From 743f12f91b18e330a14423f45b69cad05f451c1a Mon Sep 17 00:00:00 2001
From: nachoparker <nacho@ownyourbits.com>
Date: Sun, 12 Feb 2017 20:12:48 +0100
Subject: [PATCH] First commit, Raspbian 8 with Nextcloud 11

---
 README.md            |  26 ++++
 install-image.sh     |  73 +++++++++++
 install-nextcloud.sh | 285 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 384 insertions(+)
 create mode 100755 install-image.sh
 create mode 100755 install-nextcloud.sh

diff --git a/README.md b/README.md
index 14f1b53c..1f20e978 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,28 @@
 # nextcloud-raspbian-generator
 Automatically generate Raspbian Images with Nextcloud installed and configured using QEMU
+
+## Features
+
+* Raspbian 8 Jessie
+* Nextcloud 11.0.1
+* Apache 2.4.25, with HTTP2 enabled
+* PHP 7.0 
+* MariaDB 10
+* Automatic redirection to HTTPS
+* ACPU PHP cache
+* PHP Zend OPcache enabled with file cache
+* HSTS
+* Cron jobs for Nextcloud
+* Sane configuration defaults
+
+## Usage
+
+```
+git clone https://github.com/nachoparker/nextcloud-raspbian-generator.git
+cd nextcloud-raspbian-generator
+./install-image.sh 192.168.0.145 # change to your QEMU raspbian IP
+```
+
+See details and instructions at
+
+https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
diff --git a/install-image.sh b/install-image.sh
new file mode 100755
index 00000000..b1dd05ad
--- /dev/null
+++ b/install-image.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Nextcloud installation on QEMU emulated Raspbian image
+# Tested with 2017-01-11-raspbian-jessie.img (and lite)
+#
+# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+# GPL licensed (see end of file) * Use at your own risk!
+#
+# Usage:
+#   ./install-image.sh <IP> # Use the IP of your running QEMU Raspbian image
+#
+# Notes:
+#   Set DOWNLOAD=0 if you have already downloaded an image. Rename it to nextcloudpi.img
+
+IP=$1          # First argument is the QEMU Raspbian IP address
+DOWNLOAD=1     # Download the latest image
+#IMG=raspbian_latest
+IMG=raspbian_lite_latest
+
+[[ "$IP" == "" ]] && { echo "usage: ./install-image.sh <IP>"; exit; }
+
+SSH="ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=5 -o ConnectTimeout=1 -o LogLevel=quiet"
+IMGFILE="NextCloudPi_$( date  "+%m-%d-%y" ).img"
+
+if [[ "$DOWNLOAD" == "1" ]]; then
+  wget https://downloads.raspberrypi.org/$IMG -O $IMG.zip && \
+  unzip $IMG.zip && \
+  mv *-raspbian-*.img $IMGFILE && \
+  qemu-img resize $IMGFILE +1G
+fi
+
+test -d qemu-raspbian-network || git clone https://github.com/nachoparker/qemu-raspbian-network.git
+sed -i '30s/NO_NETWORK=1/NO_NETWORK=0/' qemu-raspbian-network/qemu-pi.sh
+
+NUM_REBOOTS=$( grep -c reboot install-nextcloud.sh )
+while [[ $NUM_REBOOTS != -1 ]]; do
+  echo "Starting QEMU"
+  cd qemu-raspbian-network
+  sudo ./qemu-pi.sh ../$IMGFILE &
+  cd -
+
+  sleep 10
+  echo "Waiting for SSH to be up"
+  while true; do
+    sshpass -praspberry $SSH pi@$IP ls &>/dev/null && break
+    sleep 1
+  done
+
+  sleep 90
+  echo "Launching installation"
+  cat install-nextcloud.sh | sshpass -praspberry $SSH pi@$IP
+  wait 
+  NUM_REBOOTS=$(( NUM_REBOOTS-1 ))
+done
+echo "$IMGFILE generated successfully"
+
+# License
+#
+# This script is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this script; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA  02111-1307  USA
+
diff --git a/install-nextcloud.sh b/install-nextcloud.sh
new file mode 100755
index 00000000..0cd8e90b
--- /dev/null
+++ b/install-nextcloud.sh
@@ -0,0 +1,285 @@
+#!/bin/bash
+
+# Nextcloud installation on Raspbian through SSH
+# Tested with 2017-01-11-raspbian-jessie.img (and lite)
+#
+# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+# GPL licensed (see end of file) * Use at your own risk!
+#
+# Usage:
+#   cat install-nextcloud.sh | sshpass -praspberry ssh pi@$IP
+#
+# Notes:
+#   Upon each necessary restart, the system will cut the SSH session, therefore
+#   it is required to save the state of the installation. See variable $STATE_FILE
+#   It will be necessary to invoke this a number of times for a complete installation
+
+sudo su
+
+VER=11.0.1
+ADMINUSER=admin
+DBADMIN=ncadmin
+DBPASSWD=ownyourbits
+MAX_FILESIZE=1G
+STATE_FILE=/home/pi/.installation_state
+
+set -x
+set -e
+
+test -f $STATE_FILE && STATE=$( cat $STATE_FILE 2>/dev/null )
+if [ "$STATE" == "" ]; then
+
+  # RESIZE IMAGE
+  ##########################################
+
+  SECTOR=$( fdisk -l /dev/sda | grep Linux | awk '{ print $2 }' )
+  set +e 
+  echo -e "d\n2\nn\np\n2\n$SECTOR\n\nw\n" | fdisk /dev/sda
+  set -e
+
+  echo 0 > $STATE_FILE 
+  reboot
+elif [ "$STATE" == "0" ]; then
+
+  # UPDATE EVERYTHING
+  ##########################################
+  resize2fs /dev/sda2
+
+  apt-get update
+  apt-get upgrade -y
+  apt-get dist-upgrade -y
+  apt-get autoremove
+
+  echo 1 > $STATE_FILE 
+  reboot
+elif [ "$STATE" == "1" ]; then
+
+  # GET STRETCH SOURCES FOR HTTP2 AND PHP7
+  ##########################################
+
+  echo "deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi" >> /etc/apt/sources.list
+cat > /etc/apt/preferences <<EOF
+Package: *
+Pin: release n=jessie
+Pin-Priority: 600
+EOF
+  apt-get update
+
+  # INSTALL FROM STRETCH
+  ##########################################
+
+  apt-get install -t stretch apache2 -y
+  apt-get install -t stretch php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip -y
+  apt-get install php7.0-APC -y
+  apt-get install libxml2-dev php-zip php-dom php-xmlwriter php-xmlreader php-gd php-curl php-mbstring -y
+
+  debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password password $DBPASSWD"
+  debconf-set-selections <<< "mariadb-server-5.5 mysql-server/root_password_again password $DBPASSWD"
+  apt-get install mariadb-server php7.0-mysql -y
+
+  # CONFIGURE APACHE AND PHP7
+  ##########################################
+
+  cat >/etc/apache2/conf-available/http2.conf <<EOF
+Protocols h2 h2c http/1.1
+
+H2Push          on
+H2PushPriority  *                       after
+H2PushPriority  text/css                before
+H2PushPriority  image/jpeg              after   32
+H2PushPriority  image/png               after   32
+H2PushPriority  application/javascript  interleaved
+
+SSLProtocol all -SSLv2 -SSLv3
+SSLHonorCipherOrder on
+SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
+EOF
+
+  cat >> /etc/apache2/apache2.conf <<EOF
+<IfModule mod_headers.c>
+  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+</IfModule>
+EOF
+
+  cat > /etc/php/7.0/mods-available/apcu.ini <<EOF
+extension=apcu.so
+apc.enable_cli=0
+apc.shm_size=256M
+apc.ttl=7200
+apc.gc_ttl=3600
+apc.entries_hint=4096
+apc.slam_defense=1
+apc.serializer=igbinary
+EOF
+
+  cat > /etc/php/7.0/mods-available/opcache.ini <<EOF
+zend_extension=opcache.so
+opcache.file_cache=/var/www/nextcloud/.opcache;
+opcache.fast_shutdown=1
+EOF
+
+  a2enmod http2
+  a2enconf http2 
+  a2enmod proxy_fcgi setenvif
+  a2enconf php7.0-fpm
+  a2enmod rewrite
+  a2enmod headers
+  a2enmod env
+  a2enmod dir
+  a2enmod mime
+  a2enmod ssl
+  a2ensite default-ssl
+
+  # INSTALL NEXTCLOUD
+  ##########################################
+
+  cd /var/www/
+  wget https://download.nextcloud.com/server/releases/nextcloud-$VER.tar.bz2 -O nextcloud.tar.bz2
+  tar -xvf nextcloud.tar.bz2
+  rm nextcloud.tar.bz2
+  mkdir /var/log/nextcloud
+  mkdir /var/www/nextcloud/.opcache
+
+  ocpath='/var/www/nextcloud'
+  htuser='www-data'
+  htgroup='www-data'
+  rootuser='root'
+
+  printf "Creating possible missing Directories\n"
+  mkdir -p $ocpath/data
+  mkdir -p $ocpath/updater
+
+  printf "chmod Files and Directories\n"
+  find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
+  find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
+
+  printf "chown Directories\n"
+  chown -R ${rootuser}:${htgroup} ${ocpath}/
+  chown -R ${htuser}:${htgroup} ${ocpath}/apps/
+  chown -R ${htuser}:${htgroup} ${ocpath}/config/
+  chown -R ${htuser}:${htgroup} ${ocpath}/data/
+  chown -R ${htuser}:${htgroup} ${ocpath}/themes/
+  chown -R ${htuser}:${htgroup} ${ocpath}/updater/
+  chown -R ${htuser}:${htgroup} ${ocpath}/.opcache/
+
+  chmod +x ${ocpath}/occ
+
+  printf "chmod/chown .htaccess\n"
+  if [ -f ${ocpath}/.htaccess ]
+  then
+    chmod 0644 ${ocpath}/.htaccess
+    chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
+  fi
+  if [ -f ${ocpath}/data/.htaccess ]
+  then
+    chmod 0644 ${ocpath}/data/.htaccess
+    chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
+  fi
+
+  cat > /etc/apache2/sites-available/nextcloud.conf <<EOF
+Alias /nextcloud "/var/www/nextcloud/"
+
+CustomLog /var/log/nextcloud/access.log combined
+ErrorLog /var/log/nextcloud/error.log
+
+<Directory /var/www/nextcloud/>
+  Options +FollowSymlinks
+  AllowOverride All
+
+  <IfModule mod_dav.c>
+    Dav off
+  </IfModule>
+
+  SetEnv HOME /var/www/nextcloud
+  SetEnv HTTP_HOME /var/www/nextcloud
+</Directory>
+EOF
+  a2ensite nextcloud
+
+  mysql -u root -p$DBPASSWD <<EOF
+CREATE DATABASE nextcloud;
+CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
+GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost;
+EXIT
+EOF
+
+  # CONFIGURE NEXTCLOUD
+  ##########################################
+  cd /var/www/nextcloud/
+
+  sudo -u www-data php occ maintenance:install --database \
+  "mysql" --database-name "nextcloud"  --database-user "$DBADMIN" --database-pass \
+  "$DBPASSWD" --admin-user "$ADMINUSER" --admin-pass "$DBPASSWD" 
+
+  sudo -u www-data php occ background:cron
+
+  sed -i '$s=^.*$=  '\''memcache.local'\'' \=> '\''\\OC\\Memcache\\APCu'\'',\n);=' /var/www/nextcloud/config/config.php
+
+  sed -i "s/post_max_size=.*/post_max_size=$MAX_FILESIZE/"       /var/www/nextcloud/.user.ini 
+  sed -i "s/post_max_size=.*/upload_max_filesize=$MAX_FILESIZE/" /var/www/nextcloud/.user.ini 
+  sed -i "s/post_max_size=.*/post_max_size=$MAX_FILESIZE/"       /var/www/nextcloud/.htaccess
+  sed -i "s/post_max_size=.*/upload_max_filesize=$MAX_FILESIZE/" /var/www/nextcloud/.htaccess
+
+cat >> /var/www/nextcloud/.htaccess <<EOF
+<IfModule mod_rewrite.c>
+  RewriteEngine On
+  RewriteCond %{HTTPS} !=on
+  RewriteRule ^/?(.*) https://%{SERVER_NAME}/nextcloud/$1 [R,L]
+</IfModule>
+EOF
+
+  echo "*/15  *  *  *  * php -f /var/www/nextcloud/cron.php" > /tmp/crontab_http
+  crontab -u www-data /tmp/crontab_http
+  rm /tmp/crontab_http
+
+  cat > /usr/local/bin/nextcloud-domain.sh <<'EOF'
+#!/bin/bash
+IFACE=$( ip r | grep "default via" | awk '{ print $5 }' )
+IP=$( ip a | grep "global $IFACE" | grep -oP '\d{1,3}(.\d{1,3}){3}' | head -1 )
+cd /var/www/nextcloud
+sudo -u www-data php occ config:system:set trusted_domains 1 --value=$IP
+EOF
+
+  mkdir -p /usr/lib/systemd/system
+  cat > /usr/lib/systemd/system/nextcloud-domain.service <<'EOF'
+[Unit]
+Description=Register Current IP as Nextcloud trusted domain
+Requires=network.target
+After=mysql.service
+
+[Service]
+ExecStart=/bin/bash /usr/local/bin/nextcloud-domain.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  systemctl enable nextcloud-domain
+
+  # CLEANUP
+  ##########################################
+
+  apt-get autoremove -y
+  apt-get clean
+  rm /var/lib/apt/lists/* -r
+
+  rm $STATE_FILE 
+  halt
+fi
+
+# License
+#
+# This script is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this script; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA  02111-1307  USA
+