diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/nextcloud | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/nextcloud')
-rw-r--r-- | app/nextcloud/build/nextcloud/Dockerfile | 27 | ||||
-rwxr-xr-x | app/nextcloud/build/nextcloud/container-setup.sh | 37 | ||||
-rwxr-xr-x | app/nextcloud/build/nextcloud/entrypoint.sh | 8 | ||||
-rw-r--r-- | app/nextcloud/config/config.php.tpl | 49 | ||||
-rw-r--r-- | app/nextcloud/deploy/nextcloud.hcl | 65 | ||||
-rw-r--r-- | app/nextcloud/integration/README.md | 20 | ||||
-rw-r--r-- | app/nextcloud/integration/bottin.json | 31 | ||||
-rw-r--r-- | app/nextcloud/integration/docker-compose.yml | 27 |
8 files changed, 264 insertions, 0 deletions
diff --git a/app/nextcloud/build/nextcloud/Dockerfile b/app/nextcloud/build/nextcloud/Dockerfile new file mode 100644 index 0000000..9f817f6 --- /dev/null +++ b/app/nextcloud/build/nextcloud/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:10 + +RUN apt-get update && \ + apt-get -qq -y full-upgrade + +RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \ + php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \ + phpenmod gd && \ + phpenmod curl && \ + phpenmod mbstring && \ + phpenmod pgsql && \ + phpenmod dom && \ + phpenmod zip && \ + phpenmod intl && \ + phpenmod ldap && \ + phpenmod fileinfo && \ + phpenmod exif && \ + phpenmod apcu && \ + phpenmod redis && \ + phpenmod imagick && \ + phpenmod xml + +COPY container-setup.sh /tmp +RUN /tmp/container-setup.sh + +COPY entrypoint.sh / +CMD /entrypoint.sh diff --git a/app/nextcloud/build/nextcloud/container-setup.sh b/app/nextcloud/build/nextcloud/container-setup.sh new file mode 100755 index 0000000..8330291 --- /dev/null +++ b/app/nextcloud/build/nextcloud/container-setup.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +set -ex + +curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip +cd /var/www +unzip /tmp/nextcloud.zip +rm /tmp/nextcloud.zip +mv html html.old +mv nextcloud html + +cd html +mkdir data + +cd apps +wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz +tar xf tasks.tar.gz +wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz +tar xf maps-0.1.6.tar.gz +wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz +tar xf calendar.tar.gz +wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz +tar xf news.tar.gz +wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz +tar xf notes.tar.gz +wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz +tar xf contacts.tar.gz +wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz +tar xf mail.tar.gz +wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz +tar xf groupfolders.tar.gz +rm *.tar.gz + +chown -R www-data:www-data /var/www/html + +cd /var/www/html +php occ diff --git a/app/nextcloud/build/nextcloud/entrypoint.sh b/app/nextcloud/build/nextcloud/entrypoint.sh new file mode 100755 index 0000000..72b4f94 --- /dev/null +++ b/app/nextcloud/build/nextcloud/entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +set -xe + +chown www-data:www-data /var/www/html/config/config.php +touch /var/www/html/data/.ocdata + +exec apachectl -DFOREGROUND diff --git a/app/nextcloud/config/config.php.tpl b/app/nextcloud/config/config.php.tpl new file mode 100644 index 0000000..7dcfc6e --- /dev/null +++ b/app/nextcloud/config/config.php.tpl @@ -0,0 +1,49 @@ +<?php +$CONFIG = array ( + 'appstoreenabled' => false, + 'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}', + 'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}', + 'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}', + 'trusted_domains' => array ( + 0 => 'nextcloud.deuxfleurs.fr', + ), + 'memcache.local' => '\\OC\\Memcache\\APCu', + + 'objectstore' => array( + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => array( + 'bucket' => 'nextcloud', + 'autocreate' => false, + 'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}', + 'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}', + 'hostname' => 'garage.deuxfleurs.fr', + 'port' => 443, + 'use_ssl' => true, + 'region' => 'garage', + // required for some non Amazon S3 implementations + 'use_path_style' => true + ), + ), + + 'dbtype' => 'pgsql', + 'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr', + 'dbname' => 'nextcloud', + 'dbtableprefix' => 'nc_', + 'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}', + 'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}', + + 'default_language' => 'fr', + 'default_locale' => 'fr_FR', + + 'mail_domain' => 'deuxfleurs.fr', + 'mail_from_address' => 'nextcloud@deuxfleurs.fr', + // TODO SMTP CONFIG + + // TODO REDIS CACHE + + 'version' => '19.0.0.12', + 'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr', + + 'installed' => true, +); + diff --git a/app/nextcloud/deploy/nextcloud.hcl b/app/nextcloud/deploy/nextcloud.hcl new file mode 100644 index 0000000..8852787 --- /dev/null +++ b/app/nextcloud/deploy/nextcloud.hcl @@ -0,0 +1,65 @@ +job "nextcloud" { + datacenters = ["dc1", "belair"] + type = "service" + priority = 40 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "nextcloud" { + count = 1 + + network { + port "web_port" { + to = 80 + } + } + + task "nextcloud" { + driver = "docker" + config { + image = "lxpz/deuxfleurs_nextcloud_amd64:8" + ports = [ "web_port" ] + volumes = [ + "secrets/config.php:/var/www/html/config/config.php" + ] + } + + template { + data = file("../config/config.php.tpl") + destination = "secrets/config.php" + } + + resources { + memory = 1000 + cpu = 2000 + } + + service { + name = "nextcloud" + tags = [ + "nextcloud", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/app/nextcloud/integration/README.md b/app/nextcloud/integration/README.md new file mode 100644 index 0000000..3d49768 --- /dev/null +++ b/app/nextcloud/integration/README.md @@ -0,0 +1,20 @@ +Install Owncloud CLI: + +php ./occ \ + --no-interaction \ + --verbose \ + maintenance:install \ + --database pgsql \ + --database-name nextcloud \ + --database-host postgres \ + --database-user nextcloud \ + --database-pass nextcloud \ + --admin-user nextcloud \ + --admin-pass nextcloud \ + --admin-email coucou@deuxfleurs.fr + +Official image entrypoint: + +https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh + + diff --git a/app/nextcloud/integration/bottin.json b/app/nextcloud/integration/bottin.json new file mode 100644 index 0000000..a970762 --- /dev/null +++ b/app/nextcloud/integration/bottin.json @@ -0,0 +1,31 @@ +{ + "suffix": "dc=deuxfleurs,dc=fr", + "bind": "0.0.0.0:389", + "consul_host": "http://consul:8500", + "log_level": "debug", + "acl": [ + "*,dc=deuxfleurs,dc=fr::read:*:* !userpassword", + "*::read modify:SELF:*", + "ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:", + "ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:", + "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*", + "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*", + + "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*", + "ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:", + "*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*", + + "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*", + "*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*", + + "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*", + "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*", + "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*", + "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*", + "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*", + "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*", + + "cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*", + "*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*" + ] +} diff --git a/app/nextcloud/integration/docker-compose.yml b/app/nextcloud/integration/docker-compose.yml new file mode 100644 index 0000000..7ba090b --- /dev/null +++ b/app/nextcloud/integration/docker-compose.yml @@ -0,0 +1,27 @@ +version: '3.4' +services: + php: + image: lxpz/deuxfleurs_nextcloud_amd64:8 + depends_on: + - bottin + - postgres + ports: + - "80:80" + + postgres: + image: postgres:9.6.19 + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=nextcloud + + bottin: + image: lxpz/bottin_amd64:14 + depends_on: + - consul + volumes: + - ./bottin.json:/config.json + + consul: + image: consul:1.8.4 + |