-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathsetup
177 lines (152 loc) · 6.11 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/bin/bash
# @copyright Copyright (c) 2020 Arthur Schiwon <[email protected]>
#
# @author Arthur Schiwon <[email protected]>
#
# @license GNU AGPL version 3 or any later version
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
getarg() { # by Univention
local found=0
for arg in "${ARGS[@]}"; do
if [ "$found" -eq 1 ]; then
echo "$arg"
break
fi
if [ "$arg" = "$1" ]; then
found=1
fi
done
}
ERROR_FILE=$(getarg "--error-file")
error_msg() {
if [ -n "$1" ]; then
IN="$@"
else
read IN # from stdin
fi
if [ -n "$ERROR_FILE" ]; then
echo "$IN" | tee -a "$ERROR_FILE" >&2
else
echo "$IN" >&2
fi
}
install_hub_apps () {
$OCC app:enable calendar
$OCC app:enable contacts
$OCC app:enable mail
$OCC app:install spreed 2> /dev/null; echo -n 'enabling Talk... '; $OCC app:enable spreed
# logic for office suite resides in join script
}
NC_DATADIR="$NC_PERMDATADIR/nextcloud-data"
NC_UCR_FILE="$NC_PERMCONFDIR/ucr"
mv "$NC_PERMCONFDIR/ucs.crt" /usr/local/share/ca-certificates/ucs.crt 2>&1 | error_msg
update-ca-certificates 2>&1 | error_msg
cd /var/www/html
if [ ! -f occ ]; then
error_msg "/var/www/html/occ missing – was the docker container modified manually?"
exit 21
fi
OCC="sudo -u www-data php /var/www/html/occ"
NC_IS_INSTALLED=$($OCC status | grep "installed: true" -c)
NC_IS_UPGRADE=1
if [ "$NC_IS_INSTALLED" -eq 0 ] ; then
NC_IS_UPGRADE=0
NC_ADMIN_PWD_FILE="$NC_PERMCONFDIR/admin.secret"
NC_DB_TYPE="pgsql"
NC_LOCAL_ADMIN="nc_admin"
NC_LOCAL_ADMIN_PWD=$(pwgen -y 30 1)
echo "$NC_LOCAL_ADMIN_PWD" > "$NC_ADMIN_PWD_FILE"
chmod 600 "$NC_ADMIN_PWD_FILE"
mkdir -p "$NC_DATADIR"
chown www-data:www-data -R "$NC_DATADIR"
$OCC maintenance:install \
--admin-user "$NC_LOCAL_ADMIN" \
--admin-pass "$NC_LOCAL_ADMIN_PWD" \
--database "$NC_DB_TYPE" \
--database-host "$DB_HOST" \
--database-port "$DB_PORT" \
--database-name "$DB_NAME" \
--database-user "$DB_USER" \
--database-pass "$DB_PASSWORD" \
--data-dir "$NC_DATADIR" \
2>&1 | error_msg
STATE=$?
if [[ $STATE != 0 ]]; then
error_msg "Error while installing Nextcloud. Please check the apache log within the Nextcloud docker container, and (if existing) the nextcloud.log file in $NC_DATADIR."
exit 22;
fi
fi
UPGRADE_LOGFILE="/var/log/nextcloud-upgrade_"$(date +%y_%m_%d)".log"
$OCC check
$OCC status
$OCC app:list
$OCC upgrade 2>&1>> "$UPGRADE_LOGFILE"
error_msg "The upgrade log is written to $UPGRADE_LOGFILE within the nextcloud container"
# basic Nextcloud configuration
# shellcheck disable=SC1090
source "${NC_UCR_FILE}"
if [ "$NC_IS_UPGRADE" -eq 0 ] ; then
$OCC config:system:set updatechecker --type=boolean --value="false" # this is handled via UCS AppCenter
$OCC config:system:set upgrade.disable-web --type=boolean --value="true"
$OCC config:system:set --value "\OC\Memcache\APCu" memcache.local
$OCC config:system:set overwriteprotocol --value="https"
$OCC config:system:set overwritewbroot --value="/nextcloud"
$OCC config:system:set overwrite.cli.url --value="https://$NC_UCR_DOMAIN/nextcloud"
$OCC config:system:set htaccess.RewriteBase --value="/nextcloud"
$OCC background:cron
$OCC app:enable user_ldap
$OCC app:install user_saml && $OCC app:enable user_saml
$OCC app:disable updatenotification
install_hub_apps
# set IP-related settings
$OCC config:system:set trusted_proxies 0 --value="$NC_TRUSTED_PROXY_IP"
$OCC config:system:set trusted_domains 0 --value="$NC_UCR_DOMAIN"
NC_TRUSTED_DOMAIN_NO=1
NC_HOST_IPS=($NC_HOST_IPS)
for HOST_IP in "${NC_HOST_IPS[@]}" ; do
HOST_IP=$(echo "$HOST_IP" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
$OCC config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_NO" --value="$HOST_IP"
NC_TRUSTED_DOMAIN_NO=$(($NC_TRUSTED_DOMAIN_NO+1))
done
# This should not be necessary, but was observed… TODO: try to reproduce outside UCS, but with psql
$OCC db:convert-filecache-bigint -n
$OCC db:add-missing-indices
# ensure that all apps are up to date on installation
$OCC app:update --all
else
# attempt to re-enable disabled apps
DISABLED_APPS=( $(cat "$UPGRADE_LOGFILE" | grep "Disabled incompatible app:" | cut -d ":" -f 2 | egrep -o "[a-z]+[a-z0-9_]*[a-z0-9]+") )
for APPID in "${DISABLED_APPS[@]}" ; do
$OCC app:enable "$APPID" || $OCC app:install "$APPID" || error_msg "Could not re-enable $APPID"
done
fi
# Recreate the htaccess on both install and update
$OCC maintenance:update:htaccess
$OCC config:system:set one-click-instance --value=true --type=bool
$OCC config:system:set one-click-instance.user-limit --value=500 --type=int
$OCC config:system:set one-click-instance.link --value="https://nextcloud.com/univention/"
$OCC app:enable support
# env var is set from the dockerfile
if [ "$NC_IS_PATCHED" = true ]; then
$OCC config:system:set integrity.check.disabled --value="true" --type=boolean
# (un)comment and adjust following line depending on the use case,
# otherwise a warning is shown, still
$OCC integrity:check-app dav
$OCC integrity:check-app user_ldap
$OCC integrity:check-core
# integrity checks are done once on upgrade case, thus we can directly remove the flag again
$OCC config:system:delete integrity.check.disabled
fi
echo "*/5 * * * * www-data php -f /var/www/html/cron.php" > /etc/cron.d/nextcloud