diff --git a/.env.example b/.env.example index 173b7162e8c9032cf8c8a2d6dc901b71e2627e4f..79de30b21285b1af31511dcb008b159ce468da07 100644 --- a/.env.example +++ b/.env.example @@ -26,4 +26,4 @@ NEXTCLOUD_DOCKERFILE=slim.Dockerfile NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=@dm1n -NEXTCLOUD_TRUSTED_DOMAINS=localhost 192.168.0.1 +NEXTCLOUD_TRUSTED_DOMAINS=nginx diff --git a/config/nginx/templates/default.conf.template b/config/nginx/templates/default.conf.template index 462ee8c650ad1d526f9d9691970c8b98b02d3aa4..669f56b3f4775df391dbcdfa8d210a44abdaa484 100644 --- a/config/nginx/templates/default.conf.template +++ b/config/nginx/templates/default.conf.template @@ -25,7 +25,7 @@ server { # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; # set max upload size and increase upload timeout: client_max_body_size 512M; @@ -67,7 +67,7 @@ server { include mime.types; types { text/javascript mjs; - application/wasm wasm; + application/wasm wasm; } # Specify how to handle directories -- specifying `/index.php$request_uri` @@ -174,10 +174,4 @@ server { location / { try_files $uri $uri/ /index.php$request_uri; } - - # For the Rainloop admin message saying "data folder accessible" - # It is a false positive as seen at https://github.com/pierre-alain-b/rainloop-nextcloud/issues/62 - location ^~/apps/rainloop/app/data { - deny all; - } } diff --git a/hooks.d/post-installation/murena-config.json b/hooks.d/post-installation/murena-config.json index 4901713f5102d396a14354dd92e4fea3068a42f0..1a2b96677dbc55bac785e4a952408be312d91a91 100644 --- a/hooks.d/post-installation/murena-config.json +++ b/hooks.d/post-installation/murena-config.json @@ -1,6 +1,5 @@ { "system": { - "integrity.check.disabled": true, "profile.enabled": false, "defaultapp": "murena-dashboard,files", "theme": "eCloud", @@ -24,6 +23,7 @@ ], "preview_max_x": 1024, "preview_max_y": 1024, - "default_phone_region": "FR" + "default_phone_region": "FR", + "maintenance_window_start": 1 } } diff --git a/hooks.d/post-installation/murena-theme.sh b/hooks.d/post-installation/murena-theme.sh index 69ad70b11dfecce0262a7db58e8f135d96a6afa1..74a8082cc53cfbacd57c854b3423e6c6e9819567 100755 --- a/hooks.d/post-installation/murena-theme.sh +++ b/hooks.d/post-installation/murena-theme.sh @@ -18,9 +18,6 @@ occ app:enable murena-dashboard occ app:enable murena_launcher occ app:enable snappymail -occ app:enable suspicious_login -occ app:enable bruteforcesettings -occ app:enable twofactor_totp occ app:enable notes occ app:enable tasks occ app:enable sentry diff --git a/slim.Dockerfile b/slim.Dockerfile index 37fae74712c84e81b232514779b82cfcba430415..a45b228e11912d47bef2edcb9a4fce00dddd5e1e 100644 --- a/slim.Dockerfile +++ b/slim.Dockerfile @@ -1,123 +1,48 @@ -FROM nextcloud:29.0.14-fpm +FROM nextcloud:29.0.16-fpm ARG BASE_DIR="/usr/src/nextcloud" -ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG NOTES_VERSION="4.11.0" -ARG CONTACTS_JOB_ID="881946" -ARG CALENDAR_JOB_ID="991372" -ARG THEME_HELPER_JOB_ID="1168069" -ARG THEME_VERSION="28.0.2" -ARG LAUNCHER_JOB_ID="1168135" -ARG DASHBOARD_JOB_ID="1168115" +ARG CONTACTS_URL="https://gitlab.e.foundation/api/v4/projects/1238/packages/generic/contacts/v5.5.3+murena-20250822/contacts-v5.5.3+murena-20250822.tar.gz" +ARG CALENDAR_URL="https://gitlab.e.foundation/api/v4/projects/1199/packages/generic/calendar/v4.7.13+murena-20250822/calendar-v4.7.13+murena-20250822.tar.gz" +ARG THEME_HELPER_URL="https://gitlab.e.foundation/api/v4/projects/952/packages/generic/ecloud-theme-helper/v7.0.3/ecloud-theme-helper-v7.0.3.tar.gz" +ARG LAUNCHER_URL="https://gitlab.e.foundation/api/v4/projects/927/packages/generic/murena_launcher/v7.0.3/murena_launcher-v7.0.3.tar.gz" +ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/generic/murena-dashboard/v7.1.2/murena-dashboard-v7.1.2.tar.gz" +ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20250822/snappymail-v2.38.2+murena-20250822.tar.gz" + +ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz" ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz" ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.15.0/sentry-v8.15.0.tar.gz" -ARG SNAPPY_VERSION="2.37.2" -ARG SNAPPY_THEME_VERSION="4.0.1" + +ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v29.0.18/eCloud-v29.0.18.tar.gz" +ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz" COPY custom_entrypoint.sh / COPY hooks.d/post-installation/ /docker-entrypoint-hooks.d/post-installation/ -RUN sed -i 's/29,0,14,1/29,0,14,2/' ${BASE_DIR}/version.php -RUN rm -rf ${BASE_DIR}/core/skeleton/* \ +RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \ && mkdir -p ${BASE_DIR}/core/skeleton/Documents \ - && mkdir -p ${BASE_DIR}/core/skeleton/Images + && mkdir -p ${BASE_DIR}/core/skeleton/Images \ + && mkdir -p ${BASE_DIR}/themes/Murena # Install unzip for unzipping artifacts RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng -RUN curl -fsSL -o notes.tar.gz \ - "https://github.com/nextcloud-releases/notes/releases/download/v${NOTES_VERSION}/notes-v${NOTES_VERSION}.tar.gz" && \ - tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm notes.tar.gz; - -# custom Contact -RUN curl -fsSL -o contacts.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/contacts/-/jobs/${CONTACTS_JOB_ID}/artifacts/download" && \ - unzip contacts.zip && \ - mv dist/contacts ${BASE_DIR}/custom_apps/ && \ - rm contacts.zip; - -RUN curl -fsSL -o calendar.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/calendar/-/jobs/${CALENDAR_JOB_ID}/artifacts/download" && \ - unzip calendar.zip && \ - mv dist/calendar ${BASE_DIR}/custom_apps/ && \ - rm calendar.zip; - -RUN curl -fsSL -o ecloud-theme-helper.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/ecloud-theme-helper/-/jobs/${THEME_HELPER_JOB_ID}/artifacts/download" && \ - unzip ecloud-theme-helper.zip && \ - mv dist/ecloud-theme-helper ${BASE_DIR}/custom_apps/ && \ - rm ecloud-theme-helper.zip; - -# Custom theme -RUN rm -rf ${BASE_DIR}/themes/eCloud && \ - curl -fsSL -o eCloud-theme.tar.gz \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \ - tar -xf eCloud-theme.tar.gz -C /tmp/ && \ - mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \ - chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \ - rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/ - -RUN curl -fsSL -o murena_launcher.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/launcher/-/jobs/${LAUNCHER_JOB_ID}/artifacts/download" && \ - unzip murena_launcher.zip && \ - mv dist/murena_launcher ${BASE_DIR}/custom_apps/ && \ - rm murena_launcher.zip; - -RUN curl -fsSL -o ecloud-dashboard.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/murena-dashboard/-/jobs/${DASHBOARD_JOB_ID}/artifacts/download" && \ - unzip ecloud-dashboard.zip && \ - mv dist/murena-dashboard ${BASE_DIR}/custom_apps/ && \ - rm ecloud-dashboard.zip; - -RUN curl -fsSL -o snappymail.tar.gz \ - "https://snappymail.eu/repository/nextcloud/snappymail-${SNAPPY_VERSION}-nextcloud.tar.gz" && \ - tar -xf snappymail.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm snappymail.tar.gz; - -# Snappy theme -RUN curl -fsSL -o Murena-snappymail-theme.tar.gz \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/snappymail-theme/-/archive/${SNAPPY_THEME_VERSION}/snappymail-theme-${SNAPPY_THEME_VERSION}.tar.gz" && \ - tar -xf Murena-snappymail-theme.tar.gz -C /tmp/ && \ - mkdir -p ${BASE_DIR}/themes/Murena && \ - mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena/snappymail && \ - chown -R www-data:www-data ${BASE_DIR}/themes/Murena/ && \ - rm -rf Murena-snappymail-theme.tar.gz - -RUN bash -c "curl -sL ${TASKS_URL} | tar xzf - -C ${BASE_DIR}/custom_apps" -RUN bash -c "curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps" - - -# Patches -COPY patches/ ${TMP_PATCH_DIR}/ -RUN cd ${BASE_DIR} \ - && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch \ - && patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch \ - && patch -p1 < ${TMP_PATCH_DIR}/009-help-links.patch \ - && patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch \ - && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch \ - && patch -u ${BASE_DIR}/lib/private/Authentication/Token/PublicKeyTokenProvider.php -i ${TMP_PATCH_DIR}/013-revert-token-password-update.patch \ - && patch -p0 < ${TMP_PATCH_DIR}/015-email-mail-template.patch \ - && patch -u ${BASE_DIR}/core/Command/User/Setting.php -i ${TMP_PATCH_DIR}/018-occ-user-setting.patch \ - && patch -u ${BASE_DIR}/3rdparty/sabre/vobject/lib/ITip/Broker.php -i ${TMP_PATCH_DIR}/022-significantchange.patch \ - && patch -p0 < ${TMP_PATCH_DIR}/026-primary-color-fix.patch \ - && patch -u ${BASE_DIR}/lib/private/Template/JSResourceLocator.php -i ${TMP_PATCH_DIR}/031-theme-custom-app-translations.patch \ - && patch -u ${BASE_DIR}/lib/private/L10N/Factory.php -i ${TMP_PATCH_DIR}/032-select-lang-from-session.patch \ - && patch -p1 < ${TMP_PATCH_DIR}/036-user-config-change-event.patch \ - && patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch \ - && patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch \ - && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch \ - && patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch \ - && patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch \ - && patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch \ - && patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PATCH_DIR}/027-displayname-user-leak-dav.patch \ - && patch -u ${BASE_DIR}/apps/dav/lib/HookManager.php -i ${TMP_PATCH_DIR}/028-default-task-calendar.patch \ - && patch -u ${BASE_DIR}/apps/provisioning_api/lib/Controller/UsersController.php -i ${TMP_PATCH_DIR}/029-restrict-user-to-change-primary-email.patch \ - && patch -u ${BASE_DIR}/lib/private/Security/VerificationToken/VerificationToken.php -i ${TMP_PATCH_DIR}/033-verification-token-private.patch \ - && patch -u ${BASE_DIR}/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php -i ${TMP_PATCH_DIR}/034-oidc-bearer-token-auth.patch \ - && rm -rf ${TMP_PATCH_DIR} - +# Murena apps +RUN curl -sL ${CONTACTS_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${CALENDAR_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${THEME_HELPER_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${LAUNCHER_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${DASHBOARD_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${SNAPPY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps + +# External apps +RUN curl -sL ${NOTES_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${TASKS_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps + +# Murena theme +RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes +RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/ COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf