From 2b7363a416c5f84111e67684f0c2f79210fcbc00 Mon Sep 17 00:00:00 2001
From: Modulos <modulos@protonmail.com>
Date: Fri, 21 Apr 2017 10:26:49 +0200
Subject: [PATCH] Change to nginx and postgresql

---
 files/nextcloud.nginx | 120 ++++++++++++++++++++++++++++++++++++++++++
 manifest              |  55 +++++++------------
 2 files changed, 138 insertions(+), 37 deletions(-)

diff --git a/files/nextcloud.nginx b/files/nextcloud.nginx
index 8b13789..fa294ab 100644
--- a/files/nextcloud.nginx
+++ b/files/nextcloud.nginx
@@ -1 +1,121 @@
+upstream php-handler {
+    server 127.0.0.1:9000;
+    #server unix:/var/run/php5-fpm.sock;
+}
 
+server {
+    listen 80;
+    server_name cloud.ungleich.ch;
+    # enforce https
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name cloud.ungleich.ch;
+
+    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
+    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
+
+    # Add headers to serve security related headers
+    # Before enabling Strict-Transport-Security headers please read into this
+    # topic first.
+    # add_header Strict-Transport-Security "max-age=15768000;
+    # includeSubDomains; preload;";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+
+    # Path to the root of your installation
+    root /var/www/nextcloud/;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+    # last;
+
+    location = /.well-known/carddav {
+      return 301 $scheme://$host/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 $scheme://$host/remote.php/dav;
+    }
+
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
+
+    # Disable gzip to avoid the removal of the ETag header
+    gzip off;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php$uri;
+    }
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        deny all;
+    }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param HTTPS on;
+        #Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the PHP block
+    location ~* \.(?:css|js|woff|svg|gif)$ {
+        try_files $uri /index.php$uri$is_args$args;
+        add_header Cache-Control "public, max-age=7200";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        # add_header Strict-Transport-Security "max-age=15768000;
+        #  includeSubDomains; preload;";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        try_files $uri /index.php$uri$is_args$args;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+}
diff --git a/manifest b/manifest
index f4f9671..917d170 100644
--- a/manifest
+++ b/manifest
@@ -33,52 +33,33 @@ case "$state" in
            exit 0
         fi
 
-        # Setup LAMP 
-        __package apach2 --state=present
+		__package php7.0 --state=present
 
-        # Get server name or ip from parameters
-        server_name=$(cat "$__object/parameter/server-name")
-        __file /etc/systemd/system/nextcloud.service --owner root \
-            --group root \
-            --mode 755 --source - << EOF 
-        ServerName ${server_name}
-EOF
-
-        # Config Firewall
-
-        # Setup mysql
-        __package mysql-server --state=present
-        mysql_password=$(cat "$__object/parameter/mysql-password")
-        __mysql_database "nextcloud" --name "nextcloud" --user "nextcloud" \
-                                     --password "${mysql_password}"
-
-        # Install PHP 
-
-        for package in php libapache2-mod-php php-mcrypt php-mysql 
-            do __package $package --state=present
+		# Install PHP
+		for package in php7.0-gd php7.0-json php7.0-pgsql php7.0-curl php7.0-mbstring \
+					   php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip php7.0-bz2
+            do require="__package php7.0" __package $package --state=present
         done
 
-        # Install additional php packages
-        for package in php-bz2 php-curl php-gd php-imagick php-intl php-mbstring php-xml php-zip
-            do __package $package --state=present
-        done
-
-
-        require="__package/apache2" __file /etc/apache2/sites-available/nextcloud.conf
-			--owner root \
-            --group root \
-            --mode 755 --source "$__type/files/nextcloud.apache" \
+		# Nginx
+		__package nginx --state=present
+		require="__package nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \
+            --group www-data \
+            --mode 755 --source "$__type/files/nextcloud.nginx" \
             --state exists
 
-		# Enable nextcloud site
-		__process a2ensite nextcloud
-		# Enable mod_rewrite (required by nextcloud)
-		__process a2enmod rewrite
+        # Postgres
+        __package postgresql --state=present
+        require="__package postgresql" __postgres_database nextcloud --owner nextcloud
+        require="__package/postgresql" __start_on_boot postgres
 
 	absent)
-		# TODO: 
         if [ "$exists" ]
         then
+			__process postgres --state absent \
+                --stop "service postgres stop" \
+                --name ".*postgres .*"
+            __start_on_boot postgres --state absent
         fi
     ;;
     *)