Merge branch 'main' into stable

manifests/app_type.pp

@@ -15,7 +15,6 @@ define sunetdrive::app_type (
     # The config used
     $config = $override_config
     # Other settings
-    $admin_password = $config[ 'admin_password' ]
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
     $dbuser = $config[ 'dbuser' ]
@@ -31,7 +30,6 @@ define sunetdrive::app_type (
     $config = hiera_hash($environment)
     $skeletondirectory = $config['skeletondirectory']
     # Other settings
-    $admin_password = safe_hiera('admin_password')
     $dbhost = 'proxysql_proxysql_1'
     $dbname = 'nextcloud'
     $dbuser = 'nextcloud'
@@ -143,6 +141,14 @@ define sunetdrive::app_type (
       content => template('sunetdrive/application/upgrade23-25.erb.sh'),
       mode    => '0744',
     }
+    file { '/usr/local/bin/remount_user_bucket_as_project.sh':
+      ensure  => present,
+      force   => true,
+      owner   => 'root',
+      group   => 'root',
+      content => template('sunetdrive/application/remount_user_bucket_as_project.sh'),
+      mode    => '0744',
+    }
     file { '/opt/rotate/conf.d/nextcloud.conf':
       ensure  => file,
       force   => true,

templates/application/complete_reinstall.erb.sh

@@ -3,7 +3,6 @@
 config_php='/var/www/html/config/config.php'
 dbhost="<%= @dbhost %>"
 mysql_user_password="<%= @mysql_user_password %>"
-admin_password="<%= @admin_password %>"
 location="<%= @location %>"
 bucket="<%= @s3_bucket %>"
 
@@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then
 	echo "WARNING: This will delete everything in the database and reinstall Nextcloud."
 	echo "You have 10 seconds to abort by hitting CTRL/C"
 	sleep 10s
+  echo "Setting temp admin password"
+  apt update && apt install -y apg
+  admin_password="$(apg -m 40 | head -1)"
 	echo "Ok, proceeding."
 	echo "Dropping database in 3 seconds"
 	sleep 3s
@@ -48,6 +50,11 @@ EOF
 	instanceid=$(grep -E "^  'instanceid'" ${config_php} | awk -F "'" '{print $4}')
 	secret=$(grep -E "^  'secret'" ${config_php} | awk -F "'" '{print $4}')
 	passwordsalt=$(grep -E "^  'passwordsalt'" ${config_php} | awk -F "'" '{print $4}')
+  echo "Now delete the admin user:"
+  echo "  occ user:delete admin"
+  echo "and then create a new admin user:"
+  echo "  /usr/local/bin/add_admin_user <username> <email address>"
+  echo ""
 	echo "Please use edit-secrets to add these variables to all Nextcloud servers:"
 	echo "instanceid: DEC::PKCS7[${instanceid}]!"
 	echo "secret: DEC::PKCS7[${secret}]!"

templates/application/docker-compose_nextcloud.yml.erb

@@ -9,8 +9,6 @@ services:
 <%- if @hostnet -%>
     network_mode: host
 <%- end -%>
-    environment:
-      - NC_PASS=<%= @admin_password%>
     volumes:
       - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf
       - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf

templates/application/remount_user_bucket_as_project.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+mountid="${1}"
+user="${2}"
+container="${3}"
+if [[ -z ${mountid} ]] || [[ -z ${user} ]]; then
+    echo "We need a valid mount id and user to proceed"
+    echo "Usage: ${0} <mountid> <user> [<container>]"
+    exit
+fi
+
+if [[ -z ${container} ]]; then
+    container="nextcloud_app_1"
+fi
+
+occ="/usr/local/bin/occ"
+function get_config {
+  ${occ} files_external:config ${mountid} ${1} | tr -d '\n\t\r'
+}
+
+echo "Gathering information, hang tight."
+
+echo -n "."
+bucket="$(get_config bucket)"
+echo -n "."
+hostname="$(get_config hostname)"
+echo -n "."
+key="$(get_config key)"
+echo -n "."
+region="$(get_config region)"
+echo -n "."
+secret="$(get_config secret)"
+jsonfile="/tmp/${user}-user-bucket.json"
+mount_point="${user/@/-}"
+mount_point="${mount_point/./-}-user-bucket"
+
+echo "This will remount the user bucket with mountid ${mountid} for ${user} as project bucket with mountpoint ${mount_point}."
+read -r -p "Press enter to continue"
+
+echo '
+[
+    {
+        "mount_point": "\/'${mount_point}'",
+        "storage": "\\OCA\\Files_External\\Lib\\Storage\\AmazonS3",
+        "authentication_type": "amazons3::accesskey",
+        "configuration": {
+            "bucket": "'${bucket}'",
+            "hostname": "'${hostname}'",
+            "key": "'${key}'",
+            "legacy_auth": false,
+            "port": "443",
+            "region": "'${region}'",
+            "secret": "'${secret}'",
+            "storageClass": "",
+            "useMultipartCopy": false,
+            "use_path_style": true,
+            "use_ssl": true
+        },
+        "options": {
+            "encrypt": true,
+            "previews": true,
+            "enable_sharing": true,
+            "filesystem_check_changes": 0,
+            "encoding_compatibility": false,
+            "readonly": false
+        },
+        "applicable_users": [
+        ],
+        "applicable_groups": ["admin"]
+    }
+]
+' > "${jsonfile}"
+
+
+docker cp ${jsonfile} ${container}:/${jsonfile}
+${occ} files_external:import /${jsonfile}
+docker exec ${container} rm /${jsonfile}
+rm ${jsonfile}
+${occ} files_external:delete ${mountid}

templates/mariadb_backup/check_replication.erb

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-result="$(docker exec mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')"
+result="$(docker exec -u root mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')"
 if [[ "${result}" == "Slave_running	ON" ]]; then
   echo "OK: Replica running"
   exit 0

templates/multinode/complete_reinstall.erb.sh

@@ -3,10 +3,12 @@
 config_php='/var/www/html/config/config.php'
 dbhost="<%= @dbhost %>"
 mysql_user_password="<%= @mysql_user_password %>"
-admin_password="<%= @admin_password %>"
 location="<%= @location %>"
 bucket="<%= @s3_bucket %>"
 customer="<%= @customer %>"
+echo "Setting temp admin password"
+apt update && apt install -y apg
+admin_password="$(apg -m 40 | head -1)"
 
 /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1
 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1
@@ -35,6 +37,11 @@ EOF
 instanceid=$(grep -E "^  'instanceid'" ${config_php} | awk -F "'" '{print $4}')
 secret=$(grep -E "^  'secret'" ${config_php} | awk -F "'" '{print $4}')
 passwordsalt=$(grep -E "^  'passwordsalt'" ${config_php} | awk -F "'" '{print $4}')
+echo "Now delete the admin user:"
+echo "  occ <container> user:delete admin"
+echo "and then create a new admin user:"
+echo "  /usr/local/bin/add_admin_user <username> <email address> <container>"
+echo ""
 echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!"
 echo "${customer}_secret: DEC::PKCS7[${secret}]!"
 echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!"

templates/multinode/docker-compose_nextcloud.yml.erb

@@ -15,8 +15,7 @@ services:
       - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log
       - <%= @audit_log_path %>:/var/www/html/data/audit.log
       - <%= @rclone_conf_path %>:/rclone.conf
-    environment:
-      - NC_PASS=<%= @admin_password%>
+
     networks:
       - default
       - proxysql_proxysql