Merge branch '24.0.10' into 'master' (3bbf749c) · Commits · e / infra / ecloud-selfhosting

README.md

+2 −4

Original line number	Diff line number	Diff line
		@@ -42,9 +42,9 @@ Systemd is required to handle the database backup scripts.

		### Create an Ubuntu server instance

		The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server...) version 20.04
		The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server...) version 22.04 latest LTS (Ubuntu 20.04 & 18.04 supported too)

		Debian stable 11 works as well, it has been tested, but only once yet (more to come).
		Installation on Debian Bullseye (11) stable works as well.

		Suggestions include (non-exhaustive list):
		- [Hetzner](https://www.hetzner.com/cloud)
		@@ -80,8 +80,6 @@ In the following text, `$DOMAIN` refers to the domain (`youdomain.com`) that you

		Login to the server via ssh as root (on Linux/macOS the ssh client is available out of the box, on Windows you need to use an ssh client like [Putty](https://www.putty.org/) for example).

		- Please note that for Ubuntu 20.04+, you will have to add the repository for "SaltStack" using the [instructions](https://repo.saltproject.io/#ubuntu)

		Execute these commands and follow the on-screen instructions:

		```

scripts/bootstrap.sh

+48 −0

Original line number	Diff line number	Diff line
		#!/bin/bash

		# Install latest salt repo for ubuntu / debian from salt repo
		LINUX_VERSION=$(lsb_release -is)
		LINUX_RELEASE=$(lsb_release -rs)
		case $LINUX_VERSION in
		Ubuntu)
		echo "Ubuntu detected"
		case $LINUX_RELEASE in
		22.04)
		curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg
		echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" \| tee /etc/apt/sources.list.d/salt.list
		;;
		20.04)
		curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg
		echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" \| tee /etc/apt/sources.list.d/salt.list
		;;
		18.04)
		curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3004/salt-archive-keyring.gpg
		echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3004 bionic main" \| tee /etc/apt/sources.list.d/salt.list
		;;
		*)
		# other ubuntu version, keep salt-minion from original repo
		;;
		esac
		;;
		Debian)
		echo "Debian detected"
		case $LINUX_RELEASE in
		11)
		curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/3004/salt-archive-keyring.gpg
		echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3004 bullseye main" \| tee /etc/apt/sources.list.d/salt.list
		# install apparmor as needed for docker
		apt install apparmor
		;;
		10)
		curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/10/amd64/3004/salt-archive-keyring.gpg
		echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/10/amd64/3004 buster main" \| tee /etc/apt/sources.list.d/salt.list
		;;
		*)
		# other debian version, keep salt-minion from original repo
		;;
		esac
		;;
		*)
		# other linux version
		;;
		esac


		################################################################################
		apt-get update && apt install -y --asume-yes true git salt-minion
		################################################################################

scripts/init-repo.sh

+4 −2

Original line number	Diff line number	Diff line
		@@ -138,7 +138,9 @@ do
		done

		# Verify DOMAIN lookup forward and reverse (very important)
		IP=$(dig mail.$DOMAIN\| grep mail.$DOMAIN \| grep -v '^;' \| awk '{ print $NF }')
		# get the AUTHORITATIVE name server for the domain, best to trust
		DNS_AUTHORITATIVE=$(dig NS $DOMAIN +short \| head -n 1)
		IP=$(dig @$DNS_AUTHORITATIVE mail.$DOMAIN +short)

		if [ -z "$IP" ]
		then
		@@ -175,7 +177,7 @@ fi

		# create nextcloud config
		mkdir -p /mnt/repo-base/volumes/nextcloud/{html,data,log}
		mkdir "/mnt/repo-base/volumes/nextcloud/html/config/"
		mkdir -p "/mnt/repo-base/volumes/nextcloud/html/config/"
		cat /mnt/repo-base/templates/nextcloud/config.php \| sed "s/@@@DOMAIN@@@/$DOMAIN/g" \| \
		sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" \| sed "s/@@@PFDB_DB@@@/$PFDB_DB/g" \| \
		sed "s/@@@ECLOUD_ACCOUNTS_SECRET@@@/$ECLOUD_ACCOUNTS_SECRET/g" \| \

scripts/postinstall.sh

+30 −9

Original line number	Diff line number	Diff line
		@@ -32,7 +32,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ backgroun
		# add crontab on the server to run cron.php every 5 minutes
		crontab -l \| {
		cat
		echo "/5 * * * cd /mnt/repo-base && /usr/bin/docker-compose exec -T -u www-data nextcloud php -f /var/www/html/cron.php 2>&1 \| /usr/bin/logger -t NC_CRON"
		echo "/5 * * * cd /mnt/repo-base && /usr/bin/docker-compose exec -T -u www-data nextcloud php --define apc.enable_cli=1 -f /var/www/html/cron.php 2>&1 \| /usr/bin/logger -t NC_CRON"
		} \| crontab -

		# Update theme
		@@ -42,21 +42,24 @@ echo "Enabling nextcloud apps"
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable calendar
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable notes
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable user_backend_sql_raw
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable rainloop
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable snappymail
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable quota_warning
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable contacts
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable news
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable email-recovery
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-accounts
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-theme-helper
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-dashboard
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable murena_launcher
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable firstrunwizard
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set snappymail snappymail-autologin-with-email --value 1
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install tasks
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install drop_account

		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set integrity.check.disabled --value='true' --type=boolean

		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set defaultapp --value "ecloud-dashboard,files"

		echo "Installing custom ecloud drop account plugin"
		# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud-accounts plugin
		docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"
		@@ -71,14 +74,26 @@ docker-compose exec -T --user www-data nextcloud php occ maintenance:mode --off
		echo "Restarting Nextcloud container"
		docker-compose restart nextcloud

		echo "Configuring Rainloop"
		mkdir -p "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/"
		echo "Configuring Snappymail"
		mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/"
		# Disable all existing domains
		echo -n "*," > /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/disabled
		basename -s .json /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/* \| tr "\n" "," >> /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/disabled

		# Add all our domains
		echo "$ADD_DOMAINS" \| tr "," "\n" \| while read add_domain; do
		cp "templates/rainloop/domain-config.ini" "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/$add_domain.ini"
		cp "templates/snappymail/domain-config.json" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json"
		sed -i "s/@@@DOMAIN@@@/$DOMAIN/g" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json"
		done

		mkdir "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/configs/"
		cat templates/rainloop/application.ini \| sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/configs/application.ini"
		mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/"
		cat templates/snappymail/application.ini \| sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/application.ini"

		# Get SnappyMail to regenerate a random admin password
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable snappymail
		sleep 5
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable snappymail


		chown www-data:www-data /mnt/repo-base/volumes/nextcloud/ -R

		@@ -127,12 +142,18 @@ systemctl enable mariadb-nc-backup.timer
		systemctl enable mariadb-pf-backup.timer
		echo "==> please read docs/SQL_backups.md to start SQL backups"

		# display DKIM DNS setup info/instructions to the user
		# display DKIM/DMARC/SPF DNS setup info/instructions to the user
		echo -e "\n\n\n"
		echo -e "Please add the following records to your domain's DNS configuration:\n"
		find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d \| while read line; do
		DOMAIN=$(basename $line)
		DNS_AUTHORITATIVE=$(dig NS $DOMAIN +short \| head -n 1)
		IP=$(dig @$DNS_AUTHORITATIVE mail.$DOMAIN +short)
		echo " - DKIM record (TXT) for $DOMAIN:" && sed $'N;s/"\\n\t"//g' $line/mail.public.key
		echo " - DMARC record (TXT) for $DOMAIN:"
		echo "_dmarc IN TXT 'v=DMARC1;p=reject;sp=reject;pct=100;rua=mailto:postmaster@$DOMAIN;ri=86400;aspf=r;adkim=r;fo=1'"
		echo " - SPF record (TXT) for $DOMAIN:"
		echo "@ IN TXT 'v=spf1 a ip4:$IP ~all'"
		done

		echo "================================================================================================================================="

templates/docker-compose/docker-compose.yml

+4 −3

Original line number	Diff line number	Diff line
		@@ -2,7 +2,7 @@ version: '3'

		services:
		mailserver:
		image: mailserver2/mailserver:1.1.12
		image: mailserver2/mailserver:1.1.13
		container_name: mailserver
		domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}.
		hostname: mail
		@@ -124,9 +124,10 @@ services:
		- /mnt/repo-base/config/welcome/apache2/remoteip.conf:/etc/apache2/conf-available/remoteip.conf
		extra_hosts:
		- "${DOMAIN}:${NC_HOST_IP}"
		- "mail.${DOMAIN}:${NC_HOST_IP}"

		nextcloud:
		image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:24-0-8-7
		image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-24-0-10
		container_name: nextcloud
		restart: always
		networks:
		@@ -167,7 +168,7 @@ services:
		- /mnt/repo-base/config/automx/automx.conf:/etc/automx.conf

		nginx:
		image: nginx:1.20-alpine
		image: nginx:stable-alpine
		container_name: nginx
		restart: unless-stopped
		networks: