#!/bin/bash # ================================================================= # Nextcloud Configuration Script # ================================================================= # Rick-Infra - Nextcloud Role # # This script configures Nextcloud via OCC commands after initial # installation. It is generated from Ansible variables and runs # inside the Nextcloud container. # # Generated by: roles/nextcloud/templates/configure-nextcloud.sh.j2 # Managed by: Ansible set +e # Continue on errors, report at end ERRORS=0 # Helper function for OCC occ() { php /var/www/html/occ "$@" 2>&1 } # Track errors check_error() { if [ $? -ne 0 ]; then ERRORS=$((ERRORS + 1)) echo "ERROR: $1" >&2 fi } # ================================================================= # Redis Caching Configuration # ================================================================= # Configure Redis for application-level caching and file locking # WITHOUT enabling Redis sessions (which can cause performance issues) occ config:system:set memcache.distributed --value='\OC\Memcache\Redis' --quiet check_error "Failed to set memcache.distributed" occ config:system:set memcache.locking --value='\OC\Memcache\Redis' --quiet check_error "Failed to set memcache.locking" occ config:system:set redis host --value='{{ valkey_unix_socket_path }}' --quiet check_error "Failed to set redis.host" occ config:system:set redis password --value='{{ valkey_password }}' --quiet check_error "Failed to set redis.password" occ config:system:set redis dbindex --value={{ nextcloud_valkey_db }} --type=integer --quiet check_error "Failed to set redis.dbindex" # ================================================================= # Maintenance Configuration # ================================================================= occ config:system:set maintenance_window_start --value={{ nextcloud_maintenance_window_start }} --type=integer --quiet check_error "Failed to set maintenance_window_start" occ config:system:set default_phone_region --value='{{ nextcloud_default_phone_region }}' --quiet check_error "Failed to set default_phone_region" # ================================================================= # Database Optimization # ================================================================= # Add missing database indices occ db:add-missing-indices --quiet check_error "Failed to add missing database indices" # Convert filecache to bigint occ db:convert-filecache-bigint --no-interaction --quiet check_error "Failed to convert filecache to bigint" # Update mimetype database mappings occ maintenance:repair --include-expensive --quiet check_error "Failed to run maintenance:repair" # ================================================================= # App Installation and Enablement # ================================================================= # Install apps first, then enable them. This must happen before # app-specific configuration (e.g., OIDC provider setup) {% if nextcloud_apps_install is defined and nextcloud_apps_install | length > 0 %} # Install apps {% for app in nextcloud_apps_install %} occ app:install {{ app }} --quiet 2>&1 | grep -v "already installed" || true check_error "Failed to install app: {{ app }}" {% endfor %} {% endif %} # ================================================================= # Email/SMTP Configuration # ================================================================= {% if nextcloud_email_enabled | default(false) %} # Configure SMTP mode occ config:system:set mail_smtpmode --value={{ nextcloud_smtp_mode }} --quiet check_error "Failed to set mail_smtpmode" # Configure SMTP server occ config:system:set mail_smtphost --value='{{ nextcloud_smtp_host }}' --quiet check_error "Failed to set mail_smtphost" occ config:system:set mail_smtpport --value={{ nextcloud_smtp_port }} --type=integer --quiet check_error "Failed to set mail_smtpport" {% if nextcloud_smtp_secure %} occ config:system:set mail_smtpsecure --value={{ nextcloud_smtp_secure }} --quiet check_error "Failed to set mail_smtpsecure" {% endif %} {% if nextcloud_smtp_auth %} # Configure SMTP authentication occ config:system:set mail_smtpauth --value=1 --type=integer --quiet check_error "Failed to set mail_smtpauth" occ config:system:set mail_smtpauthtype --value={{ nextcloud_smtp_authtype }} --quiet check_error "Failed to set mail_smtpauthtype" occ config:system:set mail_smtpname --value='{{ nextcloud_smtp_username }}' --quiet check_error "Failed to set mail_smtpname" occ config:system:set mail_smtppassword --value='{{ nextcloud_smtp_password }}' --quiet check_error "Failed to set mail_smtppassword" {% endif %} # Configure email addressing occ config:system:set mail_from_address --value='{{ nextcloud_mail_from_address }}' --quiet check_error "Failed to set mail_from_address" occ config:system:set mail_domain --value='{{ nextcloud_mail_domain }}' --quiet check_error "Failed to set mail_domain" {% endif %} # Set admin user email address {% if nextcloud_admin_email %} occ user:setting {{ nextcloud_admin_user }} settings email '{{ nextcloud_admin_email }}' --quiet check_error "Failed to set admin user email" {% endif %} # ================================================================= # OIDC/SSO Provider Configuration # ================================================================= {% if nextcloud_oidc_enabled | default(false) %} # Configure OIDC provider (creates if doesn't exist, updates if exists) occ user_oidc:provider {{ nextcloud_oidc_provider_id }} \ --clientid='{{ nextcloud_oidc_client_id }}' \ --clientsecret='{{ nextcloud_oidc_client_secret }}' \ --discoveryuri='{{ nextcloud_oidc_discovery_url }}' \ --scope='{{ nextcloud_oidc_scope }}' \ --unique-uid={{ '1' if nextcloud_oidc_unique_uid else '0' }} \ --check-bearer={{ '1' if nextcloud_oidc_check_bearer else '0' }} \ --send-id-token-hint={{ '1' if nextcloud_oidc_send_id_token_hint else '0' }} \ {% if nextcloud_oidc_mapping_display_name %} --mapping-display-name='{{ nextcloud_oidc_mapping_display_name }}' \ {% endif %} {% if nextcloud_oidc_mapping_email %} --mapping-email='{{ nextcloud_oidc_mapping_email }}' \ {% endif %} {% if nextcloud_oidc_mapping_quota %} --mapping-quota='{{ nextcloud_oidc_mapping_quota }}' \ {% endif %} {% if nextcloud_oidc_mapping_uid %} --mapping-uid='{{ nextcloud_oidc_mapping_uid }}' \ {% endif %} {% if nextcloud_oidc_mapping_groups %} --mapping-groups='{{ nextcloud_oidc_mapping_groups }}' \ {% endif %} --group-provisioning={{ '1' if nextcloud_oidc_group_provisioning else '0' }} \ --quiet 2>&1 | grep -v "already exists" || true check_error "Failed to configure OIDC provider: {{ nextcloud_oidc_provider_id }}" {% if nextcloud_oidc_single_login %} # Enable single login (auto-redirect to SSO if only one provider) occ config:app:set user_oidc allow_multiple_user_backends --value=0 --quiet check_error "Failed to enable single login mode" {% endif %} {% endif %} # ================================================================= # Exit Status # ================================================================= if [ $ERRORS -gt 0 ]; then echo "Configuration completed with $ERRORS error(s)" >&2 exit 1 else echo "Nextcloud configuration completed successfully" exit 0 fi