YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions
nextcloud_ynh/scripts/install
Alexandre Aubin 2d510fa04d Cleanup unecessary chown/chmods
2024-07-01 18:19:25 +02:00

258 lines
8.8 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
source _common.sh
source /usr/share/yunohost/helpers
ynh_app_setting_set --key=php_upload_max_filesize --value=10G
ynh_app_setting_set --key=php_memory_limit --value=512M
source _ynh_mysql_connect_as.sh
phpflags="--define apc.enable_cli=1"
ynh_app_setting_set --key=phpflags --value="$phpflags"
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression "Migrate MySQL database to utf8..."
ynh_mysql_db_shell \
<<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression "Setting up source files..."
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression "Configuring PHP-FPM..."
ynh_config_add_phpfpm
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression "Configuring NGINX web server..."
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn "Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi
# Create a dedicated NGINX config
ynh_config_add_nginx
#=================================================
# INSTALL NEXTCLOUD
#=================================================
ynh_script_progression "Installing $app..."
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$install_dir" && ynh_exec_as_app \
php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
}
# Set write access for the following commands
chown -R $app: "$install_dir" "$data_dir"
# Define password in an intermediate var
# The fact that it's called _password allows it to be
# picked up by YunoHost's auto-redact mecanism
admin_password="$(ynh_string_random --length=6)"
# Install Nextcloud using a temporary admin user
exec_occ maintenance:install \
--database "mysql" --database-name $db_name \
--database-user $db_user --database-pass "$db_pwd" \
--admin-user "admin" --admin-pass "$admin_password" \
--data-dir "$data_dir/data" \
|| ynh_die "Unable to install $app"
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression "Configuring $app..."
# Set the mysql.utf8mb4 config to true in config.php
exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true"
# move the logs from the data_dir to the standard /var/log
exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log"
# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification
# Enable LDAP plugin
exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config
# Load the installation config file in Nextcloud
nc_conf="$install_dir/config_install.json"
ynh_config_add --template="config_install.json" --destination="$nc_conf"
exec_occ config:import "$nc_conf"
# Then remove the config file
ynh_safe_rm "$nc_conf"
# Load the additional config file (used also for upgrade)
nc_conf="$install_dir/config.json"
ynh_config_add --template="config.json" --destination="$nc_conf"
exec_occ config:import "$nc_conf"
# Then remove the config file
ynh_safe_rm "$nc_conf"
#=================================================
# CHECK THE LDAP CONFIG
#=================================================
# Check LDAP configuration to see if everything worked well
exec_occ ldap:test-config '' \
|| ynh_die "An error occured during LDAP configuration"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
#=================================================
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local mount_dir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn "Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Enable External Storage and create local mount to home folder
if [ $user_home -eq 1 ]
then
exec_occ app:enable files_external
create_external_storage "/home/\$user" "Home"
# Iterate over users to extend their home folder permissions
for u in $(ynh_user_list); do
setfacl --modify g:$app:rwx "/home/$u" || true
done
fi
#=================================================
# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
#=================================================
# Add dynamic logout URL to the config
url_base64="$(echo -n "https://$domain$path" | base64)"
exec_occ config:system:get logout_url >/dev/null 2>&1 \
|| echo "
//-YunoHost-
// set logout_url according to main domain
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}';
//-YunoHost-
" >> "$install_dir/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"
#=================================================
# REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE
#=================================================
# Set the user as admin
ynh_mysql_db_shell \
<<< "INSERT INTO oc_group_user VALUES ('admin','$admin');"
# And delete admin user
exec_occ user:delete admin
#=================================================
# ENABLE OR DISABLE SYSTEM ADDRESS BOOK
#=================================================
exec_occ config:app:set dav system_addressbook_exposed --value="$system_addressbook_exposed"
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$install_dir/config/config.php"
#=================================================
# ADD A CRON JOB
#=================================================
cron_path="/etc/cron.d/$app"
ynh_config_add --template="nextcloud.cron" --destination="$cron_path"
exec_occ background:cron
#=================================================
# POST-INSTALL MAINTENANCE
#=================================================
exec_occ db:add-missing-indices
exec_occ db:add-missing-columns
exec_occ db:convert-filecache-bigint -n
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
ynh_script_progression "Adding multimedia directories..."
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
# Mount the user directory in Nextcloud
exec_occ app:enable files_external
create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia"
create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia"
# Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Fix app ownerships & permissions
# FIXME: is this really needed x_x
chown -R $app: "$data_dir"
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression "Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_config_add_logrotate
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression "Configuring Fail2Ban..."
# Create a dedicated Fail2Ban config
ynh_config_add_fail2ban --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression "Installation of $app completed"
Reference in a new issue View git blame Copy permalink