Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- # -*- coding: utf-8 -*-
- # shellcheck disable=SC1083
- # Dependencies
- zypper in -y podman systemd-container
- # NAMES
- USER_NAME="cloud"
- if ! id -u "${USER_NAME}" &>/dev/null; then
- useradd -Uc "${USER_NAME} Daemon" -m "${USER_NAME}"
- loginctl enable-linger "${USER_NAME}"
- fi
- machinectl shell "${USER_NAME}"@
- ## Container Setup Database
- # shellcheck disable=SC2016
- cp -R /usr/share/containers "${HOME}"/.config/
- sed -i '0,/"journald"/s,,"k8s-file",' "${HOME}"/.config/containers/containers.conf
- # ================= #
- # ===Environment=== #
- # ================= #
- POD_NAME="podCloud"
- DB_NAME="pg-cloud"
- CLOUDDB_USER=uCloud
- CLOUDDB_NAME=nCloud
- REDIS_NAME="redis"
- CLOUD_NAME="cloud"
- CADDY_CONT="caddy"
- DOMAIN="example.lan"
- VOL="/opt/cloud"
- NET="nextcloud"
- # Use this to reset the installation will remove everything
- podman rm -af --volumes && podman secret rm -a && podman volume prune -f && podman unshare rm -rf "${HOME}".enc/ /opt/cloud/* && podman network rm ${NET}
- # =================== #
- # ===Miscellaneous=== #
- # =================== #
- # Secret Setup
- mkdir -m 700 "${HOME}"/.enc
- openssl rand -base64 32 | tr -d '\n' >"${HOME}"/.enc/"${DB_NAME}" && podman secret create "${DB_NAME}" "${HOME}"/.enc/"${DB_NAME}"
- openssl rand -base64 32 | tr -d '\n' >"${HOME}"/.enc/"${CLOUDDB_USER}" && podman secret create "${CLOUDDB_USER}" "${HOME}"/.enc/"${CLOUDDB_USER}"
- openssl rand -base64 128 | tr -d '\n' >"${HOME}"/.enc/"${REDIS_NAME}" && podman secret create "${REDIS_NAME}" "${HOME}"/.enc/"${REDIS_NAME}"
- PG_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${DB_NAME}")
- CLOUDDB_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${CLOUDDB_USER}")
- REDIS_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${REDIS_NAME}")
- # ============= #
- # ===Volumes=== #
- # ============= #
- # Cloud Management
- folders=(
- "html"
- "config"
- "data"
- )
- paths="${VOL}/cloud"
- for d in "${folders[@]}"; do
- if [ ! -d "${paths}/${d}" ]; then
- mkdir -p "${paths}/${d}"
- fi
- podman volume create \
- -o type=none \
- -o device="${paths}/${d}" \
- -o o=bind \
- "${d}"
- done
- # DB Management
- folders=(
- "pgdata"
- )
- paths="${VOL}/pgdb"
- for d in "${folders[@]}"; do
- if [ ! -d "${paths}/${d}" ]; then
- mkdir -p "${paths}/${d}"
- fi
- podman volume create \
- -o type=none \
- -o device="${paths}/${d}" \
- -o o=bind \
- "${d}"
- done
- # Caddy Management
- folders=(
- "caddy_data"
- "caddy_config"
- "caddy_etc"
- "caddy_log"
- )
- paths="${VOL}/caddy"
- for d in "${folders[@]}"; do
- if [ ! -d "${paths}/${d}" ]; then
- mkdir -p "${paths}/${d}"
- fi
- if ! podman volume inspect "${d}" &>/dev/null; then
- podman volume create \
- -o type=none \
- -o device="${paths}/${d}" \
- -o o=bind \
- "${d}"
- fi
- done
- # ============= #
- # ===Network=== #
- # ============= #
- podman network create "${NET}" --subnet 10.0.2.0/24 --gateway 10.0.2.1
- # =============== #
- # ===POD_Cloud=== #
- # =============== #
- podman pod create \
- --replace \
- --restart unless-stopped \
- --network "${NET}" \
- -n "${POD_NAME}" \
- -p 80:80 \
- -v pgdata:/data/postgresql \
- -v html:/var/www/html \
- -v config:/var/www/html/config \
- -v data:/opt/data \
- -v caddy_data:/data \
- -v caddy_config:/config \
- -v caddy_etc:/etc/caddy \
- -v caddy_log:/var/log/caddy
- # ========================= #
- # ===Database_PostgreSQL=== #
- # ========================= #
- podman run -d \
- --pod podCloud \
- --replace \
- --pull=newer \
- --label "io.containers.autoupdate=registry" \
- --restart unless-stopped \
- --name "${DB_NAME}" \
- --secret "${PG_SECRET}" \
- -e PGDATA=/data/postgresql \
- -e POSTGRES_PASSWORD_FILE=/run/secrets/"$(podman secret inspect --format {{.Spec.Name}} "${PG_SECRET}" | grep -vE "^$")" \
- docker.io/postgres:latest
- # ================= #
- # ===Redis Cache=== #
- # ================= #
- podman run -d \
- --pod podCloud \
- --replace \
- --pull=newer \
- --label "io.containers.autoupdate=registry" \
- --restart unless-stopped \
- --name "${REDIS_NAME}" \
- docker.io/redis:alpine redis-server --requirepass "$(podman secret inspect --format {{.SecretData}} --showsecret "${REDIS_SECRET}" | grep -vE "^$")"
- # =============== #
- # ===NextCloud=== #
- # =============== #
- podman run -d \
- --pod podCloud \
- --replace \
- --pull newer \
- --label "io.containers.autoupdate=registry" \
- --restart unless-stopped \
- --name "${CLOUD_NAME}" \
- --secret "${PG_SECRET}" \
- -e POSTGRES_DB=${CLOUDDB_NAME} \
- -e POSTGRES_USER=${CLOUDDB_USER} \
- -e POSTGRES_PASSWORD_FILE=/run/secrets/"$(podman secret inspect --format {{.Spec.Name}} "${PG_SECRET}" | grep -vE "^$")" \
- -e POSTGRES_HOST=localhost \
- -e REDIS_HOST=localhost \
- -e REDIS_HOST_PASSWORD="$(podman secret inspect --format {{.SecretData}} --showsecret "${REDIS_SECRET}" | grep -vE "^$")" \
- -e NEXTCLOUD_DATA_DIR=/opt/data \
- -e NEXTCLOUD_INIT_HTACCESS=true \
- -e NEXTCLOUD_TRUSTED_DOMAINS="cloud.${DOMAIN}, 192.168.1.20, 100.97.21.88" \
- -e OVERWRITEHOST=cloud.${DOMAIN} \
- -e PHP_MEMORY_LIMIT=1024M \
- docker.io/nextcloud:fpm-alpine
- # ================ #
- # ===Rev. Proxy=== #
- # ================ #
- podman run -d \
- --pod podCloud \
- --replace \
- --pull=newer \
- --restart unless-stopped \
- --label "io.containers.autoupdate=registry" \
- --cap-add=NET_ADMIN \
- --name "${CADDY_CONT}" \
- docker.io/caddy:latest
- # ============================= #
- # ===Post-Container Creation=== #
- # ============================= #
- # ===CloudDB_USER User and DB=== #
- podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE USER ${CLOUDDB_USER} WITH PASSWORD '$(podman secret inspect --format {{.SecretData}} --showsecret "${CLOUDDB_SECRET}" | grep -vE "^$")';" &&
- podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE DATABASE ${CLOUDDB_NAME} OWNER ${CLOUDDB_USER};" &&
- podman exec -it -u postgres "${DB_NAME}" psql -c "GRANT ALL PRIVILEGES ON DATABASE ${CLOUDDB_NAME} TO ${CLOUDDB_USER};"
- # ===Caddyfile Setup=== #
- cat >"${paths}/${folders[2]}"/Caddyfile <<EOF
- {
- auto_https off
- debug
- admin off
- log {
- format json
- level DEBUG
- }
- servers {
- protocols h1 h2
- }
- }
- :80 {
- root * /var/www/html
- file_server
- encode gzip zstd
- php_fastcgi cloud:9000
- redir /.well-known/carddav /remote.php/dav 301
- redir /.well-known/caldav /remote.php/dav 301
- # .htaccess / data / config / ... shouldn't be accessible from outside
- @forbidden {
- path /.htaccess
- path /data/*
- path /config/*
- path /db_structure
- path /.xml
- path /README
- path /3rdparty/*
- path /lib/*
- path /templates/*
- path /occ
- path /console.php
- }
- respond @forbidden 404
- }
- EOF
- podman restart "${CADDY_CONT}"
- # ===NextCloud Setup=== #
- podman unshare chown -vR 82:82 /opt/cloud/cloud/data
- podman exec -it -u 82 "${CLOUD_NAME}" /var/www/html/occ db:add-missing-indices
Add Comment
Please, Sign In to add comment