8 files changed, 264 insertions, 0 deletions

diff --git a/app/nextcloud/build/nextcloud/Dockerfile b/app/nextcloud/build/nextcloud/Dockerfile
new file mode 100644
index 0000000..9f817f6
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/Dockerfile
@@ -0,0 +1,27 @@
+FROM debian:10
+
+RUN apt-get update && \ 
+    apt-get -qq -y full-upgrade
+
+RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \
+                       php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \
+    phpenmod gd && \
+    phpenmod curl && \
+    phpenmod mbstring && \
+    phpenmod pgsql && \
+    phpenmod dom && \
+    phpenmod zip && \
+    phpenmod intl && \
+    phpenmod ldap && \
+    phpenmod fileinfo && \
+    phpenmod exif && \
+    phpenmod apcu && \
+    phpenmod redis && \
+    phpenmod imagick && \
+    phpenmod xml
+
+COPY container-setup.sh /tmp
+RUN /tmp/container-setup.sh
+
+COPY entrypoint.sh /
+CMD /entrypoint.sh
diff --git a/app/nextcloud/build/nextcloud/container-setup.sh b/app/nextcloud/build/nextcloud/container-setup.sh
new file mode 100755
index 0000000..8330291
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/container-setup.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -ex
+
+curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip
+cd /var/www
+unzip /tmp/nextcloud.zip
+rm /tmp/nextcloud.zip
+mv html html.old
+mv nextcloud html
+
+cd html
+mkdir data
+
+cd apps
+wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz
+tar xf tasks.tar.gz
+wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz
+tar xf maps-0.1.6.tar.gz
+wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz
+tar xf calendar.tar.gz
+wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz
+tar xf news.tar.gz
+wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz
+tar xf notes.tar.gz
+wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz
+tar xf contacts.tar.gz
+wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz
+tar xf mail.tar.gz
+wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz
+tar xf groupfolders.tar.gz
+rm *.tar.gz
+
+chown -R www-data:www-data /var/www/html
+
+cd /var/www/html
+php occ
diff --git a/app/nextcloud/build/nextcloud/entrypoint.sh b/app/nextcloud/build/nextcloud/entrypoint.sh
new file mode 100755
index 0000000..72b4f94
--- /dev/null
+++ b/app/nextcloud/build/nextcloud/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -xe
+
+chown www-data:www-data /var/www/html/config/config.php
+touch /var/www/html/data/.ocdata
+
+exec apachectl -DFOREGROUND
diff --git a/app/nextcloud/config/config.php.tpl b/app/nextcloud/config/config.php.tpl
new file mode 100644
index 0000000..7dcfc6e
--- /dev/null
+++ b/app/nextcloud/config/config.php.tpl
@@ -0,0 +1,49 @@
+<?php
+$CONFIG = array (
+  'appstoreenabled' => false,
+  'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}',
+  'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}',
+  'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}',
+  'trusted_domains' => array (
+    0 => 'nextcloud.deuxfleurs.fr',
+  ),
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+
+  'objectstore' => array(
+    'class' => '\\OC\\Files\\ObjectStore\\S3',
+    'arguments' => array(
+          'bucket' => 'nextcloud',
+          'autocreate' => false,
+          'key'    => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}',
+          'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}',
+          'hostname' => 'garage.deuxfleurs.fr',
+          'port' => 443,
+          'use_ssl' => true,
+          'region' => 'garage',
+          // required for some non Amazon S3 implementations
+          'use_path_style' => true
+    ),
+  ),
+
+  'dbtype' => 'pgsql',
+  'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr',
+  'dbname' => 'nextcloud',
+  'dbtableprefix' => 'nc_',
+  'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}',
+  'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}',
+
+  'default_language' => 'fr',
+  'default_locale' => 'fr_FR',
+
+  'mail_domain' => 'deuxfleurs.fr',
+  'mail_from_address' => 'nextcloud@deuxfleurs.fr',
+  // TODO SMTP CONFIG
+
+  // TODO REDIS CACHE
+
+  'version' => '19.0.0.12',
+  'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr',
+
+  'installed' => true,
+);
+
diff --git a/app/nextcloud/deploy/nextcloud.hcl b/app/nextcloud/deploy/nextcloud.hcl
new file mode 100644
index 0000000..8852787
--- /dev/null
+++ b/app/nextcloud/deploy/nextcloud.hcl
@@ -0,0 +1,65 @@
+job "nextcloud" {
+  datacenters = ["dc1", "belair"]
+  type = "service"
+  priority = 40
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "nextcloud" {
+    count = 1
+
+    network {
+      port "web_port" {
+        to = 80
+      }
+    }
+
+    task "nextcloud" {
+      driver = "docker"
+      config {
+        image = "lxpz/deuxfleurs_nextcloud_amd64:8"
+        ports = [ "web_port" ]
+        volumes = [
+          "secrets/config.php:/var/www/html/config/config.php"
+        ]
+      }
+
+      template {
+        data = file("../config/config.php.tpl")
+        destination = "secrets/config.php"
+      }
+
+      resources {
+        memory = 1000
+        cpu = 2000
+      }
+
+      service {
+        name = "nextcloud"
+        tags = [
+          "nextcloud",
+          "traefik.enable=true",
+          "traefik.frontend.entryPoints=https,http",
+          "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
+        ]
+        port = "web_port"
+        address_mode = "host"
+        check {
+          type = "tcp"
+          port = "web_port"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+}
+
diff --git a/app/nextcloud/integration/README.md b/app/nextcloud/integration/README.md
new file mode 100644
index 0000000..3d49768
--- /dev/null
+++ b/app/nextcloud/integration/README.md
@@ -0,0 +1,20 @@
+Install Owncloud CLI: 
+
+php ./occ \
+  --no-interaction \
+  --verbose \
+  maintenance:install \
+  --database pgsql \
+  --database-name nextcloud \
+  --database-host postgres \
+  --database-user nextcloud \
+  --database-pass nextcloud \
+  --admin-user nextcloud \
+  --admin-pass nextcloud \
+  --admin-email coucou@deuxfleurs.fr
+
+Official image entrypoint:
+
+https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh
+
+
diff --git a/app/nextcloud/integration/bottin.json b/app/nextcloud/integration/bottin.json
new file mode 100644
index 0000000..a970762
--- /dev/null
+++ b/app/nextcloud/integration/bottin.json
@@ -0,0 +1,31 @@
+{
+  "suffix": "dc=deuxfleurs,dc=fr",
+  "bind": "0.0.0.0:389",
+  "consul_host": "http://consul:8500",
+  "log_level": "debug",
+  "acl": [
+		"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
+		"*::read modify:SELF:*",
+		"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
+		"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
+		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
+		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
+		"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
+
+		"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
+		"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
+  ]
+}
diff --git a/app/nextcloud/integration/docker-compose.yml b/app/nextcloud/integration/docker-compose.yml
new file mode 100644
index 0000000..7ba090b
--- /dev/null
+++ b/app/nextcloud/integration/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3.4'
+services:
+  php:
+    image: lxpz/deuxfleurs_nextcloud_amd64:8
+    depends_on:
+      - bottin
+      - postgres
+    ports:
+      - "80:80"
+
+  postgres:
+    image: postgres:9.6.19
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=nextcloud
+
+  bottin:
+    image: lxpz/bottin_amd64:14
+    depends_on:
+      - consul
+    volumes:
+      - ./bottin.json:/config.json
+
+  consul:
+    image: consul:1.8.4
+