From bde44d8d8308bcc3091cd62f754f6315ae3c4558 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 12:57:27 +0100 Subject: [PATCH 1/7] Add support for Devuan ascii --- manifest | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/manifest b/manifest index c3504ad..b19e932 100755 --- a/manifest +++ b/manifest @@ -26,17 +26,11 @@ then fi os_version=$(cat "$__global/explorer/os_version") case "$os_version" in - 8*) + 8*|jessie) distribution="jessie" - : ;; - 9*) + 9*|ascii) distribution="stretch" - : - ;; - jessie*) - distribution="jessie" - : ;; *) echo "Unsupported version $os_version of $os." >&2 @@ -50,8 +44,6 @@ db_name=$(cat "$__object/parameter/db-name") domain=$(cat "$__object/parameter/domain") - - __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ --distribution ${distribution} \ @@ -70,8 +62,8 @@ done __package postgresql --state=present __package curl --state=present -# Configure packages -## PHP 7 +# Configure packages +## PHP 7 require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ @@ -85,13 +77,13 @@ require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www- ## Postgres require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\ - --login --createdb - + --login --createdb + require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\ --owner "${db_user}" --state present -# Start on boot +# Start on boot require="__package/postgresql" __start_on_boot postgresql require="__package/nginx" __start_on_boot nginx require="__package/php7.0-fpm" __start_on_boot php7.0-fpm From 43fd762d9cec3a8d82ef3768466b7919aa45d16e Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 13:03:09 +0100 Subject: [PATCH 2/7] Add support for ascii/ceres --- manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest b/manifest index b19e932..59ae7e7 100755 --- a/manifest +++ b/manifest @@ -29,7 +29,7 @@ case "$os_version" in 8*|jessie) distribution="jessie" ;; - 9*|ascii) + 9*|ascii|ascii/ceres) distribution="stretch" ;; *) From f2b210f4df3d794c262bde0a485fe58ad72d0018 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 13:29:09 +0100 Subject: [PATCH 3/7] Update type for non cloud.ungleich.ch domains --- files/nextcloud.nginx | 13 +++---------- manifest | 28 +++++++++++++++++++++++----- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/files/nextcloud.nginx b/files/nextcloud.nginx index 623c265..7dbaa1c 100644 --- a/files/nextcloud.nginx +++ b/files/nextcloud.nginx @@ -2,19 +2,12 @@ upstream php-handler { server unix:/run/php/php7.0-fpm.sock; } -server { - listen [::]:80; - server_name cloud.ungleich.ch; - # enforce https - return 301 https://$server_name$request_uri; -} - server { listen [::]:443 ssl; - server_name cloud.ungleich.ch; + server_name DOMAIN; - ssl_certificate /etc/ssl/certs/star.ungleich.ch.crt; - ssl_certificate_key /etc/ssl/private/star.ungleich.ch.key; + ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this diff --git a/manifest b/manifest index 59ae7e7..ab770df 100755 --- a/manifest +++ b/manifest @@ -1,6 +1,7 @@ #!/bin/sh # # 2017 ungleich GmbH (cdist at ungleich.ch) +# 2018 ungleich glarus ag (cdist at ungleich.ch) # # This file is part of cdist. # @@ -43,6 +44,8 @@ db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") domain=$(cat "$__object/parameter/domain") +tmpdir="$__object/files" +mkdir "$tmpdir" __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ @@ -64,19 +67,34 @@ __package curl --state=present # Configure packages ## PHP 7 - - require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ --owner root --group root --mode 644 --source "$__type/files/fpm.conf" ## Nginx -require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \ - --group www-data --mode 755 --source "$__type/files/nextcloud.nginx" +### HTTP only server to allow access +__ungleich_http_server_ssl_redirect_letsencrypt --webroot /var/www/html/ "$domain" + +### Get the certificates +require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \ + __letsencrypt_cert --admin-email technik@ungleich.ch \ + --webroot /var/www/html/ \ + --renew-hook "service nginx reload" \ + --domain "$domain" --automatic-renewal \ + "$domain" + +### The SSL configuration +sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" +require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \ + --owner www-data \ + --group www-data \ + --mode 755 \ + --source "$tmpdir/nginx" + ## Postgres -require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\ +require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}" \ --login --createdb require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\ From f9bcc99d8ca6c03cef8e523060ede57a0355a346 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 13:31:21 +0100 Subject: [PATCH 4/7] Do not double install nginx --- manifest | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifest b/manifest index ab770df..ca0f6d3 100755 --- a/manifest +++ b/manifest @@ -57,8 +57,7 @@ require="__apt_source/dotdeb" __apt_update_index # Install packages for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ php7.0-intl php7.0-mcrypt php7.0-imagick \ - php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm \ - nginx + php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm; do require="__apt_update_index" __package $package --state=present done From 67ab9b2da66f20038ff761eda466a2a9e1985a5f Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 13:42:02 +0100 Subject: [PATCH 5/7] Change default version to 14.0.4 --- parameter/default/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parameter/default/version b/parameter/default/version index 0719738..560dec0 100644 --- a/parameter/default/version +++ b/parameter/default/version @@ -1 +1 @@ -11.0.1 +14.0.4 From 015bec9bd7235c86d3177892a4103b26b40ad48b Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 5 Dec 2018 14:12:00 +0100 Subject: [PATCH 6/7] Make it working with 13.0.6 --- gencode-remote | 25 ++++++++++--------------- parameter/default/version | 2 +- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/gencode-remote b/gencode-remote index 249539d..51d7bc1 100755 --- a/gencode-remote +++ b/gencode-remote @@ -20,7 +20,7 @@ case "$os" in 9*) restart="systemctl restart nginx" ;; - *) + *) restart="systemctl restart nginx" echo "Unsupported version $os_version of $os." >&2 exit 1 @@ -44,22 +44,17 @@ admin_user=$(cat "$__object/parameter/admin-user") admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") -# TODO check shasum of tar ball -# TODO: Make this Work!! -#if [ -d /var/www/nextcloud -a \$(cd /var/www/nextcloud; sudo -u www-data php occ status | grep -o true) ]; then -# INSTALL_STATE=true -#else -# INSTALL_STATE=false -#fi -#echo \${INSTALL_STATE} > /tmp/install-state -#if [ "\$INSTALL_STATE" != "true" ]; then +# FIXME: replace if we an if on output && an explorer cat < Date: Fri, 7 Dec 2018 23:07:18 +0100 Subject: [PATCH 7/7] + IPv4 support for nextcloud --- files/nextcloud.nginx | 1 + 1 file changed, 1 insertion(+) diff --git a/files/nextcloud.nginx b/files/nextcloud.nginx index 7dbaa1c..baf2fcc 100644 --- a/files/nextcloud.nginx +++ b/files/nextcloud.nginx @@ -3,6 +3,7 @@ upstream php-handler { } server { + listen 443 ssl; listen [::]:443 ssl; server_name DOMAIN;