-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathinstall
executable file
·314 lines (239 loc) · 11 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
#!/bin/bash
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# INITIALIZE AND STORE SETTINGS
#=================================================
ynh_app_setting_set --key=php_upload_max_filesize --value=10G
ynh_app_setting_set --key=php_memory_limit --value=512M
ynh_app_setting_set --key=fpm_footprint --value=high
ynh_app_setting_set --key=fpm_usage --value=medium
phpflags="--define apc.enable_cli=1"
ynh_app_setting_set --key=phpflags --value="$phpflags"
enable_notify_push="0"
ynh_app_setting_set --key=enable_notify_push --value=0
system_addressbook_exposed="0"
ynh_app_setting_set --key=system_addressbook_exposed --value=0
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression "Migrate MySQL database to utf8..."
ynh_mysql_db_shell <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression "Setting up source files..."
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression "Configuring PHP-FPM..."
ynh_config_add_phpfpm
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression "Configuring NGINX web server..."
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn "Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi
nginx_extra_conf_dir="/etc/nginx/conf.d/$domain.d/$app.d"
mkdir -p "$nginx_extra_conf_dir"
if [ $enable_notify_push -eq 1 ]
then
ynh_config_add --template="notify_push.conf" --destination="$nginx_extra_conf_dir/notify_push.conf"
fi
ynh_config_add_nginx
#=================================================
# INSTALL NEXTCLOUD
#=================================================
ynh_script_progression "Installing $app..."
# Set write access for the following commands
chown -R $app:www-data "$install_dir"
chown -R $app: "$data_dir"
# Define password in an intermediate var
# The fact that it's called _password allows it to be
# picked up by YunoHost's auto-redact mecanism
admin_password="$(ynh_string_random --length=6)"
# Install Nextcloud using a temporary admin user
exec_occ maintenance:install \
--database "mysql" --database-name $db_name \
--database-user $db_user --database-pass "$db_pwd" \
--admin-user "admin" --admin-pass "$admin_password" \
--data-dir "$data_dir/data" \
|| ynh_die "Unable to install $app"
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression "Configuring $app..."
# Set the mysql.utf8mb4 config to true in config.php
exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true"
# move the logs from the data_dir to the standard /var/log
exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log"
# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification
# Enable LDAP plugin
exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config
# Load the installation config file in Nextcloud
ynh_config_add --template="config_install.json" --destination="$install_dir/config_install.json"
exec_occ config:import "$install_dir/config_install.json"
# Then remove the config file
ynh_safe_rm "$install_dir/config_install.json"
# Load the additional config file (used also for upgrade)
ynh_config_add --template="config.json" --destination="$install_dir/config.json"
exec_occ config:import "$install_dir/config.json"
# Then remove the config file
ynh_safe_rm "$install_dir/config.json"
#=================================================
# CHECK THE LDAP CONFIG
#=================================================
# Check LDAP configuration to see if everything worked well
exec_occ ldap:test-config '' || ynh_die "An error occured during LDAP configuration"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
#=================================================
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local mount_dir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn "Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Enable External Storage and create local mount to home folder
if [ $user_home -eq 1 ]
then
exec_occ app:enable files_external
create_external_storage "/home/\$user" "Home"
# Iterate over users to extend their home folder permissions
for u in $(ynh_user_list); do
setfacl --modify g:$app:rwx "/home/$u" || true
done
fi
#=================================================
# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
#=================================================
# Add dynamic logout URL to the config
url_base64="$(echo -n "https://$domain$path" | base64)"
exec_occ config:system:get logout_url >/dev/null 2>&1 \
|| echo "
//-YunoHost-
// set logout_url according to main domain
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}';
//-YunoHost-
" >> "$install_dir/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"
#=================================================
# REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE
#=================================================
# Set the user as admin
ynh_mysql_db_shell <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');"
# And delete admin user
exec_occ user:delete admin
#=================================================
# ENABLE OR DISABLE SYSTEM ADDRESS BOOK
#=================================================
exec_occ config:app:set dav system_addressbook_exposed --value="$system_addressbook_exposed"
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$install_dir/config/config.php"
#=================================================
# CONFIGURE NOTIFY_PUSH APP
#=================================================
if [ $enable_notify_push -eq 1 ]
then
exec_occ app:install notify_push
exec_occ config:app:set notify_push base_endpoint --value https://$domain${path_url%/}/push
case $YNH_ARCH in
amd64) arch="x86_64";;
arm64) arch="aarch64";;
armel|armhf) arch="armv7";;
esac
ynh_config_add --template="watcher.path" --destination="/etc/systemd/system/${app}-notify-push-watcher.path"
ynh_config_add_systemd --service="${app}-notify-push-watcher" --template="watcher.service"
systemctl enable --now --quiet ${app}-notify-push-watcher.path
ynh_config_add_systemd --service="${app}-notify-push"
fi
#=================================================
# ADD A CRON JOB
#=================================================
ynh_config_add --template="nextcloud.cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
exec_occ background:cron
#=================================================
# POST-INSTALL MAINTENANCE
#=================================================
exec_occ db:add-missing-indices
exec_occ db:add-missing-columns
exec_occ db:convert-filecache-bigint -n
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
ynh_script_progression "Adding multimedia directories..."
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
# Mount the user directory in Nextcloud
exec_occ app:enable files_external
create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia"
create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia"
# Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Fix app ownerships & permissions
chown -R $app:www-data "$install_dir"
chown -R $app: "$data_dir"
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
chmod 600 "$install_dir/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $install_dir
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression "Configuring log rotation..."
ynh_config_add_logrotate
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression "Configuring Fail2Ban..."
# Create a dedicated Fail2Ban config
ynh_config_add_fail2ban --logpath="/var/log/$app/nextcloud.log"
#=================================================
# CHECK IF NOTIFY_PUSH WORKS
#=================================================
if [ $enable_notify_push -eq 1 ]
then
count=0
while ! ynh_exec_as_app php${php_version} --define apc.enable_cli=1 $install_dir/cron.php && [[ $count -lt 30 ]]
do
sleep 1
count=$((count + 1))
done
ynh_systemctl --service="${app}-notify-push-watcher" --action=restart
ynh_systemctl --service="${app}-notify-push" --action=restart --wait_until="Push daemon for Nextcloud clients." --log_path="systemd"
if ! exec_occ notify_push:self-test; then
ynh_print_warn "The Notify Push service is still not working properly. Please log in with a user to your NextCloud instance, restart the Notify Push service with \"systemctl restart ${app}-notify-push.service\", and run \"ynh_exec_as_app php${php_version} $install_dir/occ notify_push:self-test\" to verify that everything is green."
fi
fi
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression "Installation of $app completed"