diff --git a/nextcloud/lib/common b/nextcloud/lib/common index 3f5566a..34b494b 100644 --- a/nextcloud/lib/common +++ b/nextcloud/lib/common @@ -78,7 +78,14 @@ get_admin_user_password() { ## only called after first install and occ is available nextcloud:init() { - occ app:disable updatenotification nextcloud_announcements + occ app:disable updatenotification nextcloud_announcements \; \ + config:system:set maintenance_window_start --type=integer --value=1 \; \ + config:system:set trusted_proxies 0 --value="0.0.0.0/0" \; \ + db:add-missing-columns \; \ + db:add-missing-indices \; \ + db:add-missing-primary-keys \; \ + maintenance:repair --include-expensive + } create_occ_if_not_exists() { @@ -114,7 +121,7 @@ create_occ_if_not_exists() { err "Expected last command to create /var/www/html/occ" return 1 fi - nextcloud:init + nextcloud:init || return 1 fi } @@ -126,6 +133,9 @@ occ() { ## occ.batch will require /var/www/html to be populated ('occ' is ## supposed to exist). For that we need to make sure nextcloud have ## be ran and setup prior to running this next command. + + ## We need here actually only the relation sql-database. Any other hook + ## using `occ` would make the call infinitively recursive. export COMPOSE_IGNORE_ORPHANS=true compose --debug -q --no-init --without-relation="$SERVICE_NAME":web-proxy run \ "${occ_docker_run_opts[@]}" \ diff --git a/nextcloud/metadata.yml b/nextcloud/metadata.yml index 3d1924c..620a292 100644 --- a/nextcloud/metadata.yml +++ b/nextcloud/metadata.yml @@ -21,6 +21,12 @@ uses: proxy: "Public access" default-options: target: !var-expand ${MASTER_BASE_SERVICE_NAME}:80 + apache-custom-rules: + - | + + Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" + + backup: constraint: recommended auto: pair