_OPTIONS_ENABLED=1 -# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org - # COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" # APPS="calendar sociallogin onlyoffice" # diff --git a/abra.sh b/abra.sh index bac609d..ac87c25 100644 --- a/abra.sh +++ b/abra.sh @@ -35,10 +35,13 @@ install_bbb(){ set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)" } - install_onlyoffice(){ install_apps onlyoffice set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL" set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)" set_app_config onlyoffice customizationForcesave true } + +set_default_quota(){ + set_app_config files default_quota '"$DEFAULT_QUOTA"' +} diff --git a/compose.yml b/compose.yml index 86b786e..f487bd3 100644 --- a/compose.yml +++ b/compose.yml @@ -65,6 +65,7 @@ services: - FPM_START_SERVERS=32 - FPM_MIN_SPARE_SERVERS=32 - FPM_MAX_SPARE_SERVERS=98 + - DEFAULT_QUOTA volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached -- 2.47.2 From 3156757feecc17c516161190117bdec582cdd513 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 10 Jan 2023 18:09:11 +0100 Subject: [PATCH 20/60] feat: run occ commands from env variables as post deploy command --- .env.sample | 4 ++++ abra.sh | 7 +++++++ compose.yml | 1 + 3 files changed, 12 insertions(+) diff --git a/.env.sample b/.env.sample index a284819..bd1be81 100644 --- a/.env.sample +++ b/.env.sample @@ -47,3 +47,7 @@ DEFAULT_QUOTA="10 GB" # # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! # SECRET_BBB_SECRET_VERSION=v1 +# +# OCC_CMDS="app:disable dashboard" +# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1" +# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1" diff --git a/abra.sh b/abra.sh index ac87c25..11569be 100644 --- a/abra.sh +++ b/abra.sh @@ -9,6 +9,13 @@ run_occ(){ su -p www-data -s /bin/sh -c "/var/www/html/occ $@" } +post_install_occ(){ + IFS='|' read -ra CMD <<< "$OCC_CMDS" + for cmd in "${CMD[@]}"; do + run_occ "$cmd" + done +} + install_apps(){ install_apps="$@" if [ -z "$install_apps" ] diff --git a/compose.yml b/compose.yml index f487bd3..341ffd1 100644 --- a/compose.yml +++ b/compose.yml @@ -50,6 +50,7 @@ services: - admin_password environment: - APPS + - OCC_CMDS - X_FRAME_OPTIONS_ALLOW_FROM - X_FRAME_OPTIONS_ENABLED - DOMAIN -- 2.47.2 From 19c260b8da3a864c95a8ebb05765fd6134ad7104 Mon Sep 17 00:00:00 2001 From: moritz Date: Thu, 12 Jan 2023 21:16:31 +0000 Subject: [PATCH 21/60] healthchecks (#32) Adding healthchecks for nginx, mariadb, redis and php-fpm Co-authored-by: Moritz Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/32 --- compose.mariadb.yml | 6 ++++++ compose.yml | 17 +++++++++++++++++ entrypoint.sh.tmpl | 2 ++ 3 files changed, 25 insertions(+) diff --git a/compose.mariadb.yml b/compose.mariadb.yml index 956e424..d7ddaac 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -31,6 +31,12 @@ services: backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql' backupbot.backup.post-hook: "rm -rf /tmp/backup" backupbot.backup.path: "/tmp/backup/" + healthcheck: + test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping'] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m configs: my_tune: name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION} diff --git a/compose.yml b/compose.yml index 341ffd1..df9d279 100644 --- a/compose.yml +++ b/compose.yml @@ -33,6 +33,12 @@ services: - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + healthcheck: + test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"'] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m app: image: nextcloud:25.0.1-fpm @@ -83,6 +89,12 @@ services: - "coop-cloud.${STACK_NAME}.version=3.0.1+25.0.1-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" + healthcheck: + test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"'] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m cron: image: nextcloud:25.0.1-fpm @@ -102,6 +114,11 @@ services: - internal volumes: - "redis:/data" + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 3s + timeout: 5s + retries: 20 secrets: db_root_password: diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 742ccb9..c2e5ab6 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -34,6 +34,8 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht fi {{ end }} +# Required for healthcheck +which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin) /entrypoint.sh php-fpm -- 2.47.2 From 782593c07c98543ecc4a200197fee3ab32b99e86 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Thu, 19 Jan 2023 16:02:28 -0800 Subject: [PATCH 22/60] Update abra syntax in examples (finally) [mass update] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b39d6c5..394f788 100644 --- a/README.md +++ b/README.md @@ -21,9 +21,9 @@ Fully automated luxury Nextcloud via docker-swarm. 2. Deploy [`coop-cloud/traefik`] 3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like to save secrets in `pass`) -4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to +4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box -5. `abra app YOURAPPDOMAIN deploy` +5. `abra app deploy YOURAPPDOMAIN` ## How do I customise the default home page when logging in? -- 2.47.2 From 5c80e759e5e0e5780601e6186d221b970163fed3 Mon Sep 17 00:00:00 2001 From: Moritz Date: Fri, 20 Jan 2023 11:13:51 +0100 Subject: [PATCH 23/60] update release file for next release --- releases/{next => 3.2.0+25.0.1-fpm} | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) rename releases/{next => 3.2.0+25.0.1-fpm} (64%) diff --git a/releases/next b/releases/3.2.0+25.0.1-fpm similarity index 64% rename from releases/next rename to releases/3.2.0+25.0.1-fpm index 684f01f..cbdbc6e 100644 --- a/releases/next +++ b/releases/3.2.0+25.0.1-fpm @@ -26,6 +26,7 @@ Add SMTP Config to your .env file: # MAIL_FROM_ADDRESS= # MAIL_DOMAIN= # SECRET_SMTP_PASSWORD_VERSION=v1 +abra app secret insert example.com smtp_password v1 example_password ``` @@ -36,6 +37,21 @@ Some Apps can also be managed with abra app cmd! ``` # COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" # APPS="calendar sociallogin onlyoffice" +abra app cmd example.com app install_apps # ONLYOFFICE_URL=https://onlyoffice.example.com +# SECRET_ONLYOFFICE_JWT_VERSION=v1 +abra app secret insert example.com onlyoffice_jwt v1 example_password +abra app cmd example.com app install_onlyoffice # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! +# SECRET_BBB_SECRET_VERSION=v1 +abra app secret insert example.com bbb_secret v1 example_password +abra app cmd example.com app install_bbb ``` + +## Set Quota + +``` +# DEFAULT_QUOTA="10 GB" +abra app cmd example.com app set_default_quota +``` + -- 2.47.2 From 738f71e6de47d5bc5ea61a6b2788a63b83222e2e Mon Sep 17 00:00:00 2001 From: Moritz Date: Fri, 20 Jan 2023 11:16:56 +0100 Subject: [PATCH 24/60] chore: publish 3.1.0+25.0.1-fpm release --- compose.yml | 2 +- releases/{3.2.0+25.0.1-fpm => 3.1.0+25.0.1-fpm} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename releases/{3.2.0+25.0.1-fpm => 3.1.0+25.0.1-fpm} (100%) diff --git a/compose.yml b/compose.yml index df9d279..8c0dd25 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.0.1+25.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=3.1.0+25.0.1-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: diff --git a/releases/3.2.0+25.0.1-fpm b/releases/3.1.0+25.0.1-fpm similarity index 100% rename from releases/3.2.0+25.0.1-fpm rename to releases/3.1.0+25.0.1-fpm -- 2.47.2 From 35b36d8c30d83ae3b6e056553c99c71fd6d2de29 Mon Sep 17 00:00:00 2001 From: Moritz Date: Fri, 20 Jan 2023 15:03:11 +0100 Subject: [PATCH 25/60] increase healthcheck start_period for long updates --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index 8c0dd25..2c46642 100644 --- a/compose.yml +++ b/compose.yml @@ -38,7 +38,7 @@ services: interval: 30s timeout: 10s retries: 10 - start_period: 1m + start_period: 5m app: image: nextcloud:25.0.1-fpm @@ -94,7 +94,7 @@ services: interval: 30s timeout: 10s retries: 10 - start_period: 1m + start_period: 5m cron: image: nextcloud:25.0.1-fpm -- 2.47.2 From 897d787d86c596201c312531b9bcc5a674220279 Mon Sep 17 00:00:00 2001 From: Moritz Date: Fri, 20 Jan 2023 15:04:23 +0100 Subject: [PATCH 26/60] chore: publish 3.1.1+25.0.1-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 2c46642..bd57d15 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.1.0+25.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=3.1.1+25.0.1-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: -- 2.47.2 From f086d1bc77d8d57297b7aefa7ada16b0fd82e17a Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Sat, 21 Jan 2023 11:49:56 -0800 Subject: [PATCH 27/60] Switch to self-hosted stack-ssh-deploy image [mass update] --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 231c1e7..7e66289 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,7 +3,7 @@ kind: pipeline name: deploy to swarm-test.autonomic.zone steps: - name: deployment - image: decentral1se/stack-ssh-deploy:latest + image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest settings: host: swarm-test.autonomic.zone stack: nextcloud -- 2.47.2 From cff544c554085c52ff7d66698bdd2b4356ff2884 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Tue, 24 Jan 2023 14:13:14 -0800 Subject: [PATCH 28/60] Fix `occ` commands in README [ci skip] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 394f788..ba8d225 100644 --- a/README.md +++ b/README.md @@ -33,11 +33,11 @@ Fully automated luxury Nextcloud via docker-swarm. ## Running `occ` -`abra app run --user www-data YOURAPPDOMAIN app occ user:list --help` +`abra app run --user www-data YOURAPPDOMAIN app php occ user:list --help` ## Upgrading Nextcloud apps -`abra app run --user www-data YOURAPPDOMAIN app occ app:update --all` +`abra app run --user www-data YOURAPPDOMAIN app php occ app:update --all` ## How do I fix a Nextcloud version snafu? -- 2.47.2 From a52515e63e7817cf9e595bc88a5fa2487be168de Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Mon, 6 Mar 2023 16:04:10 -0500 Subject: [PATCH 29/60] chore: publish 3.1.2+25.0.4-fpm release --- compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.yml b/compose.yml index bd57d15..96cc156 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.23.2 + image: nginx:1.23.3 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:25.0.1-fpm + image: nextcloud:25.0.4-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.1.1+25.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: @@ -97,7 +97,7 @@ services: start_period: 5m cron: - image: nextcloud:25.0.1-fpm + image: nextcloud:25.0.4-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -109,7 +109,7 @@ services: entrypoint: /cron.sh cache: - image: redis:7.0.5-alpine + image: redis:7.0.9-alpine networks: - internal volumes: -- 2.47.2 From e1bc039b099ee5f2b66946b9079278756871faec Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 7 Mar 2023 17:07:18 +0100 Subject: [PATCH 30/60] fix release note path --- {releases => release}/2.0.0+23.0.3-fpm | 0 {releases => release}/3.1.0+25.0.1-fpm | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {releases => release}/2.0.0+23.0.3-fpm (100%) rename {releases => release}/3.1.0+25.0.1-fpm (100%) diff --git a/releases/2.0.0+23.0.3-fpm b/release/2.0.0+23.0.3-fpm similarity index 100% rename from releases/2.0.0+23.0.3-fpm rename to release/2.0.0+23.0.3-fpm diff --git a/releases/3.1.0+25.0.1-fpm b/release/3.1.0+25.0.1-fpm similarity index 100% rename from releases/3.1.0+25.0.1-fpm rename to release/3.1.0+25.0.1-fpm -- 2.47.2 From 7b0a0741b60f033c1f0b317d746ac39c3e9bcf06 Mon Sep 17 00:00:00 2001 From: Moritz Date: Mon, 13 Mar 2023 19:07:49 +0100 Subject: [PATCH 31/60] chore: update readme --- README.md | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba8d225..ac59618 100644 --- a/README.md +++ b/README.md @@ -33,11 +33,39 @@ Fully automated luxury Nextcloud via docker-swarm. ## Running `occ` -`abra app run --user www-data YOURAPPDOMAIN app php occ user:list --help` +`abra app cmd YOURAPPDOMAIN app run_occ '"user:list --help"'` ## Upgrading Nextcloud apps -`abra app run --user www-data YOURAPPDOMAIN app php occ app:update --all` +`abra app cmd YOURAPPDOMAIN app run_occ '"app:update --all"'` + + +## Onlyoffice Integrating + +`abra app config ` +Configure the following envs: +``` +COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" +ONLYOFFICE_URL=https://onlyoffice.example.com +SECRET_ONLYOFFICE_JWT_VERSION=v1 +``` + +`abra app secret insert onlyoffice_jwt v1 ` +`abra app cmd app install_onlyoffice` + +## BBB Integrating + +`abra app config ` +Configure the following envs: +``` +COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" +BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! +SECRET_BBB_SECRET_VERSION=v1 +``` + +`abra app secret insert bbb_secret v1 ` +`abra app cmd app install_bbb` + ## How do I fix a Nextcloud version snafu? -- 2.47.2 From fce0b9f7cb73c822a415d32c1cb919567bee142f Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 22 Mar 2023 17:47:06 +0100 Subject: [PATCH 32/60] feat: authentik autoconfiguration --- .env.sample | 6 +++ README.md | 88 ++++++++++++++++++++++++++++--------------- abra.sh | 38 ++++++++++++++++++- compose.authentik.yml | 14 +++++++ 4 files changed, 114 insertions(+), 32 deletions(-) create mode 100644 compose.authentik.yml diff --git a/.env.sample b/.env.sample index bd1be81..e49be66 100644 --- a/.env.sample +++ b/.env.sample @@ -51,3 +51,9 @@ DEFAULT_QUOTA="10 GB" # OCC_CMDS="app:disable dashboard" # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1" # OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1" + +# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" +# AUTHENTIK_USER_PREFIX=authentik +# AUTHENTIK_DOMAIN=authentik.example.com +# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik +# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik diff --git a/README.md b/README.md index ac59618..4ce21f2 100644 --- a/README.md +++ b/README.md @@ -15,34 +15,18 @@ Fully automated luxury Nextcloud via docker-swarm. * **SSO**: 1 (OAuth) -## Basic usage - -1. Set up Docker Swarm and [`abra`] -2. Deploy [`coop-cloud/traefik`] -3. `abra app new nextcloud --secrets` (optionally with `--pass` if you'd like - to save secrets in `pass`) -4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to - your Docker swarm box -5. `abra app deploy YOURAPPDOMAIN` - -## How do I customise the default home page when logging in? - -- Delete the dashboard app since it is so corporate -- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app -- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder) - -## Running `occ` - -`abra app cmd YOURAPPDOMAIN app run_occ '"user:list --help"'` - -## Upgrading Nextcloud apps - -`abra app cmd YOURAPPDOMAIN app run_occ '"app:update --all"'` +## Quick start -## Onlyoffice Integrating +* `abra app new nextcloud` +* `abra app config ` +* `abra app secret insert smtp_password v1 ` +* `abra app secret generate -a ` +* `abra app deploy ` -`abra app config ` +### Onlyoffice Integration + +`abra app config ` Configure the following envs: ``` COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" @@ -50,12 +34,12 @@ ONLYOFFICE_URL=https://onlyoffice.example.com SECRET_ONLYOFFICE_JWT_VERSION=v1 ``` -`abra app secret insert onlyoffice_jwt v1 ` -`abra app cmd app install_onlyoffice` +`abra app secret insert onlyoffice_jwt v1 ` +`abra app cmd app install_onlyoffice` -## BBB Integrating +### BBB Integration -`abra app config ` +`abra app config ` Configure the following envs: ``` COMPOSE_FILE="$COMPOSE_FILE:compose.apps.yml" @@ -63,8 +47,50 @@ BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash! SECRET_BBB_SECRET_VERSION=v1 ``` -`abra app secret insert bbb_secret v1 ` -`abra app cmd app install_bbb` +`abra app secret insert bbb_secret v1 ` +`abra app cmd app install_bbb` + +### Authentik Integration + + +`abra app config ` +Configure the following envs: +``` +COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" +AUTHENTIK_USER_PREFIX=authentik +AUTHENTIK_DOMAIN=authentik.example.com +AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik +AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik +``` + +`abra app cmd app set_authentik` + +### Disable Dashboard + +Disable dashboard app since it is so corporate: + +`abra app config ` +Configure the following envs: +``` +OCC_CMDS="app:disable dashboard" +``` +`abra app cmd app post_install_occ` + +## Running `occ` + +`abra app cmd app run_occ '"user:list --help"'` + +## Default user files + +- Follow [these docs](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) to set the default files list for each user in the Files app + +## Default App + +- Configure a `defaultapp` in your `config.php` or use [apporder](https://apps.nextcloud.com/apps/apporder) + +## Upgrading Nextcloud apps + +`abra app cmd app run_occ '"app:update --all"'` ## How do I fix a Nextcloud version snafu? diff --git a/abra.sh b/abra.sh index 11569be..31c14cf 100644 --- a/abra.sh +++ b/abra.sh @@ -32,7 +32,7 @@ set_app_config(){ APP=$1 KEY=$2 VALUE=$3 - run_occ "config:app:set $APP $KEY --value $VALUE" + run_occ "config:app:set $APP $KEY --value '$VALUE'" } install_bbb(){ @@ -52,3 +52,39 @@ install_onlyoffice(){ set_default_quota(){ set_app_config files default_quota '"$DEFAULT_QUOTA"' } + +set_authentik(){ +install_apps sociallogin +AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret) +AUTHENTIK_ID=$(cat /run/secrets/authentik_id) +set_app_config sociallogin custom_providers " +{ + \"custom_oidc\":[ + { + \"name\":\"$AUTHENTIK_USER_PREFIX\", + \"title\":\"authentik\", + \"authorizeUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/authorize/\", + \"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\", + \"displayNameClaim\":\"preferred_username\", + \"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\", + \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\", + \"clientId\":\"$AUTHENTIK_ID\", + \"clientSecret\":\"$AUTHENTIK_SECRET\", + \"scope\":\"openid profile email nextcloud\", + \"groupsClaim\":\"nextcloud_groups\", + \"style\":\"openid\", + \"defaultGroup\":\"\", + \"groupMapping\": { + \"admin\": \"admin\" + } + } +] +}" + +set_app_config sociallogin update_profile_on_login 1 +set_app_config sociallogin auto_create_groups 1 +set_app_config sociallogin hide_default_login 1 +run_occ 'config:system:set social_login_auto_redirect --value true' +run_occ 'config:system:set allow_user_to_change_display_name --value=false' +run_occ 'config:system:set lost_password_link --value=disabled' +} diff --git a/compose.authentik.yml b/compose.authentik.yml new file mode 100644 index 0000000..a2969b8 --- /dev/null +++ b/compose.authentik.yml @@ -0,0 +1,14 @@ +version: "3.8" +services: + app: + secrets: + - authentik_secret + - authentik_id + +secrets: + authentik_secret: + external: true + name: ${AUTHENTIK_SECRET_NAME} + authentik_id: + external: true + name: ${AUTHENTIK_ID_NAME} -- 2.47.2 From eac7431b13d282c01a81a225a62914edcfac972f Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 22 Mar 2023 18:06:06 +0100 Subject: [PATCH 33/60] chore: publish 3.2.0+25.0.4-fpm release --- compose.yml | 2 +- release/3.2.0+25.0.4-fpm | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 release/3.2.0+25.0.4-fpm diff --git a/compose.yml b/compose.yml index 96cc156..3a65cf3 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.1.2+25.0.4-fpm" + - "coop-cloud.${STACK_NAME}.version=3.2.0+25.0.4-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: diff --git a/release/3.2.0+25.0.4-fpm b/release/3.2.0+25.0.4-fpm new file mode 100644 index 0000000..c5080c8 --- /dev/null +++ b/release/3.2.0+25.0.4-fpm @@ -0,0 +1,11 @@ +If the authentik configuration should be handled by abra add the following to the env: + + COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" + AUTHENTIK_USER_PREFIX=authentik + AUTHENTIK_DOMAIN=authentik.example.com + AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik + AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik + +And run: + + abra app cmd app set_authentik -- 2.47.2 From 7a25bd483557ab8fe4d50ac34f4e0fdd4480f050 Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 5 Apr 2023 17:22:32 +0200 Subject: [PATCH 34/60] chore: publish 3.3.0+25.0.5-fpm release --- compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.yml b/compose.yml index 3a65cf3..fef9937 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.23.3 + image: nginx:1.23.4 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:25.0.4-fpm + image: nextcloud:25.0.5-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.2.0+25.0.4-fpm" + - "coop-cloud.${STACK_NAME}.version=3.3.0+25.0.5-fpm" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: @@ -97,7 +97,7 @@ services: start_period: 5m cron: - image: nextcloud:25.0.4-fpm + image: nextcloud:25.0.5-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -109,7 +109,7 @@ services: entrypoint: /cron.sh cache: - image: redis:7.0.9-alpine + image: redis:7.0.10-alpine networks: - internal volumes: -- 2.47.2 From 5d537d51731e3bada790be5cafd2bd01f86c260a Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 7 Apr 2023 16:40:58 -0400 Subject: [PATCH 35/60] Drop /auth/ from Keycloak example URL [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4ce21f2..2f7d17a 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Use [this plugin](https://github.com/pulsejet/nextcloud-oidc-login). Unlike the ``` 'oidc_login_client_id' => 'nextcloud', 'oidc_login_client_secret' => 'mysecret', - 'oidc_login_provider_url' => 'https://example.com/auth/realms/myrealm', + 'oidc_login_provider_url' => 'https://example.com/realms/myrealm', 'oidc_login_disable_registration' => false, 'oidc_login_hide_password_form' => true, 'oidc_login_button_text' => 'Log in with your myssodomain', -- 2.47.2 From 162c056f078ad2b0e8af8eeaa35fa324b20665d1 Mon Sep 17 00:00:00 2001 From: Moritz Date: Thu, 13 Apr 2023 19:50:40 +0200 Subject: [PATCH 36/60] add default timeout --- abra.sh | 2 +- compose.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/abra.sh b/abra.sh index 31c14cf..5f69253 100644 --- a/abra.sh +++ b/abra.sh @@ -50,7 +50,7 @@ install_onlyoffice(){ } set_default_quota(){ - set_app_config files default_quota '"$DEFAULT_QUOTA"' + set_app_config files default_quota "$DEFAULT_QUOTA" } set_authentik(){ diff --git a/compose.yml b/compose.yml index fef9937..d382c17 100644 --- a/compose.yml +++ b/compose.yml @@ -87,6 +87,7 @@ services: order: start-first labels: - "coop-cloud.${STACK_NAME}.version=3.3.0+25.0.5-fpm" + - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: -- 2.47.2 From 6f219781e508a0fa19c25133340c521657022566 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 18 Apr 2023 15:24:25 +0200 Subject: [PATCH 37/60] default authentik admin mapping --- abra.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/abra.sh b/abra.sh index 5f69253..5689405 100644 --- a/abra.sh +++ b/abra.sh @@ -75,7 +75,8 @@ set_app_config sociallogin custom_providers " \"style\":\"openid\", \"defaultGroup\":\"\", \"groupMapping\": { - \"admin\": \"admin\" + \"admin\": \"admin\", + \"authentik Admins\": \"admin\" } } ] -- 2.47.2 From 78ea500d5e3351243d93abbb1c5caf21b6db6f30 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 18 Apr 2023 18:21:48 +0200 Subject: [PATCH 38/60] add auto update and timeout env --- .env.sample | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.env.sample b/.env.sample index e49be66..40f038f 100644 --- a/.env.sample +++ b/.env.sample @@ -1,4 +1,6 @@ TYPE=nextcloud +TIMEOUT=500 +ENABLE_AUTO_UPDATE=true DOMAIN=nextcloud.example.com ## Domain aliases -- 2.47.2 From ed68b3e57ced279e889984694eaebdf8c1a46a4b Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Thu, 27 Apr 2023 16:40:59 -0400 Subject: [PATCH 39/60] chore: publish 3.3.2+25.0.6-fpm release --- compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.yml b/compose.yml index d382c17..01011c7 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.23.4 + image: nginx:1.24.0 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:25.0.5-fpm + image: nextcloud:25.0.6-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.3.0+25.0.5-fpm" + - "coop-cloud.${STACK_NAME}.version=3.3.2+25.0.6-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" @@ -98,7 +98,7 @@ services: start_period: 5m cron: - image: nextcloud:25.0.5-fpm + image: nextcloud:25.0.6-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -110,7 +110,7 @@ services: entrypoint: /cron.sh cache: - image: redis:7.0.10-alpine + image: redis:7.0.11-alpine networks: - internal volumes: -- 2.47.2 From db39e8dee69e454c35105faa120a57b55c8e6828 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Thu, 27 Apr 2023 16:59:58 -0400 Subject: [PATCH 40/60] chore: publish 4.0.0+26.0.1-fpm release --- compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose.yml b/compose.yml index 01011c7..cb6280f 100644 --- a/compose.yml +++ b/compose.yml @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:25.0.6-fpm + image: nextcloud:26.0.1-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=3.3.2+25.0.6-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.0+26.0.1-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" @@ -98,7 +98,7 @@ services: start_period: 5m cron: - image: nextcloud:25.0.6-fpm + image: nextcloud:26.0.1-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached -- 2.47.2 From c9b8aec1084601b772a73d695805797f6b913ab9 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 8 May 2023 11:43:24 +0200 Subject: [PATCH 41/60] fix: set trusted proxies to 10.0.0.0/8 --- abra.sh | 16 +++++++++++++++- compose.yml | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/abra.sh b/abra.sh index 5689405..f6ec561 100644 --- a/abra.sh +++ b/abra.sh @@ -35,7 +35,21 @@ set_app_config(){ run_occ "config:app:set $APP $KEY --value '$VALUE'" } -install_bbb(){ +set_system_config() { + KEY=$1 + VALUE=$2 + run_occ "config:system:set $KEY --value '$VALUE'" +} + +set_trusted_proxies() { + trusted_proxies="$@" + if [ -z "$1" ]; then + trusted_proxies="$TRUSTED_PROXIES" + fi + set_system_config trusted_proxies "$trusted_proxies" +} + +install_bbb() { install_apps bbb set_app_config bbb app.navigation true set_app_config bbb api.url "$BBB_URL" diff --git a/compose.yml b/compose.yml index cb6280f..e5547dc 100644 --- a/compose.yml +++ b/compose.yml @@ -64,7 +64,7 @@ services: - NEXTCLOUD_ADMIN_USER=${ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} - - TRUSTED_PROXIES=traefik + - TRUSTED_PROXIES=10.0.0.0/8 - REDIS_HOST=cache - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=1G -- 2.47.2 From a6ea635fd4cf35fe40c062ae758efe605642a09e Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 8 May 2023 11:43:45 +0200 Subject: [PATCH 42/60] chore: autoformatting abra.sh --- abra.sh | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/abra.sh b/abra.sh index f6ec561..6eba449 100644 --- a/abra.sh +++ b/abra.sh @@ -5,30 +5,28 @@ export NGINX_CONF_VERSION=v4 export MY_CNF_VERSION=v4 export ENTRYPOINT_VERSION=v3 -run_occ(){ +run_occ() { su -p www-data -s /bin/sh -c "/var/www/html/occ $@" } -post_install_occ(){ - IFS='|' read -ra CMD <<< "$OCC_CMDS" +post_install_occ() { + IFS='|' read -ra CMD <<<"$OCC_CMDS" for cmd in "${CMD[@]}"; do - run_occ "$cmd" + run_occ "$cmd" done } -install_apps(){ +install_apps() { install_apps="$@" - if [ -z "$install_apps" ] - then + if [ -z "$install_apps" ]; then install_apps=$APPS fi - for app in $install_apps - do + for app in $install_apps; do run_occ "app:install $app" done } -set_app_config(){ +set_app_config() { APP=$1 KEY=$2 VALUE=$3 @@ -56,22 +54,22 @@ install_bbb() { set_app_config bbb api.secret "$(cat /run/secrets/bbb_secret)" } -install_onlyoffice(){ +install_onlyoffice() { install_apps onlyoffice set_app_config onlyoffice DocumentServerUrl "$ONLYOFFICE_URL" set_app_config onlyoffice jwt_secret "$(cat /run/secrets/onlyoffice_jwt)" set_app_config onlyoffice customizationForcesave true } -set_default_quota(){ +set_default_quota() { set_app_config files default_quota "$DEFAULT_QUOTA" } -set_authentik(){ -install_apps sociallogin -AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret) -AUTHENTIK_ID=$(cat /run/secrets/authentik_id) -set_app_config sociallogin custom_providers " +set_authentik() { + install_apps sociallogin + AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret) + AUTHENTIK_ID=$(cat /run/secrets/authentik_id) + set_app_config sociallogin custom_providers " { \"custom_oidc\":[ { @@ -96,10 +94,10 @@ set_app_config sociallogin custom_providers " ] }" -set_app_config sociallogin update_profile_on_login 1 -set_app_config sociallogin auto_create_groups 1 -set_app_config sociallogin hide_default_login 1 -run_occ 'config:system:set social_login_auto_redirect --value true' -run_occ 'config:system:set allow_user_to_change_display_name --value=false' -run_occ 'config:system:set lost_password_link --value=disabled' + set_app_config sociallogin update_profile_on_login 1 + set_app_config sociallogin auto_create_groups 1 + set_app_config sociallogin hide_default_login 1 + run_occ 'config:system:set social_login_auto_redirect --value true' + run_occ 'config:system:set allow_user_to_change_display_name --value=false' + run_occ 'config:system:set lost_password_link --value=disabled' } -- 2.47.2 From f48d314699a88a9681401246f9ef150501e3d742 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 8 May 2023 11:45:20 +0200 Subject: [PATCH 43/60] chore: publish 4.0.1+26.0.1-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index e5547dc..4563b8d 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.0+26.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.1+26.0.1-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From b8d209e53120de530a94cbd75f35472bcb9c7518 Mon Sep 17 00:00:00 2001 From: kawaiipunk Date: Thu, 8 Jun 2023 17:52:27 +0100 Subject: [PATCH 44/60] chore: publish 4.0.2+26.0.2-fpm release --- compose.postgres.yml | 2 +- compose.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.postgres.yml b/compose.postgres.yml index 85630f6..75b728d 100644 --- a/compose.postgres.yml +++ b/compose.postgres.yml @@ -10,7 +10,7 @@ services: - NEXTCLOUD_UPDATE=1 db: - image: "postgres:12" + image: "postgres:15" volumes: - "postgres:/var/lib/postgresql/data" networks: diff --git a/compose.yml b/compose.yml index 4563b8d..5e076f0 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.24.0 + image: nginx:1.25.0 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:26.0.1-fpm + image: nextcloud:26.0.2-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.1+26.0.1-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.2+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" @@ -98,7 +98,7 @@ services: start_period: 5m cron: - image: nextcloud:26.0.1-fpm + image: nextcloud:26.0.2-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached -- 2.47.2 From 1deee412052905f53e9b83edb75f4c19f435abec Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 9 Jun 2023 10:31:49 +0100 Subject: [PATCH 45/60] chore: publish 4.0.3+26.0.2-fpm release --- compose.postgres.yml | 2 +- compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.postgres.yml b/compose.postgres.yml index 75b728d..85630f6 100644 --- a/compose.postgres.yml +++ b/compose.postgres.yml @@ -10,7 +10,7 @@ services: - NEXTCLOUD_UPDATE=1 db: - image: "postgres:15" + image: "postgres:12" volumes: - "postgres:/var/lib/postgresql/data" networks: diff --git a/compose.yml b/compose.yml index 5e076f0..b9b807f 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.2+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.3+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From 63a1787ad6967ad636c6bd4cc6fe0c92d8f51030 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Fri, 9 Jun 2023 15:38:52 +0200 Subject: [PATCH 46/60] fix env fpm default values overwriteable --- .env.sample | 1 + compose.yml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.env.sample b/.env.sample index 40f038f..f7598c3 100644 --- a/.env.sample +++ b/.env.sample @@ -19,6 +19,7 @@ SECRET_ADMIN_PASSWORD_VERSION=v1 EXTRA_VOLUME=/dev/null:/tmp/.dummy +PHP_MEMORY_LIMIT=1G # fpm-tune, see: https://spot13.com/pmcalculator/ FPM_MAX_CHILDREN=131 FPM_START_SERVERS=32 diff --git a/compose.yml b/compose.yml index b9b807f..61db26b 100644 --- a/compose.yml +++ b/compose.yml @@ -67,11 +67,11 @@ services: - TRUSTED_PROXIES=10.0.0.0/8 - REDIS_HOST=cache - OVERWRITEPROTOCOL=https - - PHP_MEMORY_LIMIT=1G - - FPM_MAX_CHILDREN=131 - - FPM_START_SERVERS=32 - - FPM_MIN_SPARE_SERVERS=32 - - FPM_MAX_SPARE_SERVERS=98 + - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G} + - FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131} + - FPM_START_SERVERS=${FPM_START_SERVERS:-32} + - FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32} + - FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98} - DEFAULT_QUOTA volumes: - nextcloud:/var/www/html/ -- 2.47.2 From 944230afe0414e3290c3331137e296ddbbdb0f7d Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Fri, 9 Jun 2023 15:42:40 +0200 Subject: [PATCH 47/60] chore: publish 4.0.4+26.0.2-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 61db26b..0687f69 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.3+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.4+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From 7e4c87346adf5bd1f6d066ecc89f9bc00dc1b8b8 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Tue, 13 Jun 2023 13:20:26 +0200 Subject: [PATCH 48/60] fix: release the fpm handbrake it seems like php-fpm applys configs in aphabetical order, so that our fpm-tune was overwritten by the www.conf with default values. so let's go on highspeed now! :) --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 0687f69..7e5647d 100644 --- a/compose.yml +++ b/compose.yml @@ -46,7 +46,7 @@ services: - db configs: - source: fpm_tune - target: /usr/local/etc/php-fpm.d/fpm-tune.conf + target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf - source: entrypoint target: /custom-entrypoint.sh mode: 555 -- 2.47.2 From 37f575038b0dc83486652be6baf40acf2da8e250 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Tue, 13 Jun 2023 13:46:45 +0200 Subject: [PATCH 49/60] chore: publish 4.0.5+26.0.2-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 7e5647d..b83f3e2 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.4+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.5+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From 6427ce181f15618fb7c97b18547a5885373e63f3 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 14 Jun 2023 14:59:03 +0200 Subject: [PATCH 50/60] fix postgres healtcheck --- compose.postgres.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose.postgres.yml b/compose.postgres.yml index 85630f6..a71c53d 100644 --- a/compose.postgres.yml +++ b/compose.postgres.yml @@ -16,13 +16,13 @@ services: networks: - internal environment: - POSTGRES_USER: nextcloud + POSTGRES_USER: nextcloud POSTGRES_PASSWORD_FILE: /run/secrets/db_password - POSTGRES_DB: nextcloud + POSTGRES_DB: nextcloud secrets: - db_password healthcheck: - test: ["CMD-SHELL", "pg_isready"] + test: ["CMD-SHELL", "pg_isready", "-U", "nextcloud"] interval: 10s timeout: 5s retries: 5 -- 2.47.2 From a0e8fdad407b4ffa63b3ac62826fe84bdb267a3a Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Wed, 14 Jun 2023 14:59:20 +0200 Subject: [PATCH 51/60] chore: publish 4.0.6+26.0.2-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index b83f3e2..a31cdf5 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.5+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.6+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From 201585bea8357a35330bcfc9c59b31fad42e338f Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 26 Jun 2023 11:56:10 +0200 Subject: [PATCH 52/60] feat: add set logfile to stdout cmd --- abra.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/abra.sh b/abra.sh index 6eba449..3738133 100644 --- a/abra.sh +++ b/abra.sh @@ -47,6 +47,10 @@ set_trusted_proxies() { set_system_config trusted_proxies "$trusted_proxies" } +set_logfile_stdout() { + set_system_config logfile '/dev/stdout' +} + install_bbb() { install_apps bbb set_app_config bbb app.navigation true -- 2.47.2 From 92dca3fab766982fef0c09916e74b2b8fd7ff2f7 Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 26 Jun 2023 16:44:06 +0200 Subject: [PATCH 53/60] chore: point backup to a volume directory --- compose.mariadb.yml | 6 +++--- compose.postgres.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/compose.mariadb.yml b/compose.mariadb.yml index d7ddaac..361e390 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -28,9 +28,9 @@ services: deploy: labels: backupbot.backup: "true" - backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql' - backupbot.backup.post-hook: "rm -rf /tmp/backup" - backupbot.backup.path: "/tmp/backup/" + backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql' + backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql" + backupbot.backup.path: "/var/lib/mysql/backup.sql" healthcheck: test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)" ping'] interval: 30s diff --git a/compose.postgres.yml b/compose.postgres.yml index a71c53d..398e5d3 100644 --- a/compose.postgres.yml +++ b/compose.postgres.yml @@ -29,9 +29,9 @@ services: deploy: labels: backupbot.backup: "true" - backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql" - backupbot.backup.post-hook: "rm -rf /tmp/backup" - backupbot.backup.path: "/tmp/backup/" + backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql" + backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql" + backupbot.backup.path: "/var/lib/postgresql/data/" volumes: postgres: -- 2.47.2 From 92af4b9c013754f9c84e94d9776381b30c708e6e Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 26 Jun 2023 17:54:13 +0200 Subject: [PATCH 54/60] chore: publish 4.0.7+26.0.2-fpm release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index a31cdf5..abbb931 100644 --- a/compose.yml +++ b/compose.yml @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.6+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=4.0.7+26.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" -- 2.47.2 From ad3059d5189ca05db497e40f609cab0ea1dc92cd Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Tue, 11 Jul 2023 11:33:11 +0200 Subject: [PATCH 55/60] chore: publish 5.0.0+27.0.0-fpm release --- abra.sh | 1 + compose.yml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/abra.sh b/abra.sh index 3738133..891a3ab 100644 --- a/abra.sh +++ b/abra.sh @@ -24,6 +24,7 @@ install_apps() { for app in $install_apps; do run_occ "app:install $app" done + exit 0 # fails when app's already installed } set_app_config() { diff --git a/compose.yml b/compose.yml index abbb931..92c447d 100644 --- a/compose.yml +++ b/compose.yml @@ -1,7 +1,7 @@ version: "3.8" services: web: - image: nginx:1.25.0 + image: nginx:1.25.1 configs: - source: nginx_conf target: /etc/nginx/nginx.conf @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:26.0.2-fpm + image: nextcloud:27.0.0-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=4.0.7+26.0.2-fpm" + - "coop-cloud.${STACK_NAME}.version=5.0.0+27.0.0-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" @@ -98,7 +98,7 @@ services: start_period: 5m cron: - image: nextcloud:26.0.2-fpm + image: nextcloud:27.0.0-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached @@ -110,7 +110,7 @@ services: entrypoint: /cron.sh cache: - image: redis:7.0.11-alpine + image: redis:7.0.12-alpine networks: - internal volumes: -- 2.47.2 From 6546a05cf92adeefe2cac2a248d4ba7816f44ed1 Mon Sep 17 00:00:00 2001 From: Moritz Date: Sat, 8 Jul 2023 04:28:56 +0200 Subject: [PATCH 56/60] use standalone authentik secrets --- .env.sample | 4 ++-- compose.authentik.yml | 4 ++-- release/next | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 release/next diff --git a/.env.sample b/.env.sample index f7598c3..53faf9f 100644 --- a/.env.sample +++ b/.env.sample @@ -58,5 +58,5 @@ DEFAULT_QUOTA="10 GB" # COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml" # AUTHENTIK_USER_PREFIX=authentik # AUTHENTIK_DOMAIN=authentik.example.com -# AUTHENTIK_SECRET_NAME=authentik_example_com_nextcloud_secret_v1 # the same as in authentik -# AUTHENTIK_ID_NAME=authentik_example_com_nextcloud_id_v1 # the same as in authentik +# SECRET_AUTHENTIK_SECRET_VERSION=v1 +# SECRET_AUTHENTIK_ID_VERSION=v1 diff --git a/compose.authentik.yml b/compose.authentik.yml index a2969b8..4046c63 100644 --- a/compose.authentik.yml +++ b/compose.authentik.yml @@ -8,7 +8,7 @@ services: secrets: authentik_secret: external: true - name: ${AUTHENTIK_SECRET_NAME} + name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION} authentik_id: external: true - name: ${AUTHENTIK_ID_NAME} + name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION} diff --git a/release/next b/release/next new file mode 100644 index 0000000..ee32142 --- /dev/null +++ b/release/next @@ -0,0 +1 @@ +The authentik secrets need to be inserted again, as nextcloud is not sharing the secret with authentik any more. -- 2.47.2 From 24e9571ba1d6e673fb52fd7c9e2a9d2265f0c32a Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 19 Jul 2023 13:34:50 +0200 Subject: [PATCH 57/60] fix install_apps cmd --- abra.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/abra.sh b/abra.sh index 891a3ab..3738133 100644 --- a/abra.sh +++ b/abra.sh @@ -24,7 +24,6 @@ install_apps() { for app in $install_apps; do run_occ "app:install $app" done - exit 0 # fails when app's already installed } set_app_config() { -- 2.47.2 From 634a3553b9a5245b7a084afae364e6ddc833e20c Mon Sep 17 00:00:00 2001 From: Philipp Rothmann Date: Mon, 31 Jul 2023 13:42:52 +0200 Subject: [PATCH 58/60] fix: use saner fpm defaults --- .env.sample | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.env.sample b/.env.sample index 53faf9f..2e93eee 100644 --- a/.env.sample +++ b/.env.sample @@ -21,10 +21,10 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy PHP_MEMORY_LIMIT=1G # fpm-tune, see: https://spot13.com/pmcalculator/ -FPM_MAX_CHILDREN=131 -FPM_START_SERVERS=32 -FPM_MIN_SPARE_SERVERS=32 -FPM_MAX_SPARE_SERVERS=98 +FPM_MAX_CHILDREN=16 +FPM_START_SERVERS=4 +FPM_MIN_SPARE_SERVERS=4 +FPM_MAX_SPARE_SERVERS=12 DEFAULT_QUOTA="10 GB" -- 2.47.2 From 3a8c203b51b23aa3183d1fb17a88488ab438d6ce Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 4 Aug 2023 14:57:31 +0200 Subject: [PATCH 59/60] chore: publish 5.0.1+27.0.1-fpm release --- compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose.yml b/compose.yml index 92c447d..f23e1e9 100644 --- a/compose.yml +++ b/compose.yml @@ -41,7 +41,7 @@ services: start_period: 5m app: - image: nextcloud:27.0.0-fpm + image: nextcloud:27.0.1-fpm depends_on: - db configs: @@ -86,7 +86,7 @@ services: failure_action: rollback order: start-first labels: - - "coop-cloud.${STACK_NAME}.version=5.0.0+27.0.0-fpm" + - "coop-cloud.${STACK_NAME}.version=5.0.1+27.0.1-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" @@ -98,7 +98,7 @@ services: start_period: 5m cron: - image: nextcloud:27.0.0-fpm + image: nextcloud:27.0.1-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached -- 2.47.2 From 90c7b8765567781525a99b9901bf2a494fdc367f Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 4 Aug 2023 15:00:09 +0200 Subject: [PATCH 60/60] Trigger catalogue rebuild on tag push --- .drone.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.drone.yml b/.drone.yml index 7e66289..b3002cd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,3 +31,19 @@ steps: trigger: branch: - main +--- +kind: pipeline +name: generate recipe catalogue +steps: + - name: release a new version + image: plugins/downstream + settings: + server: https://build.coopcloud.tech + token: + from_secret: drone_abra-bot_token + fork: true + repositories: + - coop-cloud/auto-recipes-catalogue-json + +trigger: + event: tag -- 2.47.2