diff --git a/conf/nginx.conf b/conf/nginx.conf index f521457e..c7b51e84 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -161,8 +161,8 @@ location ^~ __PATH__/ { location ~ \.(otf|woff2?)$ { try_files $uri / __PATH__/index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } # Rule borrowed from `.htaccess` diff --git a/manifest.toml b/manifest.toml index 3b7ac246..cc2e6eb0 100644 --- a/manifest.toml +++ b/manifest.toml @@ -27,7 +27,7 @@ multi_instance = true ldap = true sso = true -disk = "650M" +disk = "850M" ram.build = "250M" ram.runtime = "512M" @@ -116,7 +116,8 @@ ram.runtime = "512M" api.allowed = ["visitors", "all_users"] [resources.apt] - packages = "mariadb-server, imagemagick, libmagickcore-6.q16-6-extra, acl, tar, smbclient, at, redis-server, php8.3-fpm, php8.3-bz2, php8.3-imap, php8.3-gmp, php8.3-gd, php8.3-intl, php8.3-curl, php8.3-apcu, php8.3-redis, php8.3-ldap, php8.3-imagick, php8.3-zip, php8.3-mbstring, php8.3-xml, php8.3-mysql, php8.3-igbinary, php8.3-bcmath" + packages = "postgresql, imagemagick, libmagickcore-6.q16-6-extra, acl, tar, smbclient, at, redis-server, php8.3-pgsql, php8.3-mysql, php8.3-fpm, php8.3-bz2, php8.3-imap, php8.3-gmp, php8.3-gd, php8.3-intl, php8.3-curl, php8.3-apcu, php8.3-redis, php8.3-ldap, php8.3-imagick, php8.3-zip, php8.3-mbstring, php8.3-xml, php8.3-igbinary, php8.3-bcmath" [resources.database] - type = "mysql" + type = "postgresql" + \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 33c0c7f1..7c48d677 100755 --- a/scripts/backup +++ b/scripts/backup @@ -40,11 +40,11 @@ ynh_backup "/etc/cron.d/$app" ynh_backup "/var/log/$app" #================================================= -# BACKUP THE MYSQL DATABASE +# BACKUP THE POSTGRESQL DATABASE #================================================= -ynh_print_info "Backing up the MySQL database..." +ynh_print_info "Backing up the PostgreSQL database..." -ynh_mysql_dump_db > db.sql +ynh_psql_dump_db > db.sql #================================================= # BACKUP THE NOTIFY_PUSH APP diff --git a/scripts/install b/scripts/install index fc4d6455..fc02e04e 100755 --- a/scripts/install +++ b/scripts/install @@ -22,13 +22,6 @@ ynh_app_setting_set --key=enable_notify_push --value=0 system_addressbook_exposed="0" ynh_app_setting_set --key=system_addressbook_exposed --value=0 -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -ynh_script_progression "Migrate MySQL database to utf8..." - -ynh_mysql_db_shell <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -83,7 +76,7 @@ admin_password="$(ynh_string_random --length=6)" # Install Nextcloud using a temporary admin user exec_occ maintenance:install \ - --database "mysql" --database-name $db_name \ + --database "pgsql" --database-name $db_name \ --database-user $db_user --database-pass "$db_pwd" \ --admin-user "admin" --admin-pass "$admin_password" \ --data-dir "$data_dir/data" \ @@ -94,9 +87,6 @@ exec_occ maintenance:install \ #================================================= ynh_script_progression "Configuring $app..." -# Set the mysql.utf8mb4 config to true in config.php -exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" - # move the logs from the data_dir to the standard /var/log exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" @@ -183,7 +173,7 @@ exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" #================================================= # Set the user as admin -ynh_mysql_db_shell <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');" +ynh_psql_db_shell <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');" # And delete admin user exec_occ user:delete admin diff --git a/scripts/remove b/scripts/remove index c506c10c..2a50bdfd 100755 --- a/scripts/remove +++ b/scripts/remove @@ -26,7 +26,6 @@ if [ $enable_notify_push -eq 1 ]; then fi # Remove a cron file -# TODO: Ensure that cron job is not running (How !?) ynh_safe_rm "/etc/cron.d/$app" # Cleaning ACL in home directories diff --git a/scripts/restore b/scripts/restore index 1ed03c8e..52b47ff1 100755 --- a/scripts/restore +++ b/scripts/restore @@ -11,21 +11,26 @@ ynh_script_progression "Restoring the app main directory..." ynh_restore "$install_dir" #================================================= -# RESTORE THE MYSQL DATABASE +# RESTORE THE DATA DIRECTORY +#================================================= +ynh_script_progression "Restoring data directory..." + +ynh_restore "$data_dir" + #================================================= -ynh_script_progression "Restoring the MySQL database..." +# RESTORE THE POSTGRESQL DATABASE +#================================================= +ynh_script_progression "Restoring the PostgreSQL database..." -ynh_mysql_db_shell < ./db.sql +ynh_psql_db_shell < ./db.sql #================================================= -# RESTORE THE PHP-FPM CONFIGURATION +# RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression "Reconfiguring PHP-FPM..." +ynh_script_progression "Restoring system configurations related to $app..." -# Restore the file first, so it can have a backup if different ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf" -# Recreate a dedicated PHP-FPM config ynh_config_add_phpfpm #================================================= @@ -64,13 +69,6 @@ ynh_script_progression "Restoring the logrotate configuration..." ynh_restore "/etc/logrotate.d/$app" -#================================================= -# RESTORE THE DATA DIRECTORY -#================================================= -ynh_script_progression "Restoring data directory..." - -ynh_restore "$data_dir" - #================================================= # RESTORE USER RIGHTS #================================================= @@ -100,6 +98,7 @@ ynh_script_progression "Adding multimedia directories..." # Build YunoHost multimedia directories ynh_multimedia_build_main_dir + # Allow nextcloud to write into these directories ynh_multimedia_addaccess $app @@ -114,8 +113,8 @@ ynh_restore "/etc/fail2ban/filter.d/$app.conf" # Make sure a log file exists (mostly for CI tests) logfile="/var/log/$app/nextcloud.log" if [ ! -f "$logfile" ]; then - touch "$logfile" - chown "$app:" "$logfile" + touch "$logfile" + chown "$app:" "$logfile" fi ynh_systemctl --action=restart --service=fail2ban diff --git a/scripts/upgrade b/scripts/upgrade index 8a20d119..88eff45d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -54,6 +54,12 @@ filter_boring_occ_warnings() { sed -E 's@\s*([0-9]+\/[0-9]+\s+\[(-|>|=)+\]\s+[0-9]+%|\s*Starting ...|Nextcloud or one of the apps require upgrade - only a limited number of commands are available|You may use your browser or the occ upgrade command to do the upgrade)@@g' } +current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) +current_major_version=${current_version%%.*} + +last_version=$(ynh_read_manifest "resources.sources.main.url" | grep -Eo '[0-9][0-9]\.[0-9]\.[0-9]+') +last_major_version=${last_version%%.*} + # Define a function to execute commands with `occ` exec_occ() { # Backward compatibility to upgrade from older versions @@ -87,6 +93,35 @@ exec_occ() { php$NEXTCLOUD_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") 2> >(filter_boring_occ_warnings >&2) } +#================================================= +# HANDLE DATABASE MIGRATION FROM MYSL TO PSQL +#================================================= + +# If we're moving through version 29.0.10~ynh1 (in which the switch to PostgreSQL is made) +if ynh_app_upgrading_from_version_before 29.0.10~ynh1 +then + # Double-check the MySQL database is here + if ! mysql -e "USE $db_name" 2>/dev/null + then + ynh_print_warn "Uhoh? The Nextcloud MySQL database doesn't exist? We are supposed to move it to PostgreSQL... Maybe it was already migrated?" + # Double check the psql is not empty, otherwise big whoops? + if [[ "$(ynh_psql_db_shell --database=$db_name --sql="\dt" 2>/dev/null | wc -l)" == 0 ]] + then + ynh_die "Apparently the PostgreSQL database is also empty, this is kind of worrying, what happened?!" + else + ynh_print_warn "Apparently the PostgreSQL database is not empty, so this is probably OK?" + fi + else + ynh_print_info "Migrating to PostgreSQL database..." + exec_occ db:convert-type --all-apps --clear-schema pgsql $db_name 127.0.0.1 $db_name --password=$db_pwd -n + ynh_mysql_drop_db $db_name + fi +fi + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + # Define a function to add an external storage # Create the external storage for the given folders and enable sharing create_external_storage() { @@ -122,12 +157,6 @@ function list_installed_apps_not_compatible_with_future_version() comm -23 <(comm -23 $installed_apps $core_apps_in_current_version) $nextcloud_destination_appcatalog } -current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) -current_major_version=${current_version%%.*} - -last_version=$(ynh_read_manifest "resources.sources.main.url" | grep -Eo '[0-9][0-9]\.[0-9]\.[0-9]+') -last_major_version=${last_version%%.*} - if [[ "$last_major_version" != "$current_major_version" ]] then installed_apps_not_compatible_with_future_version="$(list_installed_apps_not_compatible_with_future_version $last_major_version)" @@ -137,187 +166,182 @@ then fi fi -# FIXME: this is still supported but the recommendation is now to *always* re-setup the app sources wether or not the upstream sources changed -if ynh_app_upstream_version_changed -then - ynh_script_progression "Upgrading $app..." +#================================================= +# UPGRADE NEXTCLOUD +#================================================= +ynh_script_progression "Upgrading $app..." - # Set write access for the following commands - chown -R $app:www-data "$install_dir" - # Print the current version number of Nextcloud - exec_occ -V +# Set write access for the following commands +chown -R $app:www-data "$install_dir" +# Print the current version number of Nextcloud +exec_occ -V - if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then - db_pwd=$(ynh_app_setting_get --key=db_pwd) - # Change your databases character set and collation - ynh_mysql_db_shell <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" - # Set the mysql.utf8mb4 config to true in config.php - exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" - exec_occ maintenance:repair - fi +# Upgrade may fail if this app is enabled +# Take all apps enabled, and check if mail is one of them +# Then temporary disable the mail app +mail_app_must_be_reactived=0 - # Upgrade may fail if this app is enabled - # Take all apps enabled, and check if mail is one of them - # Then temporary disable the mail app - mail_app_must_be_reactived=0 +if exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w mail; then + exec_occ app:disable mail + mail_app_must_be_reactived=1 +fi + +# While the current version is not the last version, do an upgrade +while [ "$last_version" != "$current_version" ] +do - if exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w mail; then - exec_occ app:disable mail - mail_app_must_be_reactived=1 + next_major_version="$(( $current_major_version + 1 ))" + if [[ "$next_major_version" -ge "$last_major_version" ]]; then + ynh_print_info "Upgrading to Nextcloud $last_version" + source_id="main" + else + ynh_print_info "Upgrading to Nextcloud $next_major_version" + source_id="$next_major_version" fi - # While the current version is not the last version, do an upgrade - while [ "$last_version" != "$current_version" ] - do + # Create a temporary directory + tmpdir="${install_dir}__tmp_upgrade" - next_major_version="$(( $current_major_version + 1 ))" - if [[ "$next_major_version" -ge "$last_major_version" ]]; then - ynh_print_info "Upgrading to Nextcloud $last_version" - source_id="main" - else - ynh_print_info "Upgrading to Nextcloud $next_major_version" - source_id="$next_major_version" - fi + ynh_setup_source --dest_dir="$tmpdir" --source_id="$source_id" + + # Backup the config file in the temp dir + cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php" - # Create a temporary directory - tmpdir="${install_dir}__tmp_upgrade" - - ynh_setup_source --dest_dir="$tmpdir" --source_id="$source_id" - - # Backup the config file in the temp dir - cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php" - - # Enable maintenance mode - exec_occ maintenance:mode --on - - # Backup 3rd party applications from the current Nextcloud - # But do not overwrite if there is any upgrade - # (apps directory already exists in Nextcloud archive) - ( - cd $install_dir/apps - for nc_app_dir in */ - do - if [ ! -d "$tmpdir/apps/$nc_app_dir" ] - then - cp -a "$nc_app_dir" "$tmpdir/apps/$nc_app_dir" - fi - done - ) - - # Replace the old Nextcloud by the new one - ynh_safe_rm "$install_dir" - mv "$tmpdir" "$install_dir" - - # Set write access for the following commands - chown -R $app:www-data "$install_dir" - # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) - exec_occ maintenance:mode --off - exec_occ upgrade || [ $? -eq 3 ] || ynh_die "Unable to upgrade $app" - - # Get the new current version number - current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) - current_major_version=${current_version%%.*} - - # Print the current version number of Nextcloud - exec_occ -V + # Enable maintenance mode + exec_occ maintenance:mode --on + + # Backup 3rd party applications from the current Nextcloud + # But do not overwrite if there is any upgrade + # (apps directory already exists in Nextcloud archive) + ( + cd $install_dir/apps + for nc_app_dir in */ + do + if [ ! -d "$tmpdir/apps/$nc_app_dir" ] + then + cp -a "$nc_app_dir" "$tmpdir/apps/$nc_app_dir" + fi done + ) - exec_occ db:add-missing-indices -n - exec_occ db:add-missing-columns -n - exec_occ db:add-missing-primary-keys -n - exec_occ db:convert-filecache-bigint -n + # Replace the old Nextcloud by the new one + ynh_safe_rm "$install_dir" + mv "$tmpdir" "$install_dir" - #================================================= - # CONFIGURE NEXTCLOUD - #================================================= - ynh_script_progression "Reconfiguring $app..." + # Set write access for the following commands + chown -R $app:www-data "$install_dir" + # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) + exec_occ maintenance:mode --off + exec_occ upgrade || [ $? -eq 3 ] || ynh_die "Unable to upgrade $app" - # Verify the checksum and backup the file if it's different - ynh_backup_if_checksum_is_different "$install_dir/config/config.php" + # Get the new current version number + current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) + current_major_version=${current_version%%.*} - nc_conf="${install_dir}/config.json" - ynh_config_add --template="config.json" --destination="$nc_conf" + # Print the current version number of Nextcloud + exec_occ -V +done - # Reneable the mail app - if [ $mail_app_must_be_reactived -eq 1 ]; then - exec_occ app:enable mail - fi +exec_occ db:add-missing-indices -n +exec_occ db:add-missing-columns -n +exec_occ db:add-missing-primary-keys -n +exec_occ db:convert-filecache-bigint -n - # Ensure that UpdateNotification app is disabled - exec_occ app:disable updatenotification +#================================================= +# CONFIGURE NEXTCLOUD +#================================================= +ynh_script_progression "Reconfiguring $app..." - # Enable LDAP plugin - exec_occ app:enable user_ldap +# Verify the checksum and backup the file if it's different +ynh_backup_if_checksum_is_different "$install_dir/config/config.php" - # Update all installed apps - exec_occ app:update --all +nc_conf="${install_dir}/config.json" +ynh_config_add --template="config.json" --destination="$nc_conf" - # move the logs from the data_dir to the standard /var/log - # it would be better in the ENSURE DOWNWARD COMPATIBILITY section - # but it must be after the exec_occ() definition, so it's here - if [ -f "$data_dir/data/nextcloud.log" ]; then - mkdir -p "/var/log/$app" - chmod 750 "/var/log/$app" - mv "$data_dir"/data/nextcloud.log* "/var/log/$app" - # adapt the nextcloud config - exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" - fi +# Reneable the mail app +if [ $mail_app_must_be_reactived -eq 1 ]; then + exec_occ app:enable mail +fi - # Load the config file in nextcloud - exec_occ config:import "$nc_conf" +# Ensure that UpdateNotification app is disabled +exec_occ app:disable updatenotification - # Then remove the config file - ynh_safe_rm "$nc_conf" +# Enable LDAP plugin +exec_occ app:enable user_ldap - #================================================= - # ALLOW USERS TO DISCONNECT FROM NEXTCLOUD - #================================================= +# Update all installed apps +exec_occ app:update --all - # Add dynamic logout URL to the config - url_base64="$(echo -n "https://$domain$path" | base64)" - old_logout_url="https://$(cat /etc/yunohost/current_host)/yunohost/sso/?action=logout" - current_logout_url="$(exec_occ config:system:get logout_url 2> /dev/null)" - if [[ "$current_logout_url" == "${old_logout_url}" ]] || [[ "$current_logout_url" == "" ]] - then - echo " - //-YunoHost- - // set logout_url according to main domain - \$main_domain = file_get_contents('/etc/yunohost/current_host'); - \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}'; - //-YunoHost- - " >> "$install_dir/config/config.php" - fi +# move the logs from the data_dir to the standard /var/log +# it would be better in the ENSURE DOWNWARD COMPATIBILITY section +# but it must be after the exec_occ() definition, so it's here +if [ -f "$data_dir/data/nextcloud.log" ]; then + mkdir -p "/var/log/$app" + chmod 750 "/var/log/$app" + mv "$data_dir"/data/nextcloud.log* "/var/log/$app" + # adapt the nextcloud config + exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" +fi - #================================================= - # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS - #================================================= - - exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" - - #================================================= - # MOUNT HOME FOLDERS AS EXTERNAL STORAGE - #================================================= - - # Enable External Storage and create local mount to home folder as needed - if [ $user_home -eq 1 ]; then - exec_occ app:enable files_external - exec_occ files_external:list --output=json \ - | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \ - || create_external_storage "/home/\$user" "Home" - # Iterate over users to extend their home folder permissions - for u in $(ynh_user_list); do - setfacl --modify g:$app:rwx "/home/$u" || true - done - fi +# Load the config file in nextcloud +exec_occ config:import "$nc_conf" + +# Then remove the config file +ynh_safe_rm "$nc_conf" - #================================================= - # STORE THE CHECKSUM OF THE CONFIG FILE - #================================================= +# Occasionally new mimetypes are added to better handle certain file types. +# Migrating the mimetypes take a long time on larger instances +# so this is not done automatically during upgrades. +exec_occ maintenance:repair --include-expensive - # Calculate and store the config file checksum into the app settings - ynh_store_file_checksum "${install_dir}/config/config.php" +#================================================= +# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD +#================================================= + +# Add dynamic logout URL to the config +url_base64="$(echo -n "https://$domain$path" | base64)" +old_logout_url="https://$(cat /etc/yunohost/current_host)/yunohost/sso/?action=logout" +current_logout_url="$(exec_occ config:system:get logout_url 2> /dev/null)" +if [[ "$current_logout_url" == "${old_logout_url}" ]] || [[ "$current_logout_url" == "" ]] +then + echo " +//-YunoHost- +// set logout_url according to main domain +\$main_domain = file_get_contents('/etc/yunohost/current_host'); +\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}'; +//-YunoHost- + " >> "$install_dir/config/config.php" fi +#================================================= +# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS +#================================================= + +exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" + +#================================================= +# MOUNT HOME FOLDERS AS EXTERNAL STORAGE +#================================================= + +# Enable External Storage and create local mount to home folder as needed +if [ $user_home -eq 1 ]; then + exec_occ app:enable files_external + exec_occ files_external:list --output=json \ + | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \ + || create_external_storage "/home/\$user" "Home" + # Iterate over users to extend their home folder permissions + for u in $(ynh_user_list); do + setfacl --modify g:$app:rwx "/home/$u" || true + done +fi + +#================================================= +# STORE THE CHECKSUM OF THE CONFIG FILE +#================================================= + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "${install_dir}/config/config.php" + #================================================= # REGEN PERMISSIONS #================================================= @@ -374,7 +398,6 @@ then ynh_config_add --template="notify_push.conf" --destination="$nginx_extra_conf_dir/notify_push.conf" fi -# Create a dedicated NGINX config ynh_config_add_nginx #================================================= @@ -424,7 +447,6 @@ ynh_config_add_logrotate # FAIL2BAN #================================================= -# Create a dedicated Fail2Ban config ynh_config_add_fail2ban --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" #=================================================