163 lines
6.5 KiB
Fish
163 lines
6.5 KiB
Fish
#!/bin/env fish
|
|
begin
|
|
set -l dir (status dirname)
|
|
set -l turn turn
|
|
set -l domain cloud ""
|
|
set -l service web
|
|
set -l office collabora
|
|
set -l officeDomain office ""
|
|
set -l server $service $domain
|
|
|
|
set -l services \
|
|
$server \
|
|
$office $officeDomain
|
|
|
|
source "$dir/../service.fish"
|
|
|
|
function installSW -V dir -V domain -V service -V turn -V office -V officeDomain
|
|
set -l genPW __generatePW
|
|
|
|
function $genPW -a length
|
|
if [ -z "$length" ]
|
|
set length 32
|
|
end
|
|
|
|
nix-shell -p keepassxc --run "keepassxc-cli generate --length $length"
|
|
end
|
|
|
|
set -l file (mktemp)
|
|
set -l root (getServiceRoot $argv)
|
|
set -l source "$dir/docker-compose.core.yml"
|
|
set -l core "$root/$(basename "$source")"
|
|
set -l domain (getServiceDomain $domain)
|
|
set -l overrides (getServiceOverrides $argv)
|
|
set -l overridesSource "$dir/$(basename "$overrides")"
|
|
set -l turnKey "$(getServiceKey "$turn")"
|
|
set -l portKey "$turnKey.ports[1]"
|
|
set -l officeEnv "$(getServiceKey "$office").environment"
|
|
set -l dbPW ($genPW)
|
|
set -l turnPW ($genPW)
|
|
set -l turnPort
|
|
set -l redisPW ($genPW)
|
|
set -l nextcloudPW ($genPW 64)
|
|
|
|
initializeServiceInstallation $argv
|
|
sudo cp -r "$dir"/{cache.Dockerfile,cloud.Dockerfile,docker-compose.{base,core}.yml,.dockerignore,fpm,nginx,php.ini} "$root"
|
|
|
|
begin
|
|
printf "%s\n" \
|
|
"MYSQL_DATABASE=Nextcloud" \
|
|
"MYSQL_USER=nextcloud" \
|
|
"MYSQL_PASSWORD=$dbPW"
|
|
end | sudo tee "$root/db.env" >/dev/null
|
|
|
|
echo "REDIS_HOST_PASSWORD=$redisPW" | sudo tee "$root/cache.env" >/dev/null
|
|
|
|
begin
|
|
printf "%s\n" \
|
|
"NEXTCLOUD_ADMIN_USER=admin" \
|
|
"NEXTCLOUD_ADMIN_PASSWORD=$nextcloudPW" \
|
|
"NEXTCLOUD_TRUSTED_DOMAINS=$domain" \
|
|
"OVERWRITEPROTOCOL=https" \
|
|
"OVERWRITEHOST=$domain" \
|
|
"OVERWRITECLIURL=https://$domain"
|
|
end | sudo tee "$root/nextcloud.env" >/dev/null
|
|
|
|
PROTO="https" DOMAIN="$domain" begin
|
|
set -l key "$turnKey.command"
|
|
|
|
PW="--static-auth-secret=$turnPW" \
|
|
DOMAIN="--realm=$domain" \
|
|
yq "$key |= . + [env(PW), env(DOMAIN)]" "$overridesSource" |
|
|
DOMAIN=(getServiceDomain $officeDomain) yq "$officeEnv.server_name = env(DOMAIN)" |
|
|
URL="https://$(string escape --style regex "$DOMAIN"):443" yq "$officeEnv.aliasgroup1 = env(URL)" |
|
|
sudo tee "$overrides" >/dev/null
|
|
end
|
|
|
|
installDockerService $argv
|
|
set turnPort (yq (getServicePortKey "$turn") "$overrides" | extractPort)
|
|
set turnPort (yq "$portKey" "$overrides" | mutatePort "$turnPort")
|
|
|
|
cp "$overrides" "$file"
|
|
PORT="$turnPort" yq "$portKey = env(PORT)" "$file" | sudo tee "$overrides" >/dev/null
|
|
rm "$file"
|
|
end
|
|
|
|
function configureSW -V dir
|
|
configureDockerService $argv
|
|
end
|
|
|
|
function getServiceServers -V services
|
|
for i in (seq 1 3 (count $services))
|
|
printf "%s\0" $services[(math $i + 1)] $services[(math $i + 2)]
|
|
end
|
|
end
|
|
|
|
function getServiceLocations -V services -V office -a index
|
|
set -l i (math (math (math $index - 1) / 2 "*" 3) + 1)
|
|
set -l name $services[$i]
|
|
|
|
if [ "$name" != "$office" ]
|
|
printf "%s\0" "$name" / ""
|
|
else
|
|
printf "%s\0" \
|
|
"$name" "^~ /browser" "static files" \
|
|
"$name" "^~ /hosting/discovery" "WOPI discovery URL" \
|
|
"$name" "^~ /hosting/capabilities" Capabilities \
|
|
"$name" "~ ^/cool/(.*)/ws\$" "main websocket" \
|
|
"$name" "~ ^/(c|l)ool" "download, presentation and image upload" \
|
|
"$name" "^~ /cool/adminws" "Admin Console websocket"
|
|
end
|
|
end
|
|
|
|
function getServiceLocationConfig -a domain s location -V service -V office -V flood
|
|
if [ "$s" = "$office" ]
|
|
set -l argv $argv[4..]
|
|
getServiceDefaultProxy $domain $s "$location" --scheme https $argv
|
|
else
|
|
getServiceDefaultProxy $argv
|
|
|
|
if [ "$s" = "$service" ]
|
|
printf "%s\n" \
|
|
"server_tokens off;" \
|
|
"" \
|
|
"client_max_body_size 512M;" \
|
|
"client_body_timeout 300s;" \
|
|
"fastcgi_buffers 64 4K;" \
|
|
"" \
|
|
"# enable gzip but do not remove ETag headers" \
|
|
"gzip on;" \
|
|
"gzip_vary on;" \
|
|
"gzip_comp_level 4;" \
|
|
"gzip_min_length 256;" \
|
|
"gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;" \
|
|
"gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;" \
|
|
"" \
|
|
"# Pagespeed is not supported by Nextcloud, so if your server is built" \
|
|
"# with the `ngx_pagespeed` module, uncomment this line to disable it." \
|
|
"#pagespeed off;" \
|
|
"" \
|
|
"# The settings allows you to optimize the HTTP2 bandwidth." \
|
|
"# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/" \
|
|
"# for tuning hints" \
|
|
"client_body_buffer_size 512k;"
|
|
end
|
|
end
|
|
end
|
|
|
|
function getExtraLocationSettings -a domain s location -V service
|
|
if string match --regex '^(~ \^|\^~ )/cool/(.*)ws\$?$' "$location" >/dev/null
|
|
printf "%s\n" \
|
|
'# Websocket' \
|
|
"proxy_http_version 1.1;" \
|
|
'proxy_set_header Upgrade $http_upgrade;' \
|
|
'proxy_set_header Connection "upgrade";'
|
|
end
|
|
end
|
|
|
|
function getExtraBackupPatterns
|
|
echo "^(cache|db|nextcloud)\.env\$"
|
|
end
|
|
|
|
runInstaller --force $argv
|
|
end
|