From f4969482e9788c76689b9050caf9f1424fd9a616 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?E=CC=81ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Tue, 5 Sep 2023 10:55:58 +0200
Subject: [PATCH] config

---
 conf/.env            | 16 +++++-----------
 conf/nginx.conf      | 13 +++++--------
 conf/systemd.service |  3 +--
 scripts/backup       |  6 ++++++
 scripts/install      | 12 +++++++-----
 scripts/remove       |  2 ++
 scripts/restore      |  2 ++
 7 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/conf/.env b/conf/.env
index 81ed846..36a6158 100644
--- a/conf/.env
+++ b/conf/.env
@@ -1,15 +1,9 @@
-OCIS_INSECURE=true
-
 OCIS_URL=https://__DOMAIN__
-
-PROXY_HTTP_ADDR=127.0.0.1:__PORT__
-
-OCIS_BASE_DATA_PATH=__DATA_DIR__
-
-FORCE_CONFIG_OVERWRITE=true
+PROXY_HTTP_ADDR=127.0.0.1:9200
+PROXY_TLS=false
+OCIS_INSECURE=false
 
 OCIS_LOG_LEVEL=warn
 
-OCIS_CONFIG_DIR=__INSTALL_DIR__
-
-ADMIN_PASSWORD=__PASSWORD__
+OCIS_CONFIG_DIR=/etc/ocis
+OCIS_BASE_DATA_PATH=__DATA_DIR__
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 1bf9fb3..cfc2208 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,17 +1,14 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
 
-  proxy_pass        https://127.0.0.1:__PORT__;
-  proxy_redirect    off;
-  proxy_set_header  Host $host;
-  proxy_set_header  X-Real-IP $remote_addr;
-  proxy_set_header  X-Forwarded-Proto $scheme;
-  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header  X-Forwarded-Host $server_name;
-  
+  # OIDC Tokens in headers are quite large and can exceed default limits of reverse proxies
   proxy_buffers 4 256k;
   proxy_buffer_size 128k;
   proxy_busy_buffers_size 256k;
 
+  # Disable checking of client request body size
   client_max_body_size 0;
+
+  proxy_pass http://127.0.0.1:__PORT__;
+  proxy_set_header Host $host;
 }
diff --git a/conf/systemd.service b/conf/systemd.service
index be5e9c4..94d1ee6 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -5,8 +5,7 @@ Description=ownCloud Infinite Scale server
 Type=simple
 User=__APP__
 Group=__APP__
-Environment=PROXY_HTTP_ADDR=127.0.0.1:__PORT__
-Environment=OCIS_URL=https://__DOMAIN__
+EnvironmentFile=/etc/ocis/ocis.env
 ExecStart=__INSTALL_DIR__/ocis server
 Restart=always
 
diff --git a/scripts/backup b/scripts/backup
index cf2d1b6..17cecf9 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -39,6 +39,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 
+#=================================================
+# BACKUP VARIOUS FILES
+#=================================================
+
+ynh_backup --src_path="/etc/ocis/"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
diff --git a/scripts/install b/scripts/install
index a471a5d..ad1fc82 100755
--- a/scripts/install
+++ b/scripts/install
@@ -16,10 +16,12 @@ ynh_script_progression --message="Setting up source files..." --weight=1
 
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$install_dir"
+mkdir -p /etc/ocis
 
 chmod 750 "$install_dir"
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
+chown -R $app:$app "/etc/ocis"
 chmod +x $install_dir/ocis
 
 #=================================================
@@ -38,19 +40,19 @@ yunohost service add $app --description="File sharing platform" --log="/var/log/
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
-#ynh_script_progression --message="Adding a configuration file..." --weight=1
+ynh_script_progression --message="Adding a configuration file..." --weight=1
 
-#ynh_add_config --template="../conf/.env" --destination="$install_dir/.env"
+ynh_add_config --template="../conf/.env" --destination="/etc/ocis/ocis.env"
 
-#chmod 600 "$install_dir/.env"
-#chown $app:$app "$install_dir/.env"
+chmod 600 "/etc/ocis/ocis.env"
+chown $app:$app "/etc/ocis/ocis.env"
 
 #=================================================
 # INSTALL OWNCLOUD
 #=================================================
 ynh_script_progression --message="Installing $app..." --weight=3
 
-(cd "$install_dir" && ./ocis init --insecure=true --force-overwrite=true --admin-password=$password --config-path=$install_dir/.ocis/config) 
+(cd "$install_dir" && ./ocis init --insecure=true --force-overwrite=true --admin-password $password --config-path "/etc/ocis") 
 
 chmod 750 "$install_dir"
 chmod -R o-rwx "$install_dir"
diff --git a/scripts/remove b/scripts/remove
index 57324bf..6069cf9 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -28,6 +28,8 @@ ynh_remove_systemd_config
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
 
+ynh_secure_remove --file="/etc/ocis"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index bf68e09..35fb0ef 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -43,6 +43,8 @@ systemctl enable $app.service --quiet
 
 yunohost service add $app --description="File sharing platform" --log="/var/log/$app/$app.log"
 
+ynh_restore_file --origin_path="/etc/ocis/"
+
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================