--- /dev/null
+#!/bin/bash
+
+if [[ -s /usr/local/lib/err ]]; then
+ source /usr/local/lib/err
+else
+ exit 1
+fi
+
+
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { printf "$pre %s\n" "$*" >&2; exit 1; }
+i() { # install file
+ local tmp tmpdir dest="$1"
+ local base="${dest##*/}"
+ local dir="${dest%/*}"
+ if [[ $dir != "$base" ]]; then
+ # dest has a directory component
+ mkdir -p "$dir"
+ fi
+ ir=false # i result
+ tmpdir=$(mktemp -d)
+ cat >$tmpdir/"$base"
+ tmp=$(rsync -ic $tmpdir/"$base" "$dest")
+ if [[ $tmp ]]; then
+ printf "%s\n" "$tmp"
+ ir=true
+ if [[ $dest == /etc/systemd/system/* ]]; then
+ touch /var/local/mail-setup-reload
+ reload=true
+ fi
+ fi
+ rm -rf $tmpdir
+}
+setini() {
+ key="$1" value="$2" section="$3"
+ file="/etc/radicale/config"
+ sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*${key}[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
+}
+soff () {
+ for service; do
+ # ignore services that dont exist
+ if systemctl cat $service &>/dev/null; then
+ m systemctl disable --now $service
+ fi
+ done
+}
+sre() {
+ for service; do
+ m systemctl restart $service
+ m systemctl enable $service;
+ done
+}
+
+
+ncdir=/var/www/ncfsf
+myncdir=/root/ncfsf
+ncbase=${ncdir##*/}
+mkdir $myncdir
+domain=boardfiles.fsf.org
+
+apt-get -y install php-zip apache2 php-fpm
+
+fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
+phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
+m a2enconf $fpm
+# 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading
+# /etc/apache2/conf-enabled/php7.3-fpm.conf
+# However, on t11,
+# ERROR: Module php8.1 does not exist. just allow it to fail
+m a2dismod php$phpver ||:
+
+# php with fpm doesnt work without this
+m a2enmod proxy_fcgi
+
+
+
+m web-conf - apache2 $domain <<EOF
+### begin nextcloud settings
+Alias /nextcloud "$ncdir/"
+<Directory $ncdir/>
+ Require all granted
+ AllowOverride All
+ Options FollowSymLinks MultiViews
+
+ <IfModule mod_dav.c>
+ Dav off
+ </IfModule>
+
+</Directory>
+
+# based on install checker, links to
+# https://docs.nextcloud.com/server/19/admin_manual/issues/general_troubleshooting.html#service-discovery
+# their example was a bit wrong, I figured it out by adding
+# LogLevel warn rewrite:trace5
+# then watching the apache logs
+
+RewriteEngine on
+RewriteRule ^/\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
+RewriteRule ^/\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
+RewriteRule ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
+### end nextcloud settings
+EOF
+
+
+i /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF'
+apc.enable_cli = 1
+EOF
+
+
+i /etc/php/$phpver/fpm/conf.d/30-local.ini <<'EOF'
+date.timezone = "America/New_York"
+# for nextcloud
+upload_max_filesize = 2000M
+post_max_size = 2000M
+# install checker, nextcloud/settings/admin/overview
+memory_limit = 512M
+EOF
+
+m systemctl restart $fpm
+
+# some of these are based on errors later on.
+m apt-get -y install php-curl php-bz2 php-gmp php-bcmath php-imagick php-apcu php-mbstring php-xml php-gd sqlite3 php-sqlite3
+
+# https://docs.nextcloud.com/server/19/admin_manual/installation/source_installation.html
+cat >/etc/php/$phpver/fpm/pool.d/localwww.conf <<'EOF'
+[www]
+clear_env = no
+EOF
+
+
+
+nextcloud_admin_pass=casHiosidZyFraycs
+
+m cd /var/www
+if [[ ! -e $ncdir/index.php ]]; then
+ # if we wanted to only install a specific version, use something like
+ # file=latest-22.zip
+ file=latest.zip
+ m wget -nv -N https://download.nextcloud.com/server/releases/$file
+ m rm -rf nextcloud
+ m unzip -q $file
+ m rm -f $file
+ m chown -R www-data.www-data nextcloud
+ m mv nextcloud $ncdir
+fi
+
+if [[ ! -e $myncdir/done-install ]]; then
+ m cd $ncdir
+ m sudo -u www-data php occ maintenance:install --database sqlite --admin-user iank --admin-pass $nextcloud_admin_pass
+ m touch $myncdir/done-install
+fi
+
+# note, strange this happend where updater did not increment the version var,
+# mine was stuck on 20. I manually updated it.
+m cd $ncdir/config
+if [[ ! -e $myncdir/config.php-orig ]]; then
+ m cp -a config.php $myncdir/config.php-orig
+fi
+cat $myncdir/config.php-orig - >$myncdir/tmp.php <<EOF
+# https://docs.nextcloud.com/server/19/admin_manual/configuration_server/email_configuration.html
+\$CONFIG["mail_smtpmode"] = "sendmail";
+\$CONFIG["mail_smtphost"] = "127.0.0.1";
+\$CONFIG["mail_smtpport"] = 25;
+\$CONFIG["mail_smtptimeout"] = 10;
+\$CONFIG["mail_smtpsecure"] = "";
+\$CONFIG["mail_smtpauth"] = false;
+\$CONFIG["mail_smtpauthtype"] = "LOGIN";
+\$CONFIG["mail_smtpname"] = "";
+\$CONFIG["mail_smtppassword"] = "";
+\$CONFIG["mail_domain"] = "$domain";
+
+
+# based on installer check
+# https://docs.nextcloud.com/server/19/admin_manual/configuration_server/caching_configuration.html
+\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
+
+\$CONFIG['overwrite.cli.url'] = 'https://$domain/nextcloud';
+\$CONFIG['htaccess.RewriteBase'] = '/nextcloud';
+\$CONFIG['trusted_domains'] = array (
+ 0 => '$domain',
+ );
+#\$CONFIG[''] = '';
+fwrite(STDOUT, "<?php\n\\\$CONFIG = ");
+var_export(\$CONFIG);
+fwrite(STDOUT, ";\n");
+EOF
+e running php $myncdir/tmp.php
+# note: we leave it around place for debugging
+php $myncdir/tmp.php >config.php
+cd $ncdir
+m sudo -u www-data php occ maintenance:update:htaccess
+i /etc/systemd/system/$ncbase.service <<EOF
+[Unit]
+Description=ncup $ncbase
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/ncup $ncbase
+User=www-data
+IOSchedulingClass=idle
+CPUSchedulingPolicy=idle
+EOF
+i /etc/systemd/system/$ncbase.timer <<EOF
+[Unit]
+Description=ncup $ncbase timer
+
+[Timer]
+OnCalendar=Daily
+
+[Install]
+WantedBy=timers.target
+EOF
+systemctl enable --now $ncbase.timer
+i /usr/local/bin/ncup <<'EOFOUTER'
+#!/bin/bash
+
+source /usr/local/lib/err
+
+m() { printf "%s\n" "$*"; "$@"; }
+err-cleanup() {
+ echo failed nextcloud update for $ncbase >&2
+ # -odf or else systemd will kill the background delivery process
+ # and the message will sit in the queue until the next queue run.
+ exim -odf -t <<EOF
+To: alerts@iankelling.org
+From: www-data@$(hostname -f)
+Subject: failed nextcloud update for $ncbase
+
+For logs, run: jr -u $ncbase
+EOF
+}
+
+if [[ $(id -u -n) != www-data ]]; then
+ echo error: running as wrong user: $(id -u -n), expected www-data
+ exit 1
+fi
+
+if [[ ! $1 ]]; then
+ echo error: expected an arg, nextcloud relative base dir
+ exit 1
+fi
+
+ncbase=$1
+cd /var/www/$ncbase
+# https://docs.nextcloud.com/server/22/admin_manual/maintenance/update.html?highlight=updater+phar
+m php /var/www/$ncbase/updater/updater.phar -n
+EOFOUTER
+chmod +x /usr/local/bin/ncup
+
+mkdir -p /var/www/cron-errors
+chown www-data.www-data /var/www/cron-errors
+i /etc/cron.d/$ncbase <<EOF
+PATH=/usr/sbin:/sbin:/usr/bin:/bin:/usr/local/bin
+SHELL=/bin/bash
+# https://docs.nextcloud.com/server/20/admin_manual/configuration_server/background_jobs_configuration.html
+*/5 * * * * www-data php -f $ncdir/cron.php --define apc.enable_cli=1 |& log-once nccron
+EOF
+
+if $reload; then
+ m systemctl daemon-reload
+fi