From cacc4afc4d6d808e3dee910a1be0fada1108dce7 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Sat, 1 Oct 2022 19:11:05 +0200
Subject: [PATCH] upgrade for nextcloud

---
 seed/nextcloud/DEBUG.md                       | 13 +++
 seed/nextcloud/templates/nextcloud-config.php | 92 ++++++++++---------
 seed/nextcloud/templates/nextcloud.init       | 18 +++-
 3 files changed, 80 insertions(+), 43 deletions(-)

diff --git a/seed/nextcloud/DEBUG.md b/seed/nextcloud/DEBUG.md
index 2168b85e..839618a6 100644
--- a/seed/nextcloud/DEBUG.md
+++ b/seed/nextcloud/DEBUG.md
@@ -43,6 +43,13 @@ Vérification :
 su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know
 ```
 
+Il faut quelque chose comme : 
+
+```
+            "well-known": "{\"grant_types_supported\": [...]}"
+```
+
+
 Suppression de cache nextcloud :
 
 ```
@@ -54,3 +61,9 @@ Sur lemonldap, le script de création du fichier .well-known :
 ```
 /usr/local/lib/sbin/interne_well_known.pl
 ```
+
+Pour regénérer :
+
+```
+systemctl restart lemonldap-ng-fastcgi-server.service
+```
diff --git a/seed/nextcloud/templates/nextcloud-config.php b/seed/nextcloud/templates/nextcloud-config.php
index 05569b4b..c08a4625 100644
--- a/seed/nextcloud/templates/nextcloud-config.php
+++ b/seed/nextcloud/templates/nextcloud-config.php
@@ -13,23 +13,23 @@ $CONFIG = array (
     0 => 'localhost',
     1 => '%%revprox_client_external_domainnames[0]',
   ),
-  'apps_paths' =>
+  'apps_paths' => 
   array (
-    0 =>
+    0 => 
     array (
-        'path' => '/usr/share/nextcloud/apps',
-        'url' => '/apps',
-        'writable' => false,
+      'path' => '/usr/share/nextcloud/apps',
+      'url' => '/apps',
+      'writable' => false,
     ),
-    1 =>
+    1 => 
     array (
-        'path' => '/usr/local/share/nextcloud/apps',
-        'url' => '/apps-appstore',
-        'writable' => true,
+      'path' => '/usr/local/share/nextcloud/apps',
+      'url' => '/apps-appstore',
+      'writable' => true,
     ),
   ),
   'dbtype' => 'pgsql',
-  'version' => '22.1.0.1',
+  'version' => '{{VERSION}}',
   'overwrite.cli.url' => 'http://localhost',
   'dbname' => '%%pg_client_database',
   'dbhost' => '%%pg_client_server_domainname',
@@ -37,7 +37,13 @@ $CONFIG = array (
   'dbtableprefix' => 'oc_',
   'dbuser' => '%%pg_client_username',
   'dbpassword' => '%%pg_client_password',
-  'dbdriveroptions' => array('sslmode' => 'verify-full', 'sslcert' => '/etc/pki/tls/certs/postgresql.crt', 'sslkey' => '/etc/pki/tls/private/postgresql.key', 'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'),
+  'dbdriveroptions' => 
+  array (
+    'sslmode' => 'verify-full',
+    'sslcert' => '/etc/pki/tls/certs/postgresql.crt',
+    'sslkey' => '/etc/pki/tls/private/postgresql.key',
+    'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt',
+  ),
   'passwordsalt' => '{{SALT}}',
   'secret' => '{{SECRET}}',
   'instanceid' => '%%nextcloud_instance_id',
@@ -46,49 +52,52 @@ $CONFIG = array (
   'maintenance' => false,
   'appstoreenabled' => false,
   'appcodechecker' => false,
-  'memcache.distributed' => '\OC\Memcache\Redis',
-  'memcache.locking' => '\OC\Memcache\Redis',
+  'memcache.distributed' => '\\OC\\Memcache\\Redis',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
   'trusted_proxies' => '%%revprox_client_server_ip',
   'overwritehost' => '%%revprox_client_external_domainnames[0]',
   'filelocking.enabled' => true,
-  'redis' => [
-     'host' => '%%redis_client_server_domainname',
-     'port' => 6380,
-     'user' => '%%redis_client_username',
-     'password' => '%%redis_client_password',
-     'dbindex' => 0,
-      'ssl_context' => [
-         'local_cert' => '/etc/pki/tls/certs/redis.crt',
-         'local_pk' => '/etc/pki/tls/private/redis.key',
-         'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
-      ]
-  ],
+  'redis' => 
+  array (
+    'host' => '%%redis_client_server_domainname',
+    'port' => 6380,
+    'user' => '%%redis_client_username',
+    'password' => '%%redis_client_password',
+    'dbindex' => 0,
+    'ssl_context' => 
+    array (
+      'local_cert' => '/etc/pki/tls/certs/redis.crt',
+      'local_pk' => '/etc/pki/tls/private/redis.key',
+      'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
+    )
+  ),
   'default_phone_region' => 'FR',
-//OIDC login
+# OIDC login
   'allow_user_to_change_display_name' => false,
   'lost_password_link' => 'disabled',
   'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname',
   'oidc_login_client_id' => '%%oauth2_client_id',
   'oidc_login_client_secret' => '%%oauth2_client_secret',
   'oidc_login_auto_redirect' => true,
-//FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
-//FIXME to true
+# FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
+# FIXME to true
   'oidc_login_end_session_redirect' => false,
-//If no quota, we cannot send file
+# If no quota, we cannot send file
   'oidc_login_default_quota' => '1000000000000000',
   'oidc_login_button_text' => 'Log in with OpenID',
   'oidc_login_hide_password_form' => true,
   'oidc_login_use_id_token' => false,
-  'oidc_login_attributes' => array (
-      'id' => 'sub',
-      'name' => 'name',
-      'mail' => 'email',
-//      'quota' => 'ownCloudQuota',
-//      'home' => 'homeDirectory',
-      'ldap_uid' => 'uid',
-//      'groups' => 'ownCloudGroups',
-//      'photoURL' => 'picture',
-//      'is_admin' => 'ownCloudAdmin',
+  'oidc_login_attributes' => 
+  array (
+    'id' => 'sub',
+    'name' => 'name',
+    'mail' => 'email',
+#    'quota' => 'ownCloudQuota',
+#    'home' => 'homeDirectory',
+    'ldap_uid' => 'uid',
+#    'groups' => 'ownCloudGroups',
+#    'photoURL' => 'picture',
+#    'is_admin' => 'ownCloudAdmin',
   ),
   'oidc_login_default_group' => 'oidc',
   'oidc_login_scope' => 'openid profile email',
@@ -98,14 +107,14 @@ $CONFIG = array (
   'oidc_login_alt_login_page' => 'assets/login.php',
   'oidc_login_tls_verify' => true,
   'oidc_create_groups' => false,
-//FIXME
+# FIXME
   'oidc_login_webdav_enabled' => false,
   'oidc_login_password_authentication' => false,
   'oidc_login_public_key_caching_time' => 86400,
   'oidc_login_min_time_between_jwks_requests' => 10,
   'oidc_login_well_known_caching_time' => 86400,
   'oidc_login_update_avatar' => false,
-//mail
+# mail
   'mail_smtpmode' => 'smtp',
   'mail_smtpsecure' => 'tls',
   'mail_sendmailmode' => 'smtp',
@@ -118,4 +127,5 @@ $CONFIG = array (
   'mail_smtpport' => '25',
   'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0',
   'mail_smtppassword' => '%%smtp_relay_password',
+  'loglevel' => 2,
 );
diff --git a/seed/nextcloud/templates/nextcloud.init b/seed/nextcloud/templates/nextcloud.init
index 81293361..f42da5f2 100644
--- a/seed/nextcloud/templates/nextcloud.init
+++ b/seed/nextcloud/templates/nextcloud.init
@@ -5,17 +5,26 @@ if [ ! -f /srv/nextcloud/keys/secret.txt ]; then
     umask 027
     /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
     /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
+    /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
 
     /usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
     /usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
 else
     sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php
     sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php
+    sed -i "s'{{VERSION}}'$(cat /srv/nextcloud/keys/version.txt)'g" /etc/nextcloud/config.php
     sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
+    # Upgrade
+    sha256sum /etc/nextcloud/config.php > /tmp/sha
+    sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
+    /usr/bin/php /usr/share/nextcloud/occ upgrade || true
+    sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
+    /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
+    ## if file is modified, copy upgraded version
+    sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
+    # Configure LDAP
     /usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
 fi
-# Upgrade
-/usr/bin/php /usr/share/nextcloud/occ upgrade || true
 # SSO
 /usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
 # Feature
@@ -52,6 +61,11 @@ fi
 /usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
 # Maintenance
 /usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
+sha256sum /etc/nextcloud/config.php > /tmp/sha
+sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
 /usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
+sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
+## if file is modified, copy upgraded version
+sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
 
 exit 0