diff --git a/dd-apps/docker/nextcloud/Dockerfile b/dd-apps/docker/nextcloud/Dockerfile index acdd39b..dfdea19 100644 --- a/dd-apps/docker/nextcloud/Dockerfile +++ b/dd-apps/docker/nextcloud/Dockerfile @@ -1,5 +1,6 @@ # # Copyright © 2021,2022 IsardVDI S.L. +# Copyright © 2023 Evilham # # This file is part of DD # @@ -28,7 +29,17 @@ RUN set -ex; \ procps \ samba-client \ supervisor \ -# libreoffice \ + ; + +# These are documented DD dependencies for nc-setup.sh +# jq: to patch mimetypemapping +# npm + composer: due to oddities installing forms plugin +RUN set -ex; \ + \ + apk add --no-cache \ + jq \ + npm \ + composer \ ; RUN set -ex; \ @@ -59,6 +70,26 @@ RUN set -ex; \ apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ apk del .build-deps +# Temporary replacement for a real queue +RUN echo '*/1 * * * * /nc-queue.sh' >> /etc/crontabs/www-data +COPY nc-queue.sh / +COPY nc-mail-update.sh / +# DD plugins and other setup +COPY nc-setup.sh / +# SAML setup script +COPY saml.sh / +# Submission template +COPY template.docx / + +## Save current forms plugin hash +#RUN sh -c 'curl -sL https://api.github.com/repos/3iPunt/nextcloud_forms/commits/STABLE_25 | jq -r .sha > /forms.hash' +## And current forms code +#RUN sh -c 'curl -sL "https://github.com/3iPunt/nextcloud_forms/archive/$(cat /forms.hash).zip" > /forms.zip' +# Mail app patches. To remove in NC 25 +COPY nc_mail/ /nc_mail/ + +# Setup cron as documented in: +# https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/cron/fpm-alpine/Dockerfile RUN mkdir -p \ /var/log/supervisord \ /var/run/supervisord \ @@ -66,12 +97,6 @@ RUN mkdir -p \ COPY supervisord.conf / -# Temporary replacement for a real queue -RUN echo '*/1 * * * * /nc-queue.sh' >> /etc/crontabs/www-data -COPY nc-queue.sh / -COPY nc-mail-update.sh / -COPY saml.sh / - ENV NEXTCLOUD_UPDATE=1 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] diff --git a/dd-apps/docker/nextcloud/dd-patch b/dd-apps/docker/nextcloud/dd-patch index 5da1ffe..72f2848 100644 --- a/dd-apps/docker/nextcloud/dd-patch +++ b/dd-apps/docker/nextcloud/dd-patch @@ -5,3 +5,4 @@ supervisord.conf AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.git nc_mail/appinfo/info.xml AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.githubusercontent.com/nextcloud/mail/v1.15.2/appinfo/info.xml nc_mail/lib/Command/UpdateAccount.php AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.githubusercontent.com/nextcloud/mail/1e777a1783254bd4b7f69f39a6c5123323f8b701/lib/Command/UpdateAccount.php nc_mail/lib/Db/MailAccountMapper.php AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.githubusercontent.com/nextcloud/mail/1e777a1783254bd4b7f69f39a6c5123323f8b701/lib/Db/MailAccountMapper.php +src/themes/dd/core/templates/layout.user.php AGPL-3.0-or-later https://github.com/nextcloud/ https://raw.githubusercontent.com/nextcloud/server/v21.0.9/core/templates/layout.user.php diff --git a/dd-apps/docker/nextcloud/nc-setup.sh b/dd-apps/docker/nextcloud/nc-setup.sh new file mode 100755 index 0000000..fa5c00c --- /dev/null +++ b/dd-apps/docker/nextcloud/nc-setup.sh @@ -0,0 +1,268 @@ +#!/bin/sh -eu + +# +# This runs as www-data +# + +occupgrade() { + # Maintenance mode must be off + ./occ maintenance:mode --off + # Sometimes this has to happen twice + ./occ upgrade + ./occ upgrade +} + +plugin_status() { + plugin="$1" + plugins_state="$(./occ app:list --output=json_pretty)" + version="$(echo "${plugins_state}" | jq -r ".enabled.${plugin}")" + if [ "${version}" != "null" ]; then + printf "%s\t%s" "enabled" "${version}" + else + version="$(echo "${plugins_state}" | jq -r ".disabled.${plugin}")" + if [ "${version}" != "null" ]; then + printf "%s\t%s" "disabled" "${version}" + else + printf "%s\t%s" "n/a" "n/a" + fi + fi +} + + +cat < Setting up static DD config" +STATIC_CFG=/var/www/html/config/zzz_dd.config.php +cat > "${STATIC_CFG}" < 'ca', + 'skeletondirectory' => '', + 'theme' => 'dd', + 'allow_local_remote_servers' => true, +); +EOF + +occupgrade + +# These cannot be edited from outside of the DD project +# Operators should instead rely on the environment variables to ease deployment +# EXTRA_PLUGINS_ENABLE and EXTRA_PLUGINS_DISABLE +CORE_PLUGINS_ENABLE="user_saml,bruteforcesettings,polls,calendar,spreed,bbb,mail,ownpad,onlyoffice" +CORE_PLUGINS_DISABLE="firstrunwizard,recommendations,dashboard,circles,forms" + +if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then + CORE_PLUGINS_ENABLE="${CORE_PLUGINS_ENABLE},files_antivirus" + USING_CLAMAV="YES" +else + CORE_PLUGINS_DISABLE="${CORE_PLUGINS_DISABLE},files_antivirus" +fi + +# Take care of installing core plugins and extra requested plugins +PLUGINS="${CORE_PLUGINS_ENABLE},${CORE_PLUGINS_DISABLE},${EXTRA_PLUGINS_ENABLE:-},${EXTRA_PLUGINS_DISABLE:-}" + +# Install all plugins +# shellcheck disable=SC2086 # We do want multiple arguments +for plugin in $(echo "${PLUGINS}" | tr ',' '\n'); do + if plugin_status "${plugin}" | grep -q "n/a"; then + echo "--> Installing ${plugin}" + ./occ --no-warnings app:install "${plugin}" + fi +done + +# Enable core plugins +# shellcheck disable=SC2086 # We do want multiple arguments +for plugin in $(echo "${CORE_PLUGINS_ENABLE}" | tr ',' '\n'); do + if plugin_status "${plugin}" | grep -qE "^disabled"; then + echo "--> Enabling core ${plugin}" + ./occ --no-warnings app:enable "${plugin}" + fi +done + +# Disable core plugins +# shellcheck disable=SC2086 # We do want multiple arguments +for plugin in $(echo "${CORE_PLUGINS_DISABLE}" | tr ',' '\n'); do + if plugin_status "${plugin}" | grep -qE "^enabled"; then + echo "--> Disabling core ${plugin}" + ./occ --no-warnings app:disable "${plugin}" + fi +done + + +# Enable extra plugins +# shellcheck disable=SC2086 # We do want multiple arguments +for plugin in $(echo "${EXTRA_PLUGINS_ENABLE:-}" | tr ',' '\n'); do + if plugin_status "${plugin}" | grep -qE "^disabled"; then + echo "--> Enabling extra ${plugin}" + ./occ --no-warnings app:enable "${plugin}" + fi +done + +# Disable extra plugins +# shellcheck disable=SC2086 # We do want multiple arguments +for plugin in $(echo "${EXTRA_PLUGINS_DISABLE:-}" | tr ',' '\n'); do + if plugin_status "${plugin}" | grep -qE "^enabled"; then + echo "--> Disabling extra ${plugin}" + ./occ --no-warnings app:disable "${plugin}" + fi +done + +occupgrade + +# Temporary patch while upstream lands our changes +# See: https://github.com/nextcloud/mail/pull/6908 +for f in appinfo/info.xml lib/Command/UpdateAccount.php lib/Db/MailAccountMapper.php; do + install -m 0644 -o www-data -g www-data "/nc_mail/$f" "/var/www/html/custom_apps/mail/$f" +done + +occupgrade + +## Forms +# TODO: This is broken in NC 24 due to: +# https://github.com/nextcloud/forms/pull/1149/files +## TODO: request explanations and reduce upstream diff +## This is what is being used: https://github.com/juanan3ip/form +#FORMS_EXPECTED_HASH="$(cat /forms.hash)" +#FORMS_DIR="/var/www/html/custom_apps/forms" +#FORMS_HASH="" +#if [ -f "${FORMS_DIR}.hash" ]; then +# FORMS_HASH="$(cat "${FORMS_DIR}.hash")" +#fi +#if [ "${FORMS_EXPECTED_HASH}" != "${FORMS_HASH}" ]; then +# # Remove old plugin +# rm -rf "${FORMS_DIR}" +# # Install new one +# unzip -o /forms.zip -d /tmp +# mv "/tmp/form-${FORMS_EXPECTED_HASH}" "${FORMS_DIR}" +# # Perform config / install +# npm --prefix "${FORMS_DIR}" install +# composer --ignore-platform-req=ext-dom -d"${FORMS_DIR}" install --no-dev -o +# # Place hash marker +# cp /forms.hash "${FORMS_DIR}.hash" +#fi +#if plugin_status "${plugin}" | grep -qE "^disabled"; then +# ./occ app:enable forms +#fi +# +#occupgrade + +# +# Apply app-specific configurations +# +echo "--> Configuring BBB" +# Host +./occ config:app:set -n bbb api.url --value="${BBB_HOST:-}" +# API Secret +./occ config:app:set -n -q bbb api.secret --value="${BBB_API_SECRET:-}" +# Disable Big Blue Button media check by default +./occ config:app:set -n bbb join.mediaCheck --value="false" +# Disable Big Blue Button listen only mode by default +# And enable option to join muted to Big Blue Button room by default +## TODO: Upstream these as toggeable settings +# shellcheck disable=SC2016 # We want these literal strings +sed -i.orig \ + -e 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' \ + -e 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' \ + /var/www/html/custom_apps/bbb/lib/Service/RoomService.php +# Remove meeting join nextcloud bbb app dialog exclamation marks +sed -i.orig \ + -e 's/\(^\s*"Please enter your name!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \ + -e 's/\(^\s*"Let.s go!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \ + /var/www/html/custom_apps/bbb/l10n/*.json + +# Patches / fixes for Ownpad +## Fix mimetypemapping for ownpad +MIMETYPEMAPPINGJSON="/var/www/html/config/mimetypemapping.json" +if ! grep -q "application/x-ownpad" "${MIMETYPEMAPPINGJSON}"; then + jq '. + {"pad": ["application/x-ownpad"], "calc": ["application/x-ownpad"]}' \ + /var/www/html/resources/config/mimetypemapping.dist.json > "${MIMETYPEMAPPINGJSON}" + # We have to tell NC about this change as documented here: + # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#maintenance-commands + ./occ maintenance:mimetype:update-db +fi +## Open pads on new tab/window +OWNPADJS="/var/www/html/custom_apps/ownpad/js/ownpad.js" +if ! grep -q viewerDD "${OWNPADJS}"; then + ## TODO: Upstream this as a toggeable setting + sed -i.orig 's/^\(\s*\)var viewer = \(OC.generateUrl.*\)/\1var viewerDD = \2; window.open(viewerDD); return;/' "${OWNPADJS}" +fi + +# Settings +echo "--> Applying custom settings" +./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_enable --value="yes" +./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN" + +./occ --no-warnings config:app:set -n onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN" +./occ --no-warnings config:app:set -n onlyoffice jwt_secret --value="secret" +./occ --no-warnings config:app:set -n onlyoffice jwt_header --value="Authorization" +./occ --no-warnings config:app:set -n onlyoffice sameTab --value="false" + +# Moodle nextcloud task needs forcesave onlyoffice option +./occ --no-warnings config:app:set -n onlyoffice customizationForcesave --value="true" + +# Add allow list IPs +./occ --no-warnings config:app:set -n bruteForce whitelist_1 --value='172.16.0.0/12' + +# OnlyOffice +./occ --no-warnings config:app:set -n onlyoffice preview --value="true" +./occ --no-warnings config:app:set -n onlyoffice defFormats --value='{"csv":"false","doc":"true","docm":"false","docx":"true","docxf":"true","oform":"true","dotx":"false","epub":"false","html":"false","odp":"true","ods":"true","odt":"true","otp":"true","ots":"true","ott":"true","pdf":"false","potm":"false","potx":"false","ppsm":"false","ppsx":"true","ppt":"true","pptm":"false","pptx":"true","rtf":"false","txt":"false","xls":"true","xlsm":"false","xlsx":"true","xltm":"false","xltx":"true"}' +./occ --no-warnings config:app:set -n onlyoffice editFormats --value='{"csv":"true","odp":"false","ods":"false","odt":"false","rtf":"false","txt":"true"}' + +if [ -n "${USING_CLAMAV:-}" ]; then + echo "--> Configuring ClamAV" + ./occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon" + ./occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav" + ./occ --no-warnings config:app:set -n files_antivirus av_port --value="3310" + ./occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log" + ./occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400" + ./occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1" +fi + +# Allow nextcloud into other apps iframes +echo "--> Fixing CSP" +# TODO: this should be done in a different fashion +# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN; +# Content-Set-Policy: connect-src 'self -' *.$DOMAIN; +# Content-Set-Policy: img-src 'self' *. -$DOMAIN; +# Content-Set-Policy: style-src 'self' -*.$DOMAIN; +# Content-Set-Policy: font-src 'self' * -.$DOMAIN; +sed -i \ + -E "s%'\\\\'self\\\\'',.*$%'\\\\'self\\\\'', '*.${DOMAIN}',%" \ + /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php + +# Add default file for moodle activities +TEMPLATEDOCX="/var/www/html/data/admin/files/template.docx" +if [ ! -f "${TEMPLATEDOCX}" ]; then + echo "--> Copying activity template for Moodle" + cp /template.docx "${TEMPLATEDOCX}" + # We have to tell NC about this change + ./occ files:scan admin +fi + +# Configure logo +echo "--> Configuring logo" +# TODO: This should be a tad more dynamic +cachebuster="0" +if ./occ config:app:get theming cachebuster; then + cachebuster="$(./occ config:app:get theming cachebuster)" +fi +./occ theming:config logo /custom/img/logo.png +./occ theming:config background /custom/img/background.png +./occ config:app:set theming cachebuster --value="$((cachebuster + 1 ))" + +occupgrade + +cat < Applying custom settings in nextcloud" - # docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $DDADMIN_USER' - - # docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin' - # docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=LostAdminGroup && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin' - - # docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:app:set unaprova token --value "SuperS3cret" - - #cp -R $BUILD_APPS_ROOT_PATH/dd-apps/docker/nextcloud/themes/* $DATA_FOLDER/nextcloud/themes/ - docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set default_language --value="ca" - docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set skeletondirectory --value='' - - # Disable certain NextCloud apps - for app in firstrunwizard recommendations dashboard circles; do - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings app:disable "${app}" || true - EOF - done - - # Install and enable NextCloud apps - for app in bruteforcesettings polls calendar spreed bbb mail ownpad onlyoffice; do - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings app:install "${app}" - php occ --no-warnings app:enable "${app}" - EOF - done - - # Install ClamAV conditionally - if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings app:install files_antivirus - php occ --no-warnings app:enable files_antivirus - EOF - else - # Enforce disabled - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings app:install files_antivirus - php occ --no-warnings app:disable files_antivirus - EOF - fi - - #docker exec -u www-data dd-apps-nextcloud-app php occ app:install user_saml - docker exec -u www-data dd-apps-nextcloud-app php occ app:enable user_saml - - # Installing apps may require an occ upgrade - nextcloud_upgrade - - # Temporary patch while upstream lands our changes - # See: https://github.com/nextcloud/mail/pull/6908 - for f in appinfo/info.xml lib/Command/UpdateAccount.php lib/Db/MailAccountMapper.php; do - install -m 0644 -o 82 -g 82 "dd-apps/docker/nextcloud/nc_mail/$f" "${SRC_FOLDER}/nextcloud/custom_apps/mail/$f" - done - - # Disable Big Blue Button media check by default - docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set bbb join.mediaCheck --value="false" - # Disable Big Blue Button listen only mode by default - docker exec dd-apps-nextcloud-app sed -i.orig 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php - # Enable option to join muted to Big Blue Button room by default - docker exec dd-apps-nextcloud-app sed -i 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' /var/www/html/custom_apps/bbb/lib/Service/RoomService.php - # Remove meeting join nextcloud bbb app dialog exclamation marks - docker exec dd-apps-nextcloud-app sh -c "sed -i.orig 's/\(^\s*\"Please enter your name!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json" - docker exec dd-apps-nextcloud-app sh -c "sed -i 's/\(^\s*\"Let\x27s go!\" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' /var/www/html/custom_apps/bbb/l10n/*.json" - - docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set theme --value=dd - docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings config:system:set allow_local_remote_servers --value=true - docker exec -u www-data dd-apps-nextcloud-app php occ --no-warnings maintenance:theme:update - - docker exec dd-apps-nextcloud-app apk add jq - docker exec dd-apps-nextcloud-app sh -c 'jq ". + {\"pad\": [\"application/x-ownpad\"], \"calc\": [\"application/x-ownpad\"]}" /var/www/html/resources/config/mimetypemapping.dist.json > /var/www/html/config/mimetypemapping.json' - # Open pads in a new tab/window - docker exec dd-apps-nextcloud-app sed -i.orig 's/^\(\s*\)\(var viewer = OC.generateUrl.*\)/\1\2\n\1window.open(viewer);\n\1return;/' /var/www/html/custom_apps/ownpad/js/ownpad.js - - # SMTP - SMTP_LOCAL_PART="$(echo "${SMTP_USER}" | cut -d '@' -f 1)" - SMTP_DOMAIN="$(echo "${SMTP_USER}" | cut -d '@' -f 2)" - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings config:system:set -n mail_smtpmode --value="smtp" - php occ --no-warnings config:system:set -n mail_smtpsecure --value="${SMTP_PROTOCOL}" - php occ --no-warnings config:system:set -n mail_sendmailmode --value="smtp" - php occ --no-warnings config:system:set -n mail_from_address --value="${SMTP_LOCAL_PART}" - php occ --no-warnings config:system:set -n mail_domain --value="${SMTP_DOMAIN}" - php occ --no-warnings config:system:set -n mail_smtpauth --value=1 - php occ --no-warnings config:system:set -n mail_smtpauthtype --value="LOGIN" - php occ --no-warnings config:system:set -n mail_smtphost --value="${SMTP_HOST}" - php occ --no-warnings config:system:set -n mail_smtpport --value="${SMTP_PORT}" - php occ --no-warnings config:system:set -n mail_smtpname --value="${SMTP_USER}" - echo 'Setting Nextcloud password' - php occ --no-warnings config:system:set -n -q mail_smtppassword --value="${SMTP_PASSWORD}" - EOF - - # Settings - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings config:app:set -n ownpad ownpad_etherpad_enable --value="yes" - php occ --no-warnings config:app:set -n ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN" - - php occ --no-warnings config:app:set -n onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN" - php occ --no-warnings config:app:set -n onlyoffice jwt_secret --value="secret" - php occ --no-warnings config:app:set -n onlyoffice jwt_header --value="Authorization" - php occ --no-warnings config:app:set -n onlyoffice sameTab --value="false" - - # Moodle nextcloud task needs forcesave onlyoffice option - php occ --no-warnings config:app:set -n onlyoffice customizationForcesave --value="true" - - # Add allow list IPs - php occ --no-warnings config:app:set -n bruteForce whitelist_1 --value='172.16.0.0/12' - - # OnlyOffice - php occ --no-warnings config:app:set -n onlyoffice preview --value="true" - php occ --no-warnings config:app:set -n onlyoffice defFormats --value="{\"csv\":\"false\",\"doc\":\"true\",\"docm\":\"false\",\"docx\":\"true\",\"docxf\":\"true\",\"oform\":\"true\",\"dotx\":\"false\",\"epub\":\"false\",\"html\":\"false\",\"odp\":\"true\",\"ods\":\"true\",\"odt\":\"true\",\"otp\":\"true\",\"ots\":\"true\",\"ott\":\"true\",\"pdf\":\"false\",\"potm\":\"false\",\"potx\":\"false\",\"ppsm\":\"false\",\"ppsx\":\"true\",\"ppt\":\"true\",\"pptm\":\"false\",\"pptx\":\"true\",\"rtf\":\"false\",\"txt\":\"false\",\"xls\":\"true\",\"xlsm\":\"false\",\"xlsx\":\"true\",\"xltm\":\"false\",\"xltx\":\"true\"}", - php occ --no-warnings config:app:set -n onlyoffice editFormats --value="{\"csv\":\"true\",\"odp\":\"false\",\"ods\":\"false\",\"odt\":\"false\",\"rtf\":\"false\",\"txt\":\"true\"}" - - EOF - - # Configure ClamAV conditionally - if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then - docker exec -i -u www-data dd-apps-nextcloud-app sh -s <<-EOF - php occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon" - php occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav" - php occ --no-warnings config:app:set -n files_antivirus av_port --value="3310" - php occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log" - php occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400" - php occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1" - EOF - fi - - # Allow nextcloud into other apps iframes - # Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN; - docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - - # Content-Sety-Policy: connect-src 'self -' *.$DOMAIN; - docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - - # Content-Sety-Policy: img-src 'self' *. -$DOMAIN; - docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - - # Content-Sety-Policy: style-src 'self' -*.$DOMAIN; - docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - - # Content-Sety-Policy: font-src 'self' * -.$DOMAIN; - docker exec dd-apps-nextcloud-app sed -i -e "/protected \\\$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php - - # Fix nextcloud files_external "segudos" typo - # https://github.com/nextcloud/server/pull/28990 - docker exec dd-apps-nextcloud-app sh -c 'sed -i.orig -e "s/segudos/segundos/" /var/www/html/apps/files_external/l10n/es_*.js' - - # Import fix from Nextcloud 22 of pdf viewer - # https://github.com/nextcloud/files_pdfviewer/issues/381#issuecomment-845806364 - docker exec dd-apps-nextcloud-app sed -i 's/encodeURIComponent(i\[a\])/i[a]/' /var/www/html/apps/files_pdfviewer/js/files_pdfviewer-main.js - - # Add default file for moodle activities - if [ ! -f "$DATA_FOLDER/nextcloud/admin/files/template.docx" ]; then - cp dd-apps/docker/nextcloud/template.docx "$DATA_FOLDER/nextcloud/admin/files/" - fi - - # Custom forms - ## This may be forcing the need for occ upgrade in the past - ## Keep it towards the end - docker exec dd-apps-nextcloud-app apk add git npm composer - docker exec -u www-data dd-apps-nextcloud-app rm -rf /var/www/html/custom_apps/forms - docker exec -u www-data dd-apps-nextcloud-app git clone https://github.com/juanan3ip/form -b dev /var/www/html/custom_apps/forms - docker exec -u www-data dd-apps-nextcloud-app npm --prefix /var/www/html/custom_apps/forms install - docker exec -u www-data dd-apps-nextcloud-app composer -d/var/www/html/custom_apps/forms install --no-dev -o - docker exec -u www-data dd-apps-nextcloud-app php occ app:enable forms - - nextcloud_upgrade - configure_nextcloud_logo - nextcloud_scan -} - -nextcloud_upgrade(){ - docker exec -i -u www-data dd-apps-nextcloud-app ./occ upgrade -} - nextcloud_scan(){ # The folders shown as 'not writeable' are empty user folders. Not a problem. docker exec -u www-data dd-apps-nextcloud-app php occ files:scan --all @@ -669,16 +495,6 @@ extras_pgtuner(){ echo " --> Generated pgtuner.yml" } -extras_nextcloud_remove_banned_ips(){ - docker-compose exec dd-apps-postgresql psql -v ON_ERROR_STOP=1 \ - -U admin nextcloud -c "DELETE FROM oc_bruteforce_attempts;" -} - -extras_nextcloud_set_admin_group(){ - docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin' - docker exec -u www-data dd-apps-nextcloud-app sh -c 'export OC_PASS=N3xtcl0ud && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin' -} - extras_dump_keycloak_client(){ docker exec -i dd-sso-keycloak sh -s <<-EOF /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password keycloakkeycloak \ @@ -821,11 +637,6 @@ upgrade_plugins_moodle(){ docker exec -i dd-apps-moodle php7 admin/cli/purge_caches.php } -upgrade_plugins_nextcloud(){ - cp -R dd-apps/docker/nextcloud/src/* "$SRC_FOLDER/nextcloud/" - nextcloud_upgrade -} - upgrade_plugins_wp(){ cp -R dd-apps/docker/wordpress/src/* "$SRC_FOLDER/wordpress/" @@ -857,29 +668,8 @@ upgrade_plugins_wp(){ } update_logos_and_menu(){ - # docker exec -i dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)'" - # docker exec -i dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)'" - # docker exec -i dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)'" - # docker exec -i dd-sso-keycloak sh -c "/opt/jboss/keycloak/bin/jboss-cli.sh --connect --command='reload'" docker exec -i --user root dd-sso-keycloak sh -c 'rm -rf /opt/jboss/keycloak/standalone/tmp/kc-gzip-cache/*' docker-compose build dd-sso-api && docker-compose up -d dd-sso-api - configure_nextcloud_logo -} - -configure_nextcloud_logo(){ - local instance_id - instance_id=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:system:get instanceid) - local cachebuster - cachebuster=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:app:get theming cachebuster) - docker exec -u www-data dd-apps-nextcloud-app mkdir -p "/var/www/html/data/appdata_$instance_id/theming/images" - nc_logo="${DATA_FOLDER}/nextcloud/appdata_$instance_id/theming/images/logo" - nc_background="${DATA_FOLDER}/nextcloud/appdata_$instance_id/theming/images/background" - cp custom/img/logo.png "${nc_logo}" - cp custom/img/background.png "${nc_background}" - chown 82:82 "${nc_logo}" "${nc_background}" - docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming logoMime --value="image/png" - docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming backgroundMime --value="image/png" - docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming cachebuster --value="$((cachebuster + 1 ))" } genpwd() { @@ -978,10 +768,8 @@ case "$OPERATION" in wait_for_moodle upgrade_plugins_moodle - upgrade_plugins_nextcloud upgrade_plugins_wp - setup_nextcloud setup_moodle setup_wordpress @@ -1008,7 +796,6 @@ case "$OPERATION" in customize) up wait_for_moodle - setup_nextcloud setup_wordpress setup_moodle ;; @@ -1066,7 +853,6 @@ case "$OPERATION" in up wait_for_moodle upgrade_plugins_moodle - upgrade_plugins_nextcloud upgrade_plugins_wp ;; yml) diff --git a/dd.conf.sample b/dd.conf.sample index 553e9d3..c2f71ba 100644 --- a/dd.conf.sample +++ b/dd.conf.sample @@ -70,6 +70,11 @@ DDADMIN_USER=ddadmin DDADMIN_PASSWORD=Th3M@st3r DDADMIN_EMAIL=theemail@mymailserver.com +# BBB settings +# This gets automatically configured on Nextcloud +#BBB_HOST=bbb.example.org +#BBB_API_SECRET=APISECRET + # ------ Api Secret ----------------------------------------------------------- ## Generate your own SECRET! (or apply securize script) ## openssl rand -base64 32 @@ -113,6 +118,12 @@ NEXTCLOUD_ADMIN_PASSWORD=N3xtcl0ud NEXTCLOUD_POSTGRES_USER=nextcloud NEXTCLOUD_POSTGRES_PASSWORD=N3xtcl0ud +### Comma-separated list of Nextcloud plugins that you want to enable/disable +### These should be available from https://apps.nextcloud.com/ +### Example: NEXTCLOUD_PLUGINS_ENABLE=cospend,cookbook +#NEXTCLOUD_PLUGINS_ENABLE= +#NEXTCLOUD_PLUGINS_DISABLE + ## WORDPRESS ##============================================================================= WORDPRESS_ADMIN_USER=admin