Commit 06a093ce by Thomas Gambier

Update Release Candidate

2 parents 9e27c362 cf8ca3a4
Showing 57 changed files with 1828 additions and 919 deletions
......@@ -16,14 +16,53 @@ extends =
../openldap/buildout.cfg
../pkgconfig/buildout.cfg
../zlib/buildout.cfg
../libzip/buildout.cfg
../autoconf/buildout.cfg
../automake/buildout.cfg
../imagemagick/buildout.cfg
../icu/buildout.cfg
../openssl/buildout.cfg
[php-redis]
recipe = slapos.recipe.cmmi
url = https://github.com/phpredis/phpredis/archive/5.0.0.tar.gz
md5sum = 4f11e0567a10c29394aae52a4fa8bb40
configure-command =
phpize && ./configure
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[php-imagick]
recipe = slapos.recipe.cmmi
url = https://github.com/Imagick/imagick/archive/3.4.4.tar.gz
md5sum = ef6cbadd834eb306bd91874a8f5dea03
configure-command =
phpize && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${imagemagick:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
IM_IMAGEMAGICK_PREFIX=${imagemagick:location}
[php-apcu]
recipe = slapos.recipe.cmmi
url = https://github.com/krakjoe/apcu/archive/v5.1.17.tar.gz
md5sum = f64b6cd5108aea63df2d5cc301c58b2b
configure-command =
phpize && ./configure
configure-options =
--with-php-config=${apache-php:location}/bin/php-config
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[apache-php]
# Note: Shall react on each build of apache and reinstall itself
recipe = slapos.recipe.cmmi
url = http://fr2.php.net/distributions/php-5.4.12.tar.bz2
md5sum = 5c7b614242ae12e9cacca21c8ab84818
url = https://www.php.net/distributions/php-7.3.6.tar.bz2
md5sum = bde9a912fb311182cd460dad1abbc247
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location}
--with-mysql=${mariadb:location}
......@@ -44,21 +83,30 @@ configure-options =
--with-ldap=${openldap:location}
--with-imap-ssl
--with-openssl=${openssl:location}
--with-libzip=${libzip:location}
--with-icu-dir=${icu:location}
--enable-apcu-bc
--enable-intl
--enable-libxml
--enable-json
--enable-mbstring
--enable-pcntl
--enable-session
--enable-exif
--enable-zip
--enable-ftp
--enable-zip
--disable-zend-test
--disable-static
# Changing TMPDIR is required for PEAR installation.
# It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp.
# XXX we could mkdir tmp there
environment =
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
CPPFLAGS=-I${libzip:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib
TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_}
HOME=${apache:location}
......
......@@ -103,7 +103,7 @@ LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype
AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
PidFile "{{ parameter_dict['pid-file'] }}"
ServerAdmin admin@
......
......@@ -14,5 +14,5 @@
# not need these here).
[template-apache-backend-conf]
filename = apache-backend.conf.in
md5sum = c969256e5a9e85a295baf3a695a7c21d
md5sum = 416ded1ea16b6aa0e5e2c2261befd91e
......@@ -6,17 +6,8 @@ extends =
../openssl/buildout.cfg
parts =
cclient-patch
cclient
[cclient-patch]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
filename = imap-2007f.patch
[cclient]
recipe = slapos.recipe.cmmi
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
......@@ -31,10 +22,12 @@ make-options =
IP=6
SSLLIB=${openssl:location}/lib
EXTRACFLAGS=-fPIC
EXTRALDFLAGS="-Wl,-rpath -Wl,${openssl:location}/lib"
CCLIENT=${buildout:parts-directory}
-j1
patches =
${cclient-patch:location}/${cclient-patch:filename}
patches =
${:_profile_base_location_}/imap-2007f.patch#42c77fdd5d7a976fc302b93aadb3da98
${:_profile_base_location_}/imap-2007f-openssl-1.1.patch#c726354e888f2f3b3954e334903cef80
patch-options = -p1
From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 2 Sep 2016 21:33:33 +0000
Subject: [PATCH] uw-imap: compile against openssl 1.1.0
I *think* I replaced access to cert->name with certificate's subject name. I
assume that the re-aranged C-code is doing the same thing. A double check
wouldn't hurt :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
index 3bfdff3..836e9fa 100644
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -59,7 +59,7 @@ typedef struct ssl_stream {
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
-static char *ssl_validate_cert (X509 *cert,char *host);
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
long *contd);
@@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
+ char cert_subj[250];
char *s,*t,*err,tmp[MAILTMPLEN];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
- if (!(flags & NET_NOVALIDATECERT) &&
- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
- host))) {
- /* application callback */
- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+ if (!(flags & NET_NOVALIDATECERT)) {
+
+ cert_subj[0] = '\0';
+ cert = SSL_get_peer_certificate(stream->con);
+ if (cert)
+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
+ err = ssl_validate_cert (cert, host, cert_subj);
+ if (err)
+ /* application callback */
+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
/* error message to return via mm_log() */
- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
- return ssl_last_error = cpystr (tmp);
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
}
return NIL;
}
@@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
-static char *ssl_validate_cert (X509 *cert,char *host)
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
{
int i,n;
char *s,*t,*ret;
@@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *cert,char *host)
/* make sure have a certificate */
if (!cert) ret = "No certificate from server";
/* and that it has a name */
- else if (!cert->name) ret = "No name in certificate";
+ else if (cert_subj[0] == '\0') ret = "No name in certificate";
/* locate CN */
- else if (s = strstr (cert->name,"/CN=")) {
+ else if (s = strstr (cert_subj,"/CN=")) {
if (t = strchr (s += 4,'/')) *t = '\0';
/* host name matches pattern? */
ret = ssl_compare_hostnames (host,s) ? NIL :
--
2.9.3
[buildout]
parts =
f2c
[libf2c]
recipe = slapos.recipe.cmmi
url = https://www.netlib.org/f2c/libf2c.zip#${:md5sum}
configure-command = true
md5sum = e80fb30fa3717660db71b1bed65b88b7
make-binary = make -f makefile.u
make-targets = install LIBDIR=${:location}
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[f2c]
recipe = slapos.recipe.cmmi
url = http://www.netlib.org/f2c/src.tgz#${:md5sum}
md5sum = 7e97530d10ec5783e9d54c1a61eaeed7
configure-command = true
make-binary = make -f makefile.u
make-targets =
post-install = cp f2c ${:location}
location = ${buildout:parts-directory}/${:_buildout_section_name_}
environment =
CPPFLAGS=-I${libf2c:location}/include
LDFLAGS=-L${libf2c:location}/lib
\ No newline at end of file
[buildout]
extends =
../bzip2/buildout.cfg
../cmake/buildout.cfg
../zlib/buildout.cfg
parts = libzip
[libzip]
recipe = slapos.recipe.cmmi
url = https://libzip.org/download/libzip-1.5.2.tar.xz
md5sum = f9dd38d273bcdec5d3d1498fe6684f42
location = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DCMAKE_INSTALL_PREFIX=${:location} \
-DCMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include \
-DCMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib \
..
make-binary =
cd build && make
environment =
PATH=${cmake:location}/bin:%(PATH)s
CMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include
CMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib
\ No newline at end of file
......@@ -9,8 +9,8 @@ extends =
[openldap]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.42.tgz
md5sum = 47c8e2f283647a6105b8b0325257e922
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.47.tgz
md5sum = e508f97bfd778fec7799f286e5c07176
configure-options =
--disable-static
--disable-slapd
......@@ -24,6 +24,6 @@ configure-options =
--with-tls=openssl
environment =
CPPFLAGS=-I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
PATH=${groff:location}/bin:%(PATH)s
This diff could not be displayed because it is too large.
[buildout]
[python-cachecontrol]
recipe = zc.recipe.egg:custom
egg = cachecontrol
setup-eggs =
pbr
lockfile
......@@ -11,6 +11,7 @@ extends =
../patch/buildout.cfg
../readline/buildout.cfg
../sqlite3/buildout.cfg
../gcc/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
......@@ -37,6 +38,7 @@ configure-options =
--with-system-expat
--with-system-ffi
--with-threads
--with-openssl=${openssl:location}
# Profiled build:
--enable-optimizations
pre-install = mkdir profile-opt
......@@ -58,3 +60,19 @@ md5sum = 57d1f8bfbabf4f2500273fb0706e6f21
package_version = 3.6.6
md5sum = c3f30a0aff425dda77d19e02f420d6ba
executable = @@LOCATION@@/bin/python3.6
# Python 3.7 have to use gcc 8(actually, gcc 4+)
# See https://bugs.python.org/issue34112
# I think gcc 5 may meet the requirement, use gcc 8 all in one step
[python3.7]
<= python3-common
package_version = 3.7.2
md5sum = df6ec36011808205beda239c72f947cb
patch-options =
patches =
executable = @@LOCATION@@/bin/python3.7
environment =
PATH=${gcc-8.2:location}/bin::${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${zlib:location}/include -I${xz-utils:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${libffi:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
LDFLAGS=-L${zlib:location}/lib -L${xz-utils:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${xz-utils:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${file:location}/lib
LD_LIBRARY_PATH=${libpng:location}/lib:${gcc-8.2:location}/lib:${gcc-8.2:location}/lib64
\ No newline at end of file
......@@ -3,23 +3,13 @@
extends =
../../stack/slapos.cfg
../bison/buildout.cfg
../bzip2/buildout.cfg
../firewalld/buildout.cfg
../gdbm/buildout.cfg
../gettext/buildout.cfg
../glib/buildout.cfg
../libxml2/buildout.cfg
../libxslt/buildout.cfg
../m4/buildout.cfg
../ncurses/buildout.cfg
../openssl/buildout.cfg
../patch/buildout.cfg
../pkgconfig/buildout.cfg
../python-2.7/buildout.cfg
../readline/buildout.cfg
../sqlite3/buildout.cfg
../swig/buildout.cfg
../zlib/buildout.cfg
../socat/buildout.cfg
parts =
......@@ -87,6 +77,7 @@ eggs =
${lxml-python:egg}
${python-cffi:egg}
${python-PyYAML:egg}
${python-cachecontrol:egg}
${python-cliff:egg}
${python-cryptography:egg}
pyOpenSSL
......
......@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend]
filename = instance-apache-frontend.cfg
md5sum = d6398d727eb1e1bc3df1768a9b9a7e0c
md5sum = a6b566a29f1b5021d0f1f3c4fa20d749
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -38,7 +38,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-apache-frontend-configuration]
filename = templates/apache.conf.in
md5sum = 1f483a6e1a8076980e1bbbf495ee21b2
md5sum = 05239181f4d5d0e3fe6bccda587fa9a5
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......
......@@ -138,7 +138,7 @@ ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }}
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/json application/x-javascript application/javascript
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/json application/x-javascript application/javascript application/wasm
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
......
......@@ -91,12 +91,24 @@
"minimum": 0,
"type": "integer"
},
"innodb-file-per-table": {
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"long-query-time": {
"description": "Number of seconds above which long queries are logged",
"minimum": 0,
"default": 1,
"type": "number"
},
"max-connection-count": {
"description": "See MariaDB documentation on max_connections. If not provided, a value suitable for the number of request Zope processes is chosen.",
"minimum": 0,
"type": "integer"
},
"relaxed-writes": {
"description": "When enabled, sets innodb_flush_log_at_trx_commit = 0, innodb_flush_method = nosync, innodb_doublewrite = 0 and sync_frm = 0 - RTFM, those options are dangerous",
"default": false,
......
......@@ -19,7 +19,7 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
[template-kvm]
filename = instance-kvm.cfg.jinja2
md5sum = 26a947c75792072a7b526cb18b617b10
md5sum = c79448a49b1b3dc6e757b90f497c7be1
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
......
......@@ -474,7 +474,7 @@ ipv4-network-info =
gateway {{ slap_configuration.get('tap-ipv4-gateway') }}
{% if enable_http == 'true' %}
${helper:blank-line}
Or run in your VM the command: wget -O- {{ kvm_http }}/netconfig.sh | /bin/sh -
Or run in your VM the command: wget -O- {{ kvm_http }}/${network-config-ipv4:filename} | /bin/sh -
{% endif %}
{% endif %}
......@@ -496,7 +496,8 @@ ipv6-network-info =
{% if use_tap == 'true' and slap_configuration.get('tap-ipv4-addr') -%}
[network-config-ipv4]
recipe = plone.recipe.command
path = ${directory:public}/netconfig.sh
filename = netconfig.sh
path = ${directory:public}/${:filename}
ifconfig = ifconfig \$IFACE {{ slap_configuration.get('tap-ipv4-addr') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }}
route-iface = route add {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
route-network = route add -net {{ slap_configuration.get('tap-ipv4-network') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }} gw {{ slap_configuration.get('tap-ipv4-gateway') }}
......
<VirtualHost *:{{ parameter_dict['port'] }}>
ServerAdmin admin@example.com
DocumentRoot {{ parameter_dict['document-root'] }}
SetEnvIf Origin "^http(s)?://(.+\.)?(app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory {{ parameter_dict['document-root'] }}>
Options +FollowSymlinks
AllowOverride All
Require all granted
SetEnv HOME {{ parameter_dict['document-root'] }}
SetEnv HTTP_HOME {{ parameter_dict['document-root'] }}
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
\ No newline at end of file
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Parameters to instantiate Grafana",
"additionalProperties": false,
"properties": {
"domain": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"monitor-interface-url": {
"title": "Monitor Web Interface URL",
"description": "Give Url of HTML web interface that will be used to render this monitor instance.",
"type": "string",
"format": "uri",
"default": "https://monitor.app.officejs.com"
},
"monitor-cors-domains": {
"title": "Monitor CORS domains",
"description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
"type": "string",
"default": "monitor.app.officejs.com"
},
"innodb-file-per-table": {
"title": "Enable/disable innodb_file_per_table",
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"apache-computer-guid": {
"title": "Computer ID for Apache Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"mariadb-computer-guid": {
"title": "Computer ID for Mariadb Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"instance.mail-from": {
"title": "Mail from",
"description": "From",
"type": "string"
},
"instance.mail-domain": {
"title": "Mail domain name",
"description": "Domain name",
"type": "string"
},
"instance.mail-smtpauthtype": {
"title": "SMTP Auth type",
"description": "Mail SMTP auth type. Default: LOGIN",
"type": "string",
"default": "LOGIN"
},
"instance.mail-smtpauth": {
"title": "SMTP auth required",
"description": "Verify SSL certificate of SMTP server. Default: Yes",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"instance.mail-smtpport": {
"title": "SMTP port",
"description": "Mail SMTP Port. Default: 587",
"type": "integer",
"default": 587
},
"instance.mail-smtphost": {
"title": "SMTP host",
"description": "Mail SMTP host",
"type": "string"
},
"instance.mail-smtpname": {
"title": "SMTP name",
"description": "Mail SMTP server name.",
"type": "string"
},
"instance.mail-smtppassword": {
"title": "SMTP password",
"description": "Password to connect to SMTP server.",
"type": "string"
},
"instance.collabora-url": {
"title": "Collabora URL",
"description": "Collabora server URL",
"type": "string",
"format": "uri",
"default": "https://collabora.host.vifib.net"
},
"instance.stun-server": {
"title": "Stun server address",
"description": "Hostname of stun server. Default: turn.vifib.com:5349",
"type": "string",
"default": "turn.vifib.com:5349"
},
"instance.turn-server": {
"title": "Turn server address",
"description": "Hostname of turn server.",
"default": "",
"type": "string"
},
"instance.turn-secret": {
"title": "Turn server secret",
"description": "Turn secret to use for authentification.",
"type": "string"
},
"instance.cli-url": {
"title": "Nextcloud cli URL",
"description": "Nextcloud cli URL, the default will be Nextcloud url.",
"type": "string",
"format": "uri"
},
"instance.trusted-domain-1": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"instance.trusted-domain-2": {
"title": "Second authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
}
}
}
\ No newline at end of file
#!/bin/bash
set -e
set -x
php_cmd () {
{{ parameter_dict['php-bin'] }} -c {{ parameter_dict['php-ini'] }} $@
}
status=$(php_cmd {{ parameter_dict['nextcloud'] }}/occ status | grep 'installed: true' || true)
if [ ! -z "$status" ]; then
echo "Nextcloud is installed!"
exit 1;
fi
if [ ! -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
echo "CAN_INSTALL no exists in config, cannot make a new install, Nextcloud is already installed."
exit 1
fi
php_cmd {{ parameter_dict['nextcloud'] }}/occ maintenance:install \
--database "mysql" --database-name "{{ parameter_dict['db-name'] }}" --database-user "{{ parameter_dict['db-user'] }}" \
--database-pass "{{ parameter_dict['db-password'] }}" --admin-user "{{ parameter_dict['admin-user'] }}" \
--database-host "{{ parameter_dict['db-host'] }}:{{ parameter_dict['db-port'] }}" \
--admin-pass "{{ parameter_dict['admin-password'] }}" --data-dir "{{ parameter_dict['data-dir'] }}"
{% for trusted_domain in parameter_dict['trusted-domain-list'].split() -%}
{% if trusted_domain.strip() -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set trusted_domains {{ loop.index - 1 }} --value={{ trusted_domain.strip() }}
{% endif -%}
{% endfor -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set overwrite.cli.url --value={{ parameter_dict['cli-url'] }}
php_cmd {{ parameter_dict['nextcloud'] }}/occ background:cron
sed -i 's/^[ ]*//' {{ parameter_dict['nextcloud'] }}/config/config.php
sed -i '/);/d' {{ parameter_dict['nextcloud'] }}/config/config.php
cat <<EOF >> {{ parameter_dict['nextcloud'] }}/config/config.php
'mysql.utf8mb4' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => '{{ parameter_dict["mail.from"] }}',
'mail_domain' => '{{ parameter_dict["mail.domain"] }}',
'mail_smtpauthtype' => '{{ parameter_dict["mail.smtpauthtype"] }}',
'mail_smtpauth' => {{ parameter_dict["mail.smtpauth"] }},
'mail_smtpport' => '{{ parameter_dict["mail.smtpport"] }}',
'mail_smtphost' => '{{ parameter_dict["mail.smtphost"] }}',
'mail_smtpname' => '{{ parameter_dict["mail.smtpname"] }}',
'mail_smtppassword' => '{{ parameter_dict["mail.smtppassword"] }}',
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
),
{% set trusted_proxy_list = parameter_dict['trusted-proxy-list'].strip().split(' ') -%}
{% if len(trusted_proxy_list) > 0 -%}
'trusted_proxies' =>
array (
{% for proxy in trusted_proxy_list -%}
{% if proxy -%}
{{ ' ' ~ (loop.index - 1) }} => '{{ proxy }}',
{% endif -%}
{% endfor -%}
),
{% endif -%}
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'csrf.optout' =>
array (
0 => '/^WebDAVFS/',
1 => '/^Microsoft-WebDAV-MiniRedir/',
2 => '/^\\.jio_documents/',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '{{ parameter_dict["data-dir"] }}/nextcloud.log',
'loglevel' => 2,
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '{{ parameter_dict["redis-socket"] }}',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);
EOF
# Install some nextcloud app
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install spreed
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install richdocuments
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install calendar
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install rainloop
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install news
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set richdocuments wopi_url --value="{{ parameter_dict.get('collabora-url', '') }}"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed stun_servers --value="[\"{{ parameter_dict['stun-server'] }}\"]"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed turn_servers --value="[{\"server\":\"{{ parameter_dict['turn-server'] }}\",\"secret\":\"{{ parameter_dict['turn-secret'] }}\",\"protocols\":\"udp,tcp\"}]"
sed -i 's#useCronUpdates\s*=.*#useCronUpdates = false#g' {{ parameter_dict['data-dir'] }}/news/config/config.ini
if [ -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
rm {{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL
fi
\ No newline at end of file
#############
# Redis #
#############
[nc-directory]
recipe = slapos.cookbook:mkdirectory
redis = ${directory:srv}/redis
redis-log = ${directory:log}/redis
data = ${directory:srv}/data
backup = ${directory:backup}/nextcloud
[service-redis]
recipe = slapos.cookbook:redis.server
wrapper = ${directory:services}/redis
promise_wrapper = ${directory:promises}/redis
server_dir = ${nc-directory:redis}
config_file = ${directory:etc}/redis.conf
log_file = ${nc-directory:redis-log}/redis.log
pid_file = ${directory:run}/redis.pid
use_passwd = false
unixsocket = ${:server_dir}/redis.socket
# port = 0 means "don't listen on TCP at all" - listen only on unix socket
ipv6 = ::1
port = 0
server_bin = {{ redis_bin }}
depend =
${logrotate-entry-redis:recipe}
[logrotate-entry-redis]
<= logrotate-entry-base
name = redis
log = ${nc-directory:redis-log}/*.log
frequency = daily
rotate-num = 30
[instance-parameter]
nextcloud = ${:document-root}
admin-user = admin
admin-password = admin
trusted-domain-list =
[${apache-php-configuration:ip}]:${apache-php-configuration:port}
${slap-parameter:instance.trusted-domain-1}
${slap-parameter:instance.trusted-domain-2}
trusted-proxy-list = ${slap-parameter:instance.trusted-proxy-list}
cli-url = ${slap-parameter:instance.cli-url}
data-dir = ${nc-directory:data}
redis-socket = ${service-redis:unixsocket}
#php.ini parameters
php.memory_limit = 512M
php.date.timezone = Europe/Paris
php.upload_max_filesize = 10240M
php.post_max_size = 10240M
php.session.cookie_secure = True
php.max_execution_time = 1800
php.max_input_time = 3600
php.output_buffering = 'Off'
php.max_file_uploads = 100
#SMTP settings
mail.from = ${slap-parameter:instance.mail-from}
mail.domain = ${slap-parameter:instance.mail-domain}
mail.smtpauthtype = ${slap-parameter:instance.mail-smtpauthtype}
mail.smtpauth = ${slap-parameter:instance.mail-smtpauth}
mail.smtpport = ${slap-parameter:instance.mail-smtpport}
mail.smtphost = ${slap-parameter:instance.mail-smtphost}
mail.smtpname = ${slap-parameter:instance.mail-smtpname}
mail.smtppassword = ${slap-parameter:instance.mail-smtppassword}
# Instance configuration
collabora-url = ${slap-parameter:instance.collabora-url}
stun-server = ${slap-parameter:instance.stun-server}
turn-server = ${slap-parameter:instance.turn-server}
turn-secret = ${slap-parameter:instance.turn-secret}
[nextcloud-install.sh]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_install_sh }}
rendered = ${directory:scripts}/nextcloud-install
context =
section parameter_dict instance-parameter
mode = 744
depends =
${service-redis:recipe}
${nextcloud-cron:recipe}
${nextcloud-optimize:recipe}
${nextcloud-apache-httpd:recipe}
${nextcloud-backup-cron:recipe}
${nextcloud-news-updater:recipe}
[nextcloud-apache-httpd]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_apache_httpd }}
rendered = ${directory:apache.d}/nextcloud.conf
context =
section parameter_dict apache-php-configuration
mode = 744
[nextcloud-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud
frequency = */5 * * * *
command = ${php-bin:wrapper-path} -f ${instance-parameter:nextcloud}/cron.php
[nextcloud-optimize-bin]
recipe = collective.recipe.template
input = inline:#!/bin/bash
{{ redis_cli }} -s ${instance-parameter:redis-socket} <<EOF
FLUSHALL
quit
EOF
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan --all
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan-app-data
exit 0
output = ${directory:bin}/nextcloud-optimize
mode = 744
[nextcloud-backup]
recipe = collective.recipe.template
input = inline:#!/bin/bash
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ app:list --output json > ${nc-directory:backup}/app-list.json
cp -r ${instance-parameter:nextcloud}/config ${nc-directory:backup}
exit 0
output = ${directory:bin}/nextcloud-backup