mirror of
https://github.com/YunoHost-Apps/nextcloud_ynh.git
synced 2024-09-03 19:55:57 +02:00
d0400f751d
* Update manifest.toml * Auto-update READMEs * add pre upgrade warning for NC 29 * update to PHP8.3 * Auto-update READMEs * Update manifest.toml * Auto-update READMEs * Fix space splitting in phpflags on install (#690) * Auto-update READMEs * Update upgrade * Update manifest.toml * Auto-update READMEs * Fix phpflags (#691) * Fix upgrade: php version is 8.3 starting from 29.x ? (#692) * Update manifest.toml * Auto-update READMEs * Update tests.toml * [autopatch] Do not delete logs on app removal (#697) * [autopatch] Do not delete logs on app removal (#698) Co-authored-by: Yunohost-Bot <> * 29.0.3 * Auto-update READMEs * Update remove * Indent * Fix again upgrade ending with Nextcloud being in PHP 8.2 ? * Auto-update READMEs * Update nginx.conf * Update manifest.toml * Auto-update READMEs * Rework DESCRIPTION.md (#707) * Update DESCRIPTION_fr.md * Auto-update READMEs * Update DESCRIPTION.md * Auto-update READMEs * Update DESCRIPTION_fr.md * Auto-update READMEs --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> * bump all old versions * oupsie * Auto-update READMEs * system_addressbook_exposed is a boolean * Auto-update READMEs * migrate system_addressbook_exposed to boolean, fix upgrade test * another fix for system_addressbook_exposed, update the dav conf accordingly * zblerg, do not modify system_addressbook_exposed config value in the upgrade script * add redis-server as deps * find files before chown them * chown the root folder too * fix find condition * find ... chmod is not faster, at least avoid to chown -R the data_dir in the upgrade script * add a button in the config panel to run chown/chmod on data_dir * we can avoid this chmod too i guess? * only nextcloud is allowed to read the config file * zblerg, the config file doesn't exist before install * wait until nginx has actually remove the nextcloud conf during upgrade before checking the url_handled * create a function for that * fix change-url dav detection * only if domain has changed... * Update scripts/_common.sh * moar sleep * oups * minor typos * Update backup * minor typos --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: OniriCorpe <oniricorpe@disroot.org> Co-authored-by: lyyn <79758863+lyynd@users.noreply.github.com> Co-authored-by: tituspijean <titus+yunohost@pijean.ovh> Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Co-authored-by: YunoHost Bot <yunohost-bot@users.noreply.github.com> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
268 lines
9.7 KiB
Bash
Executable file
268 lines
9.7 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
source _ynh_mysql_connect_as.sh
|
|
|
|
phpflags="--define apc.enable_cli=1"
|
|
|
|
ynh_app_setting_set --app=$app --key=phpflags --value="$phpflags"
|
|
|
|
#=================================================
|
|
# CREATE A MYSQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Migrate MySQL database to utf8..." --weight=2
|
|
|
|
ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \
|
|
<<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..." --weight=5
|
|
|
|
# Enable YunoHost patches on Nextcloud sources
|
|
cp -a ../sources/patches_last_version/* ../sources/patches
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$install_dir"
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring PHP-FPM..." --weight=5
|
|
|
|
ynh_app_setting_set --app=$app --key=fpm_footprint --value=high
|
|
ynh_app_setting_set --app=$app --key=fpm_usage --value=medium
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=2
|
|
|
|
# Check if .well-known is available for this domain
|
|
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
|
|
then
|
|
ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
|
|
|
|
# Remove lines about .well-known/carddav and caldav with sed.
|
|
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
|
|
fi
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# INSTALL NEXTCLOUD
|
|
#=================================================
|
|
ynh_script_progression --message="Installing $app..." --weight=30
|
|
|
|
# Define a function to execute commands with `occ`
|
|
exec_occ() {
|
|
(cd "$install_dir" && ynh_exec_as "$app" \
|
|
php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@")
|
|
}
|
|
|
|
# Set write access for the following commands
|
|
chown -R $app:www-data "$install_dir"
|
|
chown -R $app: "$data_dir"
|
|
|
|
# Define password in an intermediate var
|
|
# The fact that it's called _password allows it to be
|
|
# picked up by YunoHost's auto-redact mecanism
|
|
admin_password="$(ynh_string_random --length=6)"
|
|
|
|
# Install Nextcloud using a temporary admin user
|
|
exec_occ maintenance:install \
|
|
--database "mysql" --database-name $db_name \
|
|
--database-user $db_user --database-pass "$db_pwd" \
|
|
--admin-user "admin" --admin-pass "$admin_password" \
|
|
--data-dir "$data_dir/data" \
|
|
|| ynh_die --message="Unable to install $app"
|
|
|
|
#=================================================
|
|
# CONFIGURE NEXTCLOUD
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring $app..." --weight=8
|
|
|
|
# Set the mysql.utf8mb4 config to true in config.php
|
|
exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true"
|
|
|
|
# move the logs from the data_dir to the standard /var/log
|
|
exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log"
|
|
|
|
# Ensure that UpdateNotification app is disabled
|
|
exec_occ app:disable updatenotification
|
|
|
|
# Enable LDAP plugin
|
|
exec_occ app:enable user_ldap
|
|
exec_occ ldap:create-empty-config
|
|
|
|
# Load the installation config file in Nextcloud
|
|
nc_conf="$install_dir/config_install.json"
|
|
ynh_add_config --template="config_install.json" --destination="$nc_conf"
|
|
|
|
exec_occ config:import "$nc_conf"
|
|
|
|
# Then remove the config file
|
|
ynh_secure_remove --file="$nc_conf"
|
|
|
|
# Load the additional config file (used also for upgrade)
|
|
nc_conf="$install_dir/config.json"
|
|
ynh_add_config --template="config.json" --destination="$nc_conf"
|
|
|
|
exec_occ config:import "$nc_conf"
|
|
|
|
# Then remove the config file
|
|
ynh_secure_remove --file="$nc_conf"
|
|
|
|
#=================================================
|
|
# CHECK THE LDAP CONFIG
|
|
#=================================================
|
|
|
|
# Check LDAP configuration to see if everything worked well
|
|
exec_occ ldap:test-config '' \
|
|
|| ynh_die --message="An error occured during LDAP configuration"
|
|
|
|
#=================================================
|
|
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
|
|
#=================================================
|
|
|
|
# Define a function to add an external storage
|
|
# Create the external storage for the given folders and enable sharing
|
|
create_external_storage() {
|
|
local mount_dir="$1"
|
|
local mount_name="$2"
|
|
local mount_id=`exec_occ files_external:create --output=json \
|
|
"$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true`
|
|
! [[ $mount_id =~ ^[0-9]+$ ]] \
|
|
&& ynh_print_warn --message="Unable to create external storage" \
|
|
|| exec_occ files_external:option "$mount_id" enable_sharing true
|
|
}
|
|
|
|
# Enable External Storage and create local mount to home folder
|
|
if [ $user_home -eq 1 ]
|
|
then
|
|
exec_occ app:enable files_external
|
|
create_external_storage "/home/\$user" "Home"
|
|
# Iterate over users to extend their home folder permissions
|
|
for u in $(ynh_user_list); do
|
|
setfacl --modify g:$app:rwx "/home/$u" || true
|
|
done
|
|
fi
|
|
|
|
#=================================================
|
|
# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
|
|
#=================================================
|
|
|
|
# Add dynamic logout URL to the config
|
|
url_base64="$(echo -n "https://$domain$path" | base64)"
|
|
exec_occ config:system:get logout_url >/dev/null 2>&1 \
|
|
|| echo "
|
|
//-YunoHost-
|
|
// set logout_url according to main domain
|
|
\$main_domain = exec('cat /etc/yunohost/current_host');
|
|
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}';
|
|
//-YunoHost-
|
|
" >> "$install_dir/config/config.php"
|
|
|
|
#=================================================
|
|
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
|
|
#=================================================
|
|
|
|
exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"
|
|
|
|
#=================================================
|
|
# REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE
|
|
#=================================================
|
|
|
|
# Set the user as admin
|
|
ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name --default_character_set="utf8mb4" \
|
|
<<< "INSERT INTO oc_group_user VALUES ('admin','$admin');"
|
|
# And delete admin user
|
|
exec_occ user:delete admin
|
|
|
|
#=================================================
|
|
# ENABLE OR DISABLE SYSTEM ADDRESS BOOK
|
|
#=================================================
|
|
|
|
exec_occ config:app:set dav system_addressbook_exposed --value="$system_addressbook_exposed"
|
|
|
|
#=================================================
|
|
# STORE THE CHECKSUM OF THE CONFIG FILE
|
|
#=================================================
|
|
|
|
# Calculate and store the config file checksum into the app settings
|
|
ynh_store_file_checksum --file="$install_dir/config/config.php"
|
|
|
|
#=================================================
|
|
# ADD A CRON JOB
|
|
#=================================================
|
|
|
|
cron_path="/etc/cron.d/$app"
|
|
ynh_add_config --template="nextcloud.cron" --destination="$cron_path"
|
|
chown root: "$cron_path"
|
|
chmod 644 "$cron_path"
|
|
|
|
exec_occ background:cron
|
|
|
|
#=================================================
|
|
# POST-INSTALL MAINTENANCE
|
|
#=================================================
|
|
|
|
exec_occ db:add-missing-indices
|
|
exec_occ db:add-missing-columns
|
|
exec_occ db:convert-filecache-bigint -n
|
|
|
|
#=================================================
|
|
# YUNOHOST MULTIMEDIA INTEGRATION
|
|
#=================================================
|
|
ynh_script_progression --message="Adding multimedia directories..." --weight=6
|
|
|
|
# Build YunoHost multimedia directories
|
|
ynh_multimedia_build_main_dir
|
|
# Mount the user directory in Nextcloud
|
|
exec_occ app:enable files_external
|
|
create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia"
|
|
create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia"
|
|
# Allow nextcloud to write into these directories
|
|
ynh_multimedia_addaccess $app
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Fix app ownerships & permissions
|
|
chown -R $app:www-data "$install_dir"
|
|
chown -R $app: "$data_dir"
|
|
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
|
|
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
|
|
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
|
|
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
|
|
chmod 600 "$install_dir/config/config.php"
|
|
chmod 755 /home/yunohost.app
|
|
chmod 750 $install_dir
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
|
|
|
# Use logrotate to manage application logfile(s)
|
|
ynh_use_logrotate
|
|
|
|
#=================================================
|
|
# SETUP FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
|
|
|
|
# Create a dedicated Fail2Ban config
|
|
ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|