initial commit

.gitignore

@@ -0,0 +1,2 @@
+*~
+.DS_Store

Dockerfile

@@ -0,0 +1,47 @@
+FROM thallian/php7-fpm:latest
+
+RUN apk add --no-cache openssl tar nginx postgresql-client
+RUN apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community/ --allow-untrusted \
+    php7 \
+    php7-ctype \
+    php7-curl \
+    php7-dom \
+    php7-gd \
+    php7-iconv \
+    php7-json \
+    php7-ldap \
+    php7-xml \
+    php7-xmlreader \
+    php7-zlib \
+    php7-zip \
+    php7-pgsql \
+    php7-pdo_pgsql \
+    php7-openssl \
+    php7-ftp \
+    php7-session \
+    php7-mbstring \
+    php7-posix \
+    php7-pcntl \
+    php7-mcrypt \
+    php7-bz2 \
+    php7-exif \
+    php7-imap
+
+RUN apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted \
+    php7-apcu
+
+RUN ln -s /usr/bin/php7 /usr/bin/php
+
+RUN mkdir /var/lib/nextcloud
+RUN wget -qO- https://download.nextcloud.com/server/releases/nextcloud-10.0.0.tar.bz2 | tar xj -C /var/lib/nextcloud --strip 1
+RUN chown -R nginx:nginx /var/lib/nextcloud
+RUN chmod +x /var/lib/nextcloud/occ
+
+RUN mkdir /run/nginx
+
+ADD /rootfs /
+
+ENV FPMUSER nginx
+ENV FPMGROUP nginx
+
+VOLUME /var/lib/nextcloud/data

rootfs/etc/confd/conf.d/config.php.toml

@@ -0,0 +1,6 @@
+[template]
+src = "config.php.tmpl"
+dest = "/var/lib/nextcloud/config/config.php"
+gid = 101
+uid = 100
+mode = "0660"

rootfs/etc/confd/conf.d/nginx.conf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "nginx.conf.tmpl"
+dest = "/etc/nginx/nginx.conf"

rootfs/etc/confd/templates/config.php.tmpl

@@ -0,0 +1,64 @@
+<?php
+
+$CONFIG = array(
+
+'trusted_domains' =>
+  array (
+    '{{getenv "DOMAIN"}}'
+  ),
+"user_backends" => array (
+    0 => array (
+            "class"     => "OC_User_IMAP",
+            "arguments" => array (
+			                  0 => '{{"{"}}{{getenv "IMAPAUTHHOST"}}{{"}"}}'
+                              ),
+    ),
+ ),
+'datadirectory' => '/var/lib/nextcloud/data',
+
+'dbtype' => 'pgsql',
+'dbhost' => '{{getenv "DBHOST"}}',
+'dbname' => '{{getenv "DBNAME"}}',
+'dbuser' => '{{getenv "DBUSER"}}',
+'dbpassword' => '{{getenv "DBPASSWORD"}}',
+'dbtableprefix' => '{{getenv "DBTABLEPREFIX"}}',
+
+'skeletondirectory' => '',
+
+'mail_domain' => '{{getenv "MAILDOMAIN"}}',
+'mail_from_address' => '{{getenv "MAILFROM"}}',
+'mail_smtpdebug' => false,
+'mail_smtpmode' => 'smtp',
+'mail_smtphost' => '{{getenv "MAILSMTPHOST"}}',
+'mail_smtpport' => {{getenv "MAILSMTPPORT"}},
+'mail_smtptimeout' => 10,
+'mail_smtpsecure' => '{{getenv "MAILSMTPSECURITY"}}',
+'mail_smtpauth' => {{getenv "MAILSMTPAUTH"}},
+'mail_smtpauthtype' => '{{getenv "MAILSMTPAUTHTYPE"}}',
+'mail_smtpname' => '{{getenv "MAILSMTPNAME"}}',
+'mail_smtppassword' => '{{getenv "MAILSMTPPASSWORD"}}',
+
+'overwritehost' => '{{getenv "DOMAIN"}}',
+'overwriteprotocol' => 'https',
+'overwritewebroot' => '',
+'overwrite.cli.url' => 'https://{{getenv "DOMAIN"}}',
+
+'apps_paths' => array(
+	array(
+		'path'=> '/var/lib/nextcloud/apps',
+		'url' => '/apps',
+		'writable' => true,
+	),
+),
+
+'supportedDatabases' => array(
+	'pgsql',
+),
+
+'memcache.local' => '\OC\Memcache\APCu',
+
+'assetdirectory' => '/var/lib/nextcloud',
+'mount_file' => '/var/lib/nextcloud/data/mount.json',
+'installed' => true,
+'version' => '9.0.52.0',
+);

rootfs/etc/confd/templates/nginx.conf.tmpl

@@ -0,0 +1,106 @@
+worker_processes  1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    sendfile off;
+
+    keepalive_timeout 65;
+
+    gzip off;
+
+    upstream php {
+        server 127.0.0.1:9000;
+    }
+
+    server {
+        listen 80;
+
+        server_name {{getenv "DOMAIN"}};
+
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+
+        root /var/lib/nextcloud/;
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /.well-known/carddav { 
+            return 301 $scheme://$host/remote.php/dav; 
+        }
+        
+        location = /.well-known/caldav { 
+            return 301 $scheme://$host/remote.php/dav; 
+        }
+
+        location /.well-known/acme-challenge { }
+
+        client_max_body_size {{getenv "MAXUPLOADSIZE"}};
+        fastcgi_buffers 64 4K;
+
+        error_page 403 /core/templates/403.php;
+        error_page 404 /core/templates/404.php;
+
+        location / {
+            rewrite ^ /index.php$uri;
+        }
+
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+            deny all;
+        }
+
+        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+            deny all;
+        }
+
+        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+            include fastcgi_params;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param HTTPS on;
+            #Avoid sending the security headers twice
+            fastcgi_param modHeadersAvailable true;
+            fastcgi_param front_controller_active true;
+            fastcgi_pass php;
+            fastcgi_intercept_errors on;
+            fastcgi_request_buffering off;
+        }
+
+        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+            try_files $uri/ =404;
+            index index.php;
+        }
+
+        location ~* \.(?:css|js)$ {
+            try_files $uri /index.php$uri$is_args$args;
+            add_header Cache-Control "public, max-age=7200";
+            add_header X-Content-Type-Options nosniff;
+            add_header X-Frame-Options "SAMEORIGIN";
+            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Robots-Tag none;
+            add_header X-Download-Options noopen;
+            add_header X-Permitted-Cross-Domain-Policies none;
+            # Optional: Don't log access to assets
+            access_log off;
+        }
+
+        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
+            try_files $uri /index.php$uri$is_args$args;
+            access_log off;
+        }
+    }
+}

rootfs/etc/cont-init.d/00-nextcloud

@@ -0,0 +1,48 @@
+#!/usr/bin/with-contenv sh
+set -ex
+
+chmod +x /var/lib/nextcloud/occ # for some reason it doesn't work when done from the Dockerfile
+
+if [ ! -f /var/lib/nextcloud/data/.ocdata ]; then
+    touch /var/lib/nextcloud/data/.ocdata
+fi
+
+PGPASSWORD=$DBPASSWORD psql -h $DBHOST -U $DBUSER -d $DBNAME -c "SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = '${DBTABLEPREFIX}appconfig')" | grep f
+
+if [ $? -ne 1 ]; then
+    cd /var/lib/nextcloud
+
+    s6-setuidgid nginx ./occ maintenance:install \
+        --database=pgsql \
+        --database-host=$DBHOST \
+        --database-name=$DBNAME \
+        --database-user=$DBUSER \
+        --database-pass=$DBPASSWORD \
+        --database-table-prefix=$DBTABLEPREFIX \
+        --admin-user=$ADMINUSER \
+        --admin-pass=$ADMINPASSWORD \
+        --no-interaction
+
+    s6-setuidgid nginx ./occ config:app:set --value cron core backgroundjobs_mode
+    s6-setuidgid nginx ./occ app:enable user_ldap
+
+    s6-setuidgid nginx ./occ ldap:create-empty-config
+
+    s6-setuidgid nginx ./occ ldap:set-config '' hasMemberOfFilterSupport "1"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapHost "$LDAPHOST"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapPort "$LDAPPORT"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapTLS "$LDAPTLS"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapAgentName "$LDAPBINDUSER"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapAgentPassword "$LDAPBINDPASSWORD"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapLoginFilter "$LDAPLOGINFILTER"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapUserDisplayName "$LDAPUSERDISPLAYNAME"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapUserFilter "$LDAPUSERFILTER"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapBase "$LDAPBASEDN"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapBaseUsers "$LDAPBASEUSERDN"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapEmailAttribute "$LDAPEMAILATTRIBUTE"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapBaseGroups "$LDAPBASEGROUPDN"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapGroupFilter "$LDAPGROUPFILTER"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapExpertUsernameAttr "$LDAPUSERNAMEATTRIBUTE"
+    s6-setuidgid nginx ./occ ldap:set-config '' turnOffCertCheck "$LDAPTURNOFFCERTCHECK"
+    s6-setuidgid nginx ./occ ldap:set-config '' ldapConfigurationActive "1"
+fi

rootfs/etc/fix-attrs.d/01-nextcloud-data-dir

@@ -0,0 +1 @@
+/var/lib/nextcloud/ true nginx 0640 0750

rootfs/etc/services.d/crond/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+exec crond -f

rootfs/etc/services.d/nginx/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+exec nginx -g "daemon off;"

rootfs/var/spool/cron/crontabs/nginx

@@ -0,0 +1 @@
+*/15  *  *  *  * php -f /var/lib/nextcloud/cron.php