d476bca4f5
nextcloud/server#59629: under PHP 8.x with OPcache, UserConfig::getValueBool() passes a non-string from getTypedValue() straight into strtolower(), throwing a TypeError on every authenticated request once user_ldap is involved. Fix landed in master (PR #59646) but no stable33 backport made it into 33.0.4. Discover all compose-managed nextcloud containers, check whether the `strtolower((string)` cast is already present, and `sed` it into `lib/private/Config/UserConfig.php` on the ones that still ship the broken version. Idempotent via grep guard so re-runs are no-ops. Remove this block once the deployed image >= 33.0.4 ships the upstream fix.
129 lines
4.1 KiB
YAML
129 lines
4.1 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for nextcloud
|
|
- name: Create docker compose directory
|
|
file:
|
|
path: "{{ nextcloud_docker_compose_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create nextcloud data directory
|
|
file:
|
|
path: "{{ nextcloud_docker_volume_dir }}/data"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create postgres data directory
|
|
file:
|
|
path: "{{ nextcloud_docker_volume_dir }}/postgresql"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Ensure extra networks exist
|
|
community.docker.docker_network:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop: "{{ nextcloud_extra_networks }}"
|
|
|
|
- name: Create docker-compose file for nextcloud
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ nextcloud_docker_compose_dir }}/docker-compose.yml"
|
|
mode: '0644'
|
|
|
|
- name: Create nginx template
|
|
template:
|
|
src: nginx.conf.j2
|
|
dest: "{{ nextcloud_docker_compose_dir }}/nginx.conf"
|
|
mode: '0644'
|
|
notify: Restart nginx container
|
|
|
|
- name: Create database initialization script
|
|
template:
|
|
src: init-db.sql.j2
|
|
dest: "{{ nextcloud_docker_compose_dir }}/init-db.sql"
|
|
mode: '0644'
|
|
|
|
- name: Start nextcloud container
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ nextcloud_docker_compose_dir }}"
|
|
state: present
|
|
|
|
# nextcloud/server#59629: UserConfig::getValueBool() passes a non-string from
|
|
# getTypedValue() into strtolower() under PHP 8.x + OPcache, throwing a
|
|
# TypeError on every authenticated request once user_ldap is involved. Fix
|
|
# is in master (PR #59646) but no stable33 backport landed before 33.0.4.
|
|
# Apply the (string) cast in-container; idempotent via grep guard. Remove
|
|
# this block once nextcloud_image >= 33.0.4.
|
|
- name: Discover nextcloud php containers needing the UserConfig patch
|
|
ansible.builtin.shell:
|
|
cmd: >-
|
|
docker ps --filter "label=com.docker.compose.project={{ nextcloud_docker_compose_dir | basename }}"
|
|
--filter "label=com.docker.compose.service=nextcloud"
|
|
--format '{% raw %}{{.Names}}{% endraw %}'
|
|
register: _nextcloud_php_containers
|
|
changed_when: false
|
|
|
|
- name: Check UserConfig.php patch status per container
|
|
ansible.builtin.shell:
|
|
cmd: >-
|
|
docker exec {{ item }} grep -q "strtolower((string)" /var/www/html/lib/private/Config/UserConfig.php
|
|
loop: "{{ _nextcloud_php_containers.stdout_lines }}"
|
|
register: _nextcloud_userconfig_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Apply UserConfig::getValueBool string-cast workaround
|
|
ansible.builtin.shell:
|
|
cmd: >-
|
|
docker exec {{ item.item }}
|
|
sed -i 's|$b = strtolower($this->getTypedValue|$b = strtolower((string)$this->getTypedValue|'
|
|
/var/www/html/lib/private/Config/UserConfig.php
|
|
loop: "{{ _nextcloud_userconfig_check.results }}"
|
|
loop_control:
|
|
label: "{{ item.item }}"
|
|
when:
|
|
- item.rc | default(1) != 0
|
|
|
|
- name: Wait for Nextcloud to be ready
|
|
ansible.builtin.shell:
|
|
cmd: docker compose exec -T nextcloud php /var/www/html/occ status --output=json
|
|
chdir: "{{ nextcloud_docker_compose_dir }}"
|
|
retries: 30
|
|
delay: 5
|
|
register: nextcloud_ready
|
|
until:
|
|
- nextcloud_ready.rc == 0
|
|
- (nextcloud_ready.stdout | from_json).installed == true
|
|
changed_when: false
|
|
|
|
- name: Deploy local network config file
|
|
ansible.builtin.template:
|
|
src: local-network.config.php.j2
|
|
dest: "{{ nextcloud_docker_volume_dir }}/nextcloud/config/local-network.config.php"
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0640'
|
|
|
|
- name: Install nextcloud plugins
|
|
ansible.builtin.include_tasks: plugins.yml
|
|
|
|
- name: Configure nextcloud collabora
|
|
ansible.builtin.include_tasks: collabora.yml
|
|
when: nextcloud_enable_collabora
|
|
|
|
- name: Configure nextcloud draw.io
|
|
ansible.builtin.include_tasks: drawio.yml
|
|
when: nextcloud_enable_drawio
|
|
|
|
- name: Configure notify_push
|
|
ansible.builtin.include_tasks: notify_push.yml
|
|
when: nextcloud_enable_notify_push
|
|
|
|
- name: Configure LDAP backend
|
|
ansible.builtin.include_tasks: ldap.yml
|
|
when: nextcloud_ldap_enabled
|
|
|
|
- name: Configure OIDC providers
|
|
ansible.builtin.include_tasks: oidc.yml
|
|
when: nextcloud_oidc_providers | length > 0 or nextcloud_oidc_providers_removed | length > 0
|