Merge branch 'master' of ssh://yuno.oiseauroch.fr:6969/tobias/infra-oasis21

README.md

@@ -12,3 +12,69 @@ Au premier lancement, assurez-vous que :
 - Changez ses permissions à `600`
 
 C'est dans ce fichier que seront conservés tous les certificats générés par Traefik.
+
+### Migration des données
+
+1. Mettre nextcloud en mode maintenance : 
+```
+sudo -u www-data php occ maintenance:mode --on
+```
+2. Faire un dump de la bdd
+```
+sudo -u postgres pg_dump -Fc  nc > nc.dump
+```
+3. Sauver les données du dossier nextcloud
+```
+mkdir /var/lib/backuppc/migration
+tar caf /var/lib/backuppc/migration/nextcloud.tar.xz /srv/nextcloud/
+```
+4. Sauver le fichier de configuration de nextcloud
+```
+# par précaution, ne devrait pas être utile
+cp /var/www/nextcloud/public_html/config/config.php /var/lib/backuppc/migration
+```
+
+…
+installation de proxmox, vm, docker.
+…
+
+### Installation des services
+
+1. Cloner le repo de l'infra
+``` 
+git clone https://yuno.oiseauroch.fr/gitea/tobias/infra-oasis21.git
+```
+2. Create `config.php` from the file in vaultwarden
+3. Move `secrets/librezo.secrets.example` to `secrets/librezo.secrets` 
+4.Replace **nextcloud** and **collabora** password from vaultwarden
+```
+sed -i 's/__POSTGRES_PASSWORD__/nextcloudstrongpassword/g' config.php secrets/librezo.secrets
+sed -i 's/__COLLABORA_PASSWORD__/collaborastrongpassword/g' config.php secrets/librezo.secrets
+```
+
+4. Start traefik
+```
+cd traefik
+docker-compose up -d
+```
+5.  Create docker containers and volume
+```
+docker-compose up --no-start
+```
+6. Import database
+``` 
+docker cp nc.dump nextcloud-db:/nc.dmp
+docker-compose up -d nextcloud-db
+docker-compose exec nextcloud-db sh -c "pg_restore -d nc -U nc nc.dmp"
+docker-compose exec nextcloud-db rm /nc.dmp
+```
+7. Copy files 
+```
+docker cp /your/files nextcloud-app:/var/www/html/
+docker-compose up -d nextcloud-app 
+docker-compose exec nextcloud-app chown -R www-data:www-data /var/www/html/data
+```
+8. change `config.php` rights
+```
+docker-compose exec nextcloud-app chown -R www-data:www-data /var/www/html/config
+```

nextcloud/.gitignore

@@ -1,2 +1,3 @@
 *.secrets
 .env
+config.php

nextcloud/config.php

@@ -1,62 +0,0 @@
-<?php
-$CONFIG = array (
-  'instanceid' => 'oc00cptraqej',
-  'passwordsalt' => 'QDWCIlUPIxBCPkOPapq39bHhFtrADT',
-  'secret' => 'xfKWpSH0/UV4PYUClkDRyaeiYc2SugcEe0/mZVB7/6lElAQE',
-  'trusted_domains' => 
-  array (
-    0 => 'cloud.oasis21.org',
-  ),
-  'apps_paths' =>
-  array (
-    0 =>
-    array (
-       'path' => '/var/www/html/apps',
-       'url' => '/apps',
-       'writable' => false,
-   	),
-    1 =>
-    array (
-       'path' => '/var/www/html/custom_apps',
-       'url' => '/custom_apps',
-       'writable' => true,
-   	),
-    ),
-  'datadirectory' => '/var/www/html/data',
-  'dbtype' => 'pgsql',
-  'version' => '23.0.0.10',
-  'overwrite.cli.url' => 'https://cloud.oasis21.org',
-  'dbname' => 'nc',
-  'dbhost' => 'nextcloud-db',
-  'dbport' => '',
-  'dbtableprefix' => 'oc_',
-  'dbuser' => 'nc',
-  'dbpassword' => 'tavnuenRo',
-  'installed' => true,
-  'logfile' => '/var/log/nextcloud/nextcloud.log',
-  'log_type' => 'file',
-  'htaccess.RewriteBase' => '/',
-  'skeletondirectory' => '',
-  'memcache.local' => '\\OC\\Memcache\\APCu',
-  'memcache.locking' => '\\OC\\Memcache\\Redis',
-  'memcache.distributed' => '\\OC\\Memcache\\Redis',
-  'redis' => 
-  array (
-    'host' => '/redis',
-    'password' => '',
-    'port' => 6379,
-  ),
-  'default_phone_region' => 'FR',
-  'defaultapp' => 'files',
-  'encryption.legacy_format_support' => false,
-  'simpleSignUpLink.shown' => false,
-  'updater.release.channel' => 'stable',
-  'mail_domain' => 'oasis21.org',
-  'mail_from_address' => 'nextcloud',
-  'mail_smtpmode' => 'smtp',
-  'loglevel' => 0,
-  'integrity.check.disabled' => false,
-  'ldapUserCleanupInterval' => '10',
-  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
-  'maintenance' => false,
-);

nextcloud/docker-compose.yml

@@ -49,8 +49,8 @@ services:
     image: 'bitnami/redis:latest'
     container_name: redis
     environment:
-      - ALLOW_EMPTY_PASSWORD=yes
       - "TZ=Europe/Paris"
+    env_file: ./secrets/librezo.secrets
     networks:
       - nextcloud
 

nextcloud/loolwsd.xml

@@ -157,7 +157,7 @@
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
         <username desc="The username of the admin console. Ignored if PAM is enabled.">nextcloud</username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">o!NdFB7fpQAbXG</password>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">__COLLABORA__PASSWORD__</password>
     </admin_console>
 
     <monitors desc="Addresses of servers we connect to on start for monitoring">

nextcloud/secrets/librezo.secrets.example

@@ -1,6 +1,8 @@
-POSTGRES_PASSWORD=MOT_DE_PASSE_POSTGRES
+POSTGRES_PASSWORD=__POSTGRES_PASSWORD__
 POSTGRES_DB=nc
 POSTGRES_USER=nc
 POSTGRES_HOST=nextcloud-db
 username=nextcloud
-password=MOT_DE_PASSE_COLLABORA
+password=__COLLABORA_PASSWORD__
+REDIS_PASSWORD=__REDIS_PASSWORD__
+REDIS_HOST_PASSWORD=$REDIS_PASSWORD