#!/bin/bash # @copyright Copyright (c) 2020 Arthur Schiwon # # @author Arthur Schiwon # # @license GNU AGPL version 3 or any later version # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . getarg() { # by Univention local found=0 for arg in "${ARGS[@]}"; do if [ "$found" -eq 1 ]; then echo "$arg" break fi if [ "$arg" = "$1" ]; then found=1 fi done } ERROR_FILE=$(getarg "--error-file") error_msg() { if [ -n "$1" ]; then IN="$@" else read IN # from stdin fi if [ -n "$ERROR_FILE" ]; then echo "$IN" | tee -a "$ERROR_FILE" >&2 else echo "$IN" >&2 fi } install_hub_apps () { $OCC app:enable calendar $OCC app:enable contacts $OCC app:enable mail $OCC app:install spreed 2> /dev/null; echo -n 'enabling Talk... '; $OCC app:enable spreed # logic for office suite resides in join script } NC_DATADIR="$NC_PERMDATADIR/nextcloud-data" NC_UCR_FILE="$NC_PERMCONFDIR/ucr" mv "$NC_PERMCONFDIR/ucs.crt" /usr/local/share/ca-certificates/ucs.crt 2>&1 | error_msg update-ca-certificates 2>&1 | error_msg cd /var/www/html if [ ! -f occ ]; then error_msg "/var/www/html/occ missing – was the docker container modified manually?" exit 21 fi OCC="sudo -u www-data php /var/www/html/occ" NC_IS_INSTALLED=$($OCC status | grep "installed: true" -c) NC_IS_UPGRADE=1 if [ "$NC_IS_INSTALLED" -eq 0 ] ; then NC_IS_UPGRADE=0 NC_ADMIN_PWD_FILE="$NC_PERMCONFDIR/admin.secret" NC_DB_TYPE="pgsql" NC_LOCAL_ADMIN="nc_admin" NC_LOCAL_ADMIN_PWD=$(pwgen -y 30 1) echo "$NC_LOCAL_ADMIN_PWD" > "$NC_ADMIN_PWD_FILE" chmod 600 "$NC_ADMIN_PWD_FILE" mkdir -p "$NC_DATADIR" chown www-data:www-data -R "$NC_DATADIR" $OCC maintenance:install \ --admin-user "$NC_LOCAL_ADMIN" \ --admin-pass "$NC_LOCAL_ADMIN_PWD" \ --database "$NC_DB_TYPE" \ --database-host "$DB_HOST" \ --database-port "$DB_PORT" \ --database-name "$DB_NAME" \ --database-user "$DB_USER" \ --database-pass "$DB_PASSWORD" \ --data-dir "$NC_DATADIR" \ 2>&1 | error_msg STATE=$? if [[ $STATE != 0 ]]; then error_msg "Error while installing Nextcloud. Please check the apache log within the Nextcloud docker container, and (if existing) the nextcloud.log file in $NC_DATADIR." exit 22; fi fi UPGRADE_LOGFILE="/var/log/nextcloud-upgrade_"$(date +%y_%m_%d)".log" $OCC check $OCC status $OCC app:list $OCC upgrade 2>&1>> "$UPGRADE_LOGFILE" error_msg "The upgrade log is written to $UPGRADE_LOGFILE within the nextcloud container" # basic Nextcloud configuration eval "$(cat \"$NC_UCR_FILE\")" if [ "$NC_IS_UPGRADE" -eq 0 ] ; then $OCC config:system:set updatechecker --type=boolean --value="false" # this is handled via UCS AppCenter $OCC config:system:set upgrade.disable-web --type=boolean --value="true" $OCC config:system:set --value "\OC\Memcache\APCu" memcache.local $OCC config:system:set overwriteprotocol --value="https" $OCC config:system:set overwritewbroot --value="/nextcloud" $OCC config:system:set overwrite.cli.url --value="https://$NC_UCR_DOMAIN/nextcloud" $OCC config:system:set htaccess.RewriteBase --value="/nextcloud" $OCC background:cron $OCC app:enable user_ldap $OCC app:install user_saml && $OCC app:enable user_saml $OCC app:disable updatenotification install_hub_apps # set IP-related settings $OCC config:system:set trusted_proxies 0 --value="$NC_TRUSTED_PROXY_IP" $OCC config:system:set trusted_domains 0 --value="$NC_UCR_DOMAIN" NC_TRUSTED_DOMAIN_NO=1 NC_HOST_IPS=($NC_HOST_IPS) for HOST_IP in "${NC_HOST_IPS[@]}" ; do HOST_IP=$(echo "$HOST_IP" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') $OCC config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_NO" --value="$HOST_IP" NC_TRUSTED_DOMAIN_NO=$(($NC_TRUSTED_DOMAIN_NO+1)) done # This should not be necessary, but was observed… TODO: try to reproduce outside UCS, but with psql $OCC db:convert-filecache-bigint -n $OCC db:add-missing-indices # ensure that all apps are up to date on installation $OCC app:update --all else # attempt to re-enable disabled apps DISABLED_APPS=( $(cat "$UPGRADE_LOGFILE" | grep "Disabled incompatible app:" | cut -d ":" -f 2 | egrep -o "[a-z]+[a-z0-9_]*[a-z0-9]+") ) for APPID in "${DISABLED_APPS[@]}" ; do $OCC app:enable "$APPID" || $OCC app:install "$APPID" || error_msg "Could not re-enable $APPID" done fi # Recreate the htaccess on both install and update $OCC maintenance:update:htaccess $OCC config:system:set one-click-instance --value=true --type=bool $OCC config:system:set one-click-instance.user-limit --value=500 --type=int $OCC config:system:set one-click-instance.link --value="https://nextcloud.com/univention/" $OCC app:enable support # env var is set from the dockerfile if [ "$NC_IS_PATCHED" = true ]; then $OCC config:system:set integrity.check.disabled --value="true" --type=boolean # (un)comment and adjust following line depending on the use case, # otherwise a warning is shown, still $OCC integrity:check-app dav $OCC integrity:check-app user_ldap $OCC integrity:check-core # integrity checks are done once on upgrade case, thus we can directly remove the flag again $OCC config:system:delete integrity.check.disabled fi echo "*/5 * * * * www-data php -f /var/www/html/cron.php" > /etc/cron.d/nextcloud