forked from ss/sovereign-stack
Added Nextcloud yml generation.
This commit is contained in:
parent
8311a5015e
commit
0264d4a298
@ -111,7 +111,9 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
|
||||
export GHOST_IMAGE="ghost:5.18.0"
|
||||
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||
export NGINX_IMAGE="nginx:1.23.1"
|
||||
export NEXTCLOUD_IMAGE="nextcloud:24.0.5"
|
||||
|
||||
# version of backup is 24.0.3
|
||||
export NEXTCLOUD_IMAGE="nextcloud:25.0.0"
|
||||
export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||
|
||||
# TODO PIN the gitea version number.
|
||||
@ -140,4 +142,4 @@ export BTCPAY_SERVER_APPPATH="$REMOTE_HOME/btcpayserver-docker"
|
||||
export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
|
||||
|
||||
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
|
||||
export ROOT_DISK_SIZE_GB=20
|
||||
export ROOT_DISK_SIZE_GB=20
|
||||
|
14
deploy.sh
14
deploy.sh
@ -23,13 +23,12 @@ if ! lsb_release -d | grep -q "Ubuntu 22.04"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
DOMAIN_NAME=
|
||||
RESTORE_ARCHIVE=
|
||||
VPS_HOSTING_TARGET=lxd
|
||||
RUN_CERT_RENEWAL=false
|
||||
RESTORE_WWW=false
|
||||
BACKUP_CERTS=true
|
||||
BACKUP_CERTS=false
|
||||
BACKUP_APPS=true
|
||||
BACKUP_BTCPAY=false
|
||||
RESTORE_BTCPAY=false
|
||||
@ -41,6 +40,7 @@ UPDATE_BTCPAY=false
|
||||
RECONFIGURE_BTCPAY_SERVER=false
|
||||
DEPLOY_BTCPAY_SERVER=false
|
||||
CLUSTER_NAME="$(lxc remote get-default)"
|
||||
STOP_SERVICES=false
|
||||
|
||||
# grab any modifications from the command line.
|
||||
for i in "$@"; do
|
||||
@ -65,6 +65,10 @@ for i in "$@"; do
|
||||
BACKUP_CERTS=true
|
||||
shift
|
||||
;;
|
||||
--stop)
|
||||
STOP_SERVICES=true
|
||||
shift
|
||||
;;
|
||||
--archive=*)
|
||||
RESTORE_ARCHIVE="${i#*=}"
|
||||
shift
|
||||
@ -126,7 +130,7 @@ export DOMAIN_NAME="$DOMAIN_NAME"
|
||||
export REGISTRY_DOCKER_IMAGE="registry:2"
|
||||
export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
|
||||
export RESTORE_WWW="$RESTORE_WWW"
|
||||
|
||||
export STOP_SERVICES="$STOP_SERVICES"
|
||||
export BACKUP_CERTS="$BACKUP_CERTS"
|
||||
export BACKUP_APPS="$BACKUP_APPS"
|
||||
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
|
||||
@ -435,9 +439,9 @@ export SITE_LANGUAGE_CODES="en"
|
||||
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||
#export BTCPAY_HOSTNAME_IN_CERT="store"
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_NEXTCLOUD=false
|
||||
export DEPLOY_NOSTR_RELAY=true
|
||||
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
|
||||
export NOSTR_ACCOUNT_PUBKEY="NOSTR_IDENTITY_PUBKEY_GOES_HERE"
|
||||
export DEPLOY_GITEA=false
|
||||
#export DEPLOY_ONION_SITE=false
|
||||
export GHOST_MYSQL_PASSWORD="$(new_pass)"
|
||||
|
@ -64,7 +64,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
||||
@ -114,15 +114,13 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
|
||||
# fi
|
||||
fi
|
||||
|
||||
bash -c ./stub/nginx_yml.sh
|
||||
./stub/nginx_yml.sh
|
||||
|
||||
sleep 3
|
||||
./stub/ghost_yml.sh
|
||||
|
||||
bash -c ./stub/ghost_yml.sh
|
||||
./stub/nextcloud_yml.sh
|
||||
|
||||
sleep 3
|
||||
|
||||
bash -c ./stub/gitea_yml.sh
|
||||
./stub/gitea_yml.sh
|
||||
|
||||
|
||||
# # start a browser session; point it to port 80 to ensure HTTPS redirect.
|
||||
|
@ -14,7 +14,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
source ../../domain_env.sh
|
||||
|
||||
### Stop all services.
|
||||
for APP in ghost gitea; do
|
||||
for APP in ghost nextcloud gitea; do
|
||||
# backup each language for each app.
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$APP-$LANGUAGE_CODE"
|
||||
@ -52,6 +52,11 @@ done
|
||||
if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then
|
||||
docker stack rm reverse-proxy
|
||||
|
||||
if [ "$STOP_SERVICES" = true ]; then
|
||||
echo "STOPPING as indicated by the --stop flag."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# wait for all docker containers to stop.
|
||||
# TODO see if there's a way to check for this.
|
||||
sleep 10
|
||||
|
122
deployment/www/stub/nextcloud_yml.sh
Normal file → Executable file
122
deployment/www/stub/nextcloud_yml.sh
Normal file → Executable file
@ -1,48 +1,82 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -exu
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
|
||||
|
||||
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||
|
||||
# source the site path so we know what features it has.
|
||||
source ../../../reset_env.sh
|
||||
source "$SITE_PATH/site_definition"
|
||||
source ../../../domain_env.sh
|
||||
|
||||
# ensure remote directories exist
|
||||
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
|
||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
|
||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
|
||||
|
||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/$DOMAIN_NAME/en/db"
|
||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/$DOMAIN_NAME/en/html"
|
||||
|
||||
sleep 2
|
||||
|
||||
WEBSTACK_PATH="$SITE_PATH/webstack"
|
||||
mkdir -p "$WEBSTACK_PATH"
|
||||
export DOCKER_YAML_PATH="$WEBSTACK_PATH/nextcloud-en.yml"
|
||||
|
||||
# here's the NGINX config. We support ghost and nextcloud.
|
||||
cat > "$DOCKER_YAML_PATH" <<EOL
|
||||
version: "3.8"
|
||||
services:
|
||||
|
||||
${NEXTCLOUD_STACK_TAG}:
|
||||
image: ${NEXTCLOUD_IMAGE}
|
||||
networks:
|
||||
- nextcloud-${DOMAIN_IDENTIFIER}-en
|
||||
- nextclouddb-${DOMAIN_IDENTIFIER}-en
|
||||
volumes:
|
||||
- ${REMOTE_HOME}/nextcloud/${DOMAIN_NAME}/en/html:/var/www/html
|
||||
environment:
|
||||
- MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_HOST=${NEXTCLOUD_DB_STACK_TAG}
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN_NAME}
|
||||
- OVERWRITEHOST=${NEXTCLOUD_FQDN}
|
||||
- OVERWRITEPROTOCOL=https
|
||||
- SERVERNAME=${NEXTCLOUD_FQDN}
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
${NEXTCLOUD_DB_STACK_TAG}:
|
||||
image: ${NEXTCLOUD_DB_IMAGE}
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
|
||||
networks:
|
||||
- nextclouddb-${DOMAIN_IDENTIFIER}-en
|
||||
volumes:
|
||||
- ${REMOTE_HOME}/nextcloud/${DOMAIN_NAME}/en/db:/var/lib/mysql
|
||||
environment:
|
||||
- MARIADB_ROOT_PASSWORD=\${NEXTCLOUD_MYSQL_ROOT_PASSWORD}
|
||||
- MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
networks:
|
||||
nextcloud-${DOMAIN_IDENTIFIER}-en:
|
||||
name: "reverse-proxy_nextcloudnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
external: true
|
||||
|
||||
nextclouddb-${DOMAIN_IDENTIFIER}-en:
|
||||
|
||||
EOL
|
||||
|
||||
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nextcloud-en"
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
||||
# cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# # TLS listener for ${NEXTCLOUD_FQDN}
|
||||
# server {
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
|
||||
# ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
||||
# ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
|
||||
# ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
||||
|
||||
# server_name ${NEXTCLOUD_FQDN};
|
||||
|
||||
# location / {
|
||||
# proxy_headers_hash_max_size 512;
|
||||
# proxy_headers_hash_bucket_size 64;
|
||||
# proxy_set_header X-Real-IP \$remote_addr;
|
||||
# proxy_set_header Host \$host;
|
||||
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
# proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
# proxy_pass http://nextcloud:80;
|
||||
# }
|
||||
|
||||
# # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
|
||||
# location /.well-known/carddav {
|
||||
# return 301 \$scheme://\$host/remote.php/dav;
|
||||
# }
|
||||
|
||||
# location /.well-known/caldav {
|
||||
# return 301 \$scheme://\$host/remote.php/dav;
|
||||
# }
|
||||
# }
|
||||
# EOL
|
||||
|
||||
# fi
|
||||
|
||||
done
|
@ -395,6 +395,48 @@ EOL
|
||||
|
||||
EOL
|
||||
|
||||
|
||||
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# TLS listener for ${NEXTCLOUD_FQDN}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
||||
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
|
||||
ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
||||
|
||||
server_name ${NEXTCLOUD_FQDN};
|
||||
|
||||
location / {
|
||||
proxy_headers_hash_max_size 512;
|
||||
proxy_headers_hash_bucket_size 64;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
proxy_pass http://${NEXTCLOUD_STACK_TAG}:80;
|
||||
}
|
||||
|
||||
# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
|
||||
location /.well-known/carddav {
|
||||
return 301 \$scheme://\$host/remote.php/dav;
|
||||
}
|
||||
|
||||
location /.well-known/caldav {
|
||||
return 301 \$scheme://\$host/remote.php/dav;
|
||||
}
|
||||
}
|
||||
EOL
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
# TODO this MIGHT be part of the solution for Twitter Cards.
|
||||
# location /contents {
|
||||
# resolver 127.0.0.11 ipv6=off valid=5m;
|
||||
|
@ -36,10 +36,17 @@ EOL
|
||||
|
||||
if [ "$LANGUAGE_CODE" = en ]; then
|
||||
if [ "$DEPLOY_GITEA" = "true" ]; then
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
- giteanet-$DOMAIN_IDENTIFIER-en
|
||||
EOL
|
||||
fi
|
||||
|
||||
if [ "$DEPLOY_NEXTCLOUD" = "true" ]; then
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
- nextcloudnet-$DOMAIN_IDENTIFIER-en
|
||||
EOL
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
@ -97,6 +104,14 @@ EOL
|
||||
giteanet-$DOMAIN_IDENTIFIER-en:
|
||||
attachable: true
|
||||
|
||||
EOL
|
||||
fi
|
||||
|
||||
if [ "$DEPLOY_NEXTCLOUD" = "true" ]; then
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
nextcloudnet-$DOMAIN_IDENTIFIER-en:
|
||||
attachable: true
|
||||
|
||||
EOL
|
||||
fi
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
# cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||
# nextcloud-db:
|
||||
# image: ${NEXTCLOUD_DB_IMAGE}
|
||||
# command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
|
||||
# command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --log-bin --innodb_read_only_compressed=OFF
|
||||
# networks:
|
||||
# - nextclouddb-net
|
||||
# volumes:
|
||||
|
@ -28,3 +28,7 @@ export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
||||
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
||||
|
||||
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))
|
||||
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-en"
|
||||
export NEXTCLOUD_STACK_TAG="nextcloud-$STACK_NAME"
|
||||
export NEXTCLOUD_DB_STACK_TAG="nextclouddb-$STACK_NAME"
|
||||
|
@ -6,7 +6,7 @@ export DOMAIN_NAME=
|
||||
export DUPLICITY_BACKUP_PASSPHRASE=
|
||||
export BTCPAY_HOSTNAME_IN_CERT=
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_NEXTCLOUD=false
|
||||
export DEPLOY_NOSTR_RELAY=true
|
||||
export NOSTR_ACCOUNT_PUBKEY=
|
||||
export DEPLOY_GITEA=false
|
||||
|
Loading…
Reference in New Issue
Block a user