aboutsummaryrefslogtreecommitdiff
path: root/app/nextcloud
diff options
context:
space:
mode:
authorQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
committerQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
commitad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch)
tree6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/nextcloud
parent79b7273ff2a487d6721d393682c8ad3927467a75 (diff)
parentc642370def01f09d966b3b9c643cfe416ea115cf (diff)
downloadinfrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz
infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/nextcloud')
-rw-r--r--app/nextcloud/build/nextcloud/Dockerfile27
-rwxr-xr-xapp/nextcloud/build/nextcloud/container-setup.sh37
-rwxr-xr-xapp/nextcloud/build/nextcloud/entrypoint.sh8
-rw-r--r--app/nextcloud/config/config.php.tpl49
-rw-r--r--app/nextcloud/deploy/nextcloud.hcl65
-rw-r--r--app/nextcloud/integration/README.md20
-rw-r--r--app/nextcloud/integration/bottin.json31
-rw-r--r--app/nextcloud/integration/docker-compose.yml27
8 files changed, 264 insertions, 0 deletions
diff --git a/app/nextcloud/build/nextcloud/Dockerfile b/app/nextcloud/build/nextcloud/Dockerfile
new file mode 100644
index 0000000..9f817f6
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/Dockerfile
@@ -0,0 +1,27 @@
+FROM debian:10
+
+RUN apt-get update && \
+ apt-get -qq -y full-upgrade
+
+RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \
+ php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \
+ phpenmod gd && \
+ phpenmod curl && \
+ phpenmod mbstring && \
+ phpenmod pgsql && \
+ phpenmod dom && \
+ phpenmod zip && \
+ phpenmod intl && \
+ phpenmod ldap && \
+ phpenmod fileinfo && \
+ phpenmod exif && \
+ phpenmod apcu && \
+ phpenmod redis && \
+ phpenmod imagick && \
+ phpenmod xml
+
+COPY container-setup.sh /tmp
+RUN /tmp/container-setup.sh
+
+COPY entrypoint.sh /
+CMD /entrypoint.sh
diff --git a/app/nextcloud/build/nextcloud/container-setup.sh b/app/nextcloud/build/nextcloud/container-setup.sh
new file mode 100755
index 0000000..8330291
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/container-setup.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -ex
+
+curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip
+cd /var/www
+unzip /tmp/nextcloud.zip
+rm /tmp/nextcloud.zip
+mv html html.old
+mv nextcloud html
+
+cd html
+mkdir data
+
+cd apps
+wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz
+tar xf tasks.tar.gz
+wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz
+tar xf maps-0.1.6.tar.gz
+wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz
+tar xf calendar.tar.gz
+wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz
+tar xf news.tar.gz
+wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz
+tar xf notes.tar.gz
+wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz
+tar xf contacts.tar.gz
+wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz
+tar xf mail.tar.gz
+wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz
+tar xf groupfolders.tar.gz
+rm *.tar.gz
+
+chown -R www-data:www-data /var/www/html
+
+cd /var/www/html
+php occ
diff --git a/app/nextcloud/build/nextcloud/entrypoint.sh b/app/nextcloud/build/nextcloud/entrypoint.sh
new file mode 100755
index 0000000..72b4f94
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -xe
+
+chown www-data:www-data /var/www/html/config/config.php
+touch /var/www/html/data/.ocdata
+
+exec apachectl -DFOREGROUND
diff --git a/app/nextcloud/config/config.php.tpl b/app/nextcloud/config/config.php.tpl
new file mode 100644
index 0000000..7dcfc6e
--- /dev/null
+++ b/app/nextcloud/config/config.php.tpl
@@ -0,0 +1,49 @@
+<?php
+$CONFIG = array (
+ 'appstoreenabled' => false,
+ 'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}',
+ 'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}',
+ 'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}',
+ 'trusted_domains' => array (
+ 0 => 'nextcloud.deuxfleurs.fr',
+ ),
+ 'memcache.local' => '\\OC\\Memcache\\APCu',
+
+ 'objectstore' => array(
+ 'class' => '\\OC\\Files\\ObjectStore\\S3',
+ 'arguments' => array(
+ 'bucket' => 'nextcloud',
+ 'autocreate' => false,
+ 'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}',
+ 'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}',
+ 'hostname' => 'garage.deuxfleurs.fr',
+ 'port' => 443,
+ 'use_ssl' => true,
+ 'region' => 'garage',
+ // required for some non Amazon S3 implementations
+ 'use_path_style' => true
+ ),
+ ),
+
+ 'dbtype' => 'pgsql',
+ 'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr',
+ 'dbname' => 'nextcloud',
+ 'dbtableprefix' => 'nc_',
+ 'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}',
+ 'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}',
+
+ 'default_language' => 'fr',
+ 'default_locale' => 'fr_FR',
+
+ 'mail_domain' => 'deuxfleurs.fr',
+ 'mail_from_address' => 'nextcloud@deuxfleurs.fr',
+ // TODO SMTP CONFIG
+
+ // TODO REDIS CACHE
+
+ 'version' => '19.0.0.12',
+ 'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr',
+
+ 'installed' => true,
+);
+
diff --git a/app/nextcloud/deploy/nextcloud.hcl b/app/nextcloud/deploy/nextcloud.hcl
new file mode 100644
index 0000000..8852787
--- /dev/null
+++ b/app/nextcloud/deploy/nextcloud.hcl
@@ -0,0 +1,65 @@
+job "nextcloud" {
+ datacenters = ["dc1", "belair"]
+ type = "service"
+ priority = 40
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "nextcloud" {
+ count = 1
+
+ network {
+ port "web_port" {
+ to = 80
+ }
+ }
+
+ task "nextcloud" {
+ driver = "docker"
+ config {
+ image = "lxpz/deuxfleurs_nextcloud_amd64:8"
+ ports = [ "web_port" ]
+ volumes = [
+ "secrets/config.php:/var/www/html/config/config.php"
+ ]
+ }
+
+ template {
+ data = file("../config/config.php.tpl")
+ destination = "secrets/config.php"
+ }
+
+ resources {
+ memory = 1000
+ cpu = 2000
+ }
+
+ service {
+ name = "nextcloud"
+ tags = [
+ "nextcloud",
+ "traefik.enable=true",
+ "traefik.frontend.entryPoints=https,http",
+ "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
+ ]
+ port = "web_port"
+ address_mode = "host"
+ check {
+ type = "tcp"
+ port = "web_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+ }
+}
+
diff --git a/app/nextcloud/integration/README.md b/app/nextcloud/integration/README.md
new file mode 100644
index 0000000..3d49768
--- /dev/null
+++ b/app/nextcloud/integration/README.md
@@ -0,0 +1,20 @@
+Install Owncloud CLI:
+
+php ./occ \
+ --no-interaction \
+ --verbose \
+ maintenance:install \
+ --database pgsql \
+ --database-name nextcloud \
+ --database-host postgres \
+ --database-user nextcloud \
+ --database-pass nextcloud \
+ --admin-user nextcloud \
+ --admin-pass nextcloud \
+ --admin-email coucou@deuxfleurs.fr
+
+Official image entrypoint:
+
+https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh
+
+
diff --git a/app/nextcloud/integration/bottin.json b/app/nextcloud/integration/bottin.json
new file mode 100644
index 0000000..a970762
--- /dev/null
+++ b/app/nextcloud/integration/bottin.json
@@ -0,0 +1,31 @@
+{
+ "suffix": "dc=deuxfleurs,dc=fr",
+ "bind": "0.0.0.0:389",
+ "consul_host": "http://consul:8500",
+ "log_level": "debug",
+ "acl": [
+ "*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
+ "*::read modify:SELF:*",
+ "ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
+ "ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
+ "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
+ "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
+
+ "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
+ "ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
+ "*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
+
+ "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+ "*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+
+ "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+ "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+ "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+ "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+ "*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
+ "*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
+
+ "cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
+ "*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
+ ]
+}
diff --git a/app/nextcloud/integration/docker-compose.yml b/app/nextcloud/integration/docker-compose.yml
new file mode 100644
index 0000000..7ba090b
--- /dev/null
+++ b/app/nextcloud/integration/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3.4'
+services:
+ php:
+ image: lxpz/deuxfleurs_nextcloud_amd64:8
+ depends_on:
+ - bottin
+ - postgres
+ ports:
+ - "80:80"
+
+ postgres:
+ image: postgres:9.6.19
+ environment:
+ - POSTGRES_DB=nextcloud
+ - POSTGRES_USER=nextcloud
+ - POSTGRES_PASSWORD=nextcloud
+
+ bottin:
+ image: lxpz/bottin_amd64:14
+ depends_on:
+ - consul
+ volumes:
+ - ./bottin.json:/config.json
+
+ consul:
+ image: consul:1.8.4
+