From 1c8a1ba2c8ee6ff20fd23fe4c788617fae305846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Richter?= <2268851+x3rAx@users.noreply.github.com> Date: Wed, 14 Aug 2024 00:27:37 +0200 Subject: [PATCH 1/5] Fix removing ACL permissions on uninstall According to `man setfacl`, for the `--remove` option "[o]nly ACL entries without the perms field are accepted as parameters". --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index c39ac68..664e4a0 100755 --- a/scripts/remove +++ b/scripts/remove @@ -30,7 +30,7 @@ ynh_secure_remove --file="/etc/cron.d/$app" for i in $(ls /home); do # Clean ACL in every directories in /home, except those which start with 'yunohost.' [[ ! $i == yunohost.* ]] \ - && setfacl --remove g:$app:rwx 2>&1 + && setfacl --remove g:$app 2>&1 done #================================================= From aae9736b4337cf6b2b09c0162f0f6f35621849c4 Mon Sep 17 00:00:00 2001 From: ^x3ro Date: Wed, 14 Aug 2024 00:56:32 +0200 Subject: [PATCH 2/5] Fix: Add missing `file` argument to `setfacl` --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index 664e4a0..78490fc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -30,7 +30,7 @@ ynh_secure_remove --file="/etc/cron.d/$app" for i in $(ls /home); do # Clean ACL in every directories in /home, except those which start with 'yunohost.' [[ ! $i == yunohost.* ]] \ - && setfacl --remove g:$app 2>&1 + && setfacl --remove g:$app -- "$i" 2>&1 done #================================================= From abfb04de912770b4ac07ca3dc5a453294c5c3df1 Mon Sep 17 00:00:00 2001 From: ^x3ro Date: Wed, 14 Aug 2024 01:15:44 +0200 Subject: [PATCH 3/5] Fix: Use absolute path for removing ACL permissions --- scripts/remove | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/remove b/scripts/remove index 78490fc..1682dfc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -27,10 +27,10 @@ ynh_remove_fail2ban_config ynh_secure_remove --file="/etc/cron.d/$app" # Cleaning ACL in home directories -for i in $(ls /home); do +for path in /home/*; do # Clean ACL in every directories in /home, except those which start with 'yunohost.' - [[ ! $i == yunohost.* ]] \ - && setfacl --remove g:$app -- "$i" 2>&1 + [[ ! $path == /home/yunohost.* ]] \ + && setfacl --remove g:$app -- "$path" 2>&1 done #================================================= From 9bef6d077bca3179a17cfc6522ccc5e682daeb54 Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 20 Aug 2024 21:48:20 +0200 Subject: [PATCH 4/5] Testing (#718) * Update manifest.toml * Auto-update READMEs * add pre upgrade warning for NC 29 * update to PHP8.3 * Auto-update READMEs * Update manifest.toml * Auto-update READMEs * Fix space splitting in phpflags on install (#690) * Auto-update READMEs * Update upgrade * Update manifest.toml * Auto-update READMEs * Fix phpflags (#691) * Fix upgrade: php version is 8.3 starting from 29.x ? (#692) * Update manifest.toml * Auto-update READMEs * Update tests.toml * [autopatch] Do not delete logs on app removal (#697) * [autopatch] Do not delete logs on app removal (#698) Co-authored-by: Yunohost-Bot <> * 29.0.3 * Auto-update READMEs * Update remove * Indent * Fix again upgrade ending with Nextcloud being in PHP 8.2 ? * Auto-update READMEs * Update nginx.conf * Update manifest.toml * Auto-update READMEs * Rework DESCRIPTION.md (#707) * Update DESCRIPTION_fr.md * Auto-update READMEs * Update DESCRIPTION.md * Auto-update READMEs * Update DESCRIPTION_fr.md * Auto-update READMEs --------- Co-authored-by: yunohost-bot * bump all old versions * oupsie * Auto-update READMEs * system_addressbook_exposed is a boolean * Auto-update READMEs * migrate system_addressbook_exposed to boolean, fix upgrade test * another fix for system_addressbook_exposed, update the dav conf accordingly * zblerg, do not modify system_addressbook_exposed config value in the upgrade script * add redis-server as deps * find files before chown them * chown the root folder too * fix find condition * find ... chmod is not faster, at least avoid to chown -R the data_dir in the upgrade script * add a button in the config panel to run chown/chmod on data_dir * we can avoid this chmod too i guess? * only nextcloud is allowed to read the config file * zblerg, the config file doesn't exist before install * wait until nginx has actually remove the nextcloud conf during upgrade before checking the url_handled * create a function for that * fix change-url dav detection * only if domain has changed... * Update scripts/_common.sh * moar sleep * oups * minor typos * Update backup * minor typos * Update manifest.toml * Auto-update READMEs --------- Co-authored-by: yunohost-bot Co-authored-by: OniriCorpe Co-authored-by: lyyn <79758863+lyynd@users.noreply.github.com> Co-authored-by: tituspijean Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Co-authored-by: YunoHost Bot Co-authored-by: Alexandre Aubin Co-authored-by: Kayou --- ALL_README.md | 1 + README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_id.md | 2 +- README_ru.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++ README_zh_Hans.md | 2 +- manifest.toml | 8 +++---- 10 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 README_ru.md diff --git a/ALL_README.md b/ALL_README.md index 4ed64dd..e3c80d2 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -6,4 +6,5 @@ - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) - [Baca README dalam bahasa bahasa Indonesia](README_id.md) +- [Прочитать README на русский](README_ru.md) - [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README.md b/README.md index 81eb8a6..2530f57 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**Shipped version:** 29.0.4~ynh1 +**Shipped version:** 29.0.5~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md index 9b75f1c..33673b9 100644 --- a/README_es.md +++ b/README_es.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**Versión actual:** 29.0.4~ynh1 +**Versión actual:** 29.0.5~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md index 8b722e4..f657a4a 100644 --- a/README_eu.md +++ b/README_eu.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**Paketatutako bertsioa:** 29.0.4~ynh1 +**Paketatutako bertsioa:** 29.0.5~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index f59d583..064a9d9 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ Dans le cadre de YunoHost, Nextcloud s'intègre avec le SSO / portail utilisateu L'adresse `/.well-known` sera automatiquement configuré pour la synchronisation CalDAV et CardDAV si aucun autre service tel que Baïkal ne l'utilise déjà. -**Version incluse :** 29.0.4~ynh1 +**Version incluse :** 29.0.5~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index 9a823a3..86d544f 100644 --- a/README_gl.md +++ b/README_gl.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**Versión proporcionada:** 29.0.4~ynh1 +**Versión proporcionada:** 29.0.5~ynh1 **Demo:** diff --git a/README_id.md b/README_id.md index 71cbfaa..aa9d19a 100644 --- a/README_id.md +++ b/README_id.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**Versi terkirim:** 29.0.4~ynh1 +**Versi terkirim:** 29.0.5~ynh1 **Demo:** diff --git a/README_ru.md b/README_ru.md new file mode 100644 index 0000000..9442e13 --- /dev/null +++ b/README_ru.md @@ -0,0 +1,55 @@ + + +# Nextcloud для YunoHost + +[![Уровень интеграции](https://dash.yunohost.org/integration/nextcloud.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/) ![Состояние работы](https://ci-apps.yunohost.org/ci/badges/nextcloud.status.svg) ![Состояние сопровождения](https://ci-apps.yunohost.org/ci/badges/nextcloud.maintain.svg) + +[![Установите Nextcloud с YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=nextcloud) + +*[Прочтите этот README на других языках.](./ALL_README.md)* + +> *Этот пакет позволяет Вам установить Nextcloud быстро и просто на YunoHost-сервер.* +> *Если у Вас нет YunoHost, пожалуйста, посмотрите [инструкцию](https://yunohost.org/install), чтобы узнать, как установить его.* + +## Обзор + +Nextcloud lets you access and synchronize data, files, contacts and calendars between different devices (PCs or mobiles), or share them with other people (with or without accounts), and also offers advanced communication and collaborative working features. Nextcloud features its own application mechanism (see also [Nextcloud's app store](https://apps.nextcloud.com/)) for specific functionalities. + +In the context of YunoHost, Nextcloud integrates with the SSO / user portal (YunoHost accounts are automatically connected to Nextcloud). + +The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. + + +**Поставляемая версия:** 29.0.5~ynh1 + +**Демо-версия:** + +## Снимки экрана + +![Снимок экрана Nextcloud](./doc/screenshots/screenshot.png) + +## Документация и ресурсы + +- Официальный веб-сайт приложения: +- Официальная документация пользователя: +- Официальная документация администратора: +- Репозиторий кода главной ветки приложения: +- Магазин YunoHost: +- Сообщите об ошибке: + +## Информация для разработчиков + +Пришлите Ваш запрос на слияние в [ветку `testing`](https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing). + +Чтобы попробовать ветку `testing`, пожалуйста, сделайте что-то вроде этого: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug +или +sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug +``` + +**Больше информации о пакетировании приложений:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 465182e..0d157c0 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -23,7 +23,7 @@ In the context of YunoHost, Nextcloud integrates with the SSO / user portal (Yun The `/.well-known` address will be automatically configured for CalDAV and CardDAV synchronization if no other service such as Baïkal is already using it. -**分发版本:** 29.0.4~ynh1 +**分发版本:** 29.0.5~ynh1 **演示:** diff --git a/manifest.toml b/manifest.toml index 1111f56..8102692 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Nextcloud" description.en = "Online storage, file sharing platform and various other applications" description.fr = "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" -version = "29.0.4~ynh2" +version = "29.0.5~ynh1" maintainers = ["kay0u"] @@ -19,7 +19,7 @@ code = "https://github.com/nextcloud/server" cpe = "cpe:2.3:a:nextcloud:nextcloud" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.27" architectures = ["amd64", "arm64", "armhf"] multi_instance = true @@ -65,8 +65,8 @@ ram.runtime = "512M" [resources.sources] [resources.sources.main] - url = 'https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2' - sha256 = '19c469e264b31ee80400f8396460854546569e88db4c15fc0854e192f96027eb' + url = 'https://download.nextcloud.com/server/releases/nextcloud-29.0.5.tar.bz2' + sha256 = 'c7fe9c61e5ec30a5e599e8f152a1825df684d30e899db0caa8868c8d67b53a2c' [resources.sources.28] url = 'https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2' From d7d24034cfb81c63ca63e9ee388faba53debd39d Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 27 Aug 2024 14:52:11 +0200 Subject: [PATCH 5/5] Add notify push option (#417) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add notify_push option * self-test notify_push * fix notify_app * new permission hpb, some fixes * fix the restore script * fix restore² * fix upgrade * fix socket path * Update doc/DISCLAIMER_fr.md * split nginx conf * use official helpers with modified args * Auto-update READMEs * update nginx conf, add new services * add tests * add arch var * tests: enable_notify_push is false by default * fix upgrade * final_path -> install_dir * fix socket nginx path * add notify_push nginx conf before, so the reload in ynh_add_nginx_config load it * fully functional version * readd a removed fix * run cron task after notify push setup * Auto-update READMEs * remove systemd files * add notify push in config panel * add cron again because to make notify push happy * fix indent * enable/disable the notify push path * fix path unit * exec only for nextcloud user * move sock file to /var/run * start notify-push after the watcher * ² * remove warning * cron can sometimes fail when the database is not fully initialized, retries the cron job several times and catch catch the error on failure * oupsie * Apply suggestions from code review Co-authored-by: eric_G <46165813+ericgaspar@users.noreply.github.com> --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot --- conf/config.json | 3 +- conf/nginx.conf | 2 ++ conf/notify_push.conf | 8 +++++ conf/systemd.service | 13 +++++++ conf/watcher.path | 11 ++++++ conf/watcher.service | 15 ++++++++ config_panel.toml | 12 +++++-- doc/ADMIN.md | 4 +++ doc/ADMIN_fr.md | 4 +++ manifest.toml | 6 ++++ scripts/backup | 20 ++++++++++- scripts/change_url | 50 ++++++++++++++++++++++++-- scripts/config | 84 ++++++++++++++++++++++++++++++++++++++----- scripts/install | 53 +++++++++++++++++++++++++++ scripts/remove | 8 +++++ scripts/restore | 45 +++++++++++++++++++++++ scripts/upgrade | 66 ++++++++++++++++++++++++++++++++++ tests.toml | 9 +++++ 18 files changed, 398 insertions(+), 15 deletions(-) create mode 100644 conf/notify_push.conf create mode 100644 conf/systemd.service create mode 100644 conf/watcher.path create mode 100644 conf/watcher.service diff --git a/conf/config.json b/conf/config.json index 6e4790c..02d8572 100644 --- a/conf/config.json +++ b/conf/config.json @@ -30,7 +30,8 @@ "verify_peer": false, "verify_peer_name": false } - } + }, + "trusted_proxies": [ "127.0.0.1", "::1" ] }, "apps": { "user_ldap": { diff --git a/conf/nginx.conf b/conf/nginx.conf index 5a4f22a..aabd447 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -165,6 +165,8 @@ location ^~ __PATH__/ { try_files $uri / __PATH__/index.php$request_uri; } + include conf.d/__DOMAIN__.d/__APP__.d/*.conf; + # show YunoHost panel access include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/notify_push.conf b/conf/notify_push.conf new file mode 100644 index 0000000..f2fb052 --- /dev/null +++ b/conf/notify_push.conf @@ -0,0 +1,8 @@ +location ^~ __PATH__/push/ { + proxy_pass http://unix:/var/run/__APP__/notify-push.sock:/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +} \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..855a294 --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,13 @@ +[Unit] +Description = Push daemon for Nextcloud clients + +[Service] +Environment=SOCKET_PATH=/var/run/__APP__/notify-push.sock +Environment=ALLOW_SELF_SIGNED=true +ExecStart=__INSTALL_DIR__/apps/notify_push/bin/__ARCH__/notify_push __INSTALL_DIR__/config/config.php +Type=notify +User=__APP__ +Group=__APP__ + +[Install] +WantedBy = multi-user.target \ No newline at end of file diff --git a/conf/watcher.path b/conf/watcher.path new file mode 100644 index 0000000..67a5298 --- /dev/null +++ b/conf/watcher.path @@ -0,0 +1,11 @@ +[Unit] +Description=Restart Push daemon for Nextcloud clients when it receives updates +Documentation=https://github.com/nextcloud/notify_push +PartOf=__APP__-notify-push-watcher.service + +[Path] +PathModified=/var/www/nextcloud/apps/notify_push/bin/__ARCH__/notify_push +Unit=__APP__-notify-push-watcher.service + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/conf/watcher.service b/conf/watcher.service new file mode 100644 index 0000000..e2d9cfd --- /dev/null +++ b/conf/watcher.service @@ -0,0 +1,15 @@ +[Unit] +Description=Restart Push daemon for Nextcloud clients when it receives updates +Documentation=https://github.com/nextcloud/notify_push +#Requires=__APP__-notify-push.service +After=__APP__-notify-push.service +StartLimitIntervalSec=10 +StartLimitBurst=5 + +[Service] +Type=oneshot +ExecStartPre=/usr/bin/chmod u+x __INSTALL_DIR__/apps/notify_push/bin/__ARCH__/notify_push +ExecStart=/usr/bin/systemctl restart __APP__-notify-push.service + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/config_panel.toml b/config_panel.toml index e5e88ae..b583fb4 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -9,7 +9,7 @@ name = "Nextcloud configuration" [main.maintenance.maintenance_mode] ask = "Enable maintenance mode" type = "boolean" - default = "0" + default = false [main.maintenance.set_permissions_button] ask.en = "Set permissions for all data (Can take up to several hours if users have a lot of data)" @@ -22,8 +22,14 @@ name = "Nextcloud configuration" [main.addressbook.system_addressbook_exposed] ask = "Should there be a system address book listing all users, accessible by all users?" type = "boolean" - yes = "yes" - no = "no" + + [main.notify_push] + name = "Notify Push configuration" + + [main.notify_push.enable_notify_push] + ask.en = "Configure the High Performance Backend?" + ask.fr = "Configurer le Backend Hautes Performances ?" + type = "boolean" [main.php_fpm_config] name = "PHP-FPM configuration" diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 8d401d2..9b19c1b 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -12,6 +12,10 @@ Alternatively, you may open a 'Nextcloud shell' with `sudo yunohost app shell __ ONLYOFFICE is an online rich text document editor which can be integrated in Nextcloud +#### High Performance Backend + +High Performance Backend is an application on Nextcloud that should speed up the instance, more information here: https://github.com/nextcloud/notify_push#about + #### With YunoHost App (ARM64 support, better performance) For better performance and ARM64 support (Raspberry Pi, OLinuXino...), install the [OnlyOffice YunoHost app](https://apps.yunohost.org/app/onlyoffice) and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index 06b76b1..5b52928 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -12,6 +12,10 @@ Ou bien, vous pouvez ouvrir un "shell Nextcloud" avec `sudo yunohost app shell _ ONLYOFFICE est un éditeur de texte enrichi en ligne qui peut s'intégrer dans Nextcloud +#### Backend Hautes Performances + +Le backend Hautes Performances est une application sur Nextcloud qui devrait accélérer l'instance, plus d'informations ici : https://github.com/nextcloud/notify_push#about + #### Avec l'application YunoHost (support ARM64, meilleures performances) Pour de meilleures performances et le support de ARM64 (Raspberry Pi, OLinuXino...), installez l'[app YunoHost OnlyOffice](https://apps.yunohost.org/app/onlyoffice), puis connectez-la à Nextcloud : voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) diff --git a/manifest.toml b/manifest.toml index 8102692..692685d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -60,6 +60,12 @@ ram.runtime = "512M" type = "boolean" default = true + [install.enable_notify_push] + ask.en = "Configure the High Performance Backend?" + ask.fr = "Configurer le Backend Hautes Performances ?" + type = "boolean" + default = false + [resources] [resources.sources] diff --git a/scripts/backup b/scripts/backup index d56a518..56e6e0b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -28,7 +28,14 @@ ynh_backup --src_path="$install_dir" ynh_backup --src_path="$data_dir" --is_big #================================================= -# SYSTEM CONFIGURATION +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.d" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION #================================================= # Backup the PHP-FPM configuration @@ -59,6 +66,17 @@ ynh_print_info --message="Backing up the MySQL database..." ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql +#================================================= +# BACKUP THE NOTIFY_PUSH APP +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + ynh_backup --src_path="/etc/systemd/system/${app}-notify-push.service" + ynh_backup --src_path="/etc/systemd/system/${app}-notify-push-watcher.service" + ynh_backup --src_path="/etc/systemd/system/${app}-notify-push-watcher.path" +fi + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index 2783932..326594f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -50,16 +50,62 @@ then # Reload PHP-FPM, necessary for force Nextcloud to re-read config.php, cf opcache.revalidate_freq ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload + + mv /etc/nginx/conf.d/$old_domain.d/$app.d /etc/nginx/conf.d/$new_domain.d/$app.d fi #================================================= -# SETUP SSOWAT +# CONFIGURE NOTIFY_PUSH APP #================================================= -ynh_script_progression --message="Configuring permissions..." + +if [ $enable_notify_push -eq 1 ] +then + domain="$new_domain" + path_url="$new_path" + + ynh_add_config --template="notify_push.conf" --destination="/etc/nginx/conf.d/$domain.d/$app.d/notify_push.conf" + + ynh_systemd_action --service_name=nginx --action=reload + + case $YNH_ARCH in + amd64) arch="x86_64";; + arm64) arch="aarch64";; + armel|armhf) arch="armv7";; + esac + + ynh_add_config --template="watcher.path" --destination="/etc/systemd/system/${app}-notify-push-watcher.path" + ynh_add_systemd_config --service="${app}-notify-push-watcher" --template="watcher.service" + systemctl enable --now ${app}-notify-push-watcher.path + ynh_add_systemd_config --service="${app}-notify-push" + + count=0 + while ! ynh_exec_as "$app" php${phpversion} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]] + do + sleep 1 + count=$((count + 1)) + done + + ynh_systemd_action --service_name="${app}-notify-push" --action=restart --line_match="Push daemon for Nextcloud clients." --log_path="systemd" --action=restart + + exec_occ config:app:set notify_push base_endpoint --value https://$domain${path_url%/}/push + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart ${app}-notify-push.service\", and run \"sudo -u $app php${phpversion} $install_dir/occ notify_push:self-test\" to verify that everything is green." + fi +fi + +#================================================= +# GENERIC FINALISATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." # Temporary fix for the API permission (workaround for https://github.com/YunoHost/issues/issues/2294 ) ynh_permission_url --permission="api" --url="re:$new_domain\/.well-known\/.*" --auth_header="false" --clear_urls +ynh_systemd_action --service_name=nginx --action=reload + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/config b/scripts/config index e231009..189c448 100644 --- a/scripts/config +++ b/scripts/config @@ -18,6 +18,11 @@ ynh_abort_if_errors phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) current_fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) +exec_occ() { + (cd "$install_dir" && ynh_exec_as "$app" \ + php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") +} + #================================================= # SPECIFIC GETTERS FOR TOML SHORT KEY #================================================= @@ -39,8 +44,7 @@ get__maintenance_mode() { } get__system_addressbook_exposed() { - echo $(cd "$install_dir" && ynh_exec_as "$app" \ - php${phpversion} --define apc.enable_cli=1 occ config:app:get dav system_addressbook_exposed) + echo $(exec_occ config:app:get dav system_addressbook_exposed) } get__fpm_footprint() { @@ -73,24 +77,88 @@ get__fpm_free_footprint() { set__maintenance_mode() { if [ "$maintenance_mode" -eq "0" ]; then # If maintenance_mode was set to 0, disable maintenance mode - (cd "$install_dir" && ynh_exec_as "$app" \ - php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --off) + exec_occ maintenance:mode --off ynh_print_info "Maintenance mode disabled" elif [ "$maintenance_mode" -eq "1" ]; then # If maintenance_mode was set to 1, enable maintenance mode - (cd "$install_dir" && ynh_exec_as "$app" \ - php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --on) + exec_occ maintenance:mode --on ynh_print_info "Maintenance mode enabled" fi ynh_app_setting_set --app=$app --key=maintenance_mode --value="$maintenance_mode" } set__system_addressbook_exposed() { - (cd "$install_dir" && ynh_exec_as "$app" \ - php${phpversion} --define apc.enable_cli=1 occ config:app:set dav system_addressbook_exposed --value="$system_addressbook_exposed") + exec_occ config:app:set dav system_addressbook_exposed --value="$system_addressbook_exposed" ynh_print_info "System addressbook is exposed: $system_addressbook_exposed" } + +set__enable_notify_push() { + if [ "$enable_notify_push" -eq "0" ]; then + nginx_extra_conf_dir="/etc/nginx/conf.d/$domain.d/$app.d" + ynh_secure_remove --file="$nginx_extra_conf_dir/notify_push.conf" + ynh_systemd_action --service_name="nginx" --action=reload + + # If notify_push is enabled, disable it + if exec_occ app:list | awk '/Enabled/{f=1;next} f' | grep -q -w notify_push; then + exec_occ app:disable notify_push + fi + + ynh_remove_systemd_config --service="${app}-notify-push" + systemctl disable --now "${app}-notify-push-watcher.path" + ynh_secure_remove --file="/etc/systemd/system/${app}-notify-push-watcher.path" + ynh_remove_systemd_config --service="${app}-notify-push-watcher" + + ynh_print_info "Notify push disabled" + elif [ "$enable_notify_push" -eq "1" ]; then + nginx_extra_conf_dir="/etc/nginx/conf.d/$domain.d/$app.d" + mkdir -p "$nginx_extra_conf_dir" + + ynh_add_config --template="notify_push.conf" --destination="$nginx_extra_conf_dir/notify_push.conf" + + ynh_systemd_action --service_name="nginx" --action=reload + + # If notify_push is disabled, reenable it + if exec_occ app:list | awk '/Disabled/{f=1;next} f' | grep -q -w notify_push; then + exec_occ app:enable notify_push + # If notify_push is not installed, install it + elif ! exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w notify_push; then + exec_occ app:install notify_push + fi + exec_occ config:app:set notify_push base_endpoint --value https://$domain${path_url%/}/push + + mkdir -p /var/run/$app/ + chown $app: /var/run/$app/ + + case $YNH_ARCH in + amd64) arch="x86_64";; + arm64) arch="aarch64";; + armel|armhf) arch="armv7";; + esac + + ynh_add_config --template="watcher.path" --destination="/etc/systemd/system/${app}-notify-push-watcher.path" + ynh_add_systemd_config --service="${app}-notify-push-watcher" --template="watcher.service" + systemctl enable --now ${app}-notify-push-watcher.path + ynh_add_systemd_config --service="${app}-notify-push" + + count=0 + while ! ynh_exec_as "$app" php${phpversion} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]] + do + sleep 1 + count=$((count + 1)) + done + + ynh_systemd_action --service_name="${app}-notify-push-watcher" --action=restart + ynh_systemd_action --service_name="${app}-notify-push" --action=restart --line_match="Push daemon for Nextcloud clients." --log_path="systemd" + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart ${app}-notify-push.service\", and run \"sudo -u $app php${phpversion} $install_dir/occ notify_push:self-test\" to verify that everything is green." + fi + ynh_print_info "Notify push enabled" + fi + ynh_app_setting_set --app=$app --key=enable_notify_push --value="$enable_notify_push" +} + set__fpm_footprint() { if [ "$fpm_footprint" != "specific" ] then diff --git a/scripts/install b/scripts/install index 0987b84..2df768a 100755 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,14 @@ then sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi +nginx_extra_conf_dir="/etc/nginx/conf.d/$domain.d/$app.d" +mkdir -p "$nginx_extra_conf_dir" + +if [ $enable_notify_push -eq 1 ] +then + ynh_add_config --template="notify_push.conf" --destination="$nginx_extra_conf_dir/notify_push.conf" +fi + # Create a dedicated NGINX config ynh_add_nginx_config @@ -195,6 +203,30 @@ exec_occ config:app:set dav system_addressbook_exposed --value="$system_addressb # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$install_dir/config/config.php" +#================================================= +# CONFIGURE NOTIFY_PUSH APP +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + exec_occ app:install notify_push + exec_occ config:app:set notify_push base_endpoint --value https://$domain${path_url%/}/push + + mkdir -p /var/run/$app/ + chown $app: /var/run/$app/ + + case $YNH_ARCH in + amd64) arch="x86_64";; + arm64) arch="aarch64";; + armel|armhf) arch="armv7";; + esac + + ynh_add_config --template="watcher.path" --destination="/etc/systemd/system/${app}-notify-push-watcher.path" + ynh_add_systemd_config --service="${app}-notify-push-watcher" --template="watcher.service" + systemctl enable --now ${app}-notify-push-watcher.path + ynh_add_systemd_config --service="${app}-notify-push" +fi + #================================================= # ADD A CRON JOB #================================================= @@ -261,6 +293,27 @@ ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 +#================================================= +# CHECK IF NOTIFY_PUSH WORKS +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + count=0 + while ! ynh_exec_as "$app" php${phpversion} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]] + do + sleep 1 + count=$((count + 1)) + done + + ynh_systemd_action --service_name="${app}-notify-push-watcher" --action=restart + ynh_systemd_action --service_name="${app}-notify-push" --action=restart --line_match="Push daemon for Nextcloud clients." --log_path="systemd" + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart ${app}-notify-push.service\", and run \"sudo -u $app php${phpversion} $install_dir/occ notify_push:self-test\" to verify that everything is green." + fi +fi + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index c39ac68..0cc72db 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,6 +12,7 @@ ynh_script_progression --message="Removing system configurations related to $app # Remove the dedicated NGINX config ynh_remove_nginx_config +ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/$app.d" # Remove the dedicated PHP-FPM config ynh_remove_fpm_config @@ -22,6 +23,13 @@ ynh_remove_logrotate # Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config +# Remove notify push +ynh_remove_systemd_config --service="${app}-notify-push" +ynh_exec_warn_less systemctl disable --now ${app}-notify-push-watcher.path +ynh_secure_remove --file="/etc/systemd/system/${app}-notify-push-watcher.path" +ynh_remove_systemd_config --service="${app}-notify-push-watcher" +ynh_secure_remove --file="/var/run/$app" + # Remove a cron file # TODO: Ensure that cron job is not running (How !?) ynh_secure_remove --file="/etc/cron.d/$app" diff --git a/scripts/restore b/scripts/restore index 9ae3611..1393ae3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -36,6 +36,7 @@ ynh_add_fpm_config #================================================= ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.d" # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" @@ -123,6 +124,24 @@ fi ynh_systemd_action --action=restart --service_name=fail2ban +#================================================= +# RESTORE THE NOTIFY_PUSH APP +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + mkdir -p /var/run/$app/ + chown $app: /var/run/$app/ + + ynh_restore_file --origin_path="/etc/systemd/system/${app}-notify-push.service" + ynh_restore_file --origin_path="/etc/systemd/system/${app}-notify-push-watcher.service" + ynh_restore_file --origin_path="/etc/systemd/system/${app}-notify-push-watcher.path" + + systemctl enable --now "${app}-notify-push-watcher.service" --quiet + systemctl enable --now "${app}-notify-push-watcher.path" --quiet + systemctl enable --now "${app}-notify-push.service" --quiet +fi + #================================================= # GENERIC FINALIZATION #================================================= @@ -132,6 +151,32 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=3 ynh_systemd_action --service_name=nginx --action=reload +#================================================= +# CHECK IF NOTIFY_PUSH WORKS +#================================================= + +exec_occ() { + (cd "$install_dir" && ynh_exec_as "$app" \ + php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") +} + +if [ $enable_notify_push -eq 1 ] +then + count=0 + while ! ynh_exec_as "$app" php${phpversion} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]] + do + sleep 1 + count=$((count + 1)) + done + + ynh_systemd_action --service_name="${app}-notify-push-watcher" --action=restart + ynh_systemd_action --service_name="${app}-notify-push" --action=restart --line_match="Push daemon for Nextcloud clients." --log_path="systemd" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart ${app}-notify-push.service\", and run \"sudo -u $app php${phpversion} $install_dir/occ notify_push:self-test\" to verify that everything is green." + fi +fi + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c4b764c..7706d05 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,6 +24,11 @@ elif [ "${system_addressbook_exposed,,}" = "no" ]; then system_addressbook_exposed=0 fi +if [ -z ${enable_notify_push:-} ]; then + ynh_app_setting_set --app=$app --key=enable_notify_push --value=0 + enable_notify_push=0 +fi + # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete --app=$app --key=backup_core_only @@ -365,9 +370,49 @@ then sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi +# Create a dedicated NGINX config +nginx_extra_conf_dir="/etc/nginx/conf.d/$domain.d/$app.d" +mkdir -p "$nginx_extra_conf_dir" + +if [ $enable_notify_push -eq 1 ] +then + ynh_add_config --template="notify_push.conf" --destination="$nginx_extra_conf_dir/notify_push.conf" +fi + # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# CONFIGURE NOTIFY_PUSH APP +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + # If notify_push is disabled, reenable it + if exec_occ app:list | awk '/Disabled/{f=1;next} f' | grep -q -w notify_push; then + exec_occ app:enable notify_push + # If notify_push is not installed, install it + elif ! exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w notify_push; then + exec_occ app:install notify_push + fi + exec_occ config:app:set notify_push base_endpoint --value https://$domain${path_url%/}/push + + mkdir -p /var/run/$app/ + chown $app: /var/run/$app/ + + case $YNH_ARCH in + amd64) arch="x86_64";; + arm64) arch="aarch64";; + armel|armhf) arch="armv7";; + esac + + ynh_add_config --template="watcher.path" --destination="/etc/systemd/system/${app}-notify-push-watcher.path" + ynh_add_systemd_config --service="${app}-notify-push-watcher" --template="watcher.service" + systemctl enable --now ${app}-notify-push-watcher.path + ynh_add_systemd_config --service="${app}-notify-push" +fi + + #================================================= # CRON JOB #================================================= @@ -392,6 +437,27 @@ ynh_use_logrotate --non-append # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 +#================================================= +# CHECK IF NOTIFY_PUSH WORKS +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + count=0 + while ! ynh_exec_as "$app" php${phpversion} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]] + do + sleep 1 + count=$((count + 1)) + done + + ynh_systemd_action --service_name="${app}-notify-push-watcher" --action=restart + ynh_systemd_action --service_name="${app}-notify-push" --action=restart --line_match="Push daemon for Nextcloud clients." --log_path="systemd" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart ${app}-notify-push.service\", and run \"sudo -u $app php${phpversion} $install_dir/occ notify_push:self-test\" to verify that everything is green." + fi +fi + #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml index cdd5e77..a7671f2 100644 --- a/tests.toml +++ b/tests.toml @@ -2,6 +2,8 @@ test_format = 1.0 [default] + args.enable_notify_push = "0" + # ------------------------------- # Commits to test upgrade from # ------------------------------- @@ -11,3 +13,10 @@ test_format = 1.0 test_upgrade_from.9c6d1eea.name = "Upgrade from 27.1.4" test_upgrade_from.e9f82ab7.name = "Upgrade from 28.0.6" test_upgrade_from.e9f82ab7.args.system_addressbook_exposed = "yes" + +[notify_push_test] + + args.enable_notify_push = "1" + test_upgrade_from.e9f82ab7.name = "Upgrade from 28.0.6" + test_upgrade_from.e9f82ab7.args.system_addressbook_exposed = "yes" +