#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # STORE SETTINGS FROM MANIFEST #================================================= maintenance_mode=0 fpm_footprint="high" fpm_free_footprint=0 fpm_usage="medium" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=5 # Load the last available version source upgrade.d/upgrade.last.sh # Create an app.src for the last version of nextcloud cat > ../conf/app.src << EOF SOURCE_URL=https://download.nextcloud.com/server/releases/nextcloud-$next_version.tar.bz2 SOURCE_SUM=$nextcloud_source_sha256 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true EOF # Enable YunoHost patches on Nextcloud sources cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=50 # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." # Remove lines about .well-known/carddav and caldav with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # INSTALL NEXTCLOUD #================================================= ynh_script_progression --message="Installing $app..." --weight=30 # Set write access for the following commands chown -R $app: "$install_dir" "$data_dir" # Define password in an intermediate var # The fact that it's called _password allows it to be # picked up by YunoHost's auto-redact mecanism admin_password="$(ynh_string_random --length=6)" # Install Nextcloud using a temporary admin user exec_occ maintenance:install \ --database "pgsql" --database-name $db_name \ --database-user $db_user --database-pass "$db_pwd" \ --admin-user "admin" --admin-pass "$admin_password" \ --data-dir "$data_dir/data" \ || ynh_die --message="Unable to install Nextcloud" #================================================= # CONFIGURE NEXTCLOUD #================================================= ynh_script_progression --message="Configuring $app..." --weight=8 # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification # Enable LDAP plugin exec_occ app:enable user_ldap exec_occ ldap:create-empty-config # Load the installation config file in Nextcloud nc_conf="$install_dir/config_install.json" ynh_add_config --template="../conf/config_install.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file ynh_secure_remove --file="$nc_conf" # Load the additional config file (used also for upgrade) nc_conf="$install_dir/config.json" ynh_add_config --template="../conf/config.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file ynh_secure_remove --file="$nc_conf" #================================================= # CHECK THE LDAP CONFIG #================================================= # Check LDAP configuration to see if everything worked well exec_occ ldap:test-config '' \ || ynh_die --message="An error occured during LDAP configuration" #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE #================================================= # Enable External Storage and create local mount to home folder if [ $user_home -eq 1 ] then exec_occ app:enable files_external create_external_storage "/home/\$user" "Home" # Iterate over users to extend their home folder permissions for u in $(ynh_user_list); do setfacl --modify g:$app:rwx "/home/$u" || true done fi #================================================= # ALLOW USERS TO DISCONNECT FROM NEXTCLOUD #================================================= # Add dynamic logout URL to the config exec_occ config:system:get logout_url >/dev/null 2>&1 \ || echo " //-YunoHost- // set logout_url according to main domain \$main_domain = exec('cat /etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; //-YunoHost- " >> "$install_dir/config/config.php" #================================================= # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= exec_occ config:system:set overwrite.cli.url --value="https://${domain}" #================================================= # REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE #================================================= # Set the user as admin ynh_psql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');" # And delete admin user exec_occ user:delete admin #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE #================================================= # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$install_dir/config/config.php" #================================================= # ADD A CRON JOB #================================================= cron_path="/etc/cron.d/$app" ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" exec_occ background:cron #================================================= # POST-INSTALL MAINTENANCE #================================================= exec_occ db:add-missing-indices exec_occ db:add-missing-columns exec_occ db:convert-filecache-bigint -n #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= ynh_script_progression --message="Adding multimedia directories..." --weight=6 # Build YunoHost multimedia directories ynh_multimedia_build_main_dir # Mount the user directory in Nextcloud exec_occ app:enable files_external create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia" create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia" # Allow nextcloud to write into these directories ynh_multimedia_addaccess $app #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Fix app ownerships & permissions chown -R $app:www-data "$install_dir" chown -R $app: "$data_dir" find $install_dir/ -type f -print0 | xargs -0 chmod 0644 find $install_dir/ -type d -print0 | xargs -0 chmod 0755 find $data_dir/data/ -type f -print0 | xargs -0 chmod 0640 find $data_dir/data/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile="$data_dir/data/nextcloud.log" #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$data_dir/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last