Newer
Older
apiVersion: v1
kind: ConfigMap
metadata:
# Can't use {{ .Release.name }} here, because we need to mount it to the
# Nextcloud pod from the values file
name: "nextcloud-onlyoffice-config-and-scripts"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
data:
# This script gets executed as a postStart command inside the Nextcloud pod.
# The script:
#
# * Installs all apps declared in the `apps` helm values array
# * Installs all apps
# * Updates pinned apps if their pinned version has changed
# * Always updates unpinned apps to their newest version
# * Runs upgrade routines after installation of a new release or new
# pinned apps.
# * Persists and loads the config.json config file
# * Updates database indices, columns, keys, etc needed after NC upgrade
# * Writes a log to /var/www/html/data/postStart.log
exec > /var/www/tmp/postStart-$(date +"%s").log
exec 2> /var/www/tmp/postStart-$(date +"%s")_error.log
# Copied from the NC docker entrypoint to run OCC commands
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "www-data" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
echo "STARTING SETUP-APPS.SH"
# Debug: place the json file in a persistent location for reuse
cp /var/local/config.json /var/www/html/
# There's a nextcloud setup process. First, wait for `occ` to exist
until [ -f "$occ" ] || [ "$count" -gt "$limit" ]
do
count=$((count+1))
wait=$((count*10))
echo "$occ doesn't exist yet, waiting $wait seconds"
sleep $wait
echo "$occ now exists!"
count=0
# As soon as the $occ command exist, we know that we can run occ, but
# Nextcloud might still be initializing, we use `occ` to find out whether
# the installation process has finished, and then we continue.
until [[ $(run_as "php occ status --output json") =~ '"installed":true' ]] || [ "$count" -gt "$limit" ]
count=$((count+1))
wait=$((count*10))
echo "Nextcloud is not installed yet. Waiting $wait seconds..."
sleep $wait
echo "Nextcloud is now installed, we can do our thing!"
# The `php occ status` command can, and is allowed to, fail when the `occ`
# file already exists, but the rest of the Nextcloud files have not been
# synchronized yet. However from this point in the script onwards,
# everything should succeed.
# Enable app store so we can run `install` and `enable` commands
run_as "php $occ config:system:set appstoreenabled --type boolean --value true"
echo "app store enabled"
app_versions=$(run_as "php $occ app:list --output json")
echo "app versions found"
# Install all apps declared in the `apps` helm values array
{{- range .Values.apps }}
{{- if not .name }}
echo "Skipping app {{ . }} without name variable set"
{{- else if and .github_repository .version .release_filename }}
Maarten de Waard
committed
# Apps with a pinned version number are downloaded from GitHub so we can
# update the pin with Renovatebot
Maarten de Waard
committed
desired_version=$(echo "{{ .version }}" | sed 's/^v//')
if [[ $app_versions =~ '"{{ .name }}":"$desired_version"' ]]
Maarten de Waard
committed
then
echo "App {{ .name }} is up-to-date at version {{ .version }}"
else
echo "No match in ${app_versions} for \"{{ .name }}\":\"$desired_version\","
echo "Installing app {{ .github_repository }} version '{{ .version }}'"
Maarten de Waard
committed
# Where to install the app
target_directory="/var/www/html/custom_apps"
Maarten de Waard
committed
# We need to edit $ to be able to use `tpl` inside a `range`,
# see https://github.com/helm/helm/issues/5979#issuecomment-518231758
# allows us to use version variable in the release_filename
{{- $_ := set $ "version" .version}}
Maarten de Waard
committed
curl "https://github.com/{{ .github_repository }}/releases/download/{{ .version }}/{{ tpl .release_filename $ }}" -Lo "{{ .name }}.tar.gz"
Maarten de Waard
committed
# Remove old version of the app
if [[ -d "$target_directory/{{ .name }}" ]]
Maarten de Waard
committed
then
rm -r "$target_directory/{{ .name }}"
Maarten de Waard
committed
fi
# Extract app into target directory. The app tars usually contain a folder
# named after the app name
tar -xf "{{ .name }}.tar.gz" -C "$target_directory"
rm "{{ .name }}.tar.gz"
Maarten de Waard
committed
fi
{{- else }}
# Unpinned app
if [[ "$app_versions" =~ '"{{ .name }}"' ]]
then
Maarten de Waard
committed
# Update the app to its latest version
echo "Updating app {{ .name }}"
run_as "php $occ app:update {{ .name }} --no-interaction"
else
echo "Installing app {{ .name }}"
run_as "php $occ app:install {{ .name }} --keep-disabled --no-interaction"
{{ end }} # end if and .github_repository .version
{{- if .enabled }}
Maarten de Waard
committed
# Enable {{ .name }} app
run_as "php $occ app:enable {{ .name }}"
{{ end }} # end if .enabled
{{ end }} # end range .Values.apps
Maarten de Waard
committed
# Some of the manually installed apps might need to run upgrade scripts, run
# them now
Maarten de Waard
committed
# Config settings from the configmap above
run_as "php $occ config:import /var/local/config.json"
echo "Setting custom OIDC provider data"
# Because of escape hell we can't use run_as here (unless you have amazing
# bash-fu)
su -p "www-data" -s /bin/bash -c "php $occ config:app:set sociallogin custom_providers --value='"'{"custom_oidc": [{{ .Values.sociallogin.custom_oidc | toJson }}]}'"'"
echo "Setting other sociallogin data"
run_as "php $occ config:app:set sociallogin auto_create_groups --value='{{ .Values.sociallogin.auto_create_groups }}'"
run_as "php $occ config:app:set sociallogin update_profile_on_login --value='{{ .Values.sociallogin.update_profile_on_login }}'"
echo "disabling app store"
# Disable app store again
run_as "php $occ config:system:set appstoreenabled --type boolean --value false"
echo "Updating database indices, columns, keys, etc."
run_as "php $occ db:add-missing-indices --no-interaction"
run_as "php $occ db:add-missing-columns --no-interaction"
run_as "php $occ db:add-missing-primary-keys --no-interaction"
run_as "php $occ db:convert-filecache-bigint --no-interaction"
#
# All values in config.json are applied by the nextcloud occ command
# config:import.
# system.trusted_proxies contains a list of proxies that are considered
# to be trusted. 10.42.0.0/16 contains all ip addresses that are
# assigned to kubernetes pods, which includes the ip address of
# the ingress controller that functions as a reverse proxy.
# system.overwriteprotocol overwrites the protocol of links that are
# generated by nextcloud to HTTPS.
# apps.core.backgroundjobs_mode set to cron disables the unreliable ajax
# scheduling that is enabled by default. Ajax scheduling is not needed
# because cronjobs are regularly executed by a kubernetes resource.
#
"trusted_proxies": ["10.42.0.0/16"],
"debug": {{ .Values.nextcloud.debug | quote }}
"backgroundjobs_mode": "webcron"
},
"onlyoffice":{
"DocumentServerInternalUrl": "",
"DocumentServerUrl": "https:\/\/{{ .Values.onlyoffice.server_name }}\/",
"StorageUrl": "https:\/\/{{ .Values.nextcloud.nextcloud.host }}\/",
"defFormats": "{\"csv\":\"false\",\"doc\":\"false\",\"docm\":\"false\",\"docx\":\"true\",\"dotx\":\"false\",\"epub\":\"false\",\"html\":\"false\",\"odp\":\"true\",\"ods\":\"true\",\"odt\":\"true\",\"pdf\":\"false\",\"potm\":\"false\",\"potx\":\"false\",\"ppsm\":\"false\",\"ppsx\":\"false\",\"ppt\":\"false\",\"pptm\":\"false\",\"pptx\":\"true\",\"rtf\":\"false\",\"txt\":\"false\",\"xls\":\"false\",\"xlsm\":\"false\",\"xlsx\":\"true\",\"xltm\":\"false\",\"xltx\":\"false\"}",
"editFormats": "{\"csv\":\"true\",\"odp\":\"true\",\"ods\":\"true\",\"odt\":\"true\",\"rtf\":\"false\",\"txt\":\"true\"}",
"enabled": "yes",
"groups": "[]",
"jwt_secret": "{{ .Values.onlyoffice.jwtSecret }}",
"sameTab": "true",
"settings_error": "",
"types": "filesystem",
"customizationForcesave": "true"