setup


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

#!/bin/bash

# @copyright Copyright (c) 2020 Arthur Schiwon <blizzz@arthur-schiwon.de>
#
# @author Arthur Schiwon <blizzz@arthur-schiwon.de>
#
# @license GNU AGPL version 3 or any later version
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

getarg() { # by Univention
    local found=0
    for arg in "${ARGS[@]}"; do
        if [ "$found" -eq 1 ]; then
            echo "$arg"
            break
        fi
        if [ "$arg" = "$1" ]; then
            found=1
        fi
    done
}
ERROR_FILE=$(getarg "--error-file")

error_msg() {
    if [ -n "$1" ]; then
        IN="$@"
    else
        read IN # from stdin
    fi
	if [ -n "$ERROR_FILE" ]; then
		echo "$IN" | tee -a "$ERROR_FILE" >&2
	else
		echo "$IN" >&2
	fi
}

install_hub_apps () {
    $OCC app:enable calendar
    $OCC app:enable contacts
    $OCC app:enable mail
    $OCC app:install spreed 2> /dev/null; echo -n 'enabling Talk... '; $OCC app:enable spreed
    # logic for office suite resides in join script
}

NC_DATADIR="$NC_PERMDATADIR/nextcloud-data"
NC_UCR_FILE="$NC_PERMCONFDIR/ucr"

mv "$NC_PERMCONFDIR/ucs.crt" /usr/local/share/ca-certificates/ucs.crt 2>&1 | error_msg
update-ca-certificates 2>&1 | error_msg

cd /var/www/html
if [ ! -x occ ]; then
	error_msg "/var/www/html/occ missing or not executable – was the docker container modified manually?"
	exit 21
fi

OCC="sudo -u www-data ./occ"

NC_IS_INSTALLED=`$OCC status | grep "installed: true" -c`
NC_IS_UPGRADE=1

if [ "$NC_IS_INSTALLED" -eq 0 ] ; then
    NC_IS_UPGRADE=0

    NC_ADMIN_PWD_FILE="$NC_PERMCONFDIR/admin.secret"
    NC_DB_TYPE="pgsql"
    NC_LOCAL_ADMIN="nc_admin"
    NC_LOCAL_ADMIN_PWD=`pwgen -y 30 1`
    echo "$NC_LOCAL_ADMIN_PWD" > "$NC_ADMIN_PWD_FILE"
    chmod 600 "$NC_ADMIN_PWD_FILE"

    mkdir -p "$NC_DATADIR"
    chown www-data:www-data -R "$NC_DATADIR"

    $OCC maintenance:install \
        --admin-user    "$NC_LOCAL_ADMIN" \
        --admin-pass    "$NC_LOCAL_ADMIN_PWD" \
        --database      "$NC_DB_TYPE" \
        --database-host "$DB_HOST" \
        --database-port "$DB_PORT" \
        --database-name "$DB_NAME" \
        --database-user "$DB_USER" \
        --database-pass "$DB_PASSWORD" \
        --data-dir      "$NC_DATADIR" \
        2>&1 | error_msg

    STATE=$?
    if [[ $STATE != 0 ]]; then
        error_msg  "Error while installing Nextcloud. Please check the apache log within the Nextcloud docker container, and (if existing) the nextcloud.log file in $NC_DATADIR."
        exit 22;
    fi
fi

UPGRADE_LOGFILE="/var/log/nextcloud-upgrade_"`date +%y_%m_%d`".log"
$OCC check
$OCC status
$OCC app:list
$OCC upgrade 2>&1>> "$UPGRADE_LOGFILE"
error_msg "The upgrade log is written to $UPGRADE_LOGFILE within the nextcloud container"

# basic Nextcloud configuration
eval "`cat \"$NC_UCR_FILE\"`"
if [ "$NC_IS_UPGRADE" -eq 0 ] ; then
    $OCC config:system:set updatechecker --type=boolean --value="false"    # this is handled via UCS AppCenter
    $OCC config:system:set upgrade.disable-web --type=boolean --value="true"
    $OCC config:system:set --value "\OC\Memcache\APCu" memcache.local
    $OCC config:system:set --value "\OC\Memcache\APCu" memcache.distributed
    $OCC config:system:set overwriteprotocol --value="https"
    $OCC config:system:set overwritewbroot --value="/nextcloud"
    $OCC config:system:set overwrite.cli.url --value="https://$NC_UCR_DOMAIN/nextcloud"
    $OCC config:system:set htaccess.RewriteBase --value="/nextcloud"
    $OCC background:cron
    $OCC app:enable user_ldap
    $OCC app:install user_saml && $OCC app:enable user_saml
    $OCC app:disable updatenotification
    install_hub_apps

    # set IP-related settings
    $OCC config:system:set trusted_proxies 0 --value="$NC_TRUSTED_PROXY_IP"
    $OCC config:system:set trusted_domains 0 --value="$NC_UCR_DOMAIN"
    NC_TRUSTED_DOMAIN_NO=1
    NC_HOST_IPS=($NC_HOST_IPS)
    for HOST_IP in "${NC_HOST_IPS[@]}" ; do
        HOST_IP=$(echo "$HOST_IP" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
        $OCC config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_NO" --value="$HOST_IP"
        NC_TRUSTED_DOMAIN_NO=$(($NC_TRUSTED_DOMAIN_NO+1))
    done

    # This should not be necessary, but was observed… TODO: try to reproduce outside UCS, but with psql
    $OCC db:convert-filecache-bigint -n
    $OCC db:add-missing-indices

    # ensure that all apps are up to date on installation (e.g. files_rightclick on 17.0.1)
    $OCC app:update --all

else
    # attempt to re-enable disabled apps
    DISABLED_APPS=( $(cat "$UPGRADE_LOGFILE" | grep "Disabled incompatible app:" | cut -d ":" -f 2 | egrep -o "[a-z]+[a-z0-9_]*[a-z0-9]+") )
    for APPID in "${DISABLED_APPS[@]}" ; do
        $OCC app:enable "$APPID" || $OCC app:install "$APPID" || error_msg "Could not re-enable $APPID"
    done

    MEM_DIST=$($OCC config:system:get --default-value "NOT_SET" memcache.distributed)
    if [ "${MEM_DIST}" = "NOT_SET" ]; then
      # some code might require a set distributed memcache
      # this block is safe to remove with Nextcloud 22
      $OCC config:system:set --value "\OC\Memcache\APCu" memcache.distributed
    fi
fi

# Recreate the htaccess on both install and update
$OCC maintenance:update:htaccess

$OCC config:system:set one-click-instance --value=true --type=bool
$OCC config:system:set one-click-instance.user-limit --value=500 --type=int
$OCC config:system:set one-click-instance.link --value="https://nextcloud.com/univention/"
$OCC app:enable support

# env var is set from the dockerfile
if [ "$NC_IS_PATCHED" = true ]; then
    $OCC config:system:set integrity.check.disabled --value="true" --type=boolean
    # (un)comment and adjust following line depending on the use case,
    # otherwise a warning is shown, still
    $OCC integrity:check-app dav
    $OCC integrity:check-app user_ldap
    $OCC integrity:check-core

    # integrity checks are done once on upgrade case, thus we can directly remove the flag again
    $OCC config:system:delete integrity.check.disabled
fi

echo "*/5 * * * * www-data    php -f /var/www/html/cron.php" > /etc/cron.d/nextcloud