From 825a081839e8bfd48ea39e0caa568d40de2f518a Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 18 Sep 2023 15:25:51 +0200
Subject: [PATCH] feat(plugins): adding default apps install with env

New configmap cm-plugin-scripts uses NEXTCLOUD_PLUGIN_LIST env
to install apps

This script is runned on each pod "start"
---
 overlays/dev/kustomization.yaml               | 72 ++++++++++---------
 overlays/dev/patches/deployment.yaml          | 32 +++------
 .../nextcloud/cm-plugins-script.yaml          | 34 +++++++++
 3 files changed, 84 insertions(+), 54 deletions(-)
 create mode 100644 overlays/dev/resources/nextcloud/cm-plugins-script.yaml

diff --git a/overlays/dev/kustomization.yaml b/overlays/dev/kustomization.yaml
index a654973..169fdbe 100644
--- a/overlays/dev/kustomization.yaml
+++ b/overlays/dev/kustomization.yaml
@@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: nextcloud-dev
 
-#namePrefix: dev-
-
 configurations:
 - ./resources/files/minio/configurations/tenants.minio.min.io.yaml
 
@@ -13,6 +11,7 @@ resources:
 - resources/nextcloud/namespace.yaml
 - resources/nextcloud/ssl.yaml
 - resources/nextcloud/cm-ldap-script.yaml
+- resources/nextcloud/cm-plugins-script.yaml
 - resources/nextcloud/minio-tenant.yaml
 - resources/nextcloud/job-minio.yaml
 
@@ -20,51 +19,60 @@ patches:
 - path: patches/deployment.yaml
 - path: patches/nginx-ingress.yaml
 - path: patches/ConfigMap-redis.yaml
-- path: patches/nextcloud-env.yaml
-  target:
-    kind: ConfigMap
-    name: nextcloud-env
-    version: v1
-
-
-# PARTIE MINIO
-
-# secret re-généré
-#secretGenerator:
-#- name: db-user-pass
-#  envs:
-#  - ./resources/files/minio/config.env
+#- path: patches/nextcloud-env.yaml
+#  target:
+#    kind: ConfigMap
+#    name: nextcloud-env
+#    version: v1
 
 secretGenerator:
-#Voir https://github.com/minio/operator/issues/856
 - name: nextcloud-minio-user
   literals:
   - CONSOLE_ACCESS_KEY=minio_root
   - CONSOLE_SECRET_KEY=MinioRootNotSoSecret
 - name: nextcloud-minio-configuration
   files:
-  - ./resources/files/minio/config.env # A modifier si modification mot de passe et user CONSOLE [ACCESS-SECRET]
-
-# ajout de Variable, et redéfinition de certaines
-configMapGenerator:
-#- name: nextcloud-parameters
-#  files:
-#  - ./resources/files/parameters.yaml
-#- name: nextcloud-env
-#  behavior: replace
-#  literals:
-#  - MINIO_SERVICE_NAME=$(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT)
-#  - MINIO_SERVICE_HOST=minio
-#  - MINIO_SERVICE_PORT=443
-#  options:
-#    disableNameSuffixHash: true
+  - ./resources/files/minio/config.env
 - name: nextcloud-smtp
+  behavior: replace
   literals:
   - smtp-username=ouchemail
   - smtp-password=HjkEHJ2676yiu2
   options:
     disableNameSuffixHash: true
 
+configMapGenerator:
+- name: nextcloud-env
+  behavior: merge
+  literals:
+  - NEXTCLOUD_TRUSTED_DOMAINS="*.cadoles.lan"
+  - OBJECTSTORE_S3_AUTOCREATE="true"
+  - OBJECTSTORE_S3_HOST=minio
+  - OBJECTSTORE_S3_PORT=443
+  - OBJECTSTORE_S3_BUCKET=nextcloud-minio
+  - OBJECTSTORE_S3_USEPATH_STYLE="true"
+  - OBJECTSTORE_S3_SSL="true"
+  - NEXTCLOUD_LDAP_HOST="ldaps://ldap.cadoles.com"
+  - NEXTCLOUD_LDAP_BASE="ou=cadoles,o=gouv,c=fr"
+  - NEXTCLOUD_LDAP_DN="cn=reader,o=gouv,c=fr"
+  - NEXTCLOUD_LDAP_PASSWD="phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae"
+  - NEXTCLOUD_LDAP_BASE_GROUPS="ou=groups,ou=cadoles,o=gouv,c=fr"
+  - NEXTCLOUD_LDAP_BASE_USERS="ou=users,ou=cadoles,o=gouv,c=fr"
+  - NEXTCLOUD_LDAP_ACTIVE_CONF='1'
+  - NEXTCLOUD_LDAP_ADMIN_EXP='0'
+  - NEXTCLOUD_LDAP_EXP_UUID="cn"
+  - NEXTCLOUD_LDAP_LOGIN_FILTER="(&(objectClass=person)(uid=%uid))"
+  - NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR="uid"
+  - NEXTCLOUD_LDAP_PORT='636'
+  - NEXTCLOUD_LDAP_USR_FILTR="(|(objectclass=person))"
+  - NEXTCLOUD_LDAP_OBJ_FILTR="person"
+  - NEXTCLOUD_LDAP_MAIL_ATTR="mail"
+  - NEXTCLOUD_LDAP_USER_DISP="cn"
+  - NEXTCLOUD_LDAP_GROUP_FILTR="(&(|(objectclass=cadolesGroup)))"
+  - NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS="cadolesGroup"
+  - NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO="gidNumber"
+  - NEXTCLOUD_PLUGIN_LIST="groupfolders drawio calendar quicknotes richdocuments richdocumentscode polls keeweb"
+
 vars: # génération d'information pour wait-for-bootstrap du pod nextcloud
 - name: MINIO_BOOTSTRAP_JOB_NAME
   objref:
diff --git a/overlays/dev/patches/deployment.yaml b/overlays/dev/patches/deployment.yaml
index 3e39575..82be6e3 100644
--- a/overlays/dev/patches/deployment.yaml
+++ b/overlays/dev/patches/deployment.yaml
@@ -14,21 +14,10 @@ spec:
         - $(MINIO_BOOTSTRAP_JOB_NAME)
       containers:
       - name: nextcloud
+        #envFrom:
+        #- configMapRef:
+        #  name: nextcloud-env-update
         env:
-        - name: POSTGRES_USER
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud-postgres-app
-              key: username
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud-postgres-app
-              key: password
-        - name: OBJECTSTORE_S3_BUCKET
-          value: nxt-minio
-        - name: OBJECTSTORE_S3_AUTOCREATE
-          value: "true"
         - name: OBJECTSTORE_S3_KEY
           valueFrom:
             secretKeyRef:
@@ -39,14 +28,6 @@ spec:
             secretKeyRef:
               name: nextcloud-minio-user
               key: CONSOLE_SECRET_KEY
-        - name: OBJECTSTORE_S3_HOST
-          value: minio:$(MINIO_SERVICE_PORT)
-        - name: OBJECTSTORE_S3_PORT
-          value: "443"
-        - name: OBJECTSTORE_S3_SSL
-          value: "true"
-        - name: OBJECTSTORE_S3_USEPATH_STYLE
-          value: "true"
 
         livenessProbe:
           httpGet:
@@ -76,6 +57,9 @@ spec:
         - mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh
           name: script-config-ldap
           subPath: poststart-ldap.sh
+        - mountPath: /docker-entrypoint-hooks.d/before-starting/plugins.sh
+          name: script-config-plugins
+          subPath: poststart-plugins.sh
         - mountPath: /etc/minio-ccerts
           name: minio-certs
           readOnly: true
@@ -87,5 +71,9 @@ spec:
         configMap:
           name: script-config-ldap
           defaultMode: 0755
+      - name: script-config-plugins
+        configMap:
+          name: script-config-plugins
+          defaultMode: 0755
       restartPolicy: Always
       serviceAccountName: nextcloud-sa
diff --git a/overlays/dev/resources/nextcloud/cm-plugins-script.yaml b/overlays/dev/resources/nextcloud/cm-plugins-script.yaml
new file mode 100644
index 0000000..8bc088f
--- /dev/null
+++ b/overlays/dev/resources/nextcloud/cm-plugins-script.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: script-config-plugins
+data:
+  poststart-plugins.sh: |
+    #!/bin/sh
+    set -eu
+    ( 
+      if ! flock -n 7; then
+        echo "Another process is installing plugins. waiting"
+        flock 7
+        exit 0
+      fi
+
+      echo "Installing default apps"
+      plugin_list="${NEXTCLOUD_PLUGIN_LIST}"
+      OPTS=""
+      occ="/var/www/html/occ"
+
+      installed_apps=$(mktemp)
+      /bin/sh -c "${occ} app:list" | awk '!/Enabled|Disabled/ {print substr($2, 1, length($2)-1)}' > "${installed_apps}"
+
+      for plugin in ${plugin_list}; do
+        if ! grep -q "${plugin}" "${installed_apps}"; then
+          /bin/sh -c "${occ} ${OPTS} app:install ${plugin}"
+          /bin/sh -c "${occ} ${OPTS} app:update ${plugin}"
+          /bin/sh -c "${occ} ${OPTS} app:enable ${plugin}"
+        else
+          echo "${plugin} allready installed"
+        fi
+      done
+    ) 7> /var/www/html/nextcloud-plugin-install.lock
+    echo "Apps installation finished"