YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Merge pull request #622 from YunoHost-Apps/testing

Browse source 
Testing / switch to packaging V2 + proper mail config
This commit is contained in:
eric_G 2024-01-11 18:46:14 +01:00 committed by GitHub
commit 3e60bacfa5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 443 additions and 934 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
README.md
View file

@ -20,8 +20,7 @@ Nextcloud Hub is a fully open-source on-premises content collaboration platform.
### YunoHost-specific features
In addition to Nextcloud core features, the following are made available with
this package:
In addition to Nextcloud core features, the following are made available with this package:
* Integrate with YunoHost users and SSO - i.e. logout button
* Allow one user to be the administrator (set at the installation)
@ -30,7 +29,7 @@ this package:
* Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal
**Shipped version:** 27.1.4~ynh1
**Shipped version:** 28.0.1~ynh1
**Demo:** https://demo.nextcloud.com/
@ -38,25 +37,6 @@ this package:
![Screenshot of Nextcloud](./doc/screenshots/screenshot.png)
## Disclaimers / important information
### Configure ONLYOFFICE integration
#### With Nextcloud App (no ARM support, lower performance)
Starting from Nextcloud 18, it features a direct integration of ONLYOFFICE (an online rich text document editor) through a Nextcloud app.
To install and configure it:
- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server.
- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server.
- Then in Settings -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE.
- Here you go :) You should be able to create new type of documents and open them.
*NB: ONLYOFFICE Nextcloud App is only available for x86 architecture - for **ARM** architecture (Raspberry Pi, OLinuXino...), consider the YunoHost App below*
#### With YunoHost App (ARM64 support, better performance)
For better performance and ARM64 support, install ONLYOFFICE YunoHost App and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)
## Documentation and resources
* Official app website: <https://nextcloud.com>

21
README_fr.md
View file

@ -29,7 +29,7 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv
* Utilise l'adresse `/.well-known` pour la synchronisation CalDAV et CardDAV du domaine si aucun autre service ne l'utilise déjà - par exemple, Baïkal
**Version incluse :** 27.1.4~ynh1
**Version incluse :** 28.0.1~ynh1
**Démo :** https://demo.nextcloud.com/
@ -37,25 +37,6 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv
![Capture décran de Nextcloud](./doc/screenshots/screenshot.png)
## Avertissements / informations importantes
### Configurer l'intégration d'ONLYOFFICE
#### Avec l'application Nextcloud (pas de support ARM, performances limitées)
À partir de sa version 18, Nextcloud inclut une intégration directe de ONLYOFFICE (un éditeur de texte enrichi en ligne) via une application Nextcloud.
Pour l'installer et la configurer :
- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE.
- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE.
- Ensuite dans les Paramètres -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE.
- Et voilà :) Vous devriez pouvoir créer de nouveaux types de documents, et les ouvrir.
*NB : l'app Nextcloud ONLYOFFICE Community Document Server n'est disponible que sous architecture x86 - Pour un support de l'architecture **ARM** (Raspberry Pi, OLinuXino...), installez plutôt l'App YunoHost, voir ci-dessous*
#### Avec l'application YunoHost (support ARM64, meilleures performances)
Pour de meilleures performances et le support de ARM64, installez l'app YunoHost ONLYOFFICE, voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)
## Documentations et ressources
* Site officiel de lapp : <https://nextcloud.com>

27
check_process
View file

@ -1,27 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
admin="homer"
is_public=1
user_home="1"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
#26.0.3
upgrade=1 from_commit=d02166a533dcf8aa82d49dbb6a3a2dd9a7411812
backup_restore=1
multi_instance=1
change_url=1
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=d02166a533dcf8aa82d49dbb6a3a2dd9a7411812
name=Merge pull request #495 from 26.0.3
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&user_home=1&

18
conf/config.json
View file

@ -13,7 +13,23 @@
},
"hashing_default_password": true,
"localstorage.allowsymlinks": true,
"simpleSignUpLink.shown": false
"simpleSignUpLink.shown": false,
"mail_smtpmode": "smtp",
"mail_smtpport": "25",
"mail_smtpauth": 1,
"mail_smtpname": "__APP__",
"mail_smtppassword": "__MAIL_PWD__",
"mail_sendmailmode": "smtp",
"mail_from_address": "__APP__",
"mail_domain": "__DOMAIN__",
"mail_smtphost": "localhost",
"mail_smtpstreamoptions": {
"ssl": {
"allow_self_signed": true,
"verify_peer": false,
"verify_peer_name": false
}
}
},
"apps": {
"user_ldap": {

18
conf/config_install.json
View file

@ -1,9 +1,9 @@
{
"system": {
"datadirectory": "__DATADIR__",
"trusted_domains": [
"localhost",
"__DOMAIN__"
]
}
}
{
"system": {
"datadirectory": "__DATA_DIR__/data/",
"trusted_domains": [
"localhost",
"__DOMAIN__"
]
}
}

2
conf/extra_php-fpm.conf
View file

@ -14,7 +14,7 @@ php_value[opcache.interned_strings_buffer]=32
php_value[opcache.max_accelerated_files]=10000
php_value[opcache.memory_consumption]=128
php_value[opcache.save_comments]=1
php_value[opcache.revalidate_freq]=1
php_value[opcache.revalidate_freq]=60
; https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html#id1
php_value[apc.enabled]=1
php_value[apc.enable_cli]=1

2
conf/nextcloud.cron
View file

@ -1 +1 @@
*/5 * * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __FINAL_PATH__/cron.php
*/5 * * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __INSTALL_DIR__/cron.php

62
conf/nginx.conf
View file

@ -1,3 +1,12 @@
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
text/javascript js mjs;
}
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
@ -9,29 +18,21 @@ location ^~ /.well-known {
location = /.well-known/carddav { return 301 __PATH__/remote.php/dav/; }
location = /.well-known/caldav { return 301 __PATH__/remote.php/dav/; }
location = /.well-known/webfinger { return 301 __PATH__/index.php$uri; }
location = /.well-known/webfinger { return 301 __PATH__/index.php$request_uri; }
location = /.well-known/nodeinfo { return 301 __PATH__/index.php$uri; }
try_files $uri $uri/ =404;
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 __PATH__/index.php$request_uri;
}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location ^~ __PATH__/ {
# Path to source
alias __FINALPATH__/;
alias __INSTALL_DIR__/;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Set max upload size
# set max upload size and increase upload timeout:
client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
@ -53,6 +54,16 @@ location ^~ __PATH__/ {
# for tunning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
@ -80,7 +91,7 @@ location ^~ __PATH__/ {
log_not_found off;
access_log off;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
@ -91,8 +102,6 @@ location ^~ __PATH__/ {
# `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
# https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337
# This line fix the ldap admin page
rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
@ -107,10 +116,19 @@ location ^~ __PATH__/ {
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_param HTTP_ACCEPT_ENCODING ""; # Disable encoding of nextcloud response to inject ynh scripts
fastcgi_param HTTP_ACCEPT_ENCODING ""; # Disable encoding of Nextcloud response to inject ynh scripts
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) {
@ -118,6 +136,7 @@ location ^~ __PATH__/ {
index index.php;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri / __PATH__/index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
@ -134,8 +153,13 @@ location ^~ __PATH__/ {
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location __PATH__/remote {
return 301 __PATH__/remote.php$request_uri;
}
location ~ / {
if ($request_method ~ ^(PUT|DELETE|PATCH)$) {
if ($request_method ~ ^(PUT|DELETE|PATCH|PROPFIND|PROPPATCH)$) {
rewrite ^ __PATH__/index.php$request_uri last;
}
try_files $uri / __PATH__/index.php$request_uri;

24
doc/ADMIN.md Normal file
View file

@ -0,0 +1,24 @@
### Manually running Nextcloud commands
You can run Nextcloud commands from the command line using:
```
sudo -u __APP__ php__YNH_PHP_VERSION__ --define apc.enable_cli=1 __INSTALL_DIR__/occ ...
```
Alternatively, you may open a 'Nextcloud shell' with `sudo yunohost app shell __APP__`, then run `php occ ...`
### ONLYOFFICE integration
ONLYOFFICE is an online rich text document editor which can be integrated in Nextcloud
#### With YunoHost App (ARM64 support, better performance)
For better performance and ARM64 support (Raspberry Pi, OLinuXino...), install the [OnlyOffice YunoHost app](https://apps.yunohost.org/app/onlyoffice) and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)
#### Alternative: With Nextcloud App (no ARM support, lower performance)
Nextcloud features a direct integration of ONLYOFFICE through a Nextcloud app.
- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server.
- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server.
- Then in Settings -> ONLYOFFICE (`https://__DOMAIN____PATH__/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE.

24
doc/ADMIN_fr.md Normal file
View file

@ -0,0 +1,24 @@
### Exécuter manuellement des commandes Nextcloud
Vous pouvez lancer des commandes Nextcloud depuis la ligne de commande avec:
```
sudo -u __APP__ php__YNH_PHP_VERSION__ --define apc.enable_cli=1 __INSTALL_DIR__/occ ...
```
Ou bien, vous pouvez ouvrir un "shell Nextcloud" avec `sudo yunohost app shell __APP__`, puis lancer `php occ ...`
### Intégration d'ONLYOFFICE
ONLYOFFICE est un éditeur de texte enrichi en ligne qui peut s'intégrer dans Nextcloud
#### Avec l'application YunoHost (support ARM64, meilleures performances)
Pour de meilleures performances et le support de ARM64 (Raspberry Pi, OLinuXino...), installez l'[app YunoHost OnlyOffice](https://apps.yunohost.org/app/onlyoffice), puis connectez-la à Nextcloud : voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)
#### Alternative: avec l'application Nextcloud (pas de support ARM, performances limitées)
Nextcloud inclut une intégration directe via une application Nextcloud.
- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE.
- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE.
- Ensuite dans les Paramètres -> ONLYOFFICE (`https://__DOMAIN____PATH__/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE.

3
doc/DESCRIPTION.md
View file

@ -2,8 +2,7 @@ Nextcloud Hub is a fully open-source on-premises content collaboration platform.
### YunoHost-specific features
In addition to Nextcloud core features, the following are made available with
this package:
In addition to Nextcloud core features, the following are made available with this package:
* Integrate with YunoHost users and SSO - i.e. logout button
* Allow one user to be the administrator (set at the installation)

16
doc/DISCLAIMER.md
View file

@ -1,16 +0,0 @@
### Configure ONLYOFFICE integration
#### With Nextcloud App (no ARM support, lower performance)
Starting from Nextcloud 18, it features a direct integration of ONLYOFFICE (an online rich text document editor) through a Nextcloud app.
To install and configure it:
- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server.
- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server.
- Then in Settings -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE.
- Here you go :) You should be able to create new type of documents and open them.
*NB: ONLYOFFICE Nextcloud App is only available for x86 architecture - for **ARM** architecture (Raspberry Pi, OLinuXino...), consider the YunoHost App below*
#### With YunoHost App (ARM64 support, better performance)
For better performance and ARM64 support, install ONLYOFFICE YunoHost App and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)

16
doc/DISCLAIMER_fr.md
View file

@ -1,16 +0,0 @@
### Configurer l'intégration d'ONLYOFFICE
#### Avec l'application Nextcloud (pas de support ARM, performances limitées)
À partir de sa version 18, Nextcloud inclut une intégration directe de ONLYOFFICE (un éditeur de texte enrichi en ligne) via une application Nextcloud.
Pour l'installer et la configurer :
- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE.
- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE.
- Ensuite dans les Paramètres -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE.
- Et voilà :) Vous devriez pouvoir créer de nouveaux types de documents, et les ouvrir.
*NB : l'app Nextcloud ONLYOFFICE Community Document Server n'est disponible que sous architecture x86 - Pour un support de l'architecture **ARM** (Raspberry Pi, OLinuXino...), installez plutôt l'App YunoHost, voir ci-dessous*
#### Avec l'application YunoHost (support ARM64, meilleures performances)
Pour de meilleures performances et le support de ARM64, installez l'app YunoHost ONLYOFFICE, voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server)

1
doc/POST_UPGRADE.md Normal file
View file

@ -0,0 +1 @@
Note that if you've installed any third-party Nextcloud applications, they have probably been disabled. If so, you'll need to manually enable them again.

1
doc/POST_UPGRADE_fr.md Normal file
View file

@ -0,0 +1 @@
Notez que si vous avez installé des applications Nextcloud tierces, elles sont probablement désactivées et vous devrez les réactiver manuellement.

16
hooks/post_user_delete Normal file
View file

@ -0,0 +1,16 @@
#!/bin/bash
source /usr/share/yunohost/helpers
user="$1"
app="$(basename $0 | cut -d- -f 2-)" # Extract the app name from the script name, which is supposed to be something like "50-app_id"
install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
}
exec_occ user:delete $user

70
manifest.json
View file

@ -1,70 +0,0 @@
{
"id": "nextcloud",
"name": "Nextcloud",
"packaging_format": 1,
"description": {
"en": "Online storage, file sharing platform and various other applications",
"fr": "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications"
},
"version": "27.1.4~ynh1",
"url": "https://nextcloud.com",
"upstream": {
"license": "AGPL-3.0",
"website": "https://nextcloud.com",
"demo": "https://demo.nextcloud.com/",
"admindoc": "https://docs.nextcloud.com/server/stable/admin_manual/",
"userdoc": "https://docs.nextcloud.com/server/latest/user_manual/en/",
"code": "https://github.com/nextcloud/server",
"cpe": "cpe:2.3:a:nextcloud:nextcloud"
},
"license": "AGPL-3.0",
"maintainer": {
"name": "kay0u",
"email": "pierre@kayou.io"
},
"requirements": {
"yunohost": ">= 11.2"
},
"multi_instance": true,
"services": [
"nginx",
"php8.1-fpm",
"mysql"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/nextcloud",
"default": "/nextcloud"
},
{
"name": "admin",
"type": "user"
},
{
"name": "is_public",
"type": "boolean",
"help": {
"en": "You need to enable public if you want to connect Nextcloud Desktop client to Nextcloud server. This can be changed later via the webadmin.",
"fr": "Vous devez cocher cette case si vous souhaitez connecter le client Nextcloud Desktop au serveur Nextcloud. Cela peut être modifié ultérieurement via l'administrateur Web."
},
"default": true
},
{
"name": "user_home",
"type": "boolean",
"ask": {
"en": "Access the users home folder from Nextcloud?",
"fr": "Accéder au dossier personnel des utilisateurs depuis Nextcloud ?"
},
"default": false
}
]
}
}

80
manifest.toml Normal file
View file

@ -0,0 +1,80 @@
packaging_format = 2
id = "nextcloud"
name = "Nextcloud"
description.en = "Online storage, file sharing platform and various other applications"
description.fr = "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications"
version = "28.0.1~ynh1"
maintainers = ["kay0u"]
[upstream]
license = "AGPL-3.0"
website = "https://nextcloud.com"
demo = "https://demo.nextcloud.com/"
admindoc = "https://docs.nextcloud.com/server/stable/admin_manual/"
userdoc = "https://docs.nextcloud.com/server/latest/user_manual/en/"
code = "https://github.com/nextcloud/server"
cpe = "cpe:2.3:a:nextcloud:nextcloud"
[integration]
yunohost = ">= 11.2"
architectures = ["amd64", "arm64", "armhf"]
multi_instance = true
ldap = true
sso = true
disk = "50M"
ram.build = "500M"
ram.runtime = "512M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/nextcloud"
[install.admin]
type = "user"
[install.init_main_permission]
help.en = "You must activate 'Visitors' if you want to connect Nextcloud Desktop client to Nextcloud server. This can be changed later via the webadmin."
help.fr = "Vous devez activer 'Visiteurs' si vous souhaitez connecter le client Nextcloud Desktop au serveur Nextcloud. Cela peut être modifié ultérieurement via l'administrateur Web."
type = "group"
default = "visitors"
[install.user_home]
ask.en = "Access the users home folder from Nextcloud?"
ask.fr = "Accéder au dossier personnel des utilisateurs depuis Nextcloud ?"
type = "boolean"
default = false
[resources]
[resources.system_user]
allow_email = true
[resources.install_dir]
[resources.data_dir]
subdirs = ["data"]
[resources.permissions]
main.url = "/"
api.url = "re:__DOMAIN__\\/.well-known\\/.*"
api.auth_header = false
api.show_tile = false
api.protected= true
api.allowed = ["visitors", "all_users"]
[resources.apt]
packages = "mariadb-server, imagemagick, libmagickcore-6.q16-6-extra, acl, tar, smbclient, at, php8.2-fpm, php8.2-bz2, php8.2-imap, php8.2-gmp, php8.2-gd, php8.2-intl, php8.2-curl, php8.2-apcu, php8.2-redis, php8.2-ldap, php8.2-imagick, php8.2-zip, php8.2-mbstring, php8.2-xml, php8.2-mysql, php8.2-igbinary, php8.2-bcmath"
[resources.database]
type = "mysql"

7
scripts/_common.sh
View file

@ -4,12 +4,6 @@
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="8.2"
php_dependencies="php${YNH_PHP_VERSION}-fpm php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-imap php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-redis php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-igbinary php${YNH_PHP_VERSION}-bcmath"
pkg_dependencies="imagemagick libmagickcore-6.q16-6-extra acl tar smbclient at $php_dependencies"
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
@ -46,7 +40,6 @@ is_url_handled() {
fi
}
#=================================================
# Check available space before creating a temp directory.

41
scripts/backup
View file

@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
source ../settings/scripts/_ynh_mysql_dump_db.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -39,7 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE DATA DIRECTORY
#=================================================
ynh_backup --src_path="$data_dir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
@ -53,13 +39,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql
#=================================================
# SPECIFIC BACKUP
#=================================================
@ -82,11 +61,11 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
ynh_backup --src_path="/etc/cron.d/$app"
#=================================================
# BACKUP THE DATA DIRECTORY
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up data directory..."
ynh_print_info --message="Backing up the MySQL database..."
ynh_backup --src_path="$datadir" --is_big
ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql
#=================================================
# END OF SCRIPT

123
scripts/change_url
View file

@ -9,132 +9,53 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
ynh_change_url_nginx_config
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
ynh_script_progression --message="Applying Nextcloud specific modifications..." --weight=2
ynh_script_progression --message="Applying $app specific modifications..." --weight=2
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$final_path" && ynh_exec_as "$app" \
(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
}
if [ $change_domain -eq 1 ]
then
# Change the trusted domain
exec_occ config:system:set trusted_domains 1 --value=$new_domain
# Change the trusted domain
exec_occ config:system:set trusted_domains 1 --value=$new_domain
# Change hostname for activity notifications
exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}"
fi
# Change hostname for activity notifications
exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}${new_path}"
if [ $change_domain -eq 1 ]
then
# Check if .well-known is available for this domain
if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq
ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
# Check if .well-known is available for this domain
if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
fi
#=================================================
# GENERIC FINALISATION
# SETUP SSOWAT
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Configuring permissions..."
ynh_systemd_action --service_name=nginx --action=reload
# Temporary fix for the API permission
ynh_permission_url --permission="api" --url="re:$new_domain\/.well-known\/.*" --auth_header="false" --clear_urls
#=================================================
# END OF SCRIPT

10
scripts/config
View file

@ -24,7 +24,7 @@ current_fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
get__maintenance_mode() {
# Maintenance mode status
maintenance_mode_status="$(cd "$final_path" && ynh_exec_as "$app" \
maintenance_mode_status="$(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode)" 2> /dev/null
if echo $maintenance_mode_status | grep -q "disabled"
then
@ -49,7 +49,7 @@ get__fpm_footprint() {
fi
}
get__free_footprint() {
get__fpm_free_footprint() {
# Free footprint value for php-fpm
# Check if current_fpm_footprint is an integer
if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null
@ -68,12 +68,12 @@ get__free_footprint() {
set__maintenance_mode() {
if [ "$maintenance_mode" -eq "0" ]; then
# If maintenance_mode was set to 0, disable maintenance mode
(cd "$final_path" && ynh_exec_as "$app" \
(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --off)
ynh_print_info "Maintenance mode disabled"
elif [ "$maintenance_mode" -eq "1" ]; then
# If maintenance_mode was set to 1, enable maintenance mode
(cd "$final_path" && ynh_exec_as "$app" \
(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --on)
ynh_print_info "Maintenance mode enabled"
fi
@ -120,7 +120,7 @@ ynh_app_config_validate() {
ynh_app_config_apply() {
_ynh_app_config_apply
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
ynh_add_fpm_config
}
ynh_app_config_run $1

186
scripts/install
View file

@ -1,83 +1,17 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
source _ynh_mysql_connect_as.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
phpflags="--define apc.enable_cli=1"
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
user_home=$YNH_APP_ARG_USER_HOME
is_public=$YNH_APP_ARG_IS_PUBLIC
phpversion=$YNH_PHP_VERSION
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
# Check machine architecture (Nextcloud will soon deprecate 32-bit support)
if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armhf" ]
then
ynh_print_warn --message="Nextcloud will soon deprecate 32-bit support. It is recommended to upgrade to a 64-bit architecture."
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=user_home --value=$user_home
maintenance_mode=0
ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=10
ynh_install_app_dependencies $pkg_dependencies
ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression --message="Creating a MySQL database..." --weight=2
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
ynh_script_progression --message="Migrate MySQL database to utf8..." --weight=2
ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \
<<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
@ -85,7 +19,7 @@ ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
ynh_script_progression --message="Setting up source files..." --weight=5
# Load the last available version
source upgrade.d/upgrade.last.sh
@ -99,37 +33,19 @@ SOURCE_FORMAT=tar.bz2
SOURCE_IN_SUBDIR=true
EOF
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Enable YunoHost patches on Nextcloud sources
cp -a ../sources/patches_last_version/* ../sources/patches
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
# Create a system user
ynh_system_user_create --username=$app
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=50
ynh_script_progression --message="Configuring PHP-FPM..." --weight=5
fpm_footprint="high"
fpm_free_footprint=0
fpm_usage="medium"
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$YNH_PHP_VERSION
# Used by ynh_add_nginx_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
ynh_app_setting_set --app=$app --key=fpm_footprint --value=high
ynh_app_setting_set --app=$app --key=fpm_usage --value=medium
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
@ -139,7 +55,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
@ -148,37 +64,23 @@ fi
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CREATE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
# Define app's data directory
datadir="/home/yunohost.app/$app/data"
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
# Create app folders
mkdir -p "$datadir"
#=================================================
# INSTALL NEXTCLOUD
#=================================================
ynh_script_progression --message="Installing Nextcloud..." --weight=30
ynh_script_progression --message="Installing $app..." --weight=30
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$final_path" && ynh_exec_as "$app" \
(cd "$install_dir" && ynh_exec_as "$app" \
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
}
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
chown -R $app: "$install_dir" "$data_dir"
# Define password in an intermediate var
# The fact that it's called _password allows it to be
# picked up by Yunohost's auto-redact mecanism
# picked up by YunoHost's auto-redact mecanism
admin_password="$(ynh_string_random --length=6)"
# Install Nextcloud using a temporary admin user
@ -186,13 +88,13 @@ exec_occ maintenance:install \
--database "mysql" --database-name $db_name \
--database-user $db_user --database-pass "$db_pwd" \
--admin-user "admin" --admin-pass "$admin_password" \
--data-dir "$datadir" \
--data-dir "$data_dir/data" \
|| ynh_die --message="Unable to install Nextcloud"
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression --message="Configuring Nextcloud..." --weight=8
ynh_script_progression --message="Configuring $app..." --weight=8
# Set the mysql.utf8mb4 config to true in config.php
exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true"
@ -205,7 +107,7 @@ exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config
# Load the installation config file in Nextcloud
nc_conf="$final_path/config_install.json"
nc_conf="$install_dir/config_install.json"
ynh_add_config --template="../conf/config_install.json" --destination="$nc_conf"
exec_occ config:import "$nc_conf"
@ -214,7 +116,7 @@ exec_occ config:import "$nc_conf"
ynh_secure_remove --file="$nc_conf"
# Load the additional config file (used also for upgrade)
nc_conf="$final_path/config.json"
nc_conf="$install_dir/config.json"
ynh_add_config --template="../conf/config.json" --destination="$nc_conf"
exec_occ config:import "$nc_conf"
@ -237,10 +139,10 @@ exec_occ ldap:test-config '' \
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_dir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true`
"$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn --message="Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
@ -269,13 +171,13 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout';
//-YunoHost-
" >> "$final_path/config/config.php"
" >> "$install_dir/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
exec_occ config:system:set overwrite.cli.url --value="https://${domain}"
exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"
#=================================================
# REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE
@ -292,7 +194,7 @@ exec_occ user:delete admin
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/config/config.php"
ynh_store_file_checksum --file="$install_dir/config/config.php"
#=================================================
# ADD A CRON JOB
@ -334,23 +236,23 @@ ynh_multimedia_addaccess $app
#=================================================
# Fix app ownerships & permissions
chown -R $app:www-data "$final_path"
chown -R $app: "$datadir"
find $final_path/ -type f -print0 | xargs -r0 chmod 0644
find $final_path/ -type d -print0 | xargs -r0 chmod 0755
find $datadir/ -type f -print0 | xargs -r0 chmod 0640
find $datadir/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$final_path/config/config.php"
chown -R $app:www-data "$install_dir"
chown -R $app: "$data_dir"
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$install_dir/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $final_path
chmod 750 $install_dir
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile="$datadir/nextcloud.log"
ynh_use_logrotate --logfile="$data_dir/data/nextcloud.log"
#=================================================
# SETUP FAIL2BAN
@ -358,27 +260,7 @@ ynh_use_logrotate --logfile="$datadir/nextcloud.log"
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission="main" --add="visitors"
fi
ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_add_fail2ban_config --logpath="$data_dir/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#=================================================
# END OF SCRIPT

96
scripts/remove
View file

@ -1,126 +1,38 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
# REMOVE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
# REMOVE SYSTEMD SERVICE
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=20
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Removing the MySQL database..." --weight=5
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=3
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
ynh_secure_remove --file="$datadir"
fi
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
ynh_script_progression --message="Removing system configurations related to $app..." --weight=5
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE THE CRON FILE
#=================================================
# Remove a cron file
# TODO: Ensure that cron job is not running (How !?)
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# CLEAN ACL IN HOME DIRECTORIES
#=================================================
# Cleaning ACL in home directories
for i in $(ls /home); do
# Clean ACL in every directories in /home, except those which start with 'yunohost.'
[[ ! $i == yunohost.* ]] \
&& setfacl --remove g:$app:rwx 2>&1
done
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

96
scripts/restore
View file

@ -1,48 +1,9 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
source ../settings/scripts/_ynh_mysql_connect_as.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=4
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
@ -50,38 +11,15 @@ test ! -d $final_path \
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=9
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \
<<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name --default_character_set="utf8mb4" < ./db.sql
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=10
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
@ -91,7 +29,7 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=50
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
# Recreate a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion
ynh_add_fpm_config
#=================================================
# RESTORE THE NGINX CONFIGURATION
@ -102,9 +40,9 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
# Remove lines about .well-known/CardDAV and CalDAV with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
fi
@ -128,29 +66,27 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_script_progression --message="Restoring data directory..." --weight=2
# Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup.
ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p "$datadir"
ynh_restore_file --origin_path="$data_dir" --not_mandatory
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Fix app ownerships & permissions
chown -R $app:www-data "$final_path"
chown -R $app: "$datadir"
find $final_path/ -type f -print0 | xargs -r0 chmod 0644
find $final_path/ -type d -print0 | xargs -r0 chmod 0755
find $datadir/ -type f -print0 | xargs -r0 chmod 0640
find $datadir/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$final_path/config/config.php"
chown -R $app:www-data "$install_dir"
chown -R $app: "$data_dir"
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$install_dir/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $final_path
chmod 750 $install_dir
# Iterate over users to extend their home folder permissions - for the external
# storage plugin usage - and create relevant Nextcloud directories
for u in $(ynh_user_list); do
mkdir -p "$datadir/$u"
mkdir -p "$data_dir/$u"
setfacl --modify g:$app:rwx "/home/$u" || true
done
@ -172,8 +108,8 @@ ynh_script_progression --message="Restoring the Fail2Ban configuration..." --wei
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
# Make sure a log file exists (mostly for CI tests)
logfile="/home/yunohost.app/$app/data/nextcloud.log"
# Make sure a log file exists (mostly for CI tests)
logfile="$data_dir/data/nextcloud.log"
if [ ! -f "$logfile" ]; then
touch "$logfile"
chown $app: "$logfile"

358
scripts/upgrade
View file

@ -1,105 +1,22 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
user_home=$(ynh_app_setting_get --app=$app --key=user_home)
maintenance_mode=$(ynh_app_setting_get --app=$app --key=maintenance_mode)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
# Check machine architecture (Nextcloud will soon deprecate 32-bit support)
if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armhf" ]
then
ynh_print_warn --message="Nextcloud will soon deprecate 32-bit support. It is recommended to upgrade to a 64-bit architecture."
fi
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# If datadir doesn't exist, create it
if [ -z "$datadir" ]; then
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
fi
# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete --app=$app --key=backup_core_only
# If maintenance_mode doesn't exist, create it
if [ -z "$maintenance_mode" ]; then
maintenance_mode=0
ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode
fi
# If fpm_footprint doesn't exist, create it
if [ -z "$fpm_footprint" ]; then
fpm_footprint=high
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
fi
# If fpm_free_footprint doesn't exist, create it
if [ -z "$fpm_free_footprint" ]; then
fpm_free_footprint=0
ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint
fi
# If fpm_usage doesn't exist, create it
if [ -z "$fpm_usage" ]; then
fpm_usage=medium
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"
# If phpflags doesn't exist, create it
if [ -z "${phpflags:-}" ]; then
phpflags="--define apc.enable_cli=1"
ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags
fi
# Delete existing ini configuration file (backward compatibility)
@ -107,97 +24,6 @@ if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
# Made a backup only after the version 11.0.0
# Before, the datas will be always saved.
# Get the current version number of nextcloud/owncloud
current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
if [ $current_major_version -gt 11 ]
then
# Inform the backup/restore process that it should not save the data directory
# Use only for the previous backup script that doesn't set 'is_big'
ynh_app_setting_set --app=$app --key=backup_core_only --value=1
# Backup the current version of the app
ynh_backup_before_upgrade
# Remove the option backup_core_only after the backup.
ynh_app_setting_delete $app backup_core_only
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
fi
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"
fi
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=7
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
# Recreate a dedicated PHP-FPM config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Delete current NGINX configuration to be able to check if .well-known is already served.
ynh_remove_nginx_config
ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf"
# Wait untils NGINX has fully reloaded
ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
@ -205,35 +31,48 @@ ynh_add_nginx_config
# VERSION TO THE NEXT ONE
#=================================================
current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
# Define a function to execute commands with `occ`
exec_occ() {
# Backward compatibility to upgrade from older versions
if [ $current_major_version = "last" ] || [ $current_major_version -ge 24 ]
if [ $current_major_version = "last" ] || [ $current_major_version -ge 26 ]
then
NEXTCLOUD_PHP_VERSION=$phpversion
elif [ $current_major_version -ge 15 ]
NEXTCLOUD_PHP_VERSION="8.2"
elif [ $current_major_version -ge 24 ]
then
NEXTCLOUD_PHP_VERSION="8.1"
elif [ $current_major_version -ge 18 ]
then
NEXTCLOUD_PHP_VERSION="7.4"
else
NEXTCLOUD_PHP_VERSION="7.0"
NEXTCLOUD_PHP_VERSION="7.1"
fi
(cd "$final_path" && ynh_exec_as "$app" \
# NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies
# will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ...
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then
local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)"
pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}"
ynh_install_app_dependencies "$pkg_dependencies"
fi
(cd "$install_dir" && ynh_exec_as "$app" \
php$NEXTCLOUD_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
}
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_dir="$1"
local mount_name="$2"
local mount_id=$(exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true)
"$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true)
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn --message="Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Define app's data directory
datadir="/home/yunohost.app/$app/data"
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
@ -246,13 +85,13 @@ then
last_major_version=${last_version%%.*}
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
chown -R $app: "$install_dir" "$data_dir"
# Print the current version number of Nextcloud
exec_occ -V
if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
# Change your databases character set and collation
ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \
<<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
@ -297,7 +136,7 @@ then
# Load the value for this version
source upgrade.d/upgrade.$current_major_version.sh
ynh_print_info --message="Upgrade to nextcloud $next_version"
ynh_print_info --message="Upgrade to Nextcloud $next_version"
# Create an app.src for this version of Nextcloud
cat > ../conf/app.src << EOF
@ -314,17 +153,17 @@ EOF
# Install the next nextcloud version in $tmpdir
ynh_setup_source --dest_dir="$tmpdir"
# Backup the config file in the temp dir
cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php"
# Enable maintenance mode
exec_occ maintenance:mode --on
# Backup the config file in the temp dir
cp -a "$final_path/config/config.php" "$tmpdir/config/config.php"
# Backup 3rd party applications from the current Nextcloud
# But do not overwrite if there is any upgrade
# (apps directory already exists in Nextcloud archive)
(
cd $final_path/apps
cd $install_dir/apps
for nc_app_dir in */
do
if [ ! -d "$tmpdir/apps/$nc_app_dir" ]
@ -334,13 +173,13 @@ EOF
done
)
# Replace the old nextcloud by the new one
ynh_secure_remove --file="$final_path"
mv "$tmpdir" "$final_path"
# Replace the old Nextcloud by the new one
ynh_secure_remove --file="$install_dir"
mv "$tmpdir" "$install_dir"
ynh_secure_remove --file="$tmpdir"
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
chown -R $app: "$install_dir" "$data_dir"
# Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
exec_occ maintenance:mode --off
@ -348,10 +187,10 @@ EOF
|| [ $? -eq 3 ] || ynh_die --message="Unable to upgrade Nextcloud"
# Get the new current version number
current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2)
current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
# Print the current version number of nextcloud
# Print the current version number of Nextcloud
exec_occ -V
done
@ -366,9 +205,9 @@ EOF
ynh_script_progression --message="Reconfiguring Nextcloud..." --weight=9
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different --file="$final_path/config/config.php"
ynh_backup_if_checksum_is_different --file="$install_dir/config/config.php"
nc_conf="${final_path}/config.json"
nc_conf="${install_dir}/config.json"
ynh_add_config --template="../conf/config.json" --destination="$nc_conf"
# Reneable the mail app
@ -382,6 +221,9 @@ EOF
# Enable LDAP plugin
exec_occ app:enable user_ldap
# Update all installed apps
exec_occ app:update --all
# Load the config file in nextcloud
exec_occ config:import "$nc_conf"
@ -400,13 +242,13 @@ EOF
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout';
//-YunoHost-
" >> "$final_path/config/config.php"
" >> "$install_dir/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
exec_occ config:system:set overwrite.cli.url --value="https://${domain}"
exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
@ -429,13 +271,63 @@ EOF
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="${final_path}/config/config.php"
ynh_store_file_checksum --file="${install_dir}/config/config.php"
fi
#=================================================
# UPDATE THE CRON JOB
# REGEN SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Reapplying file permissions..." --weight=2
# Fix app ownerships & permissions
chown -R $app:www-data "$install_dir"
chown -R $app: "$data_dir"
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$install_dir/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $install_dir
#=================================================
# REGEN SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Regenerating system configurations for $app..." --weight=2
# -------
# PHP-FPM
# -------
ynh_add_fpm_config
# -------
# NGINX
# -------
# Delete current NGINX configuration to be able to check if .well-known is already served.
ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_remove_nginx_config
ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf"
# Wait untils NGINX has fully reloaded
ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config
# -------
# CRON JOB
# -------
cron_path="/etc/cron.d/$app"
ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path"
chown root: "$cron_path"
@ -443,60 +335,18 @@ chmod 644 "$cron_path"
exec_occ background:cron
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Fix app ownerships & permissions
chown -R $app:www-data "$final_path"
chown -R $app: "$datadir"
find $final_path/ -type f -print0 | xargs -r0 chmod 0644
find $final_path/ -type d -print0 | xargs -r0 chmod 0755
find $datadir/ -type f -print0 | xargs -r0 chmod 0640
find $datadir/ -type d -print0 | xargs -r0 chmod 0750
chmod 640 "$final_path/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $final_path
#=================================================
# WARNING ABOUT THIRD-PARTY APPS
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
# Warn about possible disabled apps
ynh_print_warn --message="Note that if you've installed some third-parties Nextcloud applications, \
they are probably disabled and you'll have to manually enable them again."
fi
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
# -------
# LOGROTATE
# -------
ynh_use_logrotate --non-append
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
# -------
# FAIL2BAN
# -------
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload
#=================================================
# END OF SCRIPT
#=================================================

7
scripts/upgrade.d/upgrade.27.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available Nextcloud version
next_version="28.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="4e8b0b74b40221e85f92ab869d0873c69a52d7e43889d9259c6259428a6a36f2"

4
scripts/upgrade.d/upgrade.last.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# Last available Nextcloud version
next_version="27.1.4"
next_version="28.0.1"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="bec65f2166b82c9303baf476c1e424f71aa196dad010ffe4c0c39d03990d594c"
nextcloud_source_sha256="2f80735b443082272fe6a3b5e32137957f1fc448c75342b94b5200b29725f3a4"

6
sources/patches_last_version/app-00-add-logout_url-conf.patch
View file

@ -2,17 +2,17 @@ diff --git a/core/Controller/LoginController.php b/core/Controller/LoginControll
index 13aef8f67a..55d8dbf9d1 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -119,11 +119,12 @@ class LoginController extends Controller {
@@ -97,11 +97,12 @@ class LoginController extends Controller {
}
$this->userSession->logout();
- $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
- 'core.login.showLoginForm',
- ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
- ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ $redirectUrl = $this->config->getSystemValue('logout_url',
+ $this->urlGenerator->linkToRouteAbsolute(
+ 'core.login.showLoginForm',
+ ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers)
+ ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers)
));
-
+ $response = new RedirectResponse($redirectUrl);

6
sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch
View file

@ -5,13 +5,13 @@ diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public
index e9ecf00036..8e69c8d2dc 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
@@ -42,7 +42,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
- protected $evalScriptAllowed = false;
+ // YunoHost patch: allow for eval in JS scripts for YunoHost tile
+ protected $evalScriptAllowed = true;
/** @var bool Whether WebAssembly compilation is allowed */
protected ?bool $evalWasmAllowed = false;
/** @var bool Whether strict-dynamic should be set */
protected $strictDynamicAllowed = null;
/** @var array Domains from which scripts can get loaded */

12
tests.toml Normal file
View file

@ -0,0 +1,12 @@
test_format = 1.0
[default]
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.c5cf91ad.name = "Upgrade from 25.0.2"
test_upgrade_from.caf917f3.name = "Upgrade from 26.0.2"
test_upgrade_from.9c6d1eea.name = "Upgrade from 27.1.4"