iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
host info updates
[distro-setup] / nextcloud-setup
1 #!/bin/bash
2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
7 # its license to GPL.
8
9 # Copyright 2024 Ian Kelling
10
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
14
15 # http://www.apache.org/licenses/LICENSE-2.0
16
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
22
23
24 set -e; . /usr/local/lib/bash-bear; set +e
25
26
27 pre="${0##*/}:"
28 m() { printf "$pre %s\n" "$*"; "$@"; }
29 e() { printf "$pre %s\n" "$*"; }
30 err() { printf "$pre %s\n" "$*" >&2; exit 1; }
31 i() { # install file
32 local tmp tmpdir dest="$1"
33 local base="${dest##*/}"
34 local dir="${dest%/*}"
35 if [[ $dir != "$base" ]]; then
36 # dest has a directory component
37 mkdir -p "$dir"
38 fi
39 ir=false # i result
40 tmpdir=$(mktemp -d)
41 cat >$tmpdir/"$base"
42 tmp=$(rsync -ic $tmpdir/"$base" "$dest")
43 if [[ $tmp ]]; then
44 printf "%s\n" "$tmp"
45 # shellcheck disable=SC2034
46 ir=true
47 if [[ $dest == /etc/systemd/system/* ]]; then
48 touch /var/local/mail-setup-reload
49 reload=true
50 fi
51 fi
52 rm -rf $tmpdir
53 }
54 setini() {
55 key="$1" value="$2" section="$3"
56 file="/etc/radicale/config"
57 sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*${key}[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
58 }
59 soff () {
60 for service; do
61 # ignore services that dont exist
62 if systemctl cat $service &>/dev/null; then
63 m systemctl disable --now $service
64 fi
65 done
66 }
67 sre() {
68 for service; do
69 m systemctl restart $service
70 m systemctl enable $service;
71 done
72 }
73
74
75 ncdir=/var/www/ncfsf
76 myncdir=/root/ncfsf
77 ncbase=${ncdir##*/}
78 mkdir $myncdir
79 domain=boardfiles.fsf.org
80
81 apt-get -y install php-zip apache2 php-fpm
82
83 fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
84 phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
85 m a2enconf $fpm
86 # 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading
87 # /etc/apache2/conf-enabled/php7.3-fpm.conf
88 # However, on t11,
89 # ERROR: Module php8.1 does not exist. just allow it to fail
90 m a2dismod php$phpver ||:
91
92 # php with fpm doesnt work without this
93 m a2enmod proxy_fcgi
94
95
96 cedit /etc/php/$phpver/fpm/php.ini <<'EOF'
97
98 # fixes warning on /settings/admin/overview about 8 being too small.
99 opcache.interned_strings_buffer=64
100
101 # while I was googling for what to set the above to, I found a
102 #recommendation to increase this from 128 to 512, and we set 512 somewhere
103 # else in the config.
104 opcache.memory_consumption=512
105 EOF
106
107 # https://docs.nextcloud.com/server/29/admin_manual/installation/source_installation.html
108 sed -ri 's/;env\[(HOSTNAME|PATH|TMP|TMPDIR|TEMP)\]/env[\1]/' /etc/php/8.1/fpm/pool.d/www.conf
109
110 # yes, it is a bit stupid to uncomment then change it
111 sed -ri 's,^env\[PATH\] =.*,env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin,' /etc/php/8.1/fpm/pool.d/www.conf
112
113 /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
114
115 m web-conf - apache2 $domain <<EOF
116 ### begin nextcloud settings
117 Alias /nextcloud "$ncdir/"
118 <Directory $ncdir/>
119 Require all granted
120 AllowOverride All
121 Options FollowSymLinks MultiViews
122
123 <IfModule mod_dav.c>
124 Dav off
125 </IfModule>
126
127 </Directory>
128
129 # based on install checker, links to
130 # https://docs.nextcloud.com/server/19/admin_manual/issues/general_troubleshooting.html#service-discovery
131 # their example was a bit wrong, I figured it out by adding
132 # LogLevel warn rewrite:trace5
133 # then watching the apache logs
134
135 RewriteEngine on
136 RewriteRule ^/\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
137 RewriteRule ^/\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
138 RewriteRule ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
139 ### end nextcloud settings
140 EOF
141
142
143 i /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF'
144 apc.enable_cli = 1
145 EOF
146
147
148 i /etc/php/$phpver/fpm/conf.d/30-local.ini <<'EOF'
149 date.timezone = "America/New_York"
150 # for nextcloud
151 upload_max_filesize = 2000M
152 post_max_size = 2000M
153 # install checker, nextcloud/settings/admin/overview
154 memory_limit = 512M
155 EOF
156
157 m systemctl restart $fpm
158
159 # some of these are based on errors later on.
160 m apt-get -y install php-curl php-bz2 php-gmp php-bcmath php-imagick php-apcu php-mbstring php-xml php-gd sqlite3 php-sqlite3
161
162 # https://docs.nextcloud.com/server/19/admin_manual/installation/source_installation.html
163 cat >/etc/php/$phpver/fpm/pool.d/localwww.conf <<'EOF'
164 [www]
165 clear_env = no
166 EOF
167
168
169
170 nextcloud_admin_pass=$(tail -n1 /p/c/nextcloud-admin-pass)
171
172 m cd /var/www
173 if [[ ! -e $ncdir/index.php ]]; then
174 # if we wanted to only install a specific version, use something like
175 # file=latest-22.zip
176 file=latest.zip
177 m wget -nv -N https://download.nextcloud.com/server/releases/$file
178 m rm -rf nextcloud
179 m unzip -q $file
180 m rm -f $file
181 m chown -R www-data.www-data nextcloud
182 m mv nextcloud $ncdir
183 fi
184
185 if [[ ! -e $myncdir/done-install ]]; then
186 m cd $ncdir
187 m sudo -u www-data php occ maintenance:install --database sqlite --admin-user iank --admin-pass $nextcloud_admin_pass
188 m touch $myncdir/done-install
189 fi
190
191 # note, strange this happend where updater did not increment the version var,
192 # mine was stuck on 20. I manually updated it.
193 m cd $ncdir/config
194 if [[ ! -e $myncdir/config.php-orig ]]; then
195 m cp -a config.php $myncdir/config.php-orig
196 fi
197 cat $myncdir/config.php-orig - >$myncdir/tmp.php <<EOF
198 # https://docs.nextcloud.com/server/19/admin_manual/configuration_server/email_configuration.html
199 \$CONFIG["mail_smtpmode"] = "sendmail";
200 \$CONFIG["mail_smtphost"] = "127.0.0.1";
201 \$CONFIG["mail_smtpport"] = 25;
202 \$CONFIG["mail_smtptimeout"] = 10;
203 \$CONFIG["mail_smtpsecure"] = "";
204 \$CONFIG["mail_smtpauth"] = false;
205 \$CONFIG["mail_smtpauthtype"] = "LOGIN";
206 \$CONFIG["mail_smtpname"] = "";
207 \$CONFIG["mail_smtppassword"] = "";
208 \$CONFIG["mail_domain"] = "$domain";
209
210
211 # based on installer check
212 # https://docs.nextcloud.com/server/19/admin_manual/configuration_server/caching_configuration.html
213 \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
214
215 \$CONFIG['overwrite.cli.url'] = 'https://$domain/nextcloud';
216 \$CONFIG['htaccess.RewriteBase'] = '/nextcloud';
217 \$CONFIG['trusted_domains'] = array (
218 0 => '$domain',
219 );
220 #\$CONFIG[''] = '';
221 fwrite(STDOUT, "<?php\n\\\$CONFIG = ");
222 var_export(\$CONFIG);
223 fwrite(STDOUT, ";\n");
224 EOF
225 e running php $myncdir/tmp.php
226 # note: we leave it around place for debugging
227 php $myncdir/tmp.php >config.php
228 cd $ncdir
229 m sudo -u www-data php occ maintenance:update:htaccess
230 i /etc/systemd/system/$ncbase.service <<EOF
231 [Unit]
232 Description=ncup $ncbase
233 After=multi-user.target
234
235 [Service]
236 Type=oneshot
237 ExecStart=/usr/local/bin/ncup $ncbase
238 User=www-data
239 IOSchedulingClass=idle
240 CPUSchedulingPolicy=idle
241 EOF
242 i /etc/systemd/system/$ncbase.timer <<EOF
243 [Unit]
244 Description=ncup $ncbase timer
245
246 [Timer]
247 OnCalendar=Daily
248
249 [Install]
250 WantedBy=timers.target
251 EOF
252 systemctl enable --now $ncbase.timer
253 i /usr/local/bin/ncup <<'EOFOUTER'
254 #!/bin/bash
255
256 set -e; . /usr/local/lib/bash-bear; set +e
257
258 m() { printf "%s\n" "$*"; "$@"; }
259 err-cleanup() {
260 echo failed nextcloud update for $ncbase >&2
261 # -odf or else systemd will kill the background delivery process
262 # and the message will sit in the queue until the next queue run.
263 exim -odf -t <<EOF
264 To: alerts@iankelling.org
265 From: www-data@$(hostname -f)
266 Subject: failed nextcloud update for $ncbase
267
268 For logs, run: jr -u $ncbase
269 EOF
270 }
271
272 if [[ $(id -u -n) != www-data ]]; then
273 echo error: running as wrong user: $(id -u -n), expected www-data
274 exit 1
275 fi
276
277 if [[ ! $1 ]]; then
278 echo error: expected an arg, nextcloud relative base dir
279 exit 1
280 fi
281
282 ncbase=$1
283 cd /var/www/$ncbase
284 # https://docs.nextcloud.com/server/22/admin_manual/maintenance/update.html?highlight=updater+phar
285 m php /var/www/$ncbase/updater/updater.phar -n
286 EOFOUTER
287 chmod +x /usr/local/bin/ncup
288
289 mkdir -p /var/www/cron-errors
290 chown www-data.www-data /var/www/cron-errors
291 i /etc/cron.d/$ncbase <<EOF
292 PATH=/usr/sbin:/sbin:/usr/bin:/bin:/usr/local/bin
293 SHELL=/bin/bash
294 # https://docs.nextcloud.com/server/20/admin_manual/configuration_server/background_jobs_configuration.html
295 */5 * * * * www-data php -f $ncdir/cron.php --define apc.enable_cli=1 |& log-once nccron
296 EOF
297
298 if $reload; then
299 m systemctl daemon-reload
300 fi
~16k lines of my .bashrc + lots of my configs