diff --git a/install/opencloud-install copy.sh b/install/opencloud-install copy.sh new file mode 100644 index 000000000..7d4c9a060 --- /dev/null +++ b/install/opencloud-install copy.sh @@ -0,0 +1,210 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: vhsdream +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://opencloud.eu + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host +if [[ "$oc_host" ]]; then + OC_HOST="$oc_host" +fi +read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host +if [[ "$collabora_host" ]]; then + COLLABORA_HOST="$collabora_host" +fi +read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host +if [[ "$wopi_host" ]]; then + WOPI_HOST="$wopi_host" +fi + +# Collabora online - this is broken because it adds the Component and apt doesn't like that +# setup_deb822_repo \ +# "collaboraonline" \ +# "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \ +# "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \ +# "./" \ +# "main" + +msg_info "Installing Collabora Online" +curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg +cat </etc/apt/sources.list.d/colloboraonline.sources +Types: deb +URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb +Suites: ./ +Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg +EOF +$STD apt-get update +$STD apt-get install -y coolwsd code-brand +systemctl stop coolwsd +mkdir -p /etc/systemd/system/coolwsd.service.d +cat </etc/systemd/system/coolwsd.service.d/override.conf +[Unit] +Before=opencloud-wopi.service +EOF +systemctl daemon-reload +COOLPASS="$(openssl rand -base64 36)" +$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS" +echo "$COOLPASS" >~/.coolpass +msg_ok "Installed Collabora Online" + +# OpenCloud +fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64" + +msg_info "Configuring OpenCloud" +DATA_DIR="/var/lib/opencloud/" +CONFIG_DIR="/etc/opencloud" +ENV_FILE="${CONFIG_DIR}/opencloud.env" +mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps + +curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml +curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak + +cat <"$ENV_FILE" +OC_URL=https://${OC_HOST} +OC_INSECURE=false +IDM_CREATE_DEMO_USERS=false +OC_LOG_LEVEL=warning +OC_CONFIG_DIR=${CONFIG_DIR} +OC_BASE_DATA_PATH=${DATA_DIR} +STORAGE_SYSTEM_OC_ROOT=${DATA_DIR}/storage/metadata + +## Web +WEB_ASSET_CORE_PATH=${CONFIG_DIR}/web/assets +WEB_ASSET_APPS_PATH=${CONFIG_DIR}/web/assets/apps +WEB_UI_CONFIG_FILE=${CONFIG_DIR}/web/config.json +# WEB_ASSET_THEMES_PATH=${CONFIG_DIR}/web/assets/themes +# WEB_UI_THEME_PATH= + +## Frontend +FRONTEND_DISABLE_RADICALE=true +FRONTEND_GROUPWARE_ENABLED=false +GRAPH_INCLUDE_OCM_SHAREES=true + +## Proxy +PROXY_TLS=false +PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml + +## Collaboration - requires VALID TLS +COLLABORA_DOMAIN=${COLLABORA_HOST} +COLLABORATION_APP_NAME="CollaboraOnline" +COLLABORATION_APP_PRODUCT="Collabora" +COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} +COLLABORATION_APP_INSECURE=false +COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +COLLABORATION_WOPI_SRC=https://${WOPI_HOST} +COLLABORATION_JWT_SECRET= + +## Notifications - Email settings +# NOTIFICATIONS_SMTP_HOST= +# NOTIFICATIONS_SMTP_PORT= +# NOTIFICATIONS_SMTP_SENDER= +# NOTIFICATIONS_SMTP_USERNAME= +# NOTIFICATIONS_SMTP_PASSWORD= +# NOTIFICATIONS_SMTP_AUTHENTICATION=login +## Encryption method. Possible values are 'starttls', 'ssltls' and 'none' +# NOTIFICATIONS_SMTP_ENCRYPTION=starttls +## Allow insecure connections. Defaults to false. +# NOTIFICATIONS_SMTP_INSECURE=false + +## Start additional services at runtime +## Examples: notifications, antivirus etc. +## Do not uncomment unless configured above. +# OC_ADD_RUN_SERVICES="notifications" + +## OpenID - via web browser +## uncomment for OpenID in general +# OC_EXCLUDE_RUN_SERVICES=idp +# OC_OIDC_ISSUER= +# IDP_DOMAIN= +# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none +# PROXY_OIDC_REWRITE_WELLKNOWN=true +# PROXY_USER_OIDC_CLAIM=preferred_username +# PROXY_USER_CS3_CLAIM=username +## automatically create accounts +# PROXY_AUTOPROVISION_ACCOUNTS=true +# WEB_OIDC_SCOPE=openid profile email groups +# GRAPH_ASSIGN_DEFAULT_USER_ROLE=false +# +## uncomment below if using PocketID +# WEB_OIDC_CLIENT_ID= +# WEB_OIDC_METADATA_URL=/.well-known/openid-configuration + +## Full Text Search - Apache Tika +## Requires a separate install of Tika - see https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika +# SEARCH_EXTRACTOR_TYPE=tika +# FRONTEND_FULL_TEXT_SEARCH_ENABLED=true +# SEARCH_EXTRACTOR_TIKA_TIKA_URL= + +## External storage test - Only NFS v4.2+ is supported +## User files +# STORAGE_USERS_POSIX_ROOT= +EOF + +cat </etc/systemd/system/opencloud.service +[Unit] +Description=OpenCloud server +After=network-online.target + +[Service] +Type=simple +User=opencloud +Group=opencloud +EnvironmentFile=${ENV_FILE} +ExecStart=/usr/bin/opencloud server +Restart=always + +[Install] +WantedBy=multi-user.target +EOF + +cat </etc/systemd/system/opencloud-wopi.service +[Unit] +Description=OpenCloud WOPI Server +Wants=coolwsd.service +After=opencloud.service coolwsd.service + +[Service] +Type=simple +User=opencloud +Group=opencloud +EnvironmentFile=${ENV_FILE} +ExecStartPre=/bin/sleep 10 +ExecStart=/usr/bin/opencloud collaboration server +Restart=always +KillSignal=SIGKILL +KillMode=mixed +TimeoutStopSec=10 + +[Install] +WantedBy=multi-user.target +EOF + +$STD sudo -u cool coolconfig set ssl.enable false +$STD sudo -u cool coolconfig set ssl.termination true +$STD sudo -u cool coolconfig set ssl.ssl_verification true +sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml +useradd -r -M -s /usr/sbin/nologin opencloud +chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR" +sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no +OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')" +sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" +msg_ok "Configured OpenCloud" + +msg_info "Starting services" +systemctl enable -q --now coolwsd opencloud +sleep 5 +systemctl enable -q --now opencloud-wopi +msg_ok "Started services" + +motd_ssh +customize +cleanup_lxc diff --git a/install/opencloud-install.sh b/install/opencloud-install.sh index 7d4c9a060..943578598 100644 --- a/install/opencloud-install.sh +++ b/install/opencloud-install.sh @@ -13,48 +13,48 @@ setting_up_container network_check update_os +echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}" read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host -if [[ "$oc_host" ]]; then + +if [[ -z "$oc_host" ]]; then + # Localhost/IP mode - no TLS, no Collabora + OC_HOST="${LOCAL_IP}" + LOCALHOST_MODE=true + msg_info "Using localhost mode with IP: ${LOCAL_IP}" + msg_warn "Collabora requires TLS and will be skipped in localhost mode" +else OC_HOST="$oc_host" -fi -read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host -if [[ "$collabora_host" ]]; then - COLLABORA_HOST="$collabora_host" -fi -read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host -if [[ "$wopi_host" ]]; then - WOPI_HOST="$wopi_host" + LOCALHOST_MODE=false + read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host + COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}" + read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host + WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}" fi -# Collabora online - this is broken because it adds the Component and apt doesn't like that -# setup_deb822_repo \ -# "collaboraonline" \ -# "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \ -# "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \ -# "./" \ -# "main" - -msg_info "Installing Collabora Online" -curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg -cat </etc/apt/sources.list.d/colloboraonline.sources +# Collabora Online - only install if not in localhost mode (requires TLS) +if [[ "$LOCALHOST_MODE" != true ]]; then + msg_info "Installing Collabora Online" + curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg + cat </etc/apt/sources.list.d/collaboraonline.sources Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb Suites: ./ Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg EOF -$STD apt-get update -$STD apt-get install -y coolwsd code-brand -systemctl stop coolwsd -mkdir -p /etc/systemd/system/coolwsd.service.d -cat </etc/systemd/system/coolwsd.service.d/override.conf + $STD apt-get update + $STD apt-get install -y coolwsd code-brand + systemctl stop coolwsd + mkdir -p /etc/systemd/system/coolwsd.service.d + cat </etc/systemd/system/coolwsd.service.d/override.conf [Unit] Before=opencloud-wopi.service EOF -systemctl daemon-reload -COOLPASS="$(openssl rand -base64 36)" -$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS" -echo "$COOLPASS" >~/.coolpass -msg_ok "Installed Collabora Online" + systemctl daemon-reload + COOLPASS="$(openssl rand -base64 36)" + $STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS" + echo "$COOLPASS" >~/.coolpass + msg_ok "Installed Collabora Online" +fi # OpenCloud fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64" @@ -68,9 +68,17 @@ mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak +if [[ "$LOCALHOST_MODE" == true ]]; then + OC_URL="http://${OC_HOST}:9200" + OC_INSECURE="true" +else + OC_URL="https://${OC_HOST}" + OC_INSECURE="false" +fi + cat <"$ENV_FILE" -OC_URL=https://${OC_HOST} -OC_INSECURE=false +OC_URL=${OC_URL} +OC_INSECURE=${OC_INSECURE} IDM_CREATE_DEMO_USERS=false OC_LOG_LEVEL=warning OC_CONFIG_DIR=${CONFIG_DIR} @@ -93,15 +101,15 @@ GRAPH_INCLUDE_OCM_SHAREES=true PROXY_TLS=false PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml -## Collaboration - requires VALID TLS -COLLABORA_DOMAIN=${COLLABORA_HOST} -COLLABORATION_APP_NAME="CollaboraOnline" -COLLABORATION_APP_PRODUCT="Collabora" -COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} -COLLABORATION_APP_INSECURE=false -COLLABORATION_HTTP_ADDR=0.0.0.0:9300 -COLLABORATION_WOPI_SRC=https://${WOPI_HOST} -COLLABORATION_JWT_SECRET= +## Collaboration - requires VALID TLS (disabled in localhost mode) +# COLLABORA_DOMAIN= +# COLLABORATION_APP_NAME="CollaboraOnline" +# COLLABORATION_APP_PRODUCT="Collabora" +# COLLABORATION_APP_ADDR= +# COLLABORATION_APP_INSECURE=false +# COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +# COLLABORATION_WOPI_SRC= +# COLLABORATION_JWT_SECRET= ## Notifications - Email settings # NOTIFICATIONS_SMTP_HOST= @@ -166,7 +174,8 @@ Restart=always WantedBy=multi-user.target EOF -cat </etc/systemd/system/opencloud-wopi.service +if [[ "$LOCALHOST_MODE" != true ]]; then + cat </etc/systemd/system/opencloud-wopi.service [Unit] Description=OpenCloud WOPI Server Wants=coolwsd.service @@ -188,21 +197,49 @@ TimeoutStopSec=10 WantedBy=multi-user.target EOF -$STD sudo -u cool coolconfig set ssl.enable false -$STD sudo -u cool coolconfig set ssl.termination true -$STD sudo -u cool coolconfig set ssl.ssl_verification true -sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml + # Append active Collabora config to env file + cat <>"$ENV_FILE" + +## Collaboration - active configuration +COLLABORA_DOMAIN=${COLLABORA_HOST} +COLLABORATION_APP_NAME="CollaboraOnline" +COLLABORATION_APP_PRODUCT="Collabora" +COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} +COLLABORATION_APP_INSECURE=false +COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +COLLABORATION_WOPI_SRC=https://${WOPI_HOST} +COLLABORATION_JWT_SECRET= +EOF + + $STD runuser -u cool -- coolconfig set ssl.enable false + $STD runuser -u cool -- coolconfig set ssl.termination true + $STD runuser -u cool -- coolconfig set ssl.ssl_verification true + sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml +fi + useradd -r -M -s /usr/sbin/nologin opencloud chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR" -sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no + +if [[ "$LOCALHOST_MODE" == true ]]; then + $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes +else + $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no +fi + OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')" -sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" +if [[ "$LOCALHOST_MODE" != true ]]; then + sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" +fi msg_ok "Configured OpenCloud" msg_info "Starting services" -systemctl enable -q --now coolwsd opencloud -sleep 5 -systemctl enable -q --now opencloud-wopi +if [[ "$LOCALHOST_MODE" == true ]]; then + systemctl enable -q --now opencloud +else + systemctl enable -q --now coolwsd opencloud + sleep 5 + systemctl enable -q --now opencloud-wopi +fi msg_ok "Started services" motd_ssh