digitaldemocratic/dd-apps/docker/nextcloud/nc-setup.sh

269 lines
9.8 KiB
Bash
Executable File

#!/bin/sh -eu
#
# This runs as www-data
#
occupgrade() {
# Maintenance mode must be off
./occ maintenance:mode --off
# Sometimes this has to happen twice
./occ upgrade
./occ upgrade
}
plugin_status() {
plugin="$1"
plugins_state="$(./occ app:list --output=json_pretty)"
version="$(echo "${plugins_state}" | jq -r ".enabled.${plugin}")"
if [ "${version}" != "null" ]; then
printf "%s\t%s" "enabled" "${version}"
else
version="$(echo "${plugins_state}" | jq -r ".disabled.${plugin}")"
if [ "${version}" != "null" ]; then
printf "%s\t%s" "disabled" "${version}"
else
printf "%s\t%s" "n/a" "n/a"
fi
fi
}
cat <<EOF
**************************************
Performing DD-specific Nextcloud setup
**************************************
EOF
# Install static settings
echo "--> Setting up static DD config"
STATIC_CFG=/var/www/html/config/zzz_dd.config.php
cat > "${STATIC_CFG}" <<EOF
<?php
/** DD-customised static settings
*/
\$CONFIG = array(
'default_language' => 'ca',
'skeletondirectory' => '',
'theme' => 'dd',
'allow_local_remote_servers' => true,
);
EOF
occupgrade
# These cannot be edited from outside of the DD project
# Operators should instead rely on the environment variables to ease deployment
# EXTRA_PLUGINS_ENABLE and EXTRA_PLUGINS_DISABLE
CORE_PLUGINS_ENABLE="user_saml,bruteforcesettings,polls,calendar,spreed,bbb,mail,ownpad,onlyoffice"
CORE_PLUGINS_DISABLE="firstrunwizard,recommendations,dashboard,circles,forms"
if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
CORE_PLUGINS_ENABLE="${CORE_PLUGINS_ENABLE},files_antivirus"
USING_CLAMAV="YES"
else
CORE_PLUGINS_DISABLE="${CORE_PLUGINS_DISABLE},files_antivirus"
fi
# Take care of installing core plugins and extra requested plugins
PLUGINS="${CORE_PLUGINS_ENABLE},${CORE_PLUGINS_DISABLE},${EXTRA_PLUGINS_ENABLE:-},${EXTRA_PLUGINS_DISABLE:-}"
# Install all plugins
# shellcheck disable=SC2086 # We do want multiple arguments
for plugin in $(echo "${PLUGINS}" | tr ',' '\n'); do
if plugin_status "${plugin}" | grep -q "n/a"; then
echo "--> Installing ${plugin}"
./occ --no-warnings app:install "${plugin}"
fi
done
# Enable core plugins
# shellcheck disable=SC2086 # We do want multiple arguments
for plugin in $(echo "${CORE_PLUGINS_ENABLE}" | tr ',' '\n'); do
if plugin_status "${plugin}" | grep -qE "^disabled"; then
echo "--> Enabling core ${plugin}"
./occ --no-warnings app:enable "${plugin}"
fi
done
# Disable core plugins
# shellcheck disable=SC2086 # We do want multiple arguments
for plugin in $(echo "${CORE_PLUGINS_DISABLE}" | tr ',' '\n'); do
if plugin_status "${plugin}" | grep -qE "^enabled"; then
echo "--> Disabling core ${plugin}"
./occ --no-warnings app:disable "${plugin}"
fi
done
# Enable extra plugins
# shellcheck disable=SC2086 # We do want multiple arguments
for plugin in $(echo "${EXTRA_PLUGINS_ENABLE:-}" | tr ',' '\n'); do
if plugin_status "${plugin}" | grep -qE "^disabled"; then
echo "--> Enabling extra ${plugin}"
./occ --no-warnings app:enable "${plugin}"
fi
done
# Disable extra plugins
# shellcheck disable=SC2086 # We do want multiple arguments
for plugin in $(echo "${EXTRA_PLUGINS_DISABLE:-}" | tr ',' '\n'); do
if plugin_status "${plugin}" | grep -qE "^enabled"; then
echo "--> Disabling extra ${plugin}"
./occ --no-warnings app:disable "${plugin}"
fi
done
occupgrade
# Temporary patch while upstream lands our changes
# See: https://github.com/nextcloud/mail/pull/6908
for f in appinfo/info.xml lib/Command/UpdateAccount.php lib/Db/MailAccountMapper.php; do
install -m 0644 -o www-data -g www-data "/nc_mail/$f" "/var/www/html/custom_apps/mail/$f"
done
occupgrade
## Forms
# TODO: This is broken in NC 24 due to:
# https://github.com/nextcloud/forms/pull/1149/files
## TODO: request explanations and reduce upstream diff
## This is what is being used: https://github.com/juanan3ip/form
#FORMS_EXPECTED_HASH="$(cat /forms.hash)"
#FORMS_DIR="/var/www/html/custom_apps/forms"
#FORMS_HASH=""
#if [ -f "${FORMS_DIR}.hash" ]; then
# FORMS_HASH="$(cat "${FORMS_DIR}.hash")"
#fi
#if [ "${FORMS_EXPECTED_HASH}" != "${FORMS_HASH}" ]; then
# # Remove old plugin
# rm -rf "${FORMS_DIR}"
# # Install new one
# unzip -o /forms.zip -d /tmp
# mv "/tmp/form-${FORMS_EXPECTED_HASH}" "${FORMS_DIR}"
# # Perform config / install
# npm --prefix "${FORMS_DIR}" install
# composer --ignore-platform-req=ext-dom -d"${FORMS_DIR}" install --no-dev -o
# # Place hash marker
# cp /forms.hash "${FORMS_DIR}.hash"
#fi
#if plugin_status "${plugin}" | grep -qE "^disabled"; then
# ./occ app:enable forms
#fi
#
#occupgrade
#
# Apply app-specific configurations
#
echo "--> Configuring BBB"
# Host
./occ config:app:set -n bbb api.url --value="${BBB_HOST:-}"
# API Secret
./occ config:app:set -n -q bbb api.secret --value="${BBB_API_SECRET:-}"
# Disable Big Blue Button media check by default
./occ config:app:set -n bbb join.mediaCheck --value="false"
# Disable Big Blue Button listen only mode by default
# And enable option to join muted to Big Blue Button room by default
## TODO: Upstream these as toggeable settings
# shellcheck disable=SC2016 # We want these literal strings
sed -i.orig \
-e 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' \
-e 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' \
/var/www/html/custom_apps/bbb/lib/Service/RoomService.php
# Remove meeting join nextcloud bbb app dialog exclamation marks
sed -i.orig \
-e 's/\(^\s*"Please enter your name!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \
-e 's/\(^\s*"Let.s go!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \
/var/www/html/custom_apps/bbb/l10n/*.json
# Patches / fixes for Ownpad
## Fix mimetypemapping for ownpad
MIMETYPEMAPPINGJSON="/var/www/html/config/mimetypemapping.json"
if ! grep -q "application/x-ownpad" "${MIMETYPEMAPPINGJSON}"; then
jq '. + {"pad": ["application/x-ownpad"], "calc": ["application/x-ownpad"]}' \
/var/www/html/resources/config/mimetypemapping.dist.json > "${MIMETYPEMAPPINGJSON}"
# We have to tell NC about this change as documented here:
# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#maintenance-commands
./occ maintenance:mimetype:update-db
fi
## Open pads on new tab/window
OWNPADJS="/var/www/html/custom_apps/ownpad/js/ownpad.js"
if ! grep -q viewerDD "${OWNPADJS}"; then
## TODO: Upstream this as a toggeable setting
sed -i.orig 's/^\(\s*\)var viewer = \(OC.generateUrl.*\)/\1var viewerDD = \2; window.open(viewerDD); return;/' "${OWNPADJS}"
fi
# Settings
echo "--> Applying custom settings"
./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_enable --value="yes"
./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN"
./occ --no-warnings config:app:set -n onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN"
./occ --no-warnings config:app:set -n onlyoffice jwt_secret --value="secret"
./occ --no-warnings config:app:set -n onlyoffice jwt_header --value="Authorization"
./occ --no-warnings config:app:set -n onlyoffice sameTab --value="false"
# Moodle nextcloud task needs forcesave onlyoffice option
./occ --no-warnings config:app:set -n onlyoffice customizationForcesave --value="true"
# Add allow list IPs
./occ --no-warnings config:app:set -n bruteForce whitelist_1 --value='172.16.0.0/12'
# OnlyOffice
./occ --no-warnings config:app:set -n onlyoffice preview --value="true"
./occ --no-warnings config:app:set -n onlyoffice defFormats --value='{"csv":"false","doc":"true","docm":"false","docx":"true","docxf":"true","oform":"true","dotx":"false","epub":"false","html":"false","odp":"true","ods":"true","odt":"true","otp":"true","ots":"true","ott":"true","pdf":"false","potm":"false","potx":"false","ppsm":"false","ppsx":"true","ppt":"true","pptm":"false","pptx":"true","rtf":"false","txt":"false","xls":"true","xlsm":"false","xlsx":"true","xltm":"false","xltx":"true"}'
./occ --no-warnings config:app:set -n onlyoffice editFormats --value='{"csv":"true","odp":"false","ods":"false","odt":"false","rtf":"false","txt":"true"}'
if [ -n "${USING_CLAMAV:-}" ]; then
echo "--> Configuring ClamAV"
./occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
./occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
./occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
./occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
./occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
./occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
fi
# Allow nextcloud into other apps iframes
echo "--> Fixing CSP"
# TODO: this should be done in a different fashion
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;
# Content-Set-Policy: connect-src 'self -' *.$DOMAIN;
# Content-Set-Policy: img-src 'self' *. -$DOMAIN;
# Content-Set-Policy: style-src 'self' -*.$DOMAIN;
# Content-Set-Policy: font-src 'self' * -.$DOMAIN;
sed -i \
-E "s%'\\\\'self\\\\'',.*$%'\\\\'self\\\\'', '*.${DOMAIN}',%" \
/var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Add default file for moodle activities
TEMPLATEDOCX="/var/www/html/data/admin/files/template.docx"
if [ ! -f "${TEMPLATEDOCX}" ]; then
echo "--> Copying activity template for Moodle"
cp /template.docx "${TEMPLATEDOCX}"
# We have to tell NC about this change
./occ files:scan admin
fi
# Configure logo
echo "--> Configuring logo"
# TODO: This should be a tad more dynamic
cachebuster="0"
if ./occ config:app:get theming cachebuster; then
cachebuster="$(./occ config:app:get theming cachebuster)"
fi
./occ theming:config logo /custom/img/logo.png
./occ theming:config background /custom/img/background.png
./occ config:app:set theming cachebuster --value="$((cachebuster + 1 ))"
occupgrade
cat <<EOF
*************************************
Done with DD-specific Nextcloud setup
*************************************
EOF