Improved Nextcloud systemD services to avoid failures. Added middleware for carddav/caldav

2026-02-28 22:41:11 +01:00
parent 41f8298078
commit ea86da660d
1 changed files with 55 additions and 26 deletions
@@ -40,7 +40,7 @@ helper.mkPodmanService {
    "100999:100 ${cfg.configDir}/onlyoffice/database"
    "100032:100 ${cfg.dataDir}"
  ];
-  middlewares = [ "secureHeaders" ];
+  middlewares = [ "secureHeaders" "nextcloud-dav" ];
 # Compose file good
  composeText = ''
@@ -73,6 +73,7 @@ helper.mkPodmanService {
          MAIL_FROM_ADDRESS: nextcloud-noreply
          MAIL_DOMAIN: ${config.numbus.services.domain}
          APACHE_DISABLE_REWRITE_IP: 1
          OVERWRITEPROTOCOL: https
          TRUSTED_PROXIES: ${config.numbus.networking.ipAddress}
          NC_default_phone_region: "${config.numbus.language}"
          NC_default_language: "${config.numbus.language}"
@@ -202,6 +203,15 @@ helper.mkPodmanService {
                - url: "http://host.containers.internal:3002"
    '';
    environment.etc."traefik/rules/nextcloud-dav.yaml".text = ''
      http:
        middlewares:
          nextcloud-dav:
            replacePathRegex:
              regex: "^/.well-known/ca(l|rd)dav"
              replacement: "/remote.php/dav/"
    '';
    systemd.services."${name}-quirk" = {
      description = "Podman container quirk : ${name}";
      wantedBy = [ "multi-user.target" ];
@@ -209,42 +219,60 @@ helper.mkPodmanService {
      onFailure = [ "service-failure-notify@%n.service" ];
      startLimitBurst = 5;
      startLimitIntervalSec = 600;
-      path = [ pkgs.coreutils pkgs.sudo pkgs.podman ];
+      path = [ pkgs.coreutils pkgs.sudo pkgs.podman pkgs.systemd ];
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
      };
      script = ''
        mkdir -p /var/lib/numbus-server/${name}
        [[ -e /var/lib/numbus-server/${name}/quirk.true ]] && exit 0
        [[ ! -e /var/lib/numbus-server/${name}/.env ]] && systemctl start ${name}-secrets.service
        until [[ -e /var/lib/numbus-server/${name}/.env ]]; do
          echo "Waiting for secrets generation..."
-          sleep 15
+          sleep 5
        done
        source /var/lib/numbus-server/${name}/.env
        until sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ status >/dev/null 2>&1; do
          echo "Waiting for Nextcloud to be up and running..."
          sleep 10
        done
        source /var/lib/numbus-server/${name}/.env
        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ background:cron
        sudo -u numbus-admin podman exec --user www-data nextcloud-server php -f /var/www/html/cron.php
        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ db:add-missing-indices
        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ maintenance:repair --include-expensive
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:scan --all
+
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:repair-tree
+        INSTALL_APPS_LIST=( "calendar" "contacts" "mail" "note" "onlyoffice" "cookbook" "whiteboard" )
-        for app in calendar contacts mail note onlyoffice cookbook whiteboard; do
+        REMOVE_APPS_LIST=( "activity" "app_api" "federatedfilesharing" "federation" "webhook_listeners" "photos" "recommendations" "sharebymail" "teams" "support" "richdocumentscode" )
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:install $app
+        CURRENT_APPS_SIGNATURE="$(echo "''${INSTALL_APPS_LIST[@]}" "''${REMOVE_APPS_LIST[@]}")"
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:enable $app
+        APPS_SIGNATURE_FILE="/var/lib/numbus-server/${name}/installed_apps.signature"
-        done
+
-        for app in activity app_api federatedfilesharing federation webhook_listeners photos recommendations sharebymail teams support richdocumentscode; do
+        if [[ ! -f "$APPS_SIGNATURE_FILE" ]] || [[ "$(cat "$APPS_SIGNATURE_FILE")" != "$CURRENT_APPS_SIGNATURE" ]]; then
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:disable $app
+          for app in ''${INSTALL_APPS_LIST[@]}; do
-          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:remove $app
+            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:install "$app"
-        done
+            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:enable "$app"
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerInternalUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
+          done
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
+          for app in ''${REMOVE_APPS_LIST[@]}; do
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_PASSWORD"
+            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:disable "$app"
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard collabBackendUrl --value="https://whiteboard.${config.numbus.services.domain}"
+            sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ app:remove "$app"
-        sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_PASSWORD"
+          done
-        touch /var/lib/numbus-server/${name}/quirk.true
+          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerInternalUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice DocumentServerUrl --value="https://onlyoffice.${config.numbus.services.domain}/"
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_PASSWORD"
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard collabBackendUrl --value="https://whiteboard.${config.numbus.services.domain}"
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_PASSWORD"
          echo "$CURRENT_APPS_SIGNATURE" > "$APPS_SIGNATURE_FILE"
        fi
        if [[ ! -f /var/lib/numbus-server/${name}/croned.true ]]; then
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ background:cron
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php -f /var/www/html/cron.php
          touch /var/lib/numbus-server/${name}/croned.true
        fi
        if [[ ! -f /var/lib/numbus-server/${name}/scanned.true ]]; then
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:scan --all
          sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ files:repair-tree
          touch /var/lib/numbus-server/${name}/scanned.true
        fi
      '';
    };
@@ -255,6 +283,7 @@ helper.mkPodmanService {
      path = [ pkgs.sudo pkgs.podman ];
      serviceConfig = {
        Type = "oneshot";
        ExecCondition = ''${pkgs.sudo}/bin/sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ status'';
        ExecStart = "${pkgs.sudo}/bin/sudo -u numbus-admin podman exec --user www-data nextcloud-server php -f /var/www/html/cron.php";
      };
    };