From c8b49560b676408b716f0b6ab841b9c71f9ce2c3 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 14 Dec 2025 14:05:01 -0300
Subject: [PATCH] Keep nextcloud scripts single-sourced under scripts/

---
 scripts/nextcloud-mail-sync.sh                | 40 ++++++++++-
 scripts/nextcloud-maintenance.sh              | 66 ++++++++++++++++++-
 services/nextcloud/kustomization.yaml         |  4 +-
 .../nextcloud/scripts/nextcloud-mail-sync.sh  | 39 -----------
 .../scripts/nextcloud-maintenance.sh          | 65 ------------------
 5 files changed, 106 insertions(+), 108 deletions(-)
 mode change 120000 => 100755 scripts/nextcloud-mail-sync.sh
 mode change 120000 => 100755 scripts/nextcloud-maintenance.sh
 delete mode 100755 services/nextcloud/scripts/nextcloud-mail-sync.sh
 delete mode 100755 services/nextcloud/scripts/nextcloud-maintenance.sh

diff --git a/scripts/nextcloud-mail-sync.sh b/scripts/nextcloud-mail-sync.sh
deleted file mode 120000
index 0f33a4e..0000000
--- a/scripts/nextcloud-mail-sync.sh
+++ /dev/null
@@ -1 +0,0 @@
-../services/nextcloud/scripts/nextcloud-mail-sync.sh
\ No newline at end of file
diff --git a/scripts/nextcloud-mail-sync.sh b/scripts/nextcloud-mail-sync.sh
new file mode 100755
index 0000000..6b0adb1
--- /dev/null
+++ b/scripts/nextcloud-mail-sync.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+KC_BASE="${KC_BASE:?}"
+KC_REALM="${KC_REALM:?}"
+KC_ADMIN_USER="${KC_ADMIN_USER:?}"
+KC_ADMIN_PASS="${KC_ADMIN_PASS:?}"
+
+if ! command -v jq >/dev/null 2>&1; then
+  apt-get update && apt-get install -y jq curl >/dev/null
+fi
+
+token=$(
+  curl -s -d "grant_type=password" \
+    -d "client_id=admin-cli" \
+    -d "username=${KC_ADMIN_USER}" \
+    -d "password=${KC_ADMIN_PASS}" \
+    "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token'
+)
+
+if [[ -z "${token}" || "${token}" == "null" ]]; then
+  echo "Failed to obtain admin token"
+  exit 1
+fi
+
+users=$(curl -s -H "Authorization: Bearer ${token}" \
+  "${KC_BASE}/admin/realms/${KC_REALM}/users?max=2000")
+
+echo "${users}" | jq -c '.[]' | while read -r user; do
+  username=$(echo "${user}" | jq -r '.username')
+  email=$(echo "${user}" | jq -r '.email // empty')
+  app_pw=$(echo "${user}" | jq -r '.attributes.mailu_app_password[0] // empty')
+  [[ -z "${email}" || -z "${app_pw}" ]] && continue
+  echo "Syncing ${email}"
+  runuser -u www-data -- php occ mail:account:create \
+    "${username}" "${username}" "${email}" \
+    mail.bstein.dev 993 ssl "${email}" "${app_pw}" \
+    mail.bstein.dev 587 tls "${email}" "${app_pw}" login || true
+done
diff --git a/scripts/nextcloud-maintenance.sh b/scripts/nextcloud-maintenance.sh
deleted file mode 120000
index e6b1223..0000000
--- a/scripts/nextcloud-maintenance.sh
+++ /dev/null
@@ -1 +0,0 @@
-../services/nextcloud/scripts/nextcloud-maintenance.sh
\ No newline at end of file
diff --git a/scripts/nextcloud-maintenance.sh b/scripts/nextcloud-maintenance.sh
new file mode 100755
index 0000000..e8ea18c
--- /dev/null
+++ b/scripts/nextcloud-maintenance.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+set -euo pipefail
+
+NC_URL="${NC_URL:-https://cloud.bstein.dev}"
+ADMIN_USER="${ADMIN_USER:?}"
+ADMIN_PASS="${ADMIN_PASS:?}"
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get update -qq
+apt-get install -y -qq curl jq >/dev/null
+
+run_occ() {
+  runuser -u www-data -- php occ "$@"
+}
+
+log() { echo "[$(date -Is)] $*"; }
+
+log "Applying Atlas theming"
+run_occ theming:config name "Atlas Cloud"
+run_occ theming:config slogan "Unified access to Atlas services"
+run_occ theming:config url "https://cloud.bstein.dev"
+run_occ theming:config color "#0f172a"
+run_occ theming:config disable-user-theming yes
+
+log "Setting default quota to 200 GB"
+run_occ config:app:set files default_quota --value "200 GB"
+
+API_BASE="${NC_URL}/ocs/v2.php/apps/external/api/v1"
+AUTH=(-u "${ADMIN_USER}:${ADMIN_PASS}" -H "OCS-APIRequest: true")
+
+log "Removing existing external links"
+existing=$(curl -sf "${AUTH[@]}" "${API_BASE}?format=json" | jq -r '.ocs.data[].id // empty')
+for id in ${existing}; do
+  curl -sf "${AUTH[@]}" -X DELETE "${API_BASE}/sites/${id}?format=json" >/dev/null || true
+done
+
+SITES=(
+  "Vaultwarden|https://vault.bstein.dev"
+  "Jellyfin|https://stream.bstein.dev"
+  "Gitea|https://scm.bstein.dev"
+  "Jenkins|https://ci.bstein.dev"
+  "Zot|https://registry.bstein.dev"
+  "Vault|https://secret.bstein.dev"
+  "Jitsi|https://meet.bstein.dev"
+  "Grafana|https://metrics.bstein.dev"
+  "Chat LLM|https://chat.ai.bstein.dev"
+  "Vision|https://draw.ai.bstein.dev"
+  "STT/TTS|https://talk.ai.bstein.dev"
+)
+
+log "Seeding external links"
+for entry in "${SITES[@]}"; do
+  IFS="|" read -r name url <<<"${entry}"
+  curl -sf "${AUTH[@]}" -X POST "${API_BASE}/sites?format=json" \
+    -d "name=${name}" \
+    -d "url=${url}" \
+    -d "lang=" \
+    -d "type=link" \
+    -d "device=" \
+    -d "icon=" \
+    -d "groups[]=" \
+    -d "redirect=1" >/dev/null
+done
+
+log "Maintenance run completed"
diff --git a/services/nextcloud/kustomization.yaml b/services/nextcloud/kustomization.yaml
index ea269cd..5e3b414 100644
--- a/services/nextcloud/kustomization.yaml
+++ b/services/nextcloud/kustomization.yaml
@@ -15,11 +15,11 @@ resources:
 configMapGenerator:
   - name: nextcloud-maintenance-script
     files:
-      - maintenance.sh=scripts/nextcloud-maintenance.sh
+      - maintenance.sh=../../scripts/nextcloud-maintenance.sh
     options:
       disableNameSuffixHash: true
   - name: nextcloud-mail-sync-script
     files:
-      - sync.sh=scripts/nextcloud-mail-sync.sh
+      - sync.sh=../../scripts/nextcloud-mail-sync.sh
     options:
       disableNameSuffixHash: true
diff --git a/services/nextcloud/scripts/nextcloud-mail-sync.sh b/services/nextcloud/scripts/nextcloud-mail-sync.sh
deleted file mode 100755
index 6b0adb1..0000000
--- a/services/nextcloud/scripts/nextcloud-mail-sync.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-KC_BASE="${KC_BASE:?}"
-KC_REALM="${KC_REALM:?}"
-KC_ADMIN_USER="${KC_ADMIN_USER:?}"
-KC_ADMIN_PASS="${KC_ADMIN_PASS:?}"
-
-if ! command -v jq >/dev/null 2>&1; then
-  apt-get update && apt-get install -y jq curl >/dev/null
-fi
-
-token=$(
-  curl -s -d "grant_type=password" \
-    -d "client_id=admin-cli" \
-    -d "username=${KC_ADMIN_USER}" \
-    -d "password=${KC_ADMIN_PASS}" \
-    "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token'
-)
-
-if [[ -z "${token}" || "${token}" == "null" ]]; then
-  echo "Failed to obtain admin token"
-  exit 1
-fi
-
-users=$(curl -s -H "Authorization: Bearer ${token}" \
-  "${KC_BASE}/admin/realms/${KC_REALM}/users?max=2000")
-
-echo "${users}" | jq -c '.[]' | while read -r user; do
-  username=$(echo "${user}" | jq -r '.username')
-  email=$(echo "${user}" | jq -r '.email // empty')
-  app_pw=$(echo "${user}" | jq -r '.attributes.mailu_app_password[0] // empty')
-  [[ -z "${email}" || -z "${app_pw}" ]] && continue
-  echo "Syncing ${email}"
-  runuser -u www-data -- php occ mail:account:create \
-    "${username}" "${username}" "${email}" \
-    mail.bstein.dev 993 ssl "${email}" "${app_pw}" \
-    mail.bstein.dev 587 tls "${email}" "${app_pw}" login || true
-done
diff --git a/services/nextcloud/scripts/nextcloud-maintenance.sh b/services/nextcloud/scripts/nextcloud-maintenance.sh
deleted file mode 100755
index e8ea18c..0000000
--- a/services/nextcloud/scripts/nextcloud-maintenance.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-NC_URL="${NC_URL:-https://cloud.bstein.dev}"
-ADMIN_USER="${ADMIN_USER:?}"
-ADMIN_PASS="${ADMIN_PASS:?}"
-
-export DEBIAN_FRONTEND=noninteractive
-apt-get update -qq
-apt-get install -y -qq curl jq >/dev/null
-
-run_occ() {
-  runuser -u www-data -- php occ "$@"
-}
-
-log() { echo "[$(date -Is)] $*"; }
-
-log "Applying Atlas theming"
-run_occ theming:config name "Atlas Cloud"
-run_occ theming:config slogan "Unified access to Atlas services"
-run_occ theming:config url "https://cloud.bstein.dev"
-run_occ theming:config color "#0f172a"
-run_occ theming:config disable-user-theming yes
-
-log "Setting default quota to 200 GB"
-run_occ config:app:set files default_quota --value "200 GB"
-
-API_BASE="${NC_URL}/ocs/v2.php/apps/external/api/v1"
-AUTH=(-u "${ADMIN_USER}:${ADMIN_PASS}" -H "OCS-APIRequest: true")
-
-log "Removing existing external links"
-existing=$(curl -sf "${AUTH[@]}" "${API_BASE}?format=json" | jq -r '.ocs.data[].id // empty')
-for id in ${existing}; do
-  curl -sf "${AUTH[@]}" -X DELETE "${API_BASE}/sites/${id}?format=json" >/dev/null || true
-done
-
-SITES=(
-  "Vaultwarden|https://vault.bstein.dev"
-  "Jellyfin|https://stream.bstein.dev"
-  "Gitea|https://scm.bstein.dev"
-  "Jenkins|https://ci.bstein.dev"
-  "Zot|https://registry.bstein.dev"
-  "Vault|https://secret.bstein.dev"
-  "Jitsi|https://meet.bstein.dev"
-  "Grafana|https://metrics.bstein.dev"
-  "Chat LLM|https://chat.ai.bstein.dev"
-  "Vision|https://draw.ai.bstein.dev"
-  "STT/TTS|https://talk.ai.bstein.dev"
-)
-
-log "Seeding external links"
-for entry in "${SITES[@]}"; do
-  IFS="|" read -r name url <<<"${entry}"
-  curl -sf "${AUTH[@]}" -X POST "${API_BASE}/sites?format=json" \
-    -d "name=${name}" \
-    -d "url=${url}" \
-    -d "lang=" \
-    -d "type=link" \
-    -d "device=" \
-    -d "icon=" \
-    -d "groups[]=" \
-    -d "redirect=1" >/dev/null
-done
-
-log "Maintenance run completed"