pedro/cdist-contrib-pedro-fork
1
0
Fork 0
forked from ungleich-public/cdist-contrib
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'nextcloud' into 'master'

Browse source 
__nextcloud types

See merge request ungleich-public/cdist-contrib!18
This commit is contained in:
fnux 2021-02-10 10:23:29 +01:00
commit 0437d9b9dd
32 changed files with 1913 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
type/__nextcloud/explorer/config Executable file
View file

@ -0,0 +1,29 @@
#!/bin/sh -e
# __nextcloud/explorer/config
# Checks the nextcloud configuration
# Get the installdir
installdir="/$__object_id"
# Check if the tools are available
if [ -d "$installdir" ]; then
cd "$installdir"
# if those files exist, everything should be good
if [ -f "occ" ] && [ -f "config/config.php" ]; then
# Dump out config instead of fuzz every possible option through
# `occ config:system:get`. Or parse through the whole json or
# yaml-like output of `occ config:list system --private`.
#
# shellcheck disable=SC2016 # cause of the php inline code
php -r 'require("lib/private/Config.php"); $config = new OC\Config("config/");
function printv($key, $value) {printf("%s = %s\n", $key, $value);}
foreach($config->getKeys() as $key){
$value = $config->getValue($key);
if(is_array($value)) foreach($value as $n => $in) printv($n."|".$key, $in);
else printv($key, $value);
};'
fi
fi

20
type/__nextcloud/explorer/version Executable file
View file

@ -0,0 +1,20 @@
#!/bin/sh -e
# __nextcloud/explorer/version
# Check the currently installed version. Outputs nothing if nothing found.
# Get the install directory
installdir="/$__object_id"
# Check if the installation directory exists
if [ -d "$installdir" ]; then
cd "$installdir"
# if those files exist, everything should be good
if [ -f "occ" ] && [ -f "version.php" ]; then
# Detect php version with the version file.
# shellcheck disable=SC2016 # cause of the php inline code
php -r 'require("version.php"); print($OC_VersionString);'
fi
fi

257
type/__nextcloud/gencode-remote Executable file
View file

@ -0,0 +1,257 @@
#!/bin/sh -e
# __nextcloud/gencode-remote
# Install if not installed
# Legacy:
# curl -sS -L '$nextcloud_uri' | tar xj --strip-components=1 nextcloud/
# Call the nextcloud occ script as the designed user. Maybe this can be a bit
# more effictive with user switching, but currently the easiest way of doing
# it.
#
# All arguments are directly passed to occ (injection alarm ;-) )
occ() {
# su creates a new shell, so it does not affect the current session
# will not use -q as it supresses errors, too
cat << SHELL
su -s /bin/sh -l "$user" -- -e <<'SU'
cd '$installdir' && php occ --no-warnings --no-interaction --no-ansi $@
SU
SHELL
}
# Turn the maintainer mode on, but print it only once at all.
#
# No arguments.
occ_maintainer_mode_on() {
# Check if this was not already done
if [ "$_maintainer_mode_on" != "yes" ]; then
occ maintenance:mode --on
_maintainer_mode_on="yes"
fi
}
# Print the value of the given configuration.
#
# Arguments:
# 1: the nextcloud configuration name
getparam() {
awk -v FS=" = " -v name="$1" '
function ntostring(n) { ret=""; for(i=n; i<=NF; i++) ret=ret $i (i<NF ? OFS : ""); return ret }
$1 == name { print ntostring(2); }
' "$__object/explorer/config"
}
# Get existing versions
version_is="$( cat "$__object/explorer/version" )"
version_should="$( cat "$__object/parameter/version" )"
# the install directory
installdir="/$__object_id"
tarballdir="$(dirname "$installdir")/.$(basename "$installdir")"
# get used user and group
user="$( cat "$__object/parameter/user" )"
group="$( cat "$__object/parameter/group" )"
# Detect if we can install or upgrade.
# Check if this will be a new installation.
if [ -z "$version_is" ]; then
install="yes"
# Check if upgrades are available. Not do this if it's not wanted by the user.
elif ! [ -f "$__object/parameter/install-only" ]; then
# installation upgrade
if [ "$version_is" != "$version_should" ]; then
upgrade="yes"
fi
fi
# Check if the installation will be upgraded.
# Remove the old folder and replace it with the new one.
if [ "$upgrade" ]; then
cat << REMOTE
chown '$user':'$group' -R '$tarballdir'
REMOTE
# no more changes from the user
occ_maintainer_mode_on
cat << REMOTE
cp -pf '$installdir/config/config.php' '$tarballdir/config/config.php'
mv '$installdir/data' '$tarballdir'
rm -rf '$installdir'
mv '$tarballdir' '$installdir'
REMOTE
# do some maintainer stuff
occ upgrade
# gamble a bit with database maintainer commands
occ db:add-missing-primary-keys
occ db:add-missing-columns
occ db:add-missing-indices
occ db:convert-filecache-bigint
# send upgrade message
printf "upgraded %s to %s\n" "$version_is" "$version_should" >> "$__messages_out"
# Apply some misc to the installation folder.
elif [ "$install" ]; then
# Maintainer mode is not available before installation
# Correct all file permissions of the new installation
cat << REMOTE
chown '$user':'$group' -R '$installdir'
REMOTE
fi
# Check if the nextcloud application needs to be installed.
# This checks the state of the configuration, not of the directory.
#
# shellcheck disable=SC2089 # disabled to write args string
if ! grep -q -F "installed = 1" "$__object/explorer/config"; then
# argument construction
occ_install_args=""
# Error function if value not found
die_err() {
echo "parameter not found but required; can't continue!!" >&2
exit 1
}
# Database setup for mysql and pgsql
db_setup() {
# add type and other database values
occ_install_args="$occ_install_args --database '$1'"
occ_install_args="$occ_install_args --database-host '$(cat "$__object/parameter/database-host" || die_err)'"
occ_install_args="$occ_install_args --database-name '$(cat "$__object/parameter/database-name" || die_err)'"
occ_install_args="$occ_install_args --database-user '$(cat "$__object/parameter/database-user" || die_err)'"
occ_install_args="$occ_install_args --database-pass '$(cat "$__object/parameter/database-password" || die_err)'"
db_prefix="$__object/parameter/database-prefix"
if [ -f "$db_prefix" ]; then
occ_install_args="$occ_install_args --database-table-prefix '$(cat "$db_prefix")'"
fi
}
database_type="$(cat "$__object/parameter/database-type")"
case "$database_type" in
sqlite3)
occ_install_args="$occ_install_args --database sqlite"
;;
mysql)
db_setup mysql
;;
pgsql)
db_setup pgsql
;;
*)
printf "Database type '%s' is unkown!\n" "$database_type" >&2
exit 3
;;
esac
# Admin stuff
occ_install_args="$occ_install_args --admin-pass '$(cat "$__object/parameter/admin-password")'"
admin_user="$__object/parameter/admin-user"
if [ -f "$admin_user" ]; then
occ_install_args="$occ_install_args --admin-user '$(cat "$admin_user")'"
fi
admin_email="$__object/parameter/admin-email"
if [ -f "$admin_email" ]; then
occ_install_args="$occ_install_args --admin-email '$(cat "$admin_email")'"
fi
# Data directory
datadir="$__object/parameter/data-directory"
if [ -f "$datadir" ]; then
occ_install_args="$occ_install_args --data-dir '$(cat "$datadir")'"
fi
# Execute the install command.
# generated parameters will be splited in the remote shell
occ maintenance:install "$occ_install_args"
# send install message
echo installed >> "$__messages_out"
fi
# Handle the config
mkdir "$__object/files"
"$__type/map-conf-changes.sh" > "$__object/files/conf-cmds"
# only print if there are changes listed
if [ -s "$__object/files/conf-cmds" ]; then
# save that we did changes
changes="yes"
occ_maintainer_mode_on
# print change commands incl. the switch of user context
# using -e to abort if the commands failed
printf "su -s /bin/sh -l '%s' -- -e << 'SU'\n" "$user"
printf "cd '%s'\n" "$installdir"
cat "$__object/files/conf-cmds"
printf "SU\n"
fi
# Get the current and future data directory
data_old="$(getparam datadirectory)"
data_new="$(cat "$__object/parameter/data-directory" 2>/dev/null || printf "%s/data" "$installdir")"
# Move if they should be moved. Avoid false positives if $data_old is empty
if [ "$data_old" ] && [ "$data_old" != "$data_new" ]; then
# save that we did changes
changes="yes"
occ_maintainer_mode_on
# Change the configuration variable and then move the folder. This order is
# important if SQLite is used, but the config already corrupted if it can
# not be moved.
occ config:system:set datadirectory --type=string --value "'$data_new'"
cat << REMOTE
cd '$installdir' # only for the users safety
rm -rf '$data_new'
mkdir -p '$(dirname "$data_new")' # if the parent not exists
mv -T '$data_old' '$data_new'
REMOTE
fi
# Print configured message if changes where done to the configuration
if [ "$changes" ]; then
echo configured >> "$__messages_out"
fi
# Check if this is the fist install
if [ "$install" ]; then
# do some convert stuff etc.
# variable accessible from the last $install if-clause
case "$database_type" in
mysql)
# only available for mysql
occ db:convert-mysql-charset
;;
esac
occ db:convert-filecache-bigint
fi
# Disable maintainer mode
if [ "$_maintainer_mode_on" = "yes" ]; then
occ maintenance:mode --off
fi

294
type/__nextcloud/man.rst Normal file
View file

@ -0,0 +1,294 @@
cdist-type__nextcloud(7)
========================
NAME
----
cdist-type__nextcloud - Installs and manages a nextcloud instance
DESCRIPTION
-----------
This type installs, upgrades and configure a nextcloud instance. The object
id is the absolute path for the installation directory. Nextcloud will be
installed unter that directory.
REQUIRED PARAMETERS
-------------------
version
The version that should be installed. If it is already installed and the
installed version lower, it will upgrade nextcloud if ``--install-only`` is
not set.
You get version numbers from the `official changelog
<https://nextcloud.com/changelog/>`_ or from the `GitHub Releases
<https://github.com/nextcloud/server/releases>`_ page. The type will
download the tarball over the official nextcloud website.
The type will never downgrade a nextcloud instance. Rather, it will fail,
as this is a missconfiguration. Downgrades are not recommended and
supported by upstream. Such cases can happen if the nextcloud instance was
upgraded via the built-in nextcloud installer. In such cases, it is
recommended to use the ``--install-only`` option.
admin-password
The administrator password to access the nextcloud instance. Must be given
in plain text. This parameter has no effect if nextcloud will not be
installed.
OPTIONAL PARAMETERS
-------------------
mode
Sets the unix file mode of the nextcloud directory. This is not inherited
to child files or folders. Defaults to `755`.
user
The user which owns the complete nextcloud directory. The php application
should be executed with this user. All nextcloud commands will be executed
with this user. This type will not create the unix user.
The type assumes the default `www-data` user, which is common on Debian
systems. **If you change this option, please do the same with the group
parameter!**
group
The group all files and folders of the nextcloud installation should have.
Defaults to `www-data`. Should be changed with ``--user``.
BOOLEAN PARAMETERS
------------------
install-only
Skips all nextcloud upgrades done by this type. Should be used when
nextcloud upgrades are (*exclusively*) done via the built-in updater.
NEXTCLOUD CONFIG PARAMETERS
---------------------------
host
All hostnames where the the users can log into nextcloud. If you access
nextcloud via a hostname not given to this list, the access fails. This
parameter can be set multiple times.
admin-user
The username of the administrative user which will be created while the
installation. If not set, nextcloud defaults to "admin". This parameter has
no effect if nextcloud will not be installed.
admin-email
The email address of the administrative user. This parameter has no effect
if nextcloud will not be installed.
data-directory
This will set or change the data directory where nextcloud will keep all
its data, including the SQLite database if any. By default, it will be
saved in the ``data`` directory below the nextcloud directory.
If this directory change, this type will move the old location to the new
one to preserve all data. This is not supported by upstream, as some apps
may not handle this.
database-type
Sets the type of database that should be used as backend. Possible backends
are:
SQLite
Use ``sqlite3`` as value. Saves everything in a database file
stored in the data directory. It is only recommended for very small
installations or test environments from upstream.
*All further database options are ignored if SQLite is selected as
database backend.*
MariaDB
Use ``mysql`` as value. MariaDB and MySQL are threated the same
way. They are the recommended database backends recommended from
upstream.
PostgreSQL
Use ``pgsql`` as value.
**This parameter defaults to the SQLite database backend, as it is the
simplest one to setup and do not require extra parameters.**
If this parameter change, the type will migrate to the new database type.
It will not work for SQLite because the upstream migration script does not
support it. **Be aware that migrations take there time, plan at minimum
40 seconds of migration for a stock installation.**
database-host
The database host to connect to. Possible are hostnames, ip addresses or
UNIX sockets. UNIX sockets must set in the format of
``localhost:/path/to/socket``. If an non-standard port is used, set it
after the hostname or ip address seperated by an colon (``:``). If this
value is not set, nextcloud defaults to the value ``localhost``.
This type will not migrate data if the type does not change. You must do
this manually by setting the maintainer mode (to avoid data changes) and
then cloning the database to the new destination. After that, run cdist to
apply the config changes. It should automaticly remove the maintainer mode.
database-name
The name of the database to connect to. Required if MariaDB or PostgreSQL
is used.
database-user
The username to access the database. Required if MariaDB or PostgreSQL is
used.
database-password
The password required to authorize the given user. Required if MariaDB or
PostgreSQL is used.
database-prefix
The table prefix used by nextcloud. If nothing set, nextcloud defaults to
``oc_``.
MESSAGES
--------
installed
Nextcloud was successfully installed.
upgraded $old to $new
The nextcloud version was upgraded from `$old` to `$new`.
configured
Nextcloud configuration was changed.
ABORTS
------
Aborts in the following cases:
The current installed version is greather than the version that should be
installed. See the parameter description of `--version` for detailed
information. The problem can be fixed by bumping the version value to at least
the version that is currently installed or use the parameter `--install-only`.
It may abort if the data directory can not be moved correctly. Then, the
nextcloud configuration is broken and must be resolved manually: Move the data
directory to the correct location or change the configuration to point to the
old destination and retry.
It aborts if it should migrate to a SQLite database. This will be done before
the upstream migration script is executed, as it would throw the same error.
The explorers will abort if they found a valid nextcloud installation, but no
installed `php`. Currently, this is intended behaviour, because it can not
safely get the current nextcloud version, also do not get the nextcloud
configuration. For more information, see the *NOTES section*.
EXAMPLES
--------
.. code-block:: sh
# minimal nextcloud installation with sqlite and other defaults
# please only use sqlite for minimal or test installations as recommend :)
__nextcloud /var/www/html/nextcloud --version 20.0.0 \
--admin-password "iaminsecure" \
--host localhost --host nextcloud
# installation under the webroot
__nextcloud /var/www/html/ --version 20.0.0
--admin-password "notthatsecure" --host mycloud.example.com
# more extensive configuration
__nextcloud /var/www/cloud --version 20.0.0 --admin-password "iaminsecure" \
--host localhost --host nextcloud --host 192.168.1.67 \
--data-directory /var/lib/nextcloud/what \
--database-type mysql --database-host "localhost" --database-name "nextcloud" \
--database-user "test" --database-password "not-a-good-password"
NOTES
-----
This cdist type does not cover all configuration options that nextcloud offer.
If you need more configuration options for nextcloud, you are welcome to extend
this type and contribute it upstream!
- `Nextcloud configuration reference
<https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html>`_
Currently, the state of this object is always `present`. So it will always be
installed without the option to uninstall it again (`absent`). This was done
because it will not be a common demand to uninstall nextcloud again. If you
need to toggle the state, you are welcome to contirbute!
Parameters given for the admin user which will be set up at installation time
(`--admin-*` ones) are not applied if nextcloud will not be installed.
Therefor, parameter changes are not applied to the installation. Currently not
implemented - but possible - is to use the type
:strong:`cdist-type__nextcloud_user`\ (7) to do all the later work.
Database migration is only partly supported if the database will be changed to
``mysql`` or ``pgsql``, because it is supported by an upstream script. You are
welcome to extend this type for database migrations between the same database
type. For an implementation, you may use shell utilites like ``mysqldump(1)``
(be aware that this may not already be installed) or use the already installed
php code to migrate.
The type will abort if a valid nextcloud directory already exists in the
explorer execution, but no `php` exists to explore the setup. Therefor, the
manifest could not install `php` yet. This is not the case for a new
installation, as there does not exist a nextcloud directory with a valid
structure. While some code could be skipped and the other replaced with `awk`
with something like
``awk '$1 == "$OC_VersionString" {gsub(/['\'';]/, "", $3); print $3}' version.php``,
it is not handled for the following cases:
1. This case should not happen very often.
2. Maybe because of ``libapache2-mod-php`` or ``php-fpm``, `php` already
exists for the cli.
3. While the `awk` replacement for the version is just a bit worser, it would
bring stable results, while it would be more difficult to dump out the
configuration without custom `php` or the help from ``php occ``. Therefor,
it would make false assumptions like it want to install nextcloud again,
do not delete configuration options and set all available nextcloud options
that are available through this type.
If the nextcloud installation does not work and you stuck in a plaintext error
screen, try to restart your Apache WWW server first! This type will install all
php dependencies, but there are not recognised by the server-internal php
environment. This can happen after a database migration between different
database types, as it installs the database module only when it is required.
If the tarball needs to be downloaded, it will be directly downloaded into the
directory ``/tmp`` and will be unpacked to the destination for an installation
or to the same directory but prefixed with a dot for an update. It will
download it into the temp directory because it does not find a better location.
In legacy, it was downloaded to the parent directory, but this may not the best
location as the installation dir can be everywhere.
This type does not garantee to always show the maintenance mode screen because
nextcloud does not show it in every case:
1. For fresh installations, the maintenance mode can not be set.
2. While upgrades starting at version 20, the user is promted to execute the
update manually via the webinterface instead of the maintenance screen.
It is recommended to show an own maintanance screen via the webserver if this
is critical for you.
SEE ALSO
--------
`Nextcloud documentation <https://docs.nextcloud.com/server/latest/admin_manual/index.html>`_
:strong:`cdist-type__nextcloud_user`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
---------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

134
type/__nextcloud/manifest Executable file
View file

@ -0,0 +1,134 @@
#!/bin/sh -e
# __nextcloud/manifest
# Version compare function original from __sensible_editor
#
# Arguments:
# 1: version of which $2 should be checked against
# 2: version which should be bigger than or equal with $1
#
# Return code:
# 0: $1 is bigger than $2
# 1-n: $1 is smaller than or equal $2
version_ge() {
printf "%s" "$1" | awk -F '[^0-9.]' -v target="$2" '
function max(x, y) { return x > y ? x : y }
BEGIN {
getline
nx = split($1, x, ".")
ny = split(target, y, ".")
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i])
if (diff == 0) continue
exit (diff < 0)
}
exit 1
}'; return $?
}
# Check support status
os="$(cat "$__global/explorer/os")"
case "$os" in
debian|ubuntu)
# PHP main
__package php-cli
# to unpack the package
__package bzip2
# install misc packages for nextcloud
__package ffmpeg
# PHP modules
for package in php-gd php-json php-mysql php-curl php-mbstring php-intl \
php-imagick php-xml php-zip php-bz2 php-bcmath php-gmp
do
require="__package/php-cli" __package $package
done
# check support database additions (but don't remove junk of old ones)
case "$(cat "$__object/parameter/database-type")" in
sqlite|sqlite3)
__package php-sqlite3
;;
mysql|mariadb)
__package php-mysql
;;
pgsql|postgres|postgresql)
__package php-pgsql
;;
esac
;;
# unkown distro - what to install?
*)
printf "unkown %s, don't know what to install ..\n" "$os" >&2
echo "checkout the __nextcloud/manifest to contribute a working package list" >&2
exit 1
;;
esac
# Get the user and group
mode="$(cat "$__object/parameter/mode")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
# Get the installation directory
installdir="/$__object_id"
# Set permissions after the nextcloud installation/upgrade is done
# FIXME maybe less strict if some parameter is not given by the user?
# permissions also partily set via the gencode-remote
require="__nextcloud/$__object_id" __directory "$installdir" \
--mode "$mode" --owner "$user" --group "$group"
# Get version information
version_is="$( cat "$__object/explorer/version" )"
version_should="$( cat "$__object/parameter/version" )"
# The version URI
nextcloud_uri="https://download.nextcloud.com/server/releases/nextcloud-${version_should}.tar.bz2"
nextcloud_sum="${nextcloud_uri}.sha256"
# Check if there is a current installation. It depends where the upstream
# tarball should be unpacked (directly or moved in a later stage).
if [ "$version_is" ]; then
# Only set and check the version if a upgrade is allowed.
# if this block will be skipped, no upgrade will be done
if ! [ -f "$__object/parameter/install-only" ]; then
# Block downgrades as there are may caused from the automatic upgrader
# if the current version is higher than the version that should be installed
if version_ge "$version_is" "$version_should"; then
# it's an error if the current version is higher than the one that should be installed
printf "The current nextcloud version '%s' is higher than the version that should be installed (%s)\n" \
"$version_is" "$version_should" >&2
printf "Please bump the nextcloud version to '%s' or higher!\n" "$version_is" >&2
exit 2
fi
# Set destination to a temporary directory
destination="$(dirname "$installdir")/.$(basename "$installdir")"
fi
else
# Set destination to the real destination
destination="$installdir"
fi
# Install/Upgrade the nextcloud version if there is a destination set.
# it checks if it is necessary and intended to upgrade
if [ "$destination" ] && [ "$version_is" != "$version_should" ]; then
# download it to the tmp directory
# FIXME --sum is currently rather a hack, see cdist#844
__download "/tmp/nextcloud-${version_should}.tar.bz2" \
--url "$nextcloud_uri" \
--sum "sha256:$(curl -sS -L "$nextcloud_sum" | awk '{print $1}')"
# after this, unpack it from /tmp to $destination
require="__download/tmp/nextcloud-${version_should}.tar.bz2" \
__unpack "/tmp/nextcloud-${version_should}.tar.bz2" \
--tar-strip 1 \
--destination "$destination"
fi

316
type/__nextcloud/map-conf-changes.sh Executable file
View file

@ -0,0 +1,316 @@
#!/bin/sh -e
# __nextcloud/map-conf-changes.sh
# The environment variable "$install" should be set if nextcloud was installed
# now. This changes the behaviour to not trust gathered values from the
# explorer.
# Print the value of the given configuration.
#
# Arguments:
# 1: the nextcloud configuration name
#
# Returns with a unsuccessful return code if no parameter found.
getparam() {
awk -v FS=" = " -v name="$1" '
function ntostring(n) { ret=""; for(i=n; i<=NF; i++) ret=ret $i (i<NF ? OFS : ""); return ret }
$1 == name { print ntostring(2); success = 1 }
END { if(!success) exit 4 }
' "$__object/explorer/config"
return $?
}
# Test if the value exists as given.
#
# Arguments:
# 1: The nextcloud config name
# 2: The value that should be set
#
# Return code:
# 0: value exactly matched
# 1: value not matched or do not exist
testparam() {
# short-circuit after installation; the explorer may not be valid
if [ "$install" ]; then return 1; fi
if grep -q -Fx "$1 = $2" "$__object/explorer/config"; then
return 0
else
return 1
fi
}
# Test if the parameter is somehow set.
#
# Arguments:
# 1: The nextcloud config name
#
# Return code:
# 0: param exists
# 1: param not found
paramexist() {
# short-circuit after installation; the explorer may not be valid
if [ "$install" ]; then return 0; fi
if grep -q "^$1 = " "$__object/explorer/config"; then
return 0
else
return 1
fi
}
# Base for the basic function types.
#
# Arguments:
# 1: cdist type parameter name
# 2: nextcloud config name
# 3: conditially mandatory argument, value "required" if true
# 4: occ printf pattern to set the value
# 5: "installation" default value, can be used to backup the user value
conf_base() {
if [ -f "$__object/parameter/$1" ] || [ "$5" ]; then
value="$(cat "$__object/parameter/$1" || printf "%s" "$5")"
if ! testparam "$2" "$value"; then
# set it because it does not exist
# shellcheck disable=SC2059 # $4 contains patterns
printf "php occ config:system:$4\n" "$2" "$value"
fi
else
if [ "$3" = "required" ]; then
# error because the parameter should be set
printf "Parameter '%s' not set by user, but required!\n" "$1" >&2
exit 4
fi
if paramexist "$2"; then
# remove it because it exists
printf "php occ config:system:delete '%s'\n" "$2"
fi
fi
}
# Set's the cdist parameter value to nextcloud as specific value.
#
# Arguments:
# 1: cdist type parameter name
# 2: nextcloud config name
# 3: conditional mandatory of this parameter; value "required" if true
# 4: default value; will be used if parameter is absent
conf_string() {
conf_base "$1" "$2" "$3" "set '%s' --type=string --value='%s'" "$4"
}
conf_number() {
conf_base "$1" "$2" "$3" "set '%s' --type=integer --value='%s'" "$4"
}
conf_decimal() {
conf_base "$1" "$2" "$3" "set '%s' --type=double --value='%s'" "$4"
}
# Sets the nextcloud configuration option after a boolean cdist parameter.
#
# Arguments:
# 1: cdist type parameter name
# 2: nextcloud config name
conf_boolean() {
# map parameter to a php boolean (are outputted as 0 or 1)
if [ -f "$__object/parameter/$1" ]; then
testval="1"
value="true"
else
testval="0"
value="false"
fi
if ! testparam "$2" "$testval"; then
# set it if does not already exist
printf "php occ config:system:set '%s' --type=boolean --value=%s\n" "$2" "$value"
fi
}
# Corrects the array after all values given by the parameter. Values not given
# to this type will be removed.
#
# Arguments:
# 1: cdist type parameter name
# 2: nextcloud config name
# 3: conditional mandatory of this parameter; value "required" if true
# FIXME currently no default value due to complexity of arrays
conf_array() {
if [ -f "$__object/parameter/$1" ]; then
# reset array if installation is fresh
if [ "$install" ]; then
# just remove everything, because we don't know it
printf "php occ config:system:delete '%s' || true\n" "$2"
# counter is zero for sure
counter=0
# else, default behaviour of the array
else
# save counter of the next free index
# shellcheck disable=SC1004 # the \ is required for awk
counter=$( awk -v FS=" = " -v name="$2" '
BEGIN { counter = 0 }
split($1, header, "|") == 2 && header[1] ~ /^[[:digit:]]+$/ && header[2] == name \
{ if(counter < header[1]) counter = header[1] }
END { print counter + 1 }
' "$__object/explorer/config"
)
# create a file which contains all lines not already resolved by this function
_dir="$__object/files/conf-arrays"
mkdir -p "$_dir"
grep "^[[:digit:]]*|$2 = " "$__object/explorer/config" > "$_dir/$2" || true # ignore not found
fi
# iterate through every value
while read -r value; do
# check every value if he exists
if ! grep -q "^[[:digit:]]*|$2 = $value$" "$__object/explorer/config"; then
# add this value
printf "php occ config:system:set '%s' '%s' --type=string --value='%s'\n" \
"$2" "$(( counter ))" "$value"
counter=$(( counter + 1 ))
fi
if [ -z "$install" ]; then
# removes it from the list of unhandled values
grep -v "^[[:digit:]]*|$2 = $value$" "$_dir/$2" > "$_dir/$2_tmp" || true # ignore not found
mv "$_dir/$2_tmp" "$_dir/$2" # because we can't do `cat foo > foo`
fi
done < "$__object/parameter/$1"
if [ -z "$install" ]; then
# interate through the leftover values
# remove them, as they should not exist (at least can be)
#
# shellcheck disable=SC2034 # $equal left for readability
while read -r start equal value; do
# remove those specific elements from the array
printf "php occ config:system:delete '%s' '%s' --error-if-not-exists\n" \
"$2" "$( printf "%s" "$start" | awk -F'|' '{print $1}' )"
done < "$_dir/$2"
fi
else
if [ "$3" = "required" ]; then
# error because the parameter should be set
printf "Parameter '%s' not set by user, but required!\n" "$1" >&2
exit 4
fi
# remove everything because we don't know which was set by the user
if paramexist "$2"; then
# remove the whole array
printf "php occ config:system:delete '%s'\n" "$2"
fi
fi
}
# Migrate the database to a new database type
#
# Arguments:
# 1: the database type to convert to
migrate_db() {
# from argument
database_type="$1"
# hostname, database, username and password
database_host="$(cat "$__object/parameter/database-host" 2>/dev/null || printf "localhost")"
database_name="$(cat "$__object/parameter/database-name")"
database_user="$(cat "$__object/parameter/database-user")"
database_pass="$(cat "$__object/parameter/database-password")"
# Extract the port from the host
# this is required for pgsql, but mysql can do it itself, too
if printf "%s" "$database_host" | grep -q ":[[:digit:]]\+$"; then
# extract the last part, which is the port number
database_port="${database_host##*:}"
else
# set default port because the tool can not do this for pgsql
# it looks like mysql get struggles, too
case "$database_type" in
mysql)
database_port=3306
;;
pgsql)
database_port=5432
;;
esac
# Correct this value to the value set by the parameter
# this will prevent codegen in the run after the migration
correct_standard_port="yes"
fi
# print out the correct command
printf "php occ db:convert-type --no-interaction --no-ansi --clear-schema --all-apps \
'%s' '%s' --password '%s' '%s' --port '%u' '%s'\n" \
"$database_type" "$database_user" "$database_pass" "$database_host" "$database_port" "$database_name"
printf "php occ maintenance:mode --on\n" # was disabled by database convertion
# Correct the database host value if it was not correctly set by the migration script
if [ "$correct_standard_port" = "yes" ]; then
printf "php occ config:system:set '%s' --type=string --value '%s'\n" "dbhost" "$database_host"
fi
}
# Set the install variable if nextcloud was not installed before this type.
if ! testparam installed 1; then
install="yes"
fi
# Map all parameters
# Generate the config changes
# misc
conf_array host trusted_domains
# If already set via the installer, we don't need to do this
# set default values from the nextcloud installer to do not override them
if [ -z "$install" ]; then
# Database to check if the type changed
# use the current type if no old type found to match instead of migrate
database_type="$(cat "$__object/parameter/database-type")"
old_db_type="$(getparam dbtype || printf "%s" "$database_type")"
case "$database_type" in
sqlite3)
if [ "$old_db_type" != "sqlite3" ]; then
echo "Migrating to a SQLite database is not supported by upstream!" >&2
echo "Do it manually or reinstall nextcloud .." >&2
exit 1
fi
conf_string database-type dbtype
;;
mysql|pgsql)
if [ "$old_db_type" != "$database_type" ]; then
# the migration will change all database parameters itself
migrate_db "$database_type"
else
# no change of dbtype cause it will cause a migration
conf_string database-host dbhost installdef "localhost"
conf_string database-name dbname required
conf_string database-user dbuser required
conf_string database-password dbpassword required
fi
# It may not be a good idea to change this parameter, but do what
# the user want to do.
conf_string database-prefix dbtableprefix
;;
*)
printf "Databasetype '%s' is unkown!\n" "$database_type" >&2
exit 3
;;
esac
# data-dir is handled in the gencode-remote
#conf_string data-directory datadirectory installdef "/$__object_id/data"
fi

1
type/__nextcloud/parameter/boolean Normal file
View file

@ -0,0 +1 @@
install-only

1
type/__nextcloud/parameter/default/database-type Normal file
View file

@ -0,0 +1 @@
sqlite3

1
type/__nextcloud/parameter/default/group Normal file
View file

@ -0,0 +1 @@
www-data

1
type/__nextcloud/parameter/default/mode Normal file
View file

@ -0,0 +1 @@
755

1
type/__nextcloud/parameter/default/user Normal file
View file

@ -0,0 +1 @@
www-data

12
type/__nextcloud/parameter/optional Normal file
View file

@ -0,0 +1,12 @@
mode
user
group
database-type
database-host
database-name
database-user
database-password
database-prefix
admin-user
admin-email
data-directory

1
type/__nextcloud/parameter/optional_multiple Normal file
View file

@ -0,0 +1 @@
host

2
type/__nextcloud/parameter/required Normal file
View file

@ -0,0 +1,2 @@
version
admin-password

38
type/__nextcloud_app/explorer/state Executable file
View file

@ -0,0 +1,38 @@
#!/bin/sh -e
# __nextcloud_app/explorer/state
# Outputs the current state of the app. There are:
# - `enabled` if the app is enabled
# - `disabled` if the app is disabled
# - `absent` if the app does not exist
# - nothing if nextcloud is not installed
# Get the app id
appid="$__object/parameter/appid"
if [ -f "$appid" ]; then
appid="$(cat "$appid")"
else
appid="$__object_id"
fi
# Get the installation directory
cloud="$(cat "$__object/parameter/cloud")"
www_user="$(cat "$__object/parameter/www-user")"
# Check if the installation directory exists
if [ -d "$cloud" ]; then
# if those files exist, everything should be fine
if [ -f "$cloud/occ" ] && [ -f "$cloud/config/config.php" ]; then
# Check if the app exists in the correct user context
su -s /bin/sh -l "$www_user" -- -e <<SU
cd '$cloud'
# Output all apps and search in which category it is
php occ --no-warnings --no-interaction --no-ansi --output=plain app:list \
| awk '\$0 == "Enabled:"{state="enabled"} \$0 == "Disabled:"{state="disabled"}
/^ - ${appid}:?/{found=1; print state; exit} END{if(!found) print "absent"}'
SU
fi
fi

85
type/__nextcloud_app/gencode-remote Executable file
View file

@ -0,0 +1,85 @@
#!/bin/sh -e
# __nextcloud_app/gencode-remote
# Handles a nextcloud app.
# Call the nextcloud occ script as the intended user. Maybe this can be a bit
# more effictive with user switching, but currently the easiest way of doing
# it.
#
# All arguments are directly passed to occ (injection alarm ;-) )
occ() {
# su creates a new shell, so it does not affect the current session
# will not use -q as it supresses errors, too
cat << SHELL
su -s /bin/sh -l "$www_user" -- -e <<'SU'
cd '$cloud' && php occ --no-warnings --no-interaction --no-ansi $@
SU
SHELL
}
# Get the app id
appid="$__object/parameter/appid"
if [ -f "$appid" ]; then
appid="$(cat "$appid")"
else
appid="$__object_id"
fi
# Get the app state
state_is="$(cat "$__object/explorer/state")"
state_should="$(cat "$__object/parameter/state")"
# Get general parameters
cloud="$(cat "$__object/parameter/cloud")"
www_user="$(cat "$__object/parameter/www-user")"
# Abort if nextcloud is not installed
if [ -z "$state_is" ]; then
printf "No nextcloud installation could be detected in '%s' ..\n" "$cloud" >&2
echo "Use the type __nextcloud to ensure the installation and mark it as dependency for this type!" >&2
exit 2
fi
# Check if the state changes
if [ "$state_is" != "$state_should" ]; then
# check what to do
case "$state_should" in
enabled)
if [ "$state_is" = "disabled" ]; then
occ app:enable "'$appid'"
echo enabled >> "$__messages_out"
else
occ app:install "'$appid'"
echo installed >> "$__messages_out"
fi
;;
disabled)
if [ "$state_is" = "absent" ]; then
occ app:install --keep-disabled "'$appid'"
echo installed >> "$__messages_out"
else
occ app:disable "'$appid'"
echo disabled >> "$__messages_out"
fi
;;
present)
if [ "$state_is" = "absent" ]; then
occ app:install "'$appid'"
echo installed >> "$__messages_out"
fi
# else, everything is ok
;;
absent)
occ app:remove "'$appid'"
echo removed >> "$__messages_out"
;;
esac
fi

138
type/__nextcloud_app/man.rst Normal file
View file

@ -0,0 +1,138 @@
cdist-type__nextcloud_app(7)
============================
NAME
----
cdist-type__nextcloud_app - Managese a Nextcloud app installation
DESCRIPTION
-----------
This types manages an app for a Nextcloud installation. For now, you can only
(un-)install or enable/disable an app.
The object id is the appid of the app which will be managed by this type. It
will be overwritten by the parameter `--appid`. See this parameter for more
information about the appid.
REQUIRED PARAMETERS
-------------------
cloud
The absolute path of the Nextcloud installation.
OPTIONAL PARAMETERS
-------------------
state
The state of the app. Can be the following:
present *(default)*
The app is installed.
enabled
The app is installed and enabled.
disabled
The app is installed, but disabled.
absent
The app is not installed.
appid
The appid is the uniquie identifier for an app in the Nextcloud app store.
It is required to know which app should be installed, which is expressed
via the appid. Apps who are shipped by the installation can not be removed.
Doing this will throw an error at exeuction time.
To find the appid, you must select the app in the Nextcloud app menu or on
the app page in the Nextcloud app store. Then, examine the URL and use the
lastest part (e.g. "the filename") as appid.
www-user
The unix user which will be used to execute Nextcloud related stuff. You
should always use the same user for all Nextcloud interactions, for the
webserver and cli execution. As default, `www-data` will be used.
MESSAGES
--------
installed
The app was installed.
enabled
The app is already installed and was enabled.
disabled
The app is already installed and was disabled.
removed
The app was removed.
EXAMPLES
--------
.. code-block:: sh
# Nextcloud base installation
__nextcloud /var/www/html/cloud $args
# install the music app
require="__nextcloud/var/www/html/cloud" __nextcloud_app music \
--cloud /var/www/html/cloud/ --state enabled
# enable a shipped app (already installed)
require="__nextcloud/var/www/html/cloud" __nextcloud_app files_external \
--cloud /var/www/html/cloud/ --state enabled
# remove some app
require="__nextcloud/var/www/html/cloud" __nextcloud_app drawio \
--cloud /var/www/html/cloud/ --state absent
# Different cloud
__nextcloud /var/www/html/nextcloud $args
# but same app name
require="__nextcloud/var/www/html/nextcloud" __nextcloud_user next_music \
--cloud /var/www/html/nextcloud/ --appid music
NOTES
-----
Currently, it manages just if the app is installed and enabled. Further
implementation is possible, but not done yet. This contains the management of
the app settings (via ``occ config:app:*``) and further finetuning to the
possibilities of installation and enablement (force-enable an app or restrict
enablement only to some groups).
Special app settings could also be written as a new type which completly
handles this one app with all configuration options.
Upgrading an Nextcloud app may be possible, but not the scope of this type.
Also, the upgrade can not be done to a given version, which results that this
type will loose the control over the state of the app. Installing the app
manually or hooking into the Nextcloud code is too unsafe and complex, in
addition it will be used rarely. Most admins would propably just update the app
via the web interface.
SEE ALSO
--------
`Nextcloud app store <https://apps.nextcloud.com/>`_
:strong:`cdist-type__nextcloud`\ (7)
:strong:`cdist-type__nextcloud_user`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher.
You can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

1
type/__nextcloud_app/parameter/default/state Normal file
View file

@ -0,0 +1 @@
present

1
type/__nextcloud_app/parameter/default/www-user Normal file
View file

@ -0,0 +1 @@
www-data

3
type/__nextcloud_app/parameter/optional Normal file
View file

@ -0,0 +1,3 @@
state
appid
www-user

1
type/__nextcloud_app/parameter/required Normal file
View file

@ -0,0 +1 @@
cloud

49
type/__nextcloud_user/explorer/password Executable file
View file

@ -0,0 +1,49 @@
#!/bin/sh
# __nextcloud/explorer/password
# Checks if the given password is working by hacking somehow into the nextcloud
# php libary.
#
# Outputs:
# - "noop" if no password given as parameter
# - "matched" if the given parameter matched the password
# - "mismatched" if the given parameter did not matched
# - "" if no nextcloud directory could be detected
# Check if the password exists, else this is nonsense
password="$__object/parameter/password"
if [ -f "$password" ]; then
password="$(cat "$password")"
else
# no password to compare - it's managed by someone other
echo noop
exit
fi
# Get parameters
user="$__object/parameter/user"
if [ -f "$user" ]; then
user="$(cat "$user")"
else
user="$__object_id"
fi
cloud="$(cat "$__object/parameter/cloud")"
www_user="$(cat "$__object/parameter/www-user")"
# Check if there exists the installation
if [ -d "$cloud" ]; then
# if those files exist, everything should be good
if [ -f "$cloud/occ" ] && [ -f "$cloud/config/config.php" ]; then
# Output the information from the custom php
# change the user to be on the safe side if something is written
su -s /bin/sh -l "$www_user" -- -e <<SU
cd '$cloud'
pw='$password' \
php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
print(\\OC::\$server->getUserSession()->getManager()->checkPasswordNoLogging("$user", getenv("pw")) ? "matched" : "mismatched");'
SU
fi
fi

45
type/__nextcloud_user/explorer/user Executable file
View file

@ -0,0 +1,45 @@
#!/bin/sh -e
# __nextcloud_user/explorer/user
# Outputs the raw nextcloud command output of the given user.
#
# The output is extended by the following fields (in the same syntax):
# 1. quota_param which outputs the real quota value instead of resolved values
# Parameters
user="$__object/parameter/user"
if [ -f "$user" ]; then
user="$(cat "$user")"
else
user="$__object_id"
fi
cloud="$(cat "$__object/parameter/cloud")"
www_user="$(cat "$__object/parameter/www-user")"
# Check if there exists the installation
if [ -d "$cloud" ]; then
# if those files exist, everything should be good
if [ -f "$cloud/occ" ] && [ -f "$cloud/config/config.php" ]; then
# Content could be gathered through php code directly, too. This can
# be done if more parameters are required than user:info will output
# or if there will be too much fuzz in the output.
# Output the information of the user
# type will abort if explorer is empty, not if occ aborts
su -s /bin/sh -l "$www_user" -- -e <<SU
cd '$cloud'
# Check if the user exists before the later command will produce an error
if php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
exit(\\OC::\$server->getUserSession()->getManager()->userExists("$user") ? 0 : 1);'
then
php occ --no-warnings --no-interaction --no-ansi --output=plain user:info '$user'
# also output the quota parameter
printf " - quota_param: %s\n" \
"\$(php occ --no-warnings --no-interaction --no-ansi user:setting '$user' files quota)"
fi
SU
fi
fi

249
type/__nextcloud_user/gencode-remote Executable file
View file

@ -0,0 +1,249 @@
#!/bin/sh -e
# __nextcloud_user/gencode-remote
# Call the nextcloud occ script as the designed user. Maybe this can be a bit
# more effictive with user switching, but currently the easiest way of doing
# it.
#
# All arguments are directly passed to occ (injection alarm ;-) )
occ() {
# su creates a new shell, so it does not affect the current session
# will not use -q as it supresses errors, too
cat << SHELL
su -s /bin/sh -l "$www_user" -- -e <<'SU'
cd '$cloud' && php occ --no-warnings --no-interaction --no-ansi $@
SU
SHELL
}
# Creates the output for the nextcloud command to create a user. Takes all
# required parameters from existing variables.
occ_create() {
cat <<SHELL
su -s /bin/sh -l "$www_user" -- -e <<SU
cd '$cloud'
SHELL
create_args=""
if [ -f "$__object/parameter/password" ]; then
printf "export OC_PASS='%s'\n" "$(cat "$__object/parameter/password")"
create_args="$create_args --password-from-env"
fi
if [ -f "$__object/parameter/displayname" ]; then
create_args="$create_args --display-name '$(cat "$__object/parameter/displayname")'"
fi
# groups
if [ -f "$__object/parameter/group" ]; then
while read -r GROUP; do
create_args="$create_args --group '$GROUP'"
done < "$__object/parameter/group"
fi
cat <<SHELL
php occ --no-interaction --no-ansi user:add $create_args -- '$user'
SU
SHELL
# add email if set - not doable via the create command
if [ -f "$__object/parameter/email" ]; then
occ user:setting -- "'$user'" settings email "'$(cat "$__object/parameter/email")'"
fi
# add the set quota - the default value don't hurt if it's explicitly set
occ user:setting -- "'$user'" files quota "'$(cat "$__object/parameter/quota")'"
# save that use user will be created and no further steps are required
ignore_config="yes"
}
# Checks if the key-value exists on the remote side. Only matches first-level
# parameters; not checking deeper levers.
#
# Arguments:
# 1: the key
# 2: the value
#
# Return-Code:
# 0: matched the key-value
# 1: not matched
match_param() {
# first level intend two spaces
if grep -q -Fx " - $1: $2" "$__object/explorer/user"; then
return 0
else
return 1
fi
}
# Get parameters
user="$__object/parameter/user"
if [ -f "$user" ]; then
user="$(cat "$user")"
else
user="$__object_id"
fi
if [ -s "$__object/explorer/user" ]; then
if match_param enabled true; then
state_is="enabled"
else
state_is="disabled"
fi
else
state_is="absent"
fi
state_should="$(cat "$__object/parameter/state")"
cloud="$(cat "$__object/parameter/cloud")"
www_user="$(cat "$__object/parameter/www-user")"
# Check if the state changes
if [ "$state_is" != "$state_should" ]; then
# check what to do
case "$state_should" in
enabled)
if [ "$state_is" = "disabled" ]; then
occ user:enable "'$user'"
echo enabled >> "$__messages_out"
else
occ_create
echo created >> "$__messages_out"
fi
;;
disabled)
if [ "$state_is" = "absent" ]; then
occ_create
echo created >> "$__messages_out"
fi
occ user:disable "'$user'"
echo disabled >> "$__messages_out"
;;
present)
if [ "$state_is" = "absent" ]; then
occ_create
echo created >> "$__messages_out"
fi
# else, everything is ok
;;
absent)
occ user:delete "'$user'"
echo removed >> "$__messages_out"
;;
esac
fi
# Check if the user should not be modified further from the initial setup.
if [ -f "$__object/parameter/only-setup" ]; then
ignore_config="yes"
fi
# Check if some user configuration should be changed
# do not run this code if the user will be created in the previous code
if [ "$state_should" != "absent" ] && [ "$ignore_config" != "yes" ]; then
if ! [ -f "$__object/parameter/keep-displayname" ]; then
# Check if the display name is correct if someone is set
if [ -f "$__object/parameter/displayname" ]; then
displayname="$(cat "$__object/parameter/displayname")"
if ! match_param display_name "$displayname"; then
cat <<SHELL
su -s /bin/sh -l "$www_user" -- -e <<'SU'
cd '$cloud'
php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
\\OC::\$server->getUserSession()->getManager()->get("$user")->setDisplayName("$displayname")
or print("Couldn'\''t modify $user display name! Maybe unsupported or already set ..".PHP_EOL)
and die(1);'
SU
SHELL
fi
fi
# the display name can not be unset
fi
if ! [ -f "$__object/paramter/keep-email" ]; then
# Check if the email address is correct
if [ -f "$__object/parameter/email" ]; then
email="$(cat "$__object/parameter/email")"
if ! match_param email "$email"; then
occ user:setting -- "'$user'" settings email "'$email'"
fi
else
# remove if it doesn't exist
if ! match_param email ""; then
occ user:setting --delete -- "'$user'" settings email
fi
fi
fi
if ! [ -f "$__object/parameter/keep-password" ]; then
# Check state of the password
# explorer handles missing passwords already
if [ "$(cat "$__object/explorer/password")" = "mismatched" ]; then
cat <<SHELL
su -s /bin/sh -l "$www_user" -- -e <<'SU'
cd '$cloud'
export OC_PASS='$(cat "$__object/parameter/password")'
php occ --no-interaction --no-ansi user:resetpassword --password-from-env -- '$user'
SU
SHELL
fi
fi
if ! [ -f "$__object/parameter/keep-quota" ]; then
# Handle the qouta
# the parameter is always set cause of the default value
quota="$(cat "$__object/parameter/quota")"
if ! match_param quota_param "$quota"; then
occ user:setting -- "'$user'" files quota "'$quota'"
fi
fi
if ! [ -f "$__object/parameter/keep-groups" ]; then
# Handle the user groups
# extract all groups set by remote
mkdir -p "$__object/files"
# check the spaces before the value to match all sub-categories
awk '/^ -/{start=0} start{print $2} $0 == " - groups:"{start=1}' \
"$__object/explorer/user" > "$__object/files/explorer_groups"
# Add/Remove groups not set via the parameter
if [ -s "$__object/parameter/group" ]; then
# Get all groups to remove
grep -Fxv -f "$__object/parameter/group" \
"$__object/files/explorer_groups" > "$__object/files/group.del" || true
# Get all groups to add
grep -Fxv -f "$__object/files/explorer_groups" \
"$__object/parameter/group" > "$__object/files/group.add" || true
# No user groups at all if nothing wanted by the user
else
# remove all groups to stay inline with the user parameter
cp "$__object/files/explorer_groups" "$__object/files/group.del"
fi
# Remove all groups not exist anymore
if [ -s "$__object/files/group.del" ]; then
while read -r GROUP; do
occ group:removeuser "'$GROUP'" "'$user'"
done < "$__object/files/group.del"
fi
# Add all existing groups
if [ -s "$__object/files/group.add" ]; then
while read -r GROUP; do
occ group:adduser "'$GROUP'" "'$user'"
done < "$__object/files/group.add"
fi
fi
# These parameters are only set if they exist
# ...
fi

215
type/__nextcloud_user/man.rst Normal file
View file

@ -0,0 +1,215 @@
cdist-type__nextcloud_user(7)
=============================
NAME
----
cdist-type__nextcloud_user - Setup a Nextcloud user
DESCRIPTION
-----------
It manages a single Nextcloud user given by the object id or parameter `--user`.
This type can create and manage most properties of the Nextcloud user. If you
only want to setup the user, but want that the user will take full control over
all settings (so cdist will not touch the user anymore), use the parameter
`--only-setup` or `--keep-*` for special parameters.
REQUIRED PARAMETERS
-------------------
cloud
The absolute path of the Nextcloud installation.
OPTIONAL PARAMETERS
-------------------
state
The state the user should be in. Can be the following:
present *(default)*
The user exists.
enabled
The user exists and is enabled.
disabled
The user exists and is disabled.
absent
The user does not exist.
user
Takes the uid of the Nextcloud user which will be handled by this type. If
this is not set, the object id will be taken instead.
www-user
The unix user which will be used to execute Nextcloud related stuff. You
should always use the same user for all Nextcloud interactions, for the
webserver and cli execution. As default, `www-data` will be used.
displayname
The display name the user should have. As the display name can not be unset
or set to empty, this type will ignore the display name if this parameter
is not set. Setting the parameter to an empty string leads to an error from
the Nextcloud side.
email
The email address of the Nextcloud user. Will be unset if no parameter
given.
password
The password of the Nextcloud user. If the password not match, the new
password will be set to the user. If no password is given, it will not
touch the current password. **A password is required for the user setup!**
If you do not want to modify the user password, set a password via this
parameter and set the parameter `--keep-password`.
Note that Nextcloud will check for the security of passwords. The type
will abort if Nextcloud refuses that password!
quota
The quota the Nextcloud user have to store it data. Defaults to `default`.
Following values are accepted by Nextcloud:
default
Uses the quota set as default in Nextcloud.
none
No quota limit set; unlimited.
$size
The quota that should be used. Same values as set over the user
interface. First the number, then a space and then the unit like `GB`.
group
Multiple group names which the Nextcloud user belongs to. If not set, the
user will be removed from every group he is in.
BOOLEAN PARAMETERS
------------------
only-setup
Only provisioning the user if he does not exist. Do not touch the user if
he already exists (except to enforce the given state).
keep-displayname
Do not touch the display name of the user if he is already set up. This
will avoid to delete the user-set value because it does not match with the
predefined state. If the parameter `--displayname` is set despite of this
parameter, it will only be used in the user setup if he does not already
exist.
keep-email
Do not touch the email attributes of the user if he is already set up. This
will avoid to delete the user-set value because it does not match with the
predefined state. If the parameter `--email` is set despite of this
parameter, it will only be used in the user setup if he does not already
exist.
keep-password
Do not touch the password if the user is already set up. This will avoid to
delete user-set passwords because they do not match with the predefined
state. If the parameter `--password` is set despite of this parameter, it
will only be used in the user setup if he does not already exists.
keep-quota
Do not touch the user quota if he is already set up. This will avoid to
delete the configuration set by an administrator. If the parameter `--quota`
is set despite of this parameter, it will only be used in the user setup if
he does not already exist.
keep-groups
Do not touch the user groups if the user is already set up. This will avoid
to delete group assosiactions not defined via cdist. If the parameter
`--group` is set despite of this parameter, it will only be used in the user
setup if he does not already exists.
MESSAGES
--------
created
The user as created.
enabled
The user already exists and was enabled.
disabled
The user already exists and was disabled.
removed
The user was removed.
EXAMPLES
--------
.. code-block:: sh
# Nextcloud base installation
__nextcloud /var/www/html/cloud $args
# setups an user, but do not touch it after it was created
require="__nextcloud/var/www/html/cloud" __nextcloud_user foo \
--cloud /var/www/html/cloud/ \
--displayname "Big Fooo" \
--email "foo@bar.tld" \
--password "do-not-use-this-password" \
--group "team_a" --group "xxxx" \
--quota "2 GB"
--only-setup
# manages an admin user fully controlled by cdist
require="__nextcloud/var/www/html/cloud" __nextcloud_user bar \
--cloud /var/www/html/cloud/ \
--displayname "Bar" \
--email "bar@bar.tld" \
--password "nope_insecure" \
--group "admin"
# disables an user
require="__nextcloud/var/www/html/cloud" __nextcloud_user bb \
--state disabled \
--cloud /var/www/html/cloud/ \
--displayname "byebye" \
--password "do_not_copy" \
--keep-email --keep-password --keep-quota --keep-groups
# removes an user
require="__nextcloud/var/www/html/cloud" __nextcloud_user foobar \
--state absent \
--cloud /var/www/html/cloud/
# Different cloud
__nextcloud /var/www/html/nextcloud $args
# but same user name
require="__nextcloud/var/www/html/nextcloud" __nextcloud_user next_foobar \
--cloud /var/www/html/nextcloud/ --user foobar
NOTES
-----
This type may be extended by more user settings. If you think some
configuration is missing, you are welcome to contribute!
Sometimes, this type uses custom php code to hack into Nextcloud to gather some
information not possible to get via the `occ` command or even set a value.
SEE ALSO
--------
:strong:`cdist-type__nextcloud`\ (7)
:strong:`cdist-type__nextcloud_app`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher.
You can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

6
type/__nextcloud_user/parameter/boolean Normal file
View file

@ -0,0 +1,6 @@
only-setup
keep-displayname
keep-email
keep-password
keep-quota
keep-groups

1
type/__nextcloud_user/parameter/default/quota Normal file
View file

@ -0,0 +1 @@
default

1
type/__nextcloud_user/parameter/default/state Normal file
View file

@ -0,0 +1 @@
present

1
type/__nextcloud_user/parameter/default/www-user Normal file
View file

@ -0,0 +1 @@
www-data

7
type/__nextcloud_user/parameter/optional Normal file
View file

@ -0,0 +1,7 @@
user
www-user
state
displayname
email
password
quota

1
type/__nextcloud_user/parameter/optional_multiple Normal file
View file

@ -0,0 +1 @@
group

1
type/__nextcloud_user/parameter/required Normal file
View file

@ -0,0 +1 @@
cloud