269 lines
9.8 KiB
Bash
Executable File
269 lines
9.8 KiB
Bash
Executable File
#!/bin/sh -eu
|
|
|
|
#
|
|
# This runs as www-data
|
|
#
|
|
|
|
occupgrade() {
|
|
# Maintenance mode must be off
|
|
./occ maintenance:mode --off
|
|
# Sometimes this has to happen twice
|
|
./occ upgrade
|
|
./occ upgrade
|
|
}
|
|
|
|
plugin_status() {
|
|
plugin="$1"
|
|
plugins_state="$(./occ app:list --output=json_pretty)"
|
|
version="$(echo "${plugins_state}" | jq -r ".enabled.${plugin}")"
|
|
if [ "${version}" != "null" ]; then
|
|
printf "%s\t%s" "enabled" "${version}"
|
|
else
|
|
version="$(echo "${plugins_state}" | jq -r ".disabled.${plugin}")"
|
|
if [ "${version}" != "null" ]; then
|
|
printf "%s\t%s" "disabled" "${version}"
|
|
else
|
|
printf "%s\t%s" "n/a" "n/a"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
|
|
cat <<EOF
|
|
**************************************
|
|
Performing DD-specific Nextcloud setup
|
|
**************************************
|
|
|
|
EOF
|
|
|
|
# Install static settings
|
|
echo "--> Setting up static DD config"
|
|
STATIC_CFG=/var/www/html/config/zzz_dd.config.php
|
|
cat > "${STATIC_CFG}" <<EOF
|
|
<?php
|
|
/** DD-customised static settings
|
|
*/
|
|
\$CONFIG = array(
|
|
'default_language' => 'ca',
|
|
'skeletondirectory' => '',
|
|
'theme' => 'dd',
|
|
'allow_local_remote_servers' => true,
|
|
);
|
|
EOF
|
|
|
|
occupgrade
|
|
|
|
# These cannot be edited from outside of the DD project
|
|
# Operators should instead rely on the environment variables to ease deployment
|
|
# EXTRA_PLUGINS_ENABLE and EXTRA_PLUGINS_DISABLE
|
|
CORE_PLUGINS_ENABLE="user_saml,bruteforcesettings,polls,calendar,spreed,bbb,mail,ownpad,onlyoffice"
|
|
CORE_PLUGINS_DISABLE="firstrunwizard,recommendations,dashboard,circles,forms"
|
|
|
|
if [ "${DISABLE_CLAMAV:-true}" = "false" ]; then
|
|
CORE_PLUGINS_ENABLE="${CORE_PLUGINS_ENABLE},files_antivirus"
|
|
USING_CLAMAV="YES"
|
|
else
|
|
CORE_PLUGINS_DISABLE="${CORE_PLUGINS_DISABLE},files_antivirus"
|
|
fi
|
|
|
|
# Take care of installing core plugins and extra requested plugins
|
|
PLUGINS="${CORE_PLUGINS_ENABLE},${CORE_PLUGINS_DISABLE},${EXTRA_PLUGINS_ENABLE:-},${EXTRA_PLUGINS_DISABLE:-}"
|
|
|
|
# Install all plugins
|
|
# shellcheck disable=SC2086 # We do want multiple arguments
|
|
for plugin in $(echo "${PLUGINS}" | tr ',' '\n'); do
|
|
if plugin_status "${plugin}" | grep -q "n/a"; then
|
|
echo "--> Installing ${plugin}"
|
|
./occ --no-warnings app:install "${plugin}"
|
|
fi
|
|
done
|
|
|
|
# Enable core plugins
|
|
# shellcheck disable=SC2086 # We do want multiple arguments
|
|
for plugin in $(echo "${CORE_PLUGINS_ENABLE}" | tr ',' '\n'); do
|
|
if plugin_status "${plugin}" | grep -qE "^disabled"; then
|
|
echo "--> Enabling core ${plugin}"
|
|
./occ --no-warnings app:enable "${plugin}"
|
|
fi
|
|
done
|
|
|
|
# Disable core plugins
|
|
# shellcheck disable=SC2086 # We do want multiple arguments
|
|
for plugin in $(echo "${CORE_PLUGINS_DISABLE}" | tr ',' '\n'); do
|
|
if plugin_status "${plugin}" | grep -qE "^enabled"; then
|
|
echo "--> Disabling core ${plugin}"
|
|
./occ --no-warnings app:disable "${plugin}"
|
|
fi
|
|
done
|
|
|
|
|
|
# Enable extra plugins
|
|
# shellcheck disable=SC2086 # We do want multiple arguments
|
|
for plugin in $(echo "${EXTRA_PLUGINS_ENABLE:-}" | tr ',' '\n'); do
|
|
if plugin_status "${plugin}" | grep -qE "^disabled"; then
|
|
echo "--> Enabling extra ${plugin}"
|
|
./occ --no-warnings app:enable "${plugin}"
|
|
fi
|
|
done
|
|
|
|
# Disable extra plugins
|
|
# shellcheck disable=SC2086 # We do want multiple arguments
|
|
for plugin in $(echo "${EXTRA_PLUGINS_DISABLE:-}" | tr ',' '\n'); do
|
|
if plugin_status "${plugin}" | grep -qE "^enabled"; then
|
|
echo "--> Disabling extra ${plugin}"
|
|
./occ --no-warnings app:disable "${plugin}"
|
|
fi
|
|
done
|
|
|
|
occupgrade
|
|
|
|
# Temporary patch while upstream lands our changes
|
|
# See: https://github.com/nextcloud/mail/pull/6908
|
|
for f in appinfo/info.xml lib/Command/UpdateAccount.php lib/Db/MailAccountMapper.php; do
|
|
install -m 0644 -o www-data -g www-data "/nc_mail/$f" "/var/www/html/custom_apps/mail/$f"
|
|
done
|
|
|
|
occupgrade
|
|
|
|
## Forms
|
|
# TODO: This is broken in NC 24 due to:
|
|
# https://github.com/nextcloud/forms/pull/1149/files
|
|
## TODO: request explanations and reduce upstream diff
|
|
## This is what is being used: https://github.com/juanan3ip/form
|
|
#FORMS_EXPECTED_HASH="$(cat /forms.hash)"
|
|
#FORMS_DIR="/var/www/html/custom_apps/forms"
|
|
#FORMS_HASH=""
|
|
#if [ -f "${FORMS_DIR}.hash" ]; then
|
|
# FORMS_HASH="$(cat "${FORMS_DIR}.hash")"
|
|
#fi
|
|
#if [ "${FORMS_EXPECTED_HASH}" != "${FORMS_HASH}" ]; then
|
|
# # Remove old plugin
|
|
# rm -rf "${FORMS_DIR}"
|
|
# # Install new one
|
|
# unzip -o /forms.zip -d /tmp
|
|
# mv "/tmp/form-${FORMS_EXPECTED_HASH}" "${FORMS_DIR}"
|
|
# # Perform config / install
|
|
# npm --prefix "${FORMS_DIR}" install
|
|
# composer --ignore-platform-req=ext-dom -d"${FORMS_DIR}" install --no-dev -o
|
|
# # Place hash marker
|
|
# cp /forms.hash "${FORMS_DIR}.hash"
|
|
#fi
|
|
#if plugin_status "${plugin}" | grep -qE "^disabled"; then
|
|
# ./occ app:enable forms
|
|
#fi
|
|
#
|
|
#occupgrade
|
|
|
|
#
|
|
# Apply app-specific configurations
|
|
#
|
|
echo "--> Configuring BBB"
|
|
# Host
|
|
./occ config:app:set -n bbb api.url --value="${BBB_HOST:-}"
|
|
# API Secret
|
|
./occ config:app:set -n -q bbb api.secret --value="${BBB_API_SECRET:-}"
|
|
# Disable Big Blue Button media check by default
|
|
./occ config:app:set -n bbb join.mediaCheck --value="false"
|
|
# Disable Big Blue Button listen only mode by default
|
|
# And enable option to join muted to Big Blue Button room by default
|
|
## TODO: Upstream these as toggeable settings
|
|
# shellcheck disable=SC2016 # We want these literal strings
|
|
sed -i.orig \
|
|
-e 's/^\(\s*$room->setListenOnly(\)true\();\)$/\1false\2/' \
|
|
-e 's/^\(\s*$room->setJoinMuted(\)false\();\)$/\1true\2/' \
|
|
/var/www/html/custom_apps/bbb/lib/Service/RoomService.php
|
|
# Remove meeting join nextcloud bbb app dialog exclamation marks
|
|
sed -i.orig \
|
|
-e 's/\(^\s*"Please enter your name!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \
|
|
-e 's/\(^\s*"Let.s go!" : [^¡]*\)¡\?\([^!]*\)!\(.*\)$/\1\2\3/' \
|
|
/var/www/html/custom_apps/bbb/l10n/*.json
|
|
|
|
# Patches / fixes for Ownpad
|
|
## Fix mimetypemapping for ownpad
|
|
MIMETYPEMAPPINGJSON="/var/www/html/config/mimetypemapping.json"
|
|
if ! grep -q "application/x-ownpad" "${MIMETYPEMAPPINGJSON}"; then
|
|
jq '. + {"pad": ["application/x-ownpad"], "calc": ["application/x-ownpad"]}' \
|
|
/var/www/html/resources/config/mimetypemapping.dist.json > "${MIMETYPEMAPPINGJSON}"
|
|
# We have to tell NC about this change as documented here:
|
|
# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#maintenance-commands
|
|
./occ maintenance:mimetype:update-db
|
|
fi
|
|
## Open pads on new tab/window
|
|
OWNPADJS="/var/www/html/custom_apps/ownpad/js/ownpad.js"
|
|
if ! grep -q viewerDD "${OWNPADJS}"; then
|
|
## TODO: Upstream this as a toggeable setting
|
|
sed -i.orig 's/^\(\s*\)var viewer = \(OC.generateUrl.*\)/\1var viewerDD = \2; window.open(viewerDD); return;/' "${OWNPADJS}"
|
|
fi
|
|
|
|
# Settings
|
|
echo "--> Applying custom settings"
|
|
./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_enable --value="yes"
|
|
./occ --no-warnings config:app:set -n ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN"
|
|
|
|
./occ --no-warnings config:app:set -n onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN"
|
|
./occ --no-warnings config:app:set -n onlyoffice jwt_secret --value="secret"
|
|
./occ --no-warnings config:app:set -n onlyoffice jwt_header --value="Authorization"
|
|
./occ --no-warnings config:app:set -n onlyoffice sameTab --value="false"
|
|
|
|
# Moodle nextcloud task needs forcesave onlyoffice option
|
|
./occ --no-warnings config:app:set -n onlyoffice customizationForcesave --value="true"
|
|
|
|
# Add allow list IPs
|
|
./occ --no-warnings config:app:set -n bruteForce whitelist_1 --value='172.16.0.0/12'
|
|
|
|
# OnlyOffice
|
|
./occ --no-warnings config:app:set -n onlyoffice preview --value="true"
|
|
./occ --no-warnings config:app:set -n onlyoffice defFormats --value='{"csv":"false","doc":"true","docm":"false","docx":"true","docxf":"true","oform":"true","dotx":"false","epub":"false","html":"false","odp":"true","ods":"true","odt":"true","otp":"true","ots":"true","ott":"true","pdf":"false","potm":"false","potx":"false","ppsm":"false","ppsx":"true","ppt":"true","pptm":"false","pptx":"true","rtf":"false","txt":"false","xls":"true","xlsm":"false","xlsx":"true","xltm":"false","xltx":"true"}'
|
|
./occ --no-warnings config:app:set -n onlyoffice editFormats --value='{"csv":"true","odp":"false","ods":"false","odt":"false","rtf":"false","txt":"true"}'
|
|
|
|
if [ -n "${USING_CLAMAV:-}" ]; then
|
|
echo "--> Configuring ClamAV"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_mode --value="daemon"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_host --value="dd-apps-clamav"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_port --value="3310"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_infected_action --value="only_log"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_stream_max_length --value="26214400"
|
|
./occ --no-warnings config:app:set -n files_antivirus av_max_file_size --value="-1"
|
|
fi
|
|
|
|
# Allow nextcloud into other apps iframes
|
|
echo "--> Fixing CSP"
|
|
# TODO: this should be done in a different fashion
|
|
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;
|
|
# Content-Set-Policy: connect-src 'self -' *.$DOMAIN;
|
|
# Content-Set-Policy: img-src 'self' *. -$DOMAIN;
|
|
# Content-Set-Policy: style-src 'self' -*.$DOMAIN;
|
|
# Content-Set-Policy: font-src 'self' * -.$DOMAIN;
|
|
sed -i \
|
|
-E "s%'\\\\'self\\\\'',.*$%'\\\\'self\\\\'', '*.${DOMAIN}',%" \
|
|
/var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
|
|
|
# Add default file for moodle activities
|
|
TEMPLATEDOCX="/var/www/html/data/admin/files/template.docx"
|
|
if [ ! -f "${TEMPLATEDOCX}" ]; then
|
|
echo "--> Copying activity template for Moodle"
|
|
cp /template.docx "${TEMPLATEDOCX}"
|
|
# We have to tell NC about this change
|
|
./occ files:scan admin
|
|
fi
|
|
|
|
# Configure logo
|
|
echo "--> Configuring logo"
|
|
# TODO: This should be a tad more dynamic
|
|
cachebuster="0"
|
|
if ./occ config:app:get theming cachebuster; then
|
|
cachebuster="$(./occ config:app:get theming cachebuster)"
|
|
fi
|
|
./occ theming:config logo /custom/img/logo.png
|
|
./occ theming:config background /custom/img/background.png
|
|
./occ config:app:set theming cachebuster --value="$((cachebuster + 1 ))"
|
|
|
|
occupgrade
|
|
|
|
cat <<EOF
|
|
*************************************
|
|
Done with DD-specific Nextcloud setup
|
|
*************************************
|
|
|
|
EOF
|