RubyGems - ConfigLMM - Versions diffs - 0.3.0 → 0.5.0 - Mend

ConfigLMM 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +70 -0
data/CNAME +1 -0
data/Examples/.lmm.state.yaml +159 -0
data/Examples/ConfigLMM.mm.yaml +32 -0
data/Examples/Implemented.mm.yaml +252 -4
data/Examples/SmallBusiness.mm.yaml +492 -0
data/Plugins/Apps/Answer/answer.lmm.rb +165 -0
data/Plugins/Apps/Answer/answer@.service +40 -0
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb +0 -3
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb +0 -1
data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +20 -0
data/Plugins/Apps/Authentik/Authentik-Server.container +7 -1
data/Plugins/Apps/Authentik/Authentik-Worker.container +7 -1
data/Plugins/Apps/Authentik/Authentik.conf.erb +18 -6
data/Plugins/Apps/Authentik/Authentik.lmm.rb +232 -45
data/Plugins/Apps/BookStack/BookStack.conf.erb +38 -0
data/Plugins/Apps/BookStack/BookStack.container +20 -0
data/Plugins/Apps/BookStack/BookStack.lmm.rb +91 -0
data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +9 -19
data/Plugins/Apps/ClickHouse/ClickHouse.container +28 -0
data/Plugins/Apps/ClickHouse/ClickHouse.lmm.rb +113 -0
data/Plugins/Apps/ClickHouse/Config/listen.yaml +2 -0
data/Plugins/Apps/ClickHouse/Config/logger.yaml +8 -0
data/Plugins/Apps/ClickHouse/Config/zookeepers.yaml +5 -0
data/Plugins/Apps/ClickHouse/Connection.rb +96 -0
data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +22 -0
data/Plugins/Apps/Discourse/Discourse.conf.erb +38 -0
data/Plugins/Apps/Discourse/Discourse.container +21 -0
data/Plugins/Apps/Discourse/Discourse.lmm.rb +156 -0
data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +87 -52
data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext-Queue.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext.container +23 -0
data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +204 -0
data/Plugins/Apps/ERPNext/ERPNext.network +12 -0
data/Plugins/Apps/ERPNext/sites/apps.json +10 -0
data/Plugins/Apps/ERPNext/sites/apps.txt +3 -0
data/Plugins/Apps/ERPNext/sites/common_site_config.json +11 -0
data/Plugins/Apps/GitLab/GitLab.container +9 -2
data/Plugins/Apps/GitLab/GitLab.lmm.rb +52 -33
data/Plugins/Apps/Homepage/Homepage.conf.erb +86 -0
data/Plugins/Apps/Homepage/Homepage.container +19 -0
data/Plugins/Apps/Homepage/Homepage.lmm.rb +54 -0
data/Plugins/Apps/IPFS/IPFS.conf.erb +0 -3
data/Plugins/Apps/IPFS/IPFS.lmm.rb +0 -1
data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb +0 -3
data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb +0 -1
data/Plugins/Apps/Jackett/Jackett.conf.erb +0 -3
data/Plugins/Apps/Jackett/Jackett.lmm.rb +0 -1
data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb +0 -3
data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb +0 -1
data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +78 -0
data/Plugins/Apps/LetsEncrypt/hooks/dovecot.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/nginx.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/postfix.sh +2 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.service +7 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.timer +12 -0
data/Plugins/Apps/LetsEncrypt/rfc2136.ini +11 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.container +21 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb +34 -0
data/Plugins/Apps/Lobsters/Containerfile +81 -0
data/Plugins/Apps/Lobsters/Lobsters-Tasks.container +26 -0
data/Plugins/Apps/Lobsters/Lobsters.conf.erb +99 -0
data/Plugins/Apps/Lobsters/Lobsters.container +27 -0
data/Plugins/Apps/Lobsters/Lobsters.lmm.rb +196 -0
data/Plugins/Apps/Lobsters/crontab +3 -0
data/Plugins/Apps/Lobsters/database.yml +26 -0
data/Plugins/Apps/Lobsters/entrypoint.sh +30 -0
data/Plugins/Apps/Lobsters/generateCredentials.rb +19 -0
data/Plugins/Apps/Lobsters/lobsters-cron.sh +25 -0
data/Plugins/Apps/Lobsters/lobsters-daily.sh +23 -0
data/Plugins/Apps/Lobsters/puma.rb +49 -0
data/Plugins/Apps/MariaDB/Connection.rb +55 -0
data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +122 -0
data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container +22 -0
data/Plugins/Apps/Mastodon/Mastodon-Streaming.container +20 -0
data/Plugins/Apps/Mastodon/Mastodon.conf.erb +34 -45
data/Plugins/Apps/Mastodon/Mastodon.container +28 -0
data/Plugins/Apps/Mastodon/Mastodon.lmm.rb +240 -5
data/Plugins/Apps/Mastodon/configlmm.rake +30 -0
data/Plugins/Apps/Mastodon/entrypoint.sh +16 -0
data/Plugins/Apps/Matrix/Element.container +19 -0
data/Plugins/Apps/Matrix/Matrix.conf.erb +47 -9
data/Plugins/Apps/Matrix/Matrix.lmm.rb +119 -5
data/Plugins/Apps/Matrix/Synapse.container +22 -0
data/Plugins/Apps/Matrix/config.json +50 -0
data/Plugins/Apps/Matrix/homeserver.yaml +70 -0
data/Plugins/Apps/Matrix/log.config +30 -0
data/Plugins/Apps/Netdata/Netdata.conf.erb +0 -3
data/Plugins/Apps/Netdata/Netdata.lmm.rb +0 -1
data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +3 -4
data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +155 -48
data/Plugins/Apps/Nextcloud/autoconfig.php +13 -0
data/Plugins/Apps/Nextcloud/config.php +10 -1
data/Plugins/Apps/Nextcloud/nextcloudcron.service +8 -0
data/Plugins/Apps/Nextcloud/nextcloudcron.timer +10 -0
data/Plugins/Apps/Nginx/Connection.rb +93 -0
data/Plugins/Apps/Nginx/conf.d/configlmm.conf +54 -4
data/Plugins/Apps/Nginx/conf.d/languages.conf +21 -0
data/Plugins/Apps/Nginx/config-lmm/errors.conf +33 -22
data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf +20 -0
data/Plugins/Apps/Nginx/config-lmm/proxy.conf +6 -2
data/Plugins/Apps/Nginx/main.conf.erb +7 -3
data/Plugins/Apps/Nginx/nginx.conf +2 -2
data/Plugins/Apps/Nginx/nginx.lmm.rb +103 -81
data/Plugins/Apps/Nginx/proxy.conf.erb +24 -6
data/Plugins/Apps/Odoo/Odoo.conf.erb +0 -3
data/Plugins/Apps/Odoo/Odoo.container +7 -1
data/Plugins/Apps/Odoo/Odoo.lmm.rb +4 -5
data/Plugins/Apps/Ollama/Ollama.container +26 -0
data/Plugins/Apps/Ollama/Ollama.lmm.rb +73 -0
data/Plugins/Apps/OpenTelemetry/Config/config.yaml +704 -0
data/Plugins/Apps/OpenTelemetry/OpenTelemetry.lmm.rb +154 -0
data/Plugins/Apps/OpenVidu/Ingress.container +23 -0
data/Plugins/Apps/{GitLab/GitLab.conf.erb → OpenVidu/OpenVidu.conf.erb} +8 -3
data/Plugins/Apps/OpenVidu/OpenVidu.container +21 -0
data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +94 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +32 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.container +20 -0
data/Plugins/Apps/OpenVidu/ingress.yaml +10 -0
data/Plugins/Apps/OpenVidu/livekit.yaml +13 -0
data/Plugins/Apps/PHP-FPM/Connection.rb +91 -0
data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +31 -4
data/Plugins/Apps/Peppermint/Peppermint.conf.erb +2 -9
data/Plugins/Apps/Peppermint/Peppermint.container +7 -1
data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +29 -33
data/Plugins/Apps/Perplexica/Perplexica.container +25 -0
data/Plugins/Apps/Perplexica/Perplexica.lmm.rb +92 -0
data/Plugins/Apps/Perplexica/config.toml +26 -0
data/Plugins/Apps/Podman/Connection.rb +24 -0
data/Plugins/Apps/Podman/Podman.lmm.rb +80 -0
data/Plugins/Apps/Podman/storage.conf +6 -0
data/Plugins/Apps/Postfix/Postfix.lmm.rb +249 -145
data/Plugins/Apps/PostgreSQL/Connection.rb +97 -0
data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +204 -99
data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb +0 -3
data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb +0 -2
data/Plugins/Apps/Pterodactyl/Wings.conf.erb +0 -3
data/Plugins/Apps/RVM/RVM.lmm.rb +57 -0
data/Plugins/Apps/Roundcube/Roundcube.conf.erb +72 -0
data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +141 -0
data/Plugins/Apps/SSH/SSH.lmm.rb +9 -15
data/Plugins/Apps/SearXNG/SearXNG.container +22 -0
data/Plugins/Apps/SearXNG/SearXNG.lmm.rb +79 -0
data/Plugins/Apps/SearXNG/limiter.toml +40 -0
data/Plugins/Apps/SearXNG/settings.yml +2 -0
data/Plugins/Apps/SigNoz/Config/alerts.yml +11 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-config.yaml +110 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-opamp-config.yaml +1 -0
data/Plugins/Apps/SigNoz/Config/prometheus.yml +18 -0
data/Plugins/Apps/SigNoz/SigNoz-Collector.container +23 -0
data/Plugins/Apps/SigNoz/SigNoz-Migrator.container +17 -0
data/Plugins/Apps/SigNoz/SigNoz.conf.erb +61 -0
data/Plugins/Apps/SigNoz/SigNoz.container +26 -0
data/Plugins/Apps/SigNoz/SigNoz.lmm.rb +319 -0
data/Plugins/Apps/Solr/log4j2.xml +89 -0
data/Plugins/Apps/Solr/solr.lmm.rb +82 -0
data/Plugins/Apps/Sunshine/Sunshine.conf.erb +0 -3
data/Plugins/Apps/Sunshine/Sunshine.lmm.rb +0 -1
data/Plugins/Apps/Tunnel/tunnel.lmm.rb +59 -0
data/Plugins/Apps/Tunnel/tunnelTCP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelTCP.socket +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.socket +9 -0
data/Plugins/Apps/UVdesk/UVdesk.conf.erb +0 -3
data/Plugins/Apps/Umami/Umami.container +19 -0
data/Plugins/Apps/Umami/Umami.lmm.rb +108 -0
data/Plugins/Apps/Valkey/Valkey.lmm.rb +64 -20
data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +9 -6
data/Plugins/Apps/Vaultwarden/Vaultwarden.container +7 -1
data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +67 -28
data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +39 -0
data/Plugins/Apps/Wiki.js/Wiki.js.container +20 -0
data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +55 -0
data/Plugins/Apps/YaCy/YaCy.conf.erb +93 -0
data/Plugins/Apps/YaCy/YaCy.container +21 -0
data/Plugins/Apps/YaCy/YaCy.lmm.rb +160 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.container +24 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.lmm.rb +68 -0
data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb +0 -3
data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb +0 -1
data/Plugins/Apps/gollum/gollum.conf.erb +40 -4
data/Plugins/Apps/gollum/gollum.container +10 -1
data/Plugins/Apps/gollum/gollum.lmm.rb +56 -47
data/Plugins/Apps/llama.cpp/llama.cpp.container +28 -0
data/Plugins/Apps/llama.cpp/llama.cpp.lmm.rb +90 -0
data/Plugins/Apps/vLLM/vLLM.container +32 -0
data/Plugins/Apps/vLLM/vLLM.lmm.rb +89 -0
data/Plugins/OS/General/Utils.lmm.rb +26 -0
data/Plugins/OS/Linux/Connection.rb +472 -0
data/Plugins/OS/Linux/Debian/preseed.cfg.erb +81 -0
data/Plugins/OS/Linux/Distributions.yaml +32 -0
data/Plugins/OS/Linux/Flavours.yaml +24 -0
data/Plugins/OS/Linux/Grub/grub.cfg +10 -0
data/Plugins/OS/Linux/HTTP.rb +32 -0
data/Plugins/OS/Linux/Linux.lmm.rb +708 -174
data/Plugins/OS/Linux/Packages.yaml +67 -3
data/Plugins/OS/Linux/Proxmox/answer.toml.erb +30 -0
data/Plugins/OS/Linux/Services.yaml +8 -0
data/Plugins/OS/Linux/Shell.rb +70 -0
data/Plugins/OS/Linux/Syslinux/default +8 -0
data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +93 -40
data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +3 -0
data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb +29 -3
data/Plugins/OS/Linux/systemd/systemd.lmm.rb +13 -11
data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb +6 -5
data/Plugins/Platforms/GitHub.lmm.rb +73 -28
data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +10 -7
data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb +402 -0
data/Plugins/Platforms/Proxmox/XTerm.rb +321 -0
data/Plugins/Platforms/libvirt/libvirt.lmm.rb +41 -15
data/Plugins/Platforms/porkbun.lmm.rb +12 -2
data/Plugins/Platforms/porkbun_spec.rb +2 -2
data/Plugins/Services/DNS/AmberBit.lmm.rb +1 -1
data/Plugins/Services/DNS/ArubaItDNS.lmm.rb +1 -1
data/Plugins/Services/DNS/NICLV.lmm.rb +1 -1
data/Plugins/Services/DNS/PowerDNS.lmm.rb +130 -41
data/Plugins/Services/DNS/tonic.lmm.rb +22 -12
data/bootstrap.sh +41 -3
data/lib/ConfigLMM/Framework/plugins/dns.rb +4 -3
data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +187 -144
data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +54 -6
data/lib/ConfigLMM/Framework/plugins/plugin.rb +68 -140
data/lib/ConfigLMM/Framework/plugins/store.rb +4 -4
data/lib/ConfigLMM/Framework/variables.rb +75 -0
data/lib/ConfigLMM/Framework.rb +1 -0
data/lib/ConfigLMM/cli.rb +13 -5
data/lib/ConfigLMM/commands/cleanup.rb +1 -0
data/lib/ConfigLMM/commands/configsCommand.rb +38 -5
data/lib/ConfigLMM/commands/diff.rb +33 -9
data/lib/ConfigLMM/context.rb +22 -3
data/lib/ConfigLMM/io/configList.rb +85 -7
data/lib/ConfigLMM/io/connection.rb +143 -0
data/lib/ConfigLMM/io/dhcp.rb +330 -0
data/lib/ConfigLMM/io/http.rb +78 -0
data/lib/ConfigLMM/io/local.rb +207 -0
data/lib/ConfigLMM/io/pxe.rb +92 -0
data/lib/ConfigLMM/io/ssh.rb +156 -0
data/lib/ConfigLMM/io/tftp.rb +105 -0
data/lib/ConfigLMM/io.rb +2 -0
data/lib/ConfigLMM/secrets/envStore.rb +39 -0
data/lib/ConfigLMM/secrets/fileStore.rb +43 -0
data/lib/ConfigLMM/state.rb +12 -3
data/lib/ConfigLMM/version.rb +2 -1
data/lib/ConfigLMM.rb +1 -0
data/{Examples → scripts}/configlmmAuth.sh +7 -5
metadata +257 -9

data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb CHANGED Viewed

@@ -1,14 +1,16 @@
 module ConfigLMM
     module LMM
-        class Nextcloud < Framework::NginxApp
+        class Nextcloud < Framework::Plugin
             USER = 'nextcloud'
             HOME_DIR = '/var/lib/nextcloud'
             PACKAGE_NAME = 'Nextcloud'
             def actionNextcloudBuild(id, target, state, context, options)
-                writeNginxConfig(__dir__, 'Nextcloud', id, target, state, context, options)
+                Nginx.withConnection(local) do |nginxConnection|
+                    nginxConnection.writeConfig(__dir__, 'Nextcloud', target, state, context, options)
+                end
             end
             def actionNextcloudDiff(id, target, activeState, context, options)
@@ -16,62 +18,167 @@ module ConfigLMM
             end
             def actionNextcloudDeploy(id, target, activeState, context, options)
-                if target['Location'] && target['Location'] != '@me'
-                    uri = Addressable::URI.parse(target['Location'])
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.class.sshStart(uri) do |ssh|
-                        if !target.key?('Proxy') || target['Proxy'] != 'only'
-                            Framework::LinuxApp.ensurePackages([PHP_FPM::PHPFPM_PACKAGE], ssh)
-                            Framework::LinuxApp.ensureServiceAutoStartOverSSH(PHP_FPM::PHPFPM_SERVICE, ssh)
-                            distroInfo = Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
-                            addUserCmd = "#{distroInfo['CreateServiceUser']} --home-dir '#{HOME_DIR}' --create-home --comment 'Nextcloud' #{USER}"
-                            self.class.sshExec!(ssh, addUserCmd, true)
-                            self.class.sshExec!(ssh, "mkdir -p /var/log/php/ /var/lib/nextcloud/apps/ /var/lib/nextcloud/data/")
-                            self.class.sshExec!(ssh, "touch /var/log/php/nextcloud.errors.log")
-                            self.class.sshExec!(ssh, "touch /var/log/php/nextcloud.mail.log")
-                            self.class.sshExec!(ssh, "chown #{USER}:#{USER} /var/log/php/nextcloud.errors.log")
-                            self.class.sshExec!(ssh, "chown #{USER}:#{USER} /var/log/php/nextcloud.mail.log")
-                            PHP_FPM::fixConfigFileOverSSH(distroInfo, ssh)
-                            webappsDir = PHP_FPM::webappsDir(distroInfo)
-                            configDir = webappsDir + 'nextcloud/config/'
-                            if !self.class.remoteFilePresent?(configDir + 'config.php', ssh)
-                                self.class.uploadNotPresent(__dir__ + '/config.php', configDir, ssh)
-                                self.class.sshExec!(ssh, "sed -i \"s|'instanceid' .*|'instanceid' => '#{SecureRandom.alphanumeric(10)}',|\" #{configDir}config.php")
-                                self.class.sshExec!(ssh, "touch #{configDir}CAN_INSTALL")
-                                self.class.sshExec!(ssh, "sed -i 's|/usr/share/webapps/|#{webappsDir}|' #{configDir}config.php")
+                self.withConnection(target['Location'], target) do |connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        PHP_FPM::deploy(linuxConnection, options)
+                        linuxConnection.ensurePackage(PACKAGE_NAME, options)
+                        Podman.createUser(USER, HOME_DIR, 'Nextcloud', linuxConnection, options)
+                        linuxConnection.withUserShell(USER) do |shell|
+                            shell.createDirs(options, '~/apps', '~/data')
+                        end
+                        linuxConnection.createDirs(options, '/var/log/php')
+                        linuxConnection.makeAccessible(HOME_DIR, options)
+                        webappsDir = nil
+                        PHP_FPM.withConnection(linuxConnection) do |phpConnection|
+                            webappsDir = phpConnection.webappsDir
+                            phpConnection.enableExtension('imagick', options)
+                        end
+                        target['User'] = USER unless target['User']
+                        target['Root'] = webappsDir + 'nextcloud'
+                        dbPassword = configureDatabase(target, linuxConnection, context, options)
+                        configDir = webappsDir + 'nextcloud/config/'
+                        if !linuxConnection.filePresent?(configDir + 'config.php', options)
+                            linuxConnection.fileWrite('/var/log/php/nextcloud.access.json', '', options)
+                            linuxConnection.fileWrite('/var/log/php/nextcloud.errors.log', '', options)
+                            linuxConnection.fileWrite('/var/log/php/nextcloud.mail.log', '', options)
+                            linuxConnection.setUserGroup('/var/log/php/nextcloud.access.json', USER, USER, options)
+                            linuxConnection.setUserGroup('/var/log/php/nextcloud.errors.log', USER, USER, options)
+                            linuxConnection.setUserGroup('/var/log/php/nextcloud.mail.log', USER, USER, options)
+                            linuxConnection.exec("chmod o-r /var/log/php/nextcloud.access.json /var/log/php/nextcloud.errors.log /var/log/php/nextcloud.mail.log", false, options)
+                            linuxConnection.upload(__dir__ + '/autoconfig.php', configDir, options)
+                            linuxConnection.fileReplace("#{configDir}autoconfig.php", "'dbuser' .*", "'dbuser' => '#{target['User']}',", options)
+                            linuxConnection.fileReplace("#{configDir}autoconfig.php", "'dbpass' .*", "'dbpass' => '#{dbPassword}',", { **options, hide: true })
+                            if target['Database']['HostName'] != 'localhost'
+                                linuxConnection.fileReplace("#{configDir}autoconfig.php", "'dbhost' .*", "'dbhost' => '#{target['Database']['HostName']}',", options)
                             end
-                            self.class.sshExec!(ssh, "chown -R nextcloud:nextcloud #{configDir}")
-                            self.class.sshExec!(ssh, "chown -R nextcloud:nextcloud /var/lib/nextcloud/")
-                            target['Database'] ||= {}
-                            if !target['Database']['Type'] || target['Database']['Type'] == 'pgsql'
-                                PostgreSQL.createRemoteUserAndDBOverSSH(target['Database'], USER, nil, ssh)
+                            if target['Admin'].to_h.empty?
+                                linuxConnection.fileReplace("#{configDir}autoconfig.php", "'adminlogin'", "//'adminlogin'", options)
+                                linuxConnection.fileReplace("#{configDir}autoconfig.php", "'adminpass'", "//'adminpass'", options)
+                            else
+                                raise 'Admin.Name missing!' unless target['Admin']['Name']
+                                linuxConnection.fileReplace("#{configDir}autoconfig.php", "'adminlogin' .*", "'adminlogin' => '#{target['Admin']['Name']}',", options)
+                                adminPassword = context.secrets.load(target['SecretId'], 'ADMIN_PASSWORD')
+                                if adminPassword.nil?
+                                    adminPassword = SecureRandom.alphanumeric(20)
+                                    context.secrets.store(target['SecretId'], 'ADMIN_PASSWORD', adminPassword)
+                                    context.secrets.print("Nextcloud Admin '#{target['Admin']['Name']}' password", adminPassword)
+                                end
+                                linuxConnection.fileReplace("#{configDir}autoconfig.php", "'adminpass' .*", "'adminpass' => '#{adminPassword}',", { **options, hide: true })
                             end
-                            target['User'] = USER unless target['User']
-                            name = 'nextcloud'
-                            self.updateRemoteFile(ssh, PHP_FPM.configDir(distroInfo) + name + '.conf', options, false, ';') do |configLines|
-                                PHP_FPM.writeConfig(name, target, distroInfo, configLines)
+                            linuxConnection.upload(__dir__ + '/config.php', configDir, options)
+                            linuxConnection.fileReplace("#{configDir}config.php", "'instanceid' .*", "'instanceid' => '#{SecureRandom.alphanumeric(10)}',", options)
+                            if target['Valkey'].to_h.empty?
+                                linuxConnection.fileReplace("#{configDir}config.php", "'memcache.distributed'", "//'memcache.distributed'", options)
+                                linuxConnection.fileReplace("#{configDir}config.php", "'memcache.locking'", "//'memcache.locking'", options)
+                            else
+                                if target['Valkey']['Host']
+                                    linuxConnection.fileReplace("#{configDir}config.php", "'host' .*", "'host' => '#{target['Valkey']['Host']}',", options)
+                                end
+                                if target['Valkey']['SecretId']
+                                    valkeyPassword = context.secrets.load(target['Valkey']['SecretId'], 'VALKEY_PASSWORD')
+                                    linuxConnection.fileReplace("#{configDir}config.php", "'password' .*", "'password' => '#{valkeyPassword}',", { **options, hide: true })
+                                end
                             end
-                            Framework::LinuxApp.startServiceOverSSH(PHP_FPM::PHPFPM_SERVICE, ssh)
+                            linuxConnection.fileWrite("#{configDir}CAN_INSTALL", '', options)
+                            linuxConnection.fileReplace("#{configDir}config.php", '/usr/share/webapps/', webappsDir, options)
                         end
-                        if !target.key?('Proxy') || target['Proxy']
-                            self.class.prepareNginxConfig(target, ssh)
-                            self.writeNginxConfig(__dir__, 'Nextcloud', id, target, state, context, options)
-                            distroInfo = Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
-                            webappsDir = PHP_FPM::webappsDir(distroInfo)
-                            nginxFile = options['output'] + '/nginx/servers-lmm/Nextcloud.conf'
-                            `sed -i 's|root .*|root #{webappsDir}nextcloud;|' #{nginxFile}`
-                            deployNginxConfig(id, target, activeState, context, options)
+                        linuxConnection.setUserGroup(configDir, USER, USER, options)
+                        linuxConnection.setUserGroup('/var/lib/nextcloud', USER, USER, options)
+                        name = 'nextcloud'
+                        PHP_FPM.withConnection(linuxConnection) do |phpConnection|
+                            linuxConnection.updateFile(phpConnection.configDir + name + '.conf', options, false, ';') do |configLines|
+                                phpConnection.writeConfig(name, target, configLines)
+                            end
+                        end
+                        linuxConnection.upload(__dir__ + '/nextcloudcron.service', '/etc/systemd/system/', options)
+                        linuxConnection.upload(__dir__ + '/nextcloudcron.timer', '/etc/systemd/system/', options)
+                        linuxConnection.fileReplace('/etc/systemd/system/nextcloudcron.service', '\$WEBAPPS/', webappsDir, options)
+                        linuxConnection.reloadServiceManager(options)
+                        linuxConnection.startService(PHP_FPM::PHPFPM_SERVICE, options)
+                        linuxConnection.ensureServiceAutoStart('nextcloudcron.timer', options)
+                        linuxConnection.startService('nextcloudcron.timer', options)
+                        Nginx.withConnection(linuxConnection) do |nginxConnection|
+                            nginxConnection.provision(__dir__, 'Nextcloud', target, activeState, context, options)
                         end
                     end
-                else
-                    if !target.key?('Proxy') || target['Proxy']
-                        deployNginxConfig(id, target, activeState, context, options)
+                end
+            end
+            def configureDatabase(target, linuxConnection, context, options)
+                target['Database'] ||= {}
+                password = context.secrets.load(target['SecretId'], 'DB_PASSWORD')
+                if password.nil?
+                    password = SecureRandom.alphanumeric(20)
+                    context.secrets.store(target['SecretId'], 'DB_PASSWORD', password)
+                end
+                if !target['Database']['Type'] || target['Database']['Type'] == 'pgsql'
+                    PostgreSQL.defaults(target['Database'])
+                    PostgreSQL.withConnection(target['Database'], linuxConnection) do |postgresConnection|
+                        postgresConnection.createUserAndDB(target['User'], password, options)
+                    end
+                end
+                password
+            end
+            def cleanup(configs, state, context, options)
+                cleanupType(:Nextcloud, configs, state, context, options) do |item, id, state, context, options, connection|
+                    Linux.withConnection(connection) do |linuxConnection|
+                        Nginx.withConnection(linuxConnection) do |nginxConnection|
+                            nginxConnection.cleanupConfig('Nextcloud', context, options)
+                            nginxConnection.reload(options)
+                        end
+                        linuxConnection.stopService('nextcloudcron.timer', options)
+                        configDir = nil
+                        webappsDir = nil
+                        PHP_FPM.withConnection(linuxConnection) do |phpConnection|
+                            configDir = phpConnection.configDir
+                            webappsDir = phpConnection.webappsDir
+                        end
+                        linuxConnection.rm(configDir + 'nextcloud.conf', options[:dry])
+                        linuxConnection.rm('/etc/systemd/system/nextcloudcron.service', options[:dry])
+                        linuxConnection.rm('/etc/systemd/system/nextcloudcron.timer', options[:dry])
+                        linuxConnection.reloadService(PHP_FPM::PHPFPM_SERVICE, options)
+                        linuxConnection.removePackage(PACKAGE_NAME, options)
+                        state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+                        if options[:destroy]
+                            linuxConnection.rm(webappsDir + 'nextcloud', options[:dry])
+                            item['Config']['Database'] ||= {}
+                            if !item['Config']['Database']['Type'] || item['Config']['Database']['Type'] == 'pgsql'
+                                PostgreSQL.withConnection(item['Config']['Database'], linuxConnection) do |postgresConnection|
+                                    postgresConnection.dropUserAndDB(USER, options)
+                                end
+                            end
+                            linuxConnection.deleteUserAndGroup(USER, options)
+                            linuxConnection.rm('/var/log/php/nextcloud.access.json', options[:dry])
+                            linuxConnection.rm('/var/log/php/nextcloud.errors.log', options[:dry])
+                            linuxConnection.rm('/var/log/php/nextcloud.mail.log', options[:dry])
+                            state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                        end
                     end
-                    activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Nextcloud/autoconfig.php ADDED Viewed

@@ -0,0 +1,13 @@
+<?php
+$AUTOCONFIG = [
+    'directory'     => '/var/lib/nextcloud/data/',
+    'dbtype'        => 'pgsql',
+    'dbname'        => 'nextcloud',
+    'dbuser'        => 'nextcloud',
+    'dbpass'        => '',
+    'dbhost'        => '127.0.0.1',
+    'dbtableprefix' => 'oc_',
+    'adminlogin'    => '',
+    'adminpass'     => '',
+];

data/Plugins/Apps/Nextcloud/config.php CHANGED Viewed

@@ -14,5 +14,14 @@ $CONFIG = [
             'url' => '/wapps',
             'writable' => true,
         ],
-    ]
+    ],
+    'maintenance_window_start' => 2,
+    //'memcache.local' => '\OC\Memcache\APCu',
+    'memcache.distributed' => '\OC\Memcache\Redis',
+    'memcache.locking' => '\OC\Memcache\Redis',
+    'redis' => [
+        'host' => '127.0.0.1',
+        'port' => 6379,
+        'password' => '',
+    ],
 ];

data/Plugins/Apps/Nextcloud/nextcloudcron.service ADDED Viewed

@@ -0,0 +1,8 @@
+[Unit]
+Description=Nextcloud cron.php job
+[Service]
+User=nextcloud
+ExecCondition=php -f $WEBAPPS/nextcloud/occ status -e
+ExecStart=/usr/bin/php -f $WEBAPPS/nextcloud/cron.php
+KillMode=process

data/Plugins/Apps/Nextcloud/nextcloudcron.timer ADDED Viewed

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run Nextcloud cron.php
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=5min
+Unit=nextcloudcron.service
+[Install]
+WantedBy=timers.target

data/Plugins/Apps/Nginx/Connection.rb ADDED Viewed

@@ -0,0 +1,93 @@
+module ConfigLMM
+    module LMM
+        class NginxConnection
+            NGINX_PACKAGE = 'nginx'
+            CONFIG_DIR = '/etc/nginx/'
+            WWW_DIR = '/srv/www/'
+            attr_reader :connection
+            attr_reader :nginxVersion
+            def initialize(connection)
+                @connection = connection
+            end
+            def nginxVersion
+                # Allow to fail when nginx is not installed
+                @nginxVersion ||= connection.exec('nginx -v', true).strip.split('/')[1].to_f
+            end
+            def reload(options)
+                connection.reloadService(:nginx, options)
+            end
+            def writeConfig(dir, name, target, activeState, context, options)
+                outputFolder = options['output']
+                config = prepareConfig(target)
+                config['NginxVersion'] = nginxVersion
+                template = ERB.new(File.read(dir + '/' + name + '.conf.erb'))
+                name = config['ConfigName'] if config['ConfigName']
+                connection.local.renderTemplate(template, config, outputFolder + '/nginx/servers-lmm/' + name.to_s + '.conf', options)
+            end
+            def deployAllConfigs(target, activeState, context, options)
+                outputFolder = options['output'] + '/nginx/servers-lmm'
+                connection.createDirs(options, CONFIG_DIR)
+                connection.uploadFolder(outputFolder, CONFIG_DIR, options)
+                if target['TLS']
+                    connection.firewallAddService('https', options)
+                else
+                    connection.firewallAddService('http', options)
+                end
+                reload(options)
+            end
+            def cleanupConfig(name, context, options)
+                connection.rm('/etc/nginx/servers-lmm/' + name + '.conf', options['dry'])
+            end
+            def provision(dir, configName, target, activeState, context, options)
+                connection.ensurePackage(NGINX_PACKAGE, options)
+                connection.ensureServiceAutoStart(:nginx, options)
+                writeConfig(dir, configName, target, activeState, context, options)
+                connection.startService(:nginx, options)
+                deployAllConfigs(target, activeState, context, options)
+                reload(options)
+            end
+            def provisionProxy(server, name, target, activeState, context, options)
+                target = target.dup
+                target['Proxy'] = server
+                target['Name'] = name if name
+                target['ConfigName'] = target['Name']
+                provision(__dir__, 'proxy', target, activeState, context, options)
+            end
+            private
+            def prepareConfig(target)
+                config = target.dup
+                config['TLS'] = true if config['TLS'].nil?
+                if !config['Port']
+                    config['Port'] = config['TLS'] ? 443 : 80
+                end
+                if config['Domain']
+                    config['Domain'] = Addressable::IDNA.to_ascii(config['Domain'])
+                end
+                if config['Server'] && !config['Server'].start_with?('/') && !config['Server'].include?(':/')
+                    config['Server'] = Addressable::IDNA.to_ascii(config['Server'])
+                end
+                if config['AuthentikDomain']
+                    config['AuthentikDomain'] = Addressable::IDNA.to_ascii(config['AuthentikDomain'])
+                end
+                config
+            end
+        end
+    end
+end

data/Plugins/Apps/Nginx/conf.d/configlmm.conf CHANGED Viewed

@@ -12,24 +12,74 @@ resolver 127.0.0.53;
 # proxy_headers_hash_max_size 512;
 # proxy_headers_hash_bucket_size 128;
+log_format json escape=json '{'
+    '"time":$msec,'
+    '"time_iso8601":"$time_iso8601",'
+    '"remote_addr":"$remote_addr",'
+    '"remote_port":$remote_port,'
+    '"remote_user":"$remote_user",'
+    '"request":"$request",'
+    '"status":$status,'
+    '"method":"$request_method",'
+    '"scheme":"$scheme",'
+    '"host":"$http_host",'
+    '"uri":"$uri",'
+    '"request_uri":"$request_uri",'
+    '"query_string":"$query_string",'
+    '"request_filename":"$request_filename",'
+    '"request_length":$request_length,'
+    '"content_length":"$content_length",'
+    '"content_type":"$content_type",'
+    '"bytes_sent":$bytes_sent,'
+    '"body_bytes_sent":$body_bytes_sent,'
+    '"server_name":"$server_name",'
+    '"server_port":$server_port,'
+    '"server_protocol":"$server_protocol",'
+    '"http_referer":"$http_referer",'
+    '"http_user_agent":"$http_user_agent",'
+    '"http_accept_language":"$http_accept_language",'
+    '"http_x_forwarded_for":"$http_x_forwarded_for",'
+    '"http_x_real_ip":"$http_x_real_ip",'
+    '"request_time":$request_time,'
+    '"upstream_addr":"$upstream_addr",'
+    '"upstream_status":"$upstream_status",'
+    '"upstream_http_etag":"$upstream_http_etag",'
+    '"upstream_http_last_modified":"$upstream_http_last_modified",'
+    '"upstream_connect_time":"$upstream_connect_time",'
+    '"upstream_header_time":"$upstream_header_time",'
+    '"upstream_response_time":"$upstream_response_time",'
+    '"proxy_protocol_addr":"$proxy_protocol_addr",'
+    '"proxy_protocol_port":"$proxy_protocol_port",'
+    '"connection_time":$connection_time,'
+    '"connection_requests":$connection_requests'
+'}';
+access_log /var/log/nginx/access.json json;
 gzip  on;
+gzip_static  on;
 gzip_vary on;
 gzip_proxied any;
 gzip_comp_level 6;
 gzip_min_length 256;
-# do not remove ETag headers
-gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
 gzip_types application/atom+xml text/javascript text/xml application/xml+rss application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 charset utf-8;
 charset_types text/css text/plain text/xml text/javascript text/vnd.wap.wml application/json application/javascript application/xml application/xml+rss application/rss+xm image/svg+xml;
 proxy_intercept_errors on;
 fastcgi_intercept_errors on;
+map '' $ProxyHost {
+    default $host;
+    ~. '';
+}
+map '' $ProxyForwardedHost {
+    default $http_host;
+    ~. '';
+}
 map $http_accept $errorExtension
 {
     default                    html;

data/Plugins/Apps/Nginx/conf.d/languages.conf ADDED Viewed

@@ -0,0 +1,21 @@
+# Here we include only those languages that are supported
+# by https://github.com/ConfigLMM/HttpErrorPages/tree/configlmm/i18n
+map $http_accept_language $userLanguage
+{
+    default      en_US;
+    ~*^es-VE     es_VE;
+    ~*^es        es_VE; # Fallback
+    ~*^fr-FR     fr_FR;
+    ~*^fr        fr_FR;
+    ~*^it-IT     it_IT;
+    ~*^it        it_IT;
+    ~*^lv-LV     lv_LV;
+    ~*^lv        lv_LV;
+    ~*^pl        pl_PL;
+    ~*^pt-BR     pt_BR;
+    ~*^pt        pt_BR;
+    ~*^zh-CN     zh_CN;
+    ~*^zh        zh_CN;
+}

data/Plugins/Apps/Nginx/config-lmm/errors.conf CHANGED Viewed

@@ -1,31 +1,42 @@
 # add one directive for each http status code
-error_page 301 /_errors_/HTTP301.$errorExtension;
-error_page 302 /_errors_/HTTP302.$errorExtension;
-error_page 303 /_errors_/HTTP303.$errorExtension;
-error_page 307 /_errors_/HTTP307.$errorExtension;
-error_page 308 /_errors_/HTTP308.$errorExtension;
-error_page 400 /_errors_/HTTP400.$errorExtension;
-error_page 401 /_errors_/HTTP401.$errorExtension;
-# error_page 402 /_errors_/HTTP402.$errorExtension;
-error_page 403 /_errors_/HTTP403.$errorExtension;
-error_page 404 /_errors_/HTTP404.$errorExtension;
-error_page 405 /_errors_/HTTP405.$errorExtension;
-error_page 500 /_errors_/HTTP500.$errorExtension;
-error_page 501 /_errors_/HTTP501.$errorExtension;
-error_page 502 /_errors_/HTTP502.$errorExtension;
-error_page 503 /_errors_/HTTP503.$errorExtension;
-error_page 504 /_errors_/HTTP504.$errorExtension;
-error_page 520 /_errors_/HTTP520.$errorExtension;
-error_page 521 /_errors_/HTTP521.$errorExtension;
-error_page 533 /_errors_/HTTP533.$errorExtension;
+error_page 301 /_errors_/HTTP301.$userLanguage.$errorExtension;
+# Looks like enabling custom 302 can be problematic
+# due to apps using multiple Set-Cookie headers
+# for example this breaks BookStack
+# so lets not use it by default
+#error_page 302 /_errors_/HTTP302.$userLanguage.$errorExtension;
+error_page 303 /_errors_/HTTP303.$userLanguage.$errorExtension;
+# Some applications (eg. Umami) misuse this status
+# code and don't actually expect redirect...
+#error_page 307 /_errors_/HTTP307.$userLanguage.$errorExtension;
+error_page 308 /_errors_/HTTP308.$userLanguage.$errorExtension;
+error_page 400 /_errors_/HTTP400.$userLanguage.$errorExtension;
+error_page 401 /_errors_/HTTP401.$userLanguage.$errorExtension;
+# error_page 402 /_errors_/HTTP402.$userLanguage.$errorExtension;
+error_page 403 /_errors_/HTTP403.$userLanguage.$errorExtension;
+error_page 404 /_errors_/HTTP404.$userLanguage.$errorExtension;
+error_page 405 /_errors_/HTTP405.$userLanguage.$errorExtension;
+error_page 497 /_errors_/HTTP497.$userLanguage.$errorExtension;
+error_page 500 /_errors_/HTTP500.$userLanguage.$errorExtension;
+error_page 501 /_errors_/HTTP501.$userLanguage.$errorExtension;
+error_page 502 /_errors_/HTTP502.$userLanguage.$errorExtension;
+error_page 503 /_errors_/HTTP503.$userLanguage.$errorExtension;
+error_page 504 /_errors_/HTTP504.$userLanguage.$errorExtension;
+error_page 520 /_errors_/HTTP520.$userLanguage.$errorExtension;
+error_page 521 /_errors_/HTTP521.$userLanguage.$errorExtension;
+error_page 533 /_errors_/HTTP533.$userLanguage.$errorExtension;
 location /_errors_/ {
     include config-lmm/public.conf;
+    add_header Location $upstream_http_location;
+    add_header Set-Cookie $upstream_http_set_cookie;
     alias /srv/www/errors/;
     internal;
 }
-add_header Location $upstream_http_location;
-add_header Set-Cookie $upstream_http_set_cookie;

data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf ADDED Viewed

@@ -0,0 +1,20 @@
+error_page 497 /_errors_/HTTP497.$userLanguage.$errorExtension;
+error_page 502 /_errors_/HTTP502.$userLanguage.$errorExtension;
+error_page 503 /_errors_/HTTP503.$userLanguage.$errorExtension;
+error_page 504 /_errors_/HTTP504.$userLanguage.$errorExtension;
+error_page 520 /_errors_/HTTP520.$userLanguage.$errorExtension;
+error_page 521 /_errors_/HTTP521.$userLanguage.$errorExtension;
+error_page 533 /_errors_/HTTP533.$userLanguage.$errorExtension;
+location /_errors_/ {
+    include config-lmm/public.conf;
+    add_header Location $upstream_http_location;
+    add_header Set-Cookie $upstream_http_set_cookie;
+    alias /srv/www/errors/;
+    internal;
+}

data/Plugins/Apps/Nginx/config-lmm/proxy.conf CHANGED Viewed

@@ -1,15 +1,19 @@
 proxy_http_version 1.1;
-proxy_set_header Host $host;
+proxy_set_header Host $ProxyHost;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Protocol $scheme;
-proxy_set_header X-Forwarded-Host $http_host;
+proxy_set_header X-Forwarded-Host $ProxyForwardedHost;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $connectionUpgrade;
 # proxy_set_header Proxy "";
 proxy_pass_header Server;
+proxy_ssl_protocols TLSv1.2 TLSv1.3;
+proxy_connect_timeout 2s;

data/Plugins/Apps/Nginx/main.conf.erb CHANGED Viewed

@@ -6,7 +6,9 @@ server {
     include config-lmm/errors.conf;
-    deny all;
+    location / {
+        return 308 https://$host$request_uri;
+    }
 }
 server {
@@ -21,11 +23,13 @@ server {
     server_name _;
-    deny all;
     ssl_early_data on;
     include config-lmm/errors.conf;
     include config-lmm/security.conf;
     include config-lmm/ssl.conf;
+    location / {
+        return 403;
+    }
 }

data/Plugins/Apps/Nginx/nginx.conf CHANGED Viewed

@@ -1,7 +1,7 @@
 worker_processes  4;
-error_log    /var/log/nginx/error.log info;
+error_log stderr info;
 events {
     worker_connections  1024;
@@ -18,7 +18,7 @@ http {
     include /etc/nginx/main.conf;
-    # Load modular configuration files from the /etc/nginx/servers directory.
+    # Load modular configuration files from the /etc/nginx/vhosts.d directory.
     # See http://nginx.org/en/docs/ngx_core_module.html#include
     # for more information.
     include vhosts.d/*.conf;