Merge branch 'master' of code.ungleich.ch:ungleich-public/__ungleich_nextcloud

files/nextcloud.nginx

@@ -3,18 +3,12 @@ upstream php-handler {
 }
 
 server {
-    listen [::]:80;
-    server_name cloud.ungleich.ch;
-    # enforce https
-    return 301 https://$server_name$request_uri;
-}
-
-server {
+    listen 443 ssl;
     listen [::]:443 ssl;
-    server_name cloud.ungleich.ch;
+    server_name DOMAIN;
 
-    ssl_certificate /etc/ssl/certs/star.ungleich.ch.crt;
-    ssl_certificate_key /etc/ssl/private/star.ungleich.ch.key;
+    ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
 
     # Add headers to serve security related headers
     # Before enabling Strict-Transport-Security headers please read into this

gencode-remote

@@ -44,19 +44,17 @@ admin_user=$(cat "$__object/parameter/admin-user")
 admin_pass=$(cat "$__object/parameter/admin-pass")
 domain=$(cat "$__object/parameter/domain")
 
-# TODO check shasum of tar ball 
+# FIXME: replace if we an if on output && an explorer
 cat <<eof
-    if [ -d /var/www/nextcloud 2>/dev/null -a \$(cd /var/www/nextcloud 2>/dev/null; sudo -u www-data php occ status 2>/dev/null | grep -o true) ]; then
-        echo "Nextcloud already installed" >&2
-    else
-        echo "installing nextcloud" >&2
-        curl -s -L ${nextcloud_uri} -o /tmp/nextcloud.tar.bz2 
-        tar -C /var/www -xvjf /tmp/nextcloud.tar.bz2 
-        rm -f /tmp/nextcloud.tar.bz2 
-        chown -R www-data:www-data /var/www/nextcloud 
-        cd /var/www/nextcloud
-        sudo -u www-data php occ maintenance:install --database "pgsql" --database-name "$db_name" --database-user "$db_user" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass"
-        sudo -u www-data php occ config:system:set trusted_domains 2 --value="$domain"
-    fi
+if [ ! -e /var/www/nextcloud/occ ]; then
+    cd /var/www
+    curl -s -L ${nextcloud_uri} | tar xj
+    chown -R www-data:www-data /var/www/nextcloud
+
+    cd /var/www/nextcloud
+    sudo -u www-data php occ maintenance:install --database "pgsql" --database-name "$db_name" --database-user "$db_user" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass"
+    sudo -u www-data php occ config:system:set trusted_domains 2 --value="$domain"
+else
+    true
+fi
 eof
-#fi

manifest

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2017 ungleich GmbH (cdist at ungleich.ch)
+# 2018 ungleich glarus ag (cdist at ungleich.ch)
 #
 # This file is part of cdist.
 #
@@ -26,17 +27,11 @@ then
 fi
 os_version=$(cat "$__global/explorer/os_version")
 case "$os_version" in
-    8*)
+    8*|jessie)
         distribution="jessie"
-        :
     ;;
-    9*)
+    9*|ascii|ascii/ceres)
         distribution="stretch"
-        :
-    ;;
-    jessie*)
-        distribution="jessie"
-        :
     ;;
     *)
         echo "Unsupported version $os_version of $os." >&2
@@ -49,8 +44,8 @@ db_user=$(cat "$__object/parameter/db-user")
 db_name=$(cat "$__object/parameter/db-name")
 domain=$(cat "$__object/parameter/domain")
 
-
-
+tmpdir="$__object/files"
+mkdir "$tmpdir"
 
 __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg
 require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \
@@ -62,8 +57,7 @@ require="__apt_source/dotdeb" __apt_update_index
 # Install packages
 for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \
 			   php7.0-intl php7.0-mcrypt php7.0-imagick \
-               php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm \
-               nginx
+               php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm;
     do require="__apt_update_index" __package $package --state=present
 done
 
@@ -72,19 +66,34 @@ __package curl --state=present
 
 # Configure packages
 ## PHP 7
-
-
 require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \
     --owner root --group root --mode 644 --source "$__type/files/fpm.conf"
 
 
 
 ## Nginx
-require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \
-    --group www-data --mode 755 --source "$__type/files/nextcloud.nginx"
+### HTTP only server to allow access
+__ungleich_http_server_ssl_redirect_letsencrypt --webroot /var/www/html/ "$domain"
+
+### Get the certificates
+require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \
+       __letsencrypt_cert --admin-email technik@ungleich.ch \
+       --webroot /var/www/html/ \
+       --renew-hook "service nginx reload" \
+       --domain "$domain" --automatic-renewal \
+       "$domain"
+
+### The SSL configuration
+sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx"
+require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \
+       --owner www-data \
+       --group www-data \
+       --mode 755 \
+       --source "$tmpdir/nginx"
+
 
 ## Postgres
-require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\
+require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}" \
                                                             --login --createdb
 
 require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\

parameter/default/version

@@ -1 +1 @@
-11.0.1
+13.0.6