4 files changed, 127 insertions, 0 deletions

diff --git a/roles/apps/nextcloud/base/templates/cron@.service.j2 b/roles/apps/nextcloud/base/templates/cron@.service.j2
new file mode 100644
index 00000000..d8cde0a3
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/cron@.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Nextcloud cron.php job for %i
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/nextcloud-cron %i
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX AF_INET
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-cron.j2 b/roles/apps/nextcloud/base/templates/nextcloud-cron.j2
new file mode 100755
index 00000000..cf1d9715
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-cron.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+INST_NAME="$1"
+shift
+
+if [ -z "$INST_NAME" ]; then
+  echo "Usage: $0 <instance>"
+  exit 1
+fi
+
+set -eu
+
+pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
+if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
+
+container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
+if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
+
+exec crictl exec "$container_id" bash -c 'php -f /var/www/html/occ status -e; if [ $? -eq 0 ]; then php -f /var/www/html/cron.php; else echo "not running cron script when in maintenance mode"; fi'
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-occ.j2 b/roles/apps/nextcloud/base/templates/nextcloud-occ.j2
new file mode 100755
index 00000000..01383c95
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-occ.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+INST_NAME="$1"
+shift
+
+if [ -z "$INST_NAME" ]; then
+  echo "Usage: $0 <instance> [ <arguments for occ.php> ... ]"
+  exit 1
+fi
+
+set -eu
+
+pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
+if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
+
+container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
+if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
+
+exec crictl exec -it "$container_id" php -f /var/www/html/occ $@
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2 b/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2
new file mode 100755
index 00000000..f6edcb44
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+INST_NAME="$1"
+VERSION="$2"
+if [ -z "$INST_NAME" ] || [ -z "$VERSION" ]; then
+  echo "Usage: $0 <instance> <version>"
+  exit 1
+fi
+
+set -eu
+
+CURRENT_VERSION=$(nextcloud-occ "$INST_NAME" status -n --no-warnings --output plain | tr -d '\r' | awk -F : '/versionstring/ { print($2) }' | tr -d ' ')
+if [ "$CURRENT_VERSION" = "$VERSION" ]; then
+  echo "The current running version of nextcloud is already $CURRENT_VERSION, nothing to do here."
+  exit 0
+fi
+echo "will upgrade nextcloud instance $INST_NAME from '$CURRENT_VERSION' to '$VERSION'"
+
+K8S_CONFIG_HASH_D="/etc/kubernetes/config-hashes/"
+K8S_CONFIG_HASH_FILE="$K8S_CONFIG_HASH_D/nextcloud-$INST_NAME.yml"
+K8S_MANIFEST_D="/etc/kubernetes/manifests/"
+K8S_MANIFEST_FILE="$K8S_MANIFEST_D/nextcloud-$INST_NAME.yml"
+if [ ! -e "$K8S_MANIFEST_FILE" ]; then
+  echo "could not find manifest file: $K8S_MANIFEST_FILE"
+  exit 2
+fi
+
+TMP_D=$(mktemp -d -t nextcloud-upgrade.XXXXXXX)
+function cleanup {
+  rm -rf "$TMP_D"
+}
+trap cleanup EXIT
+
+IMAGE_BUILD_D=$(cat "$K8S_CONFIG_HASH_FILE" | grep "build/Dockerfile:"  | tr -d ":" | xargs dirname)
+IMAGE_NAME="nextcloud"
+if [ -e "$IMAGE_BUILD_D/Dockerfile" ]; then
+  ## this only works if docker is installed...
+  echo "*** Building custom image"
+  echo ""
+  sed "0,/FROM \(.*\):.*/s//FROM \1:$VERSION/" -i "$IMAGE_BUILD_D/Dockerfile"
+  IMAGE_NAME="nextcloud/$INST_NAME"
+  docker build --rm --network host -t "$IMAGE_NAME:$VERSION" "$IMAGE_BUILD_D"
+  echo ""
+else
+  echo "*** Pre-Pulling the image"
+  echo ""
+  crictl pull "docker.io/library/nextcloud:$VERSION"
+  echo ""
+fi
+
+INSTANCE_BASE_D=$(dirname "$IMAGE_BUILD_D")
+"$INSTANCE_BASE_D/upgrade.sh" prepare "$CURRENT_VERSION" "$VERSION"
+
+echo "*** Rebuilding config-hash file"
+echo ""
+cat "$K8S_CONFIG_HASH_FILE" | grep '^/.*:' | sed 's/:$//' | xargs sha256sum | awk '{ print($2":\n  checksum: "$1) }' > "$TMP_D/config-hash.yml"
+CONFIG_HASH=$(sha256sum "$TMP_D/config-hash.yml" | awk '{ print($1) }')
+
+echo "*** Patching manifest file"
+echo ""
+sed -e "s#image: \"$IMAGE_NAME:.*\"#image: \"$IMAGE_NAME:$VERSION\"#" -e "s#config-hash: \".*\"#config-hash: \"$CONFIG_HASH\"#" "$K8S_MANIFEST_FILE" > "$TMP_D/manifest.yml"
+set +e
+diff -u "$K8S_MANIFEST_FILE" "$TMP_D/manifest.yml"
+if [ $? -eq 0 ]; then
+  echo "patching file failed?"
+  exit 2
+fi
+cat "$TMP_D/config-hash.yml" > "$K8S_CONFIG_HASH_FILE"
+cat "$TMP_D/manifest.yml" > "$K8S_MANIFEST_FILE"
+echo ""
+
+"$INSTANCE_BASE_D/upgrade.sh" finalize "$CURRENT_VERSION" "$VERSION"
+
+exit 0