Keep nextcloud scripts single-sourced under scripts/

2025-12-14 14:05:01 -03:00 · 2025-12-14 14:05:01 -03:00 · c8b49560b6
commit c8b49560b6
parent 327a7bed57
5 changed files with 106 additions and 108 deletions
--- a/scripts/nextcloud-mail-sync.sh
+++ b/scripts/nextcloud-mail-sync.sh
@ -1 +0,0 @@
 ../services/nextcloud/scripts/nextcloud-mail-sync.sh
--- a/scripts/nextcloud-mail-sync.sh
+++ b/scripts/nextcloud-mail-sync.sh
@ -0,0 +1,39 @@
 #!/bin/bash
 set -euo pipefail
 KC_BASE="${KC_BASE:?}"
 KC_REALM="${KC_REALM:?}"
 KC_ADMIN_USER="${KC_ADMIN_USER:?}"
 KC_ADMIN_PASS="${KC_ADMIN_PASS:?}"
 if ! command -v jq >/dev/null 2>&1; then
  apt-get update && apt-get install -y jq curl >/dev/null
 fi
 token=$(
  curl -s -d "grant_type=password" \
    -d "client_id=admin-cli" \
    -d "username=${KC_ADMIN_USER}" \
    -d "password=${KC_ADMIN_PASS}" \
    "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token'
 )
 if [[ -z "${token}" || "${token}" == "null" ]]; then
  echo "Failed to obtain admin token"
  exit 1
 fi
 users=$(curl -s -H "Authorization: Bearer ${token}" \
  "${KC_BASE}/admin/realms/${KC_REALM}/users?max=2000")
 echo "${users}" | jq -c '.[]' | while read -r user; do
  username=$(echo "${user}" | jq -r '.username')
  email=$(echo "${user}" | jq -r '.email // empty')
  app_pw=$(echo "${user}" | jq -r '.attributes.mailu_app_password[0] // empty')
  [[ -z "${email}" || -z "${app_pw}" ]] && continue
  echo "Syncing ${email}"
  runuser -u www-data -- php occ mail:account:create \
    "${username}" "${username}" "${email}" \
    mail.bstein.dev 993 ssl "${email}" "${app_pw}" \
    mail.bstein.dev 587 tls "${email}" "${app_pw}" login || true
 done
--- a/scripts/nextcloud-maintenance.sh
+++ b/scripts/nextcloud-maintenance.sh
@ -1 +0,0 @@
 ../services/nextcloud/scripts/nextcloud-maintenance.sh
--- a/scripts/nextcloud-maintenance.sh
+++ b/scripts/nextcloud-maintenance.sh
@ -0,0 +1,65 @@
 #!/bin/bash
 set -euo pipefail
 NC_URL="${NC_URL:-https://cloud.bstein.dev}"
 ADMIN_USER="${ADMIN_USER:?}"
 ADMIN_PASS="${ADMIN_PASS:?}"
 export DEBIAN_FRONTEND=noninteractive
 apt-get update -qq
 apt-get install -y -qq curl jq >/dev/null
 run_occ() {
  runuser -u www-data -- php occ "$@"
 }
 log() { echo "[$(date -Is)] $*"; }
 log "Applying Atlas theming"
 run_occ theming:config name "Atlas Cloud"
 run_occ theming:config slogan "Unified access to Atlas services"
 run_occ theming:config url "https://cloud.bstein.dev"
 run_occ theming:config color "#0f172a"
 run_occ theming:config disable-user-theming yes
 log "Setting default quota to 200 GB"
 run_occ config:app:set files default_quota --value "200 GB"
 API_BASE="${NC_URL}/ocs/v2.php/apps/external/api/v1"
 AUTH=(-u "${ADMIN_USER}:${ADMIN_PASS}" -H "OCS-APIRequest: true")
 log "Removing existing external links"
 existing=$(curl -sf "${AUTH[@]}" "${API_BASE}?format=json" | jq -r '.ocs.data[].id // empty')
 for id in ${existing}; do
  curl -sf "${AUTH[@]}" -X DELETE "${API_BASE}/sites/${id}?format=json" >/dev/null || true
 done
 SITES=(
  "Vaultwarden|https://vault.bstein.dev"
  "Jellyfin|https://stream.bstein.dev"
  "Gitea|https://scm.bstein.dev"
  "Jenkins|https://ci.bstein.dev"
  "Zot|https://registry.bstein.dev"
  "Vault|https://secret.bstein.dev"
  "Jitsi|https://meet.bstein.dev"
  "Grafana|https://metrics.bstein.dev"
  "Chat LLM|https://chat.ai.bstein.dev"
  "Vision|https://draw.ai.bstein.dev"
  "STT/TTS|https://talk.ai.bstein.dev"
 )
 log "Seeding external links"
 for entry in "${SITES[@]}"; do
  IFS="|" read -r name url <<<"${entry}"
  curl -sf "${AUTH[@]}" -X POST "${API_BASE}/sites?format=json" \
    -d "name=${name}" \
    -d "url=${url}" \
    -d "lang=" \
    -d "type=link" \
    -d "device=" \
    -d "icon=" \
    -d "groups[]=" \
    -d "redirect=1" >/dev/null
 done
 log "Maintenance run completed"
--- a/services/nextcloud/kustomization.yaml
+++ b/services/nextcloud/kustomization.yaml
@ -15,11 +15,11 @@ resources:
 configMapGenerator:
  - name: nextcloud-maintenance-script
    files:
-      - maintenance.sh=scripts/nextcloud-maintenance.sh
+      - maintenance.sh=../../scripts/nextcloud-maintenance.sh
    options:
      disableNameSuffixHash: true
  - name: nextcloud-mail-sync-script
    files:
-      - sync.sh=scripts/nextcloud-mail-sync.sh
+      - sync.sh=../../scripts/nextcloud-mail-sync.sh
    options:
      disableNameSuffixHash: true
--- a/services/nextcloud/scripts/nextcloud-mail-sync.sh
+++ b/services/nextcloud/scripts/nextcloud-mail-sync.sh
@ -1,39 +0,0 @@
 #!/bin/bash
 set -euo pipefail
 KC_BASE="${KC_BASE:?}"
 KC_REALM="${KC_REALM:?}"
 KC_ADMIN_USER="${KC_ADMIN_USER:?}"
 KC_ADMIN_PASS="${KC_ADMIN_PASS:?}"
 if ! command -v jq >/dev/null 2>&1; then
  apt-get update && apt-get install -y jq curl >/dev/null
 fi
 token=$(
  curl -s -d "grant_type=password" \
    -d "client_id=admin-cli" \
    -d "username=${KC_ADMIN_USER}" \
    -d "password=${KC_ADMIN_PASS}" \
    "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token'
 )
 if [[ -z "${token}" || "${token}" == "null" ]]; then
  echo "Failed to obtain admin token"
  exit 1
 fi
 users=$(curl -s -H "Authorization: Bearer ${token}" \
  "${KC_BASE}/admin/realms/${KC_REALM}/users?max=2000")
 echo "${users}" | jq -c '.[]' | while read -r user; do
  username=$(echo "${user}" | jq -r '.username')
  email=$(echo "${user}" | jq -r '.email // empty')
  app_pw=$(echo "${user}" | jq -r '.attributes.mailu_app_password[0] // empty')
  [[ -z "${email}" || -z "${app_pw}" ]] && continue
  echo "Syncing ${email}"
  runuser -u www-data -- php occ mail:account:create \
    "${username}" "${username}" "${email}" \
    mail.bstein.dev 993 ssl "${email}" "${app_pw}" \
    mail.bstein.dev 587 tls "${email}" "${app_pw}" login || true
 done
--- a/services/nextcloud/scripts/nextcloud-maintenance.sh
+++ b/services/nextcloud/scripts/nextcloud-maintenance.sh
@ -1,65 +0,0 @@
 #!/bin/bash
 set -euo pipefail
 NC_URL="${NC_URL:-https://cloud.bstein.dev}"
 ADMIN_USER="${ADMIN_USER:?}"
 ADMIN_PASS="${ADMIN_PASS:?}"
 export DEBIAN_FRONTEND=noninteractive
 apt-get update -qq
 apt-get install -y -qq curl jq >/dev/null
 run_occ() {
  runuser -u www-data -- php occ "$@"
 }
 log() { echo "[$(date -Is)] $*"; }
 log "Applying Atlas theming"
 run_occ theming:config name "Atlas Cloud"
 run_occ theming:config slogan "Unified access to Atlas services"
 run_occ theming:config url "https://cloud.bstein.dev"
 run_occ theming:config color "#0f172a"
 run_occ theming:config disable-user-theming yes
 log "Setting default quota to 200 GB"
 run_occ config:app:set files default_quota --value "200 GB"
 API_BASE="${NC_URL}/ocs/v2.php/apps/external/api/v1"
 AUTH=(-u "${ADMIN_USER}:${ADMIN_PASS}" -H "OCS-APIRequest: true")
 log "Removing existing external links"
 existing=$(curl -sf "${AUTH[@]}" "${API_BASE}?format=json" | jq -r '.ocs.data[].id // empty')
 for id in ${existing}; do
  curl -sf "${AUTH[@]}" -X DELETE "${API_BASE}/sites/${id}?format=json" >/dev/null || true
 done
 SITES=(
  "Vaultwarden|https://vault.bstein.dev"
  "Jellyfin|https://stream.bstein.dev"
  "Gitea|https://scm.bstein.dev"
  "Jenkins|https://ci.bstein.dev"
  "Zot|https://registry.bstein.dev"
  "Vault|https://secret.bstein.dev"
  "Jitsi|https://meet.bstein.dev"
  "Grafana|https://metrics.bstein.dev"
  "Chat LLM|https://chat.ai.bstein.dev"
  "Vision|https://draw.ai.bstein.dev"
  "STT/TTS|https://talk.ai.bstein.dev"
 )
 log "Seeding external links"
 for entry in "${SITES[@]}"; do
  IFS="|" read -r name url <<<"${entry}"
  curl -sf "${AUTH[@]}" -X POST "${API_BASE}/sites?format=json" \
    -d "name=${name}" \
    -d "url=${url}" \
    -d "lang=" \
    -d "type=link" \
    -d "device=" \
    -d "icon=" \
    -d "groups[]=" \
    -d "redirect=1" >/dev/null
 done
 log "Maintenance run completed"
		`@ -1 +0,0 @@`
			`../services/nextcloud/scripts/nextcloud-mail-sync.sh`