From 487fbcf8ea850fdedb1ea3bbf43c814b52f6d282 Mon Sep 17 00:00:00 2001 From: moep Date: Wed, 12 Jul 2017 23:25:32 +0200 Subject: [PATCH 1/8] - improve cdist type - support for basic Nginx config under Centos and Debian - improve security feature under Nginx - support for Let's Encrypt - support for SSL --- files/base_config/centos.conf | 44 +++++++++++++++ files/base_config/debian.conf | 50 +++++++++++++++++ files/nginx-footer | 1 + files/nginx-header | 3 + files/nginx-header-generic | 12 ++++ files/nginx-header-https | 6 ++ files/nginx-header-https-letsencrypt | 25 +++++++++ files/nginx-header-server_name | 0 gencode-remote | 13 ++++- manifest | 83 +++++++++++++++++++++++++++- parameter/boolean | 3 + parameter/optional | 2 +- parameter/required | 2 + 13 files changed, 239 insertions(+), 5 deletions(-) create mode 100644 files/base_config/centos.conf create mode 100644 files/base_config/debian.conf create mode 100644 files/nginx-footer create mode 100644 files/nginx-header create mode 100644 files/nginx-header-generic create mode 100644 files/nginx-header-https create mode 100644 files/nginx-header-https-letsencrypt create mode 100644 files/nginx-header-server_name create mode 100644 parameter/boolean create mode 100644 parameter/required diff --git a/files/base_config/centos.conf b/files/base_config/centos.conf new file mode 100644 index 0000000..b926731 --- /dev/null +++ b/files/base_config/centos.conf @@ -0,0 +1,44 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log; +#error_log /var/log/nginx/error.log notice; +#error_log /var/log/nginx/error.log info; + +pid /run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + index index.html index.htm; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; +} diff --git a/files/base_config/debian.conf b/files/base_config/debian.conf new file mode 100644 index 0000000..a911806 --- /dev/null +++ b/files/base_config/debian.conf @@ -0,0 +1,50 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; + # multi_accept on; +} + +http { + include /etc/nginx/mime.types; + + access_log /var/log/nginx/access.log; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + tcp_nodelay on; + + gzip on; + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + +# mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/NginxImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +# } diff --git a/files/nginx-footer b/files/nginx-footer new file mode 100644 index 0000000..5c34318 --- /dev/null +++ b/files/nginx-footer @@ -0,0 +1 @@ +} diff --git a/files/nginx-header b/files/nginx-header new file mode 100644 index 0000000..7dc5024 --- /dev/null +++ b/files/nginx-header @@ -0,0 +1,3 @@ +# +# cdist maintained configuration - do not overwrite +# diff --git a/files/nginx-header-generic b/files/nginx-header-generic new file mode 100644 index 0000000..f63030f --- /dev/null +++ b/files/nginx-header-generic @@ -0,0 +1,12 @@ + # Compress everything [tm] + gzip on; + gzip_static on; + gzip_proxied any; + + # Not for silly ie + gzip_disable "MSIE [1-6]\."; + gzip_http_version 1.0; + gzip_types text/plain text/xml text/css + text/comma-separated-values + text/javascript application/x-javascript + application/atom+xml; diff --git a/files/nginx-header-https b/files/nginx-header-https new file mode 100644 index 0000000..1ae4fbc --- /dev/null +++ b/files/nginx-header-https @@ -0,0 +1,6 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate /etc/nginx/ssl.crt; + ssl_certificate_key /etc/nginx/ssl.key; + diff --git a/files/nginx-header-https-letsencrypt b/files/nginx-header-https-letsencrypt new file mode 100644 index 0000000..20bc934 --- /dev/null +++ b/files/nginx-header-https-letsencrypt @@ -0,0 +1,25 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate /etc/nginx/ssl.crt; + ssl_certificate_key /etc/nginx/ssl.key; + ssl_dhparam /etc/nginx/dhparam.pem; + + # OCSP + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/nginx/chain.pem; + + # Chipers + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL; + ssl_prefer_server_ciphers on; + ssl_ecdh_curve secp384r1; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + + # Session resumption + ssl_session_timeout 10m; + ssl_session_cache off; + ssl_session_tickets on; + ssl_session_ticket_key /etc/nginx/nginx-ticketkey; diff --git a/files/nginx-header-server_name b/files/nginx-header-server_name new file mode 100644 index 0000000..e69de29 diff --git a/gencode-remote b/gencode-remote index 3bcf822..6665c34 100755 --- a/gencode-remote +++ b/gencode-remote @@ -24,6 +24,7 @@ db_pass=$(cat "$__object/parameter/db-pass") admin_user=$(cat "$__object/parameter/admin-user") admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") +INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" # TODO check shasum of tar ball cat <&2 + exit 1 + fi + + + ssl_cert="/etc/ssl/certs/${ssl_name}.crt" + ssl_key="/etc/ssl/private/${ssl_name}.key" + + # Copy SSL certificates + require="__package/nginx" __link /etc/nginx/ssl.crt \ + --source "$ssl_cert" --type symbolic + + require="__package/nginx" __link /etc/nginx/ssl.key \ + --source "$ssl_key" --type symbolic + + cat nginx-header nginx-header-https nginx-header-server_name nginx-header-generic $config_file $custom_config nginx-footer > "$__object/files/nginx-https" + + require="__package/nginx" __file "$nginx_https" \ + --source "$__object/files/nginx-https" + +# SSL with Let's Encrypt +# This only added LE to the configuration file. You need a LE cdist type,too. +elif [ -f "$__object/parameter/letsencrypt" ]; then + ssl_base="$__type/files/letsencrypt" + + if [ -f "$__object/parameter/domain" ]; then + domain="$(cat "$__object/parameter/domain")" + else + echo "Please add a valid domain" >&2 + exit 1 + fi + + # Copy SSL certificates + require="__package/nginx" __link /etc/nginx/ssl.crt \ + --source /etc/letsencrypt/live/"$domain"/fullchain.pem --type symbolic + + require="__package/nginx" __link /etc/nginx/ssl.key \ + --source /etc/letsencrypt/live/"$domain"/privkey.pem --type symbolic + + require="__package/nginx" __link /etc/nginx/chain.pem \ + --source /etc/letsencrypt/live/"$domain"/cert.pem --type symbolic + + cat nginx-header nginx-header-https-letsencrypt > "$__object/files/nginx-https" + echo " server_name= "$domain";" >> "$__object/files/nginx-https" + cat nginx-header-generic $config_file $custom_config nginx-footer >> "$__object/files/nginx-https" + + # create random 48 bit file as ticketkey + head -c 48 /dev/urandom | __file /etc/nginx/nginx-ticketkey --source - + + # create Diffie-Hellman key and store it under "$__files/pemfiles" + + require="__package/nginx" __ungleich_dhparam --keysize $dh --destination "$__files/pemfiles" "$__target_host" + require="__ungleich_dhparam/$__target_host" __file /etc/nginx/dhparam.pem --source "$__files/pemfiles/"$__target_host"_dhparam.pem" + + require=""__package/nginx" __file "$nginx_https" \ + --owner www-data --group www-data --mode 755 \ + --source "$__object/files/nginx-https"" +fi + ## Postgres require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\ diff --git a/parameter/boolean b/parameter/boolean new file mode 100644 index 0000000..3624b4e --- /dev/null +++ b/parameter/boolean @@ -0,0 +1,3 @@ +ssl +custom-config-from-stdin +letsencrypt diff --git a/parameter/optional b/parameter/optional index 419e014..6ffdf4a 100644 --- a/parameter/optional +++ b/parameter/optional @@ -5,4 +5,4 @@ admin-user admin-pass uri version -domain +ssl-name diff --git a/parameter/required b/parameter/required new file mode 100644 index 0000000..f9aee89 --- /dev/null +++ b/parameter/required @@ -0,0 +1,2 @@ +dh +domain From 0a98381bd7da77147c724a6ca9ac44e80c943198 Mon Sep 17 00:00:00 2001 From: moep Date: Thu, 13 Jul 2017 23:31:27 +0200 Subject: [PATCH 2/8] test --- gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gencode-remote b/gencode-remote index 6665c34..16ab731 100755 --- a/gencode-remote +++ b/gencode-remote @@ -24,7 +24,7 @@ db_pass=$(cat "$__object/parameter/db-pass") admin_user=$(cat "$__object/parameter/admin-user") admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") -INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" +INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" # TODO check shasum of tar ball cat < Date: Mon, 24 Jul 2017 18:09:08 +0200 Subject: [PATCH 3/8] now it tests on the remote machine --- gencode-remote | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/gencode-remote b/gencode-remote index 16ab731..1862941 100755 --- a/gencode-remote +++ b/gencode-remote @@ -24,7 +24,6 @@ db_pass=$(cat "$__object/parameter/db-pass") admin_user=$(cat "$__object/parameter/admin-user") admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") -INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" # TODO check shasum of tar ball cat < Date: Tue, 25 Jul 2017 16:16:51 +0200 Subject: [PATCH 4/8] change a few lines of code --- gencode-remote | 59 ++++++++- manifest | 273 ++++++++++++++++++++++++++++++--------- parameter/boolean | 2 +- parameter/default/domain | 1 - parameter/optional | 3 +- 5 files changed, 265 insertions(+), 73 deletions(-) delete mode 100644 parameter/default/domain diff --git a/gencode-remote b/gencode-remote index 1862941..856298e 100755 --- a/gencode-remote +++ b/gencode-remote @@ -17,6 +17,33 @@ case "$os_version" in ;; esac +case "$os" in + centos) + restart="/etc/init.d/nginx reload" + ;; + debian) + case "$os_version" in + [1-7]*) + restart="/etc/init.d/nginx restart" + ;; + *) + restart="systemctl restart nginx" + ;; + esac + ;; + devuan) + restart="/etc/init.d/nginx restart" + ;; + *) + echo "Unsupported OS: $os" >&2 + exit 1 + ;; +esac + +if grep -E -q "^(__file|__link)/etc/nginx" "$__messages_in"; then + echo $restart +fi + nextcloud_uri="$(cat "$__object/parameter/uri")-$(cat "$__object/parameter/version").tar.bz2" db_name=$(cat "$__object/parameter/db-name") db_user=$(cat "$__object/parameter/db-user") @@ -26,16 +53,13 @@ admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball -cat < ${destination}nginx-ticketkey" + fi +eof +fi + +# Create the Diffie-Hellman key + +dh=$(cat "$__object/parameter/dh") + +cat <&2 + exit 1 + ;; +esac + +if [ -f "$__object/parameter/custom-config-from-stdin" ]; then + custom_config="$__object/stdin" +else + custom_config="" +fi # Install packages for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ @@ -55,7 +82,7 @@ __package postgresql --state=present __package curl --state=present # Configure packages -## Php 7 +## PHP 7 __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ --distribution jessie \ @@ -68,84 +95,204 @@ require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ -## Nginx +# Configure nginx #require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \ # --group www-data --mode 755 --source "$__type/files/nextcloud.nginx" +base_config="$__type/files/base_config/${os}.conf" +require="__package/nginx" __file /etc/nginx/nginx.conf --source "$base_config" --mode 0644 + ################################################################################ # create base / switch to type dir # mkdir "$__object/files" cd "$__type/files" - ################################################################################ # SSL / HTTPs configuration # if [ -f "$__object/parameter/ssl" ]; then - ssl_base="$__type/files/ssl" + if [ ! -f "$__object/parameter/ssl-cert" ] || [ ! -f "$__object/parameter/ssl-key" ] || [ ! -f "$__object/parameter/dh" ]; then + echo "Missing parameter" >&2 + else + ssl_cert="$(cat "$__object/parameter/ssl-cert")" + ssl_key="$(cat "$__object/parameter/ssl-key")" + + # create symlink for SSL certificates + require="__package/nginx" __link /etc/nginx/ssl.crt \ + --source "$ssl_cert" --type symbolic - # Select the ssl certificate + key - if [ -f "$__object/parameter/ssl-name" ]; then - ssl_name="$(cat "$__object/parameter/ssl-name")" - else - echo "Please select ssl certificate" >&2 - exit 1 + require="__package/nginx" __link /etc/nginx/ssl.key \ + --source "$ssl_key" --type symbolic + + # create the https nginx config + require="__package/nginx" __file "$nginx_https" --owner root \ + --group root \ + --mode 0644 --source - < "$__object/files/nginx-https" - - require="__package/nginx" __file "$nginx_https" \ - --source "$__object/files/nginx-https" - -# SSL with Let's Encrypt -# This only added LE to the configuration file. You need a LE cdist type,too. -elif [ -f "$__object/parameter/letsencrypt" ]; then - ssl_base="$__type/files/letsencrypt" - - if [ -f "$__object/parameter/domain" ]; then - domain="$(cat "$__object/parameter/domain")" - else - echo "Please add a valid domain" >&2 - exit 1 - fi - - # Copy SSL certificates - require="__package/nginx" __link /etc/nginx/ssl.crt \ - --source /etc/letsencrypt/live/"$domain"/fullchain.pem --type symbolic - - require="__package/nginx" __link /etc/nginx/ssl.key \ - --source /etc/letsencrypt/live/"$domain"/privkey.pem --type symbolic - - require="__package/nginx" __link /etc/nginx/chain.pem \ - --source /etc/letsencrypt/live/"$domain"/cert.pem --type symbolic - - cat nginx-header nginx-header-https-letsencrypt > "$__object/files/nginx-https" - echo " server_name= "$domain";" >> "$__object/files/nginx-https" - cat nginx-header-generic $config_file $custom_config nginx-footer >> "$__object/files/nginx-https" - - # create random 48 bit file as ticketkey - head -c 48 /dev/urandom | __file /etc/nginx/nginx-ticketkey --source - - - # create Diffie-Hellman key and store it under "$__files/pemfiles" - - require="__package/nginx" __ungleich_dhparam --keysize $dh --destination "$__files/pemfiles" "$__target_host" - require="__ungleich_dhparam/$__target_host" __file /etc/nginx/dhparam.pem --source "$__files/pemfiles/"$__target_host"_dhparam.pem" - - require=""__package/nginx" __file "$nginx_https" \ - --owner www-data --group www-data --mode 755 \ - --source "$__object/files/nginx-https"" + # ssl_redirect_file="$__object/files/nginx-redirect-http-to-https" + # echo " rewrite ^ https://$ssl_redirect_host\$request_uri? permanent;" > "$ssl_redirect_file" + # ssl_redirect_file_content=$(cat $ssl_redirect_file) + #fi +#else +# ssl_redirect_file="" fi diff --git a/parameter/boolean b/parameter/boolean index 3624b4e..24e0cde 100644 --- a/parameter/boolean +++ b/parameter/boolean @@ -1,3 +1,3 @@ ssl +ssl-no-redirect custom-config-from-stdin -letsencrypt diff --git a/parameter/default/domain b/parameter/default/domain deleted file mode 100644 index 3bb24a8..0000000 --- a/parameter/default/domain +++ /dev/null @@ -1 +0,0 @@ -cloud.ungleich.ch diff --git a/parameter/optional b/parameter/optional index 6ffdf4a..455151a 100644 --- a/parameter/optional +++ b/parameter/optional @@ -5,4 +5,5 @@ admin-user admin-pass uri version -ssl-name +ssl-cert +ssl-key From d6b0272b2259395a69a8d45e5c6c54997c77c71f Mon Sep 17 00:00:00 2001 From: moep Date: Fri, 28 Jul 2017 11:08:51 +0200 Subject: [PATCH 5/8] remove nginx config and several parameters from this type, which is given in __ungleich_nginx_app_proxy --- gencode-remote | 21 ---- manifest | 235 --------------------------------------------- parameter/required | 2 - 3 files changed, 258 deletions(-) diff --git a/gencode-remote b/gencode-remote index 856298e..4320996 100755 --- a/gencode-remote +++ b/gencode-remote @@ -67,24 +67,3 @@ if [ ! "$INSTALL_STATE" ] ; then sudo -u www-data php occ config:system:set trusted_domains 2 --value="$domain" fi eof - -destination=/etc/nginx/ - -# Create 48 bit random key for nginx -if [ -f "$__object/parameter/ssl-cert" ] || [ -f "$__object/parameter/ssl-key" ] || [ -f "$__object/parameter/ssl"]; then -cat < ${destination}nginx-ticketkey" - fi -eof -fi - -# Create the Diffie-Hellman key - -dh=$(cat "$__object/parameter/dh") - -cat <&2 - exit 1 - ;; -esac - -if [ -f "$__object/parameter/custom-config-from-stdin" ]; then - custom_config="$__object/stdin" -else - custom_config="" -fi # Install packages for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ @@ -93,209 +62,6 @@ require="__apt_source/dotdeb" __apt_update_index require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ --owner root --group root --mode 644 --source "$__type/files/fpm.conf" - - -# Configure nginx -#require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \ -# --group www-data --mode 755 --source "$__type/files/nextcloud.nginx" - -base_config="$__type/files/base_config/${os}.conf" -require="__package/nginx" __file /etc/nginx/nginx.conf --source "$base_config" --mode 0644 - -################################################################################ -# create base / switch to type dir -# -mkdir "$__object/files" -cd "$__type/files" - -################################################################################ -# SSL / HTTPs configuration -# -if [ -f "$__object/parameter/ssl" ]; then - if [ ! -f "$__object/parameter/ssl-cert" ] || [ ! -f "$__object/parameter/ssl-key" ] || [ ! -f "$__object/parameter/dh" ]; then - echo "Missing parameter" >&2 - else - ssl_cert="$(cat "$__object/parameter/ssl-cert")" - ssl_key="$(cat "$__object/parameter/ssl-key")" - - # create symlink for SSL certificates - require="__package/nginx" __link /etc/nginx/ssl.crt \ - --source "$ssl_cert" --type symbolic - - require="__package/nginx" __link /etc/nginx/ssl.key \ - --source "$ssl_key" --type symbolic - - # create the https nginx config - require="__package/nginx" __file "$nginx_https" --owner root \ - --group root \ - --mode 0644 --source - < "$ssl_redirect_file" - # ssl_redirect_file_content=$(cat $ssl_redirect_file) - #fi -#else -# ssl_redirect_file="" -fi - - ## Postgres require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\ --login --createdb @@ -303,7 +69,6 @@ require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pas require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\ --owner "${db_user}" --state present - # Start on boot require="__package/postgresql" __start_on_boot postgresql require="__package/nginx" __start_on_boot nginx diff --git a/parameter/required b/parameter/required index f9aee89..e69de29 100644 --- a/parameter/required +++ b/parameter/required @@ -1,2 +0,0 @@ -dh -domain From c34c202a9c6d0315e4f4952c6472ecbe4b095a57 Mon Sep 17 00:00:00 2001 From: moep Date: Wed, 2 Aug 2017 15:09:58 +0200 Subject: [PATCH 6/8] prepering this type for combination with __ungleich_nginx_app_proxy --- gencode-remote | 36 ++++++++++++++++++------------------ parameter/required | 1 + 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/gencode-remote b/gencode-remote index 4320996..3d0d6fa 100755 --- a/gencode-remote +++ b/gencode-remote @@ -1,21 +1,13 @@ -#!/bin/sh +#!/bin/sh +x os=$(cat "$__global/explorer/os") -if [ ! "$os" = "debian" ] -then +os_version=$(cat "$__global/explorer/os_version") + +# remove this check, if there is support for othere OS +if [ ! "$os" = "debian" ]; then echo "OS $os is currently not supported." >&2 exit 1 fi -os_version=$(cat "$__global/explorer/os_version") -case "$os_version" in - 8*) - : - ;; - *) - echo "Unsupported version $os_version of $os." >&2 - exit 1 - ;; -esac case "$os" in centos) @@ -25,9 +17,16 @@ case "$os" in case "$os_version" in [1-7]*) restart="/etc/init.d/nginx restart" + echo "Unsupported version $os_version of $os." >&2 + exit 1 + ;; + 8*) + restart="systemctl restart nginx" ;; *) restart="systemctl restart nginx" + echo "Unsupported version $os_version of $os." >&2 + exit 1 ;; esac ;; @@ -40,6 +39,7 @@ case "$os" in ;; esac +# maybe we dont need this if grep -E -q "^(__file|__link)/etc/nginx" "$__messages_in"; then echo $restart fi @@ -53,17 +53,17 @@ admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball +# INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" +# if [ ! "\$INSTALL_STATE" ] || [ ! -z "\$INSTALL_STATE" ]; then cat < Date: Wed, 2 Aug 2017 22:02:12 +0200 Subject: [PATCH 7/8] - clean code - added man.rst - ready for PR --- gencode-remote | 4 +- man.rst | 115 +++++++++++++++++++++++++++++++++++++++++++++++++ manifest | 4 ++ 3 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 man.rst diff --git a/gencode-remote b/gencode-remote index 3d0d6fa..918dc2e 100755 --- a/gencode-remote +++ b/gencode-remote @@ -1,4 +1,4 @@ -#!/bin/sh +x +#!/bin/sh os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") @@ -53,8 +53,6 @@ admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball -# INSTALL_STATE="$([ -d /var/www/nextcloud ] && cd /var/www/nextcloud && sudo -u www-data php occ status| grep -o true)" -# if [ ! "\$INSTALL_STATE" ] || [ ! -z "\$INSTALL_STATE" ]; then cat < + + +DESCRIPTION +----------- +This type installs Nextcloud. We suggest to use the type +__ungleich_nginx_app_proxy for the nginx configuration. + + +REQUIRED PARAMETERS +------------------- +domain + where Nextcloud runs + + +DEFAULT PARAMETERS +------------------- +admin-pass + Nextcloud default admin passwort: nextcloud + +admin-user + Nextcloud default admin user: nextcloud + +db-name + Nextcloud default database name: nextcloud + +db-pass + Nextcloud default password: nextcloud + +db-user + Nextcloud default database user: nextcloud + +uri + Nextcloud default Uniform Resource Identifier (URI): https://download.nextcloud.com/server/releases/nextcloud + +version + Nextcloud default version: 11.0.1 + + +OPTIONAL PARAMETERS +------------------- +admin-pass + Nextcloud admin password + +admin-user + Nextcloud user password + +db-name + Nextcloud database name + +db-pass + Nextcloud password + +db-user + Nextcloud database user + +ssl-cert + Define the path where the ssl-cert is on the $host + +ssl-key + Define the path where the ssl-key is on the $host + +uri + Nextcloud Uniform Resource Identifier (URI) + +version + Nextcloud version + +If not set the type uses the default parameters. + +BOOLEAN PARAMETERS +------------------ +ssl + Enable if you want to use SSL + +ssl-no-redirect + Enable if you don't want a redirect to https + +custom-config-from-stdin + Insert this configuration from stdin after the generic part + + +EXAMPLES +-------- + +.. code-block:: sh + + # only required + __ungleich_nextcloud --domain test.example.org + + # set a different admin-user and db-user; ssl is needed + __ungleich_nextcloud --ssl --admin-user ungleich --db-user ungleich --domain test.example.org + + # custom config + __ungleich_nextcloud --domain test.example.org --custom-config-from-stdin << eof + + # some aditional nginx config + + eof + + +SEE ALSO +-------- +- `cdist-type(7) `_ + + +COPYING +------- +Copyright \(C) 2017 ungleich GmbH (www.ungleich.ch). +Free use of this software is granted under the terms +of the GNU General Public License version 3 (GPLv3). diff --git a/manifest b/manifest index b5da075..c3de33e 100755 --- a/manifest +++ b/manifest @@ -38,6 +38,10 @@ esac db_pass=$(cat "$__object/parameter/db-pass") db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") +db_name=$(cat "$__object/parameter/domain") + +# Hostname +__hostname --name "$domain" # Install packages for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ From 90f8e7d4857ae3a84aa6b0d545c0151973e46861 Mon Sep 17 00:00:00 2001 From: moep Date: Wed, 2 Aug 2017 22:39:14 +0200 Subject: [PATCH 8/8] update man --- man.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/man.rst b/man.rst index 331f72f..e675a22 100644 --- a/man.rst +++ b/man.rst @@ -1,14 +1,16 @@ cdist-type__ungleich_nextcloud(7) ======================================= -Application proxy via nginx +This type installs Nextcloud. ungleich GmbH DESCRIPTION ----------- -This type installs Nextcloud. We suggest to use the type +We suggest to use our type __ungleich_nginx_app_proxy for the nginx configuration. +Keep in mind, that you have to install the certificates with +another type or nginx doesn't start. REQUIRED PARAMETERS