Closed sunjam closed 5 years ago
@sunjam Thanks for your idea.
Indeed I was also thinking about this already. Generally you should be able to run NCP install script on any DietPi system, although I didn't try it so far, maybe a task for the evening.
But these are assumptions so far and what I remember from visiting NCP features and code the last time π, as said, I need to test.
The docker image of course would work, but if you are already on a SBC and DietPi actively integrates several software besides each other, so that you don't need to run them in separate containers, these would be a large overhead and not optimal, especially performance/resource wise. Generally I am no big friend of containers. For me they should be considered as last resort, if you don't have to take care resource usage and/or need an extremely easy to maintain and stable instance, while not taking care too much about regular updates and/or individual configuration...
To integrate NCP nicely it surely would need some adjustment to reduce/avoid doubled settings and probably automate/set-fix some settings of NCP to match DietPi and/or the other way round.
Let me mark this for investigation. I am surely interested how it works out. Maybe @nachoparker has/had already some thoughts/opinion about this as well?
Thanks both,
I am in favour of two people looking and maintaining one code base nicely rather than two people poorly maintaining two codebases that do the same thing. I think it leads to superior code quality, less duplication of efforts, and safer implementation due to more eyes looking at it.
I would be happy to help, time permitting to make NCP even less intrusive if needed.
But as far as I can think of, the way, Nextcloud is implemented, it should break other web ui installations via dietpi-software. We heavily take care, that our implementations are as modular as possible and never do core changes/block core paths (e.g. webroot), so you can install/run everything in parallel.
NCP does a couple modifications to php and mysql only. Nothing that would be too hard to isolate a bit better. Some things like the tmp dir (dietpi leaves it in the SD card, NCP moves it along with the datadir to a USB drive if that option is activated) don't seem easy to completely decouple, neither for dietpi or for NCP.
Of course if there are more web services there is going to be a port clash, but that problem has nothing to do with NCP, because it will happen with any web based services that dietpi is going to install. I don't know how people deal with this in dietpi.
Armbian just included NCP in their software selection (not yet on master), so there's interest to keep things separate, independently of what happens with dietpi
The docker image of course would work, but if you are already on a SBC and DietPi actively integrates several software besides each other, so that you don't need to run them in separate containers, these would be a large overhead and not optimal, especially performance/resource wise. Generally I am no big friend of containers. For me they should be considered as last resort, if you don't have to take care resource usage and/or need an extremely easy to maintain and stable instance, while not taking care too much about regular updates and/or individual configuration...
I don't think the docker image fits nicely with dietPi. I mean it is a clean option and indeed it provides isolation, but wouldnt' it be weird if everything else is not containerized and NC is?
Aside from this, in general, I wouldn't disregard docker so quickly for your personal stuff. It is a great step forward in technology. It allows you to install complicated stacks superfast and reliably, and it does not have a performance penalty. For instance, it's isolation is perfect for situations like the one where we are at right now, with many webservices interfering each other's configurations... only updating it is a different process and has to be learnt aside from apt-get upgrade.
But that's another topic... xD
In any case, I think that first you should flash the latest NCP image and try it for yourself to understand the added value beyond NC: moving everything to an external hard drive, automount, autoupdates, auto debian upgrades, auto backups, auto SSL, DDNS support, added security, ncp-web, postfix ...
Then you can decide for yourself ;)
Ask anything
@nachoparker Thanks for sharing your ideas. Yes, indeed it's a question if we can get NCP installed in a way, that an existing webserver stack is adjusted with modular configuration files only and a Nextcloud-only web UI, that doesn't include otherwise doubled system settings. Simply a Nextcloud-only version. Also we allow Nginx and Lighttpd as webservers.
Let me now start with NCP installation on my 3 DietPi VMs π.
dietpi-software install 76 91
# LAMP stack + Rediscurl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh | bash
php-fpm
, where DietPi installs it with mod-php
.mysql_secure_installation
script as provided by MariaDB. Nice to have, but on Debian Stretch not needed, as stated above: root user present only with unix_socket authentication configured, which is great for my impression. However running the script does not damage something.Failed to stop mysqld.service: Unit mysqld.service not loaded.
The service is called mysql
(init.d) or optionally mariadb
(systemd). Workaround to fix mysqld service name:
sed -i '/systemctl .* mysqld/s/mysqld/mysql/g' etc/ncp-config.d/nc-nextcloud.sh
Next attempt with fix as above goes on:
dnsmasq
is installed, check compatibility with DietPi dnsmasq using software, Pi-hole
, hostapd
etc.letsencrypt
is installed, incompatible with DietPi-LetsEncrypt. Consider moving those and above into separate optional install step.dnsmasq
setup breaks name resolution on DietPi. Scripts goes on, continuously failing to connect to APT repos etc. Consider implementing some connectivity check after critical network related changes/installations and break script in case of error.unattended-upgrades
(DietPi currently avoids this, as it could break our own scripts randomly. Although I like automated APT upgrades, next item on my list.dnsmasq starts up afterwards, no idea why this failed during script execution:
Setting up dnsmasq (2.76-5+deb9u1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/dnsmasq.service β /lib/systemd/system/dnsmasq.service.
Job for dnsmasq.service failed because a timeout was exceeded.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dnsmasq, action "start" failed.
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: timeout) since Mon 2018-05-21 15:14:31 CEST; 87ms ago
Process: 9469 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=killed, signal=TERM)
Process: 9462 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 9459 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 9468 (code=exited, status=0/SUCCESS)
May 21 15:13:01 DietPi dnsmasq[9468]: started, version 2.76 cachesize 150
May 21 15:13:01 DietPi dnsmasq[9468]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
May 21 15:13:01 DietPi dnsmasq[9468]: DNS service limited to local subnets
May 21 15:13:01 DietPi dnsmasq[9468]: read /etc/hosts - 2 addresses
May 21 15:13:01 DietPi dnsmasq[9468]: reading /run/dnsmasq/resolv.conf
May 21 15:13:01 DietPi dnsmasq[9468]: using nameserver 192.168.178.1#53
May 21 15:14:31 DietPi systemd[1]: dnsmasq.service: Start-post operation timed out. Stopping.
May 21 15:14:31 DietPi systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
May 21 15:14:31 DietPi systemd[1]: dnsmasq.service: Unit entered failed state.
May 21 15:14:31 DietPi systemd[1]: dnsmasq.service: Failed with result 'timeout'.
Next attempt, now that dnsmasq is already installed and running:
ncp
user already exists at: https://github.com/nextcloud/nextcloudpi/blob/master/nextcloudplus.sh#L120Next attempt with fixed user creation:
avahi-daemon
installation (nextcloudplus.sh) but before nc-init
π€However does not seem to break something:
Setting up avahi-daemon (0.6.32-2) ...
Created symlink /etc/systemd/system/dbus-org.freedesktop.Avahi.service β /lib/systemd/system/avahi-daemon.service.
Created symlink /etc/systemd/system/multi-user.target.wants/avahi-daemon.service β /lib/systemd/system/avahi-daemon.service.
Created symlink /etc/systemd/system/sockets.target.wants/avahi-daemon.socket β /lib/systemd/system/avahi-daemon.socket.
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Processing triggers for systemd (232-25+deb9u3) ...
Processing triggers for dbus (1.10.26-0+deb9u1) ...
grep: /var/www/nextcloud/config/config.php: No such file or directory
Installing nc-backup
Installing nc-restore
grep: /var/www/nextcloud/config/config.php: No such file or directory
NextCloudPlus updated to version v0.56.6
Activating nc-init
Setting up a clean Nextcloud instance... wait until message 'NC init done'
Result
As far as I can see now, it is quite a huge work and would need a huge adjustment to NCP to fit into DietPi concept. NCP is not just a Nextcloud installation, it is a whole image/system implementation that configures everything according to run Nextcloud nicely and offer many Nextcloud-related system features in a user-friendly way. It's script is a bid comparable with our DietPi-PREP
, adjusting as well up to kernel settings. I think to underlying ideas of both projects are hard to combine currently π€. It is indeed a different approach if you wan't to build a system around a Nextcloud installation or Nextcloud, as one of many application into an otherwise fully developed system.
great job. Give me a few days to go through these points, as I am now preparing the next release
@nachoparker About mysql service name. Should be possible for compatibility to just try one by one all possible service names, mysql/mqsqld/mariadb and break loop after one was able to be restarted without error code.
About ncp user name. It's maybe good to let user choose if this existing user should be used/permission set or not, just in case if it exists for another reason/application. Or if unattended install is wanted, do some error handing/give user feedback about ncp user is needed/wanted for ncp and should be removed before next run.
Hi again,
Apologies for taking so long but I have not had the time to sit down for this before.
Indeed, the approach is different in both projects, and some modifications would need to be made, which might be fine. Still, we could share the maintenance burden so I think it would be nice for both projects.
If you look at the code, NCP installation boils down to the following steps
install_script lamp.sh
install_script nc-nextcloud.sh # install Postfix and Redis
activate_script nc-nextcloud.sh # install NC itself
install_script ncp.sh # install all NCP extras
install_script nc-init.sh # preconfigure NC
I think that the first logical step would be to skip ncp.sh
and initially share the rest of the installation between projects. Then we could look at what NCP really adds and how it can be combined with what DietPi does.
Also, NCP only supports Stretch ATM, and the main reason is really small manpower. What is the case with DietPi? do you guys support several different releases?
Apache is installed with php-fpm, where DietPi installs it with mod-php.
This is one thing that would need to be changed on one side... well, not necessarily. Which one is best? did a little search.
https://www.cloudways.com/blog/php-fpm-on-cloud/ http://fastjoomlahost.com/mod_php-fastcgi-php-fpm-server
Thoughts?
Apache configured with basic HTTPS functionality (snake oil certs), although within separate configuration/vhost and no forced redirection/HSTS, this should be no problem.
HSTS is enabled by default code. Also HTTP2, OCSP Stapling and other stuff.
MariaDB configuration output seems to expect root password authentication. However since Debian Stretch, unix_socket authentication is default, allowing login only when logged in as unix root user, but without the need to enter password for MariaDB login again. Compatibility with this behaviour assured? u6307β¬: Ah just found mysql_secure_installation script as provided by MariaDB. Nice to have, but on Debian Stretch not needed, as stated above: root user present only with unix_socket authentication configured, which is great for my impression. However running the script does not damage something.
mysql_secure_installation does other things too, it's nice to keep I think ;)
the unix_socket behaviour should be no problem. I didn't even notice the change and didn't have to adapt it to Stretch.
Postfix is installed. Would be nice to have modules like this optional, allowing to e.g. skip installation (and of course potential UI elements, depending on it) via command option, global variable or setup configuration file.
It is a different step, ( nc-nextcloud.sh "activation", meaning the configure() step ), so it would be easy to separate, but I wonder what's the benefit of removing it. Does DietPi also install postfix?
Redis is being installed at last, consider moving installation to the beginning within/between LAMP stack installation etc. and just do final Nextcloud related needed configuration within final NCP install script. This would also avoid enabling the service, which does not work in combination with DietPi, controlling the services itself.
Redis is installed after LAMP, and before Nextcloud (same with Postfix), so I think we agree here. I didn't understand the problem with enabling/disabling the service.
Last output: Failed to stop mysqld.service: Unit mysqld.service not loaded. The service is called mysql (init.d) or optionally mariadb (systemd). Is installation aborted here or finished anyway?
In my Raspbian Stretch all three exist: mysql, mysqld, mariadb, so I am surprised. Are you in Stretch? In any case, no problem to change this.
Installer expects PHP 7.0 to be installed. This will break installation with default PHP version on Jessie (PHP 5) and Buster (PHP 7.2).
Again, ATM only Stretch is supported. There are people starting to ask for PHP > 7.0, so one option would be to move to PHP 7.2 (by bringing sources from Buster to Stretch). That could potentially cause problems though, for instance that is what I did in Jessie to get PHP 7.0 support, but it would break php-smbclient.
Also, PHP 5.0 is just slow
Script fails/breaks, if ncp user already exists at: https://github.com/nextcloud/nextcloudpi/blob/master/nextcloudplus.sh#L120
The ncp user is not a login user. It is only used to log in to ncp-web. I think it is better that is separated from the login user, and has no permissions whatsoever. In any case, this is part of ncp.sh
In lamp.sh
, another thing that should be done is to stop modifying /etc/mysql/mariadb.conf.d/50-server.cnf
and create separate files, like /etc/mysql/mariadb.conf.d/90-ncp.cnf
. Same for php ini and apache files where possible.
So the "curl installer" is a very simple one in terms of robustness: it expects a clean Stretch system. If there is already a LAMP stack or if you try to install it twice some things might fail. This would be another point for improvement.
I'd actually like the curl installer to allow "frugal"? installs on any preexisting and externally managed debian installation.
The LAMP and system settings would have to be checked and adjusted in a finer grained way, when there is no modular conf.d
directory available.
May something like a "nc-provisioning-service" work?:
A script that:
Makes completed ncp installs detectable by moving a temporary ncp config state directory to a permanent place on success.
Instead of replacing (default or external) config files, always greps config files for the individual required ncp settings or stanzas and if not present:
Keeps separate copies of the managed config files and inotify-watches the config files to redo the grep/edit on any external changes, and sends the diff to the admin.
Well, maybe in the end above "nc-provisioning-service" could get installed with a .deb package.
install_script lamp.sh install_script nc-nextcloud.sh # install Postfix and Redis install_script ncp.sh # install all NCP extras -> debian package with package dependencies that installs the nc-provisioning-service script
activate_script nc-nextcloud.sh # install NC itself install_script nc-init.sh # preconfigure NC -> configs watched by nc-provisioning-service
hi @testbird .
I don't think I understand the point of this new script. I think that if possible, it would be nice to enhance the current scripts (lamp.sh specially) to
conf.d
files instead of modifying the global configuration filesIn any case, I still think that integration should start by the lamp.sh + nc-nextcloud.sh + nc-init.sh, skipping the rest of NCP software. When that is completed we can move on to see how and if we add the rest of the software.
Hi, the reason I thought of a new "script" may just be that I may not have understood completely the reasons for the way you had split things up currently.
The idea was just wrapping things into some (service?) file that is started on boot to check the configs and starts watching for changes. (May just call the scripts as split up currently.)
Do you think this would solve your points 2-4?:
Each action on an existing file would have to 1) be conditional (skipped if the outcome already exists) 1) copy the old and new version of the file to a backup location 1) get logged.
For particular settings the condition test could, for example, be a regexp grep.
How would you control skipping the rest of NCP software, for now?
@testbird @nachoparker Sorry also from my side to leave this issue unanswered for such a long time. Actually I got the impression, that really the approaches and initial aims (that formed how both projects install and configure on the system) are too different to easily merge in some way. And limited time made me concentrate on other topics. But I still find this interesting, also as a learning project about how create projects most compatible, less intrusive and caring about existing user installs and adjustments. Especially in open source world, this makes the fork and use of code in different environments easier. But yeah, hard to achieve this after the project has grown for a while π.
Generally great is:
conf.d
settings file for own adjustments, where possible. This is also something we are more and more aiming for with DietPi, though still much to do. This also allows APT upgrades with updated package maintainer config files, where our conf.d/* just overwrites what we really want. mod-php
vs php-fpm
This is a really difficult question and clearly there is no better
without a certain case. I just had a conversation on https://help.nextcloud.com about it with someone that has much more insight than me. If it's about features, there is no real reason any more to use mod-php
. The only thing it allows, which php-fpm
does not, is using php-(admin-)value/flag
to set PHP values within webserver configuration. By this you can apply values, which cannot be directly applied directory wise via .user.ini
(and such, e.g. opcache.memory_consumption to satisfy Nextcloud admin panel) still directory wise, by placing them within a certain vhosts location statement. php-fpm
(mpm_worker/event) on the other hand allows HTTP/2 and all the php-fpm specific configuration/features. But Apache from the ground up for my impression does no handle php-fpm too good/natively, as Nginx and Lighttpd do. There will remain several Apache processes (to handle static requests) according to the mpm_worker/event settings, besides the php-fpm processes. Nginx/Lighttpd just spawn a single process here. But that's maybe just a visual. According to Apache defaults I finally concluded that it makes more sense, if according to high access rates php-fpm is wanted, to directly choose Nginx or Lighttpd, which allow this more natively and with less RAM usage. On low traffic/concurrent access servers, Apache with mod-php is most likely a tiny bid faster, as everything about a request is handled within a single process.
But ideally this is left as (optional) user choice. In case of NextcloudPlus it would be very great if webserver installation could be fully skipped. But then there need to be vhosts available for every (supported) webserver and optimizations need to be done per webserver. This is what we try with our install script, working good for Apache and Nginx. But Lighttpd e.g. lacks example Nextcloud configuration and there seem to be nearly no users that chose Nextcloud+Lighttpd (besides DietPi default installation), so we do not change much there, also as Lighttpd + Nextcloud runs simply out of the box without any config edit π.
@nachoparker
HSTS is enabled by default code. Also HTTP2, OCSP Stapling and other stuff.
For Nextcloud this also makes much sense. In our case many users use their system within local network only for media system management and such, without access from www. There HTTPS is not necessarily required and then could be seen as avoidable overhead. For this reason we do not configure HTTPS by default, but then allow to do this afterwards via dietpi-letsencrypt
(CertBot + manual additions based on webserver / software used).
the unix_socket behaviour should be no problem. I didn't even notice the change and didn't have to adapt it to Stretch.
Yeah, on Jessie, with unix_socket installed/used, mysql/mariadb login fails, if a password is given. On Stretch it is just ignored. If a password is applied (mysql > ... identified by 'password'), then unix_socket is automatically disabled and user + password is needed from then on for this user.
If the for my impression reasonable feature is wanted (preserved), then the only issue is, that no other user can login via mysql -uroot
, thus sudo is required then or a new mysql user with admin permissions, matching the default login user name.
It is a different step, ( nc-nextcloud.sh "activation", meaning the configure() step ), so it would be easy to separate, but I wonder what's the benefit of removing it. Does DietPi also install postfix?
I like, and this goes along with the aim of DietPi, to have installs by default as clean/slim as possible to reduce SDcard writes, disk and RAM usage as much as possible. When manually choosing a certain option or feature, additional packages can be installed and configured on demand. E.g. I don't use my server as mail server, have no static IP anyway and don't use any other feature that requires an MTA. Thus I would see postfix just as unnecessary baggage π. I personally would add on demand installation and pre-configuration of postfix to an init script or hint when accessing certain ncp-config or web ui options respectively.
Redis is installed after LAMP, and before Nextcloud (same with Postfix), so I think we agree here. I didn't understand the problem with enabling/disabling the service.
Yeah, this is something where DietPi perhaps needs some rework to behaviour more usual. Most software services are disabled (systemctl disable ...) by DietPi and started/stopped by our dietpi-software script before and after maintenance/install tasks. That they are disabled (not autostarted by systemd) allows defined startups after all boot stages and in preferred order (databases before PHP before webservers, backends before frontends etc). But I was already thinking, if we could leave them enabled. The only effect is that on boot they are started by systemd according to unit dependencies. This should be no issue and it would be less confusing for end users, which find e.g. systemctl status mysql
being disabled, but still starting up on boot.
In my Raspbian Stretch all three exist: mysql, mysqld, mariadb, so I am surprised. Are you in Stretch? In any case, no problem to change this.
I tried this on a Stretch VirtualBox VM. There /etc/init.d/mysql
and systemd mariadb.service is available. On my RPi it is the same, but that one is on Raspbian Buster π
, to might be different on default Raspbian Stretch.
DietPi uses the init.d service, to support Jessie as well, as there is no systemd service available. Although I am thinking about adding the systemd service to Jessie instead π€.
Again, ATM only Stretch is supported. There are people starting to ask for PHP > 7.0, so one option would be to move to PHP 7.2 (by bringing sources from Buster to Stretch). That could potentially cause problems though, for instance that is what I did in Jessie to get PHP 7.0 support, but it would break php-smbclient.
Ah okay, Stretch-only, this is clear then. Yeah, I was also thinking about allowing PHP7 install on Stretch or generally allowing to install custom PHP version (via different repos) and apply settings to whatever /etc/php(5)[7.X] folder we find on the system. But this could lead to much additional bugreports/support/testing due to largely increased possible setup combinations. For now at least we stay with the default APT version each repo.
The ncp user is not a login user. It is only used to log in to ncp-web. I think it is better that is separated from the login user, and has no permissions whatsoever. In any case, this is part of ncp.sh
Jep, I thought so. I just though that you should handle it gracefully, if the user already exists, otherwise the script fails (again). Either is is trusted, that ncp
must be the NextcloudPlus user from a prior installation or failed (my case) install attempt, or it is removed and recreated (to assure wanted creation options) or choice about this is left to user, to not remove/overwrite a user that way maybe created for another task π.
In lamp.sh, another thing that should be done is to stop modifying /etc/mysql/mariadb.conf.d/50-server.cnf and create separate files, like /etc/mysql/mariadb.conf.d/90-ncp.cnf. Same for php ini and apache files where possible.
π Jep, we also did this not long time ago.
We use some config injection function for this: https://github.com/Fourdee/DietPi/blob/testing/dietpi/func/dietpi-globals#L2223
Very nice thing to share, too bad you said "All mine!" :D :-)
we stay with the default APT version each repo.
Sounds very reasonable, a more generic depenency on "php" in NCP would allow installing on stable, testing and unstable, even if initially not supported and working yet, it will allow users to test and fix things.
@nachoparker Maybe could you introduce a frugal install detection mechanism (not ncp-build?, not armbian?) and a option to install.sh that causes only the basic things to get installed.
@MichaIng Maybe could you add the backup creation to G_CONFIG_INJECT() in a way that allows it to also be used in https://github.com/nextcloud/nextcloudpi/blob/master/etc/library.sh (to only make a check first and allow skiping the corresponding ncp install step, if the configuration already exists)
With that basic infrastructure in place it could be possible to adapt and test NCP install.sh on different systems.
Does DietPi also install postfix?
I like... to have installs by default as clean/slim as possible
Maybe using a non-spooling, ram-only forwarder is all that is needed to send out notifications. (Not sure msmtp, esmtp, or ssmtp?)
Edit: May require storing smtp login on the device?
I guess the status that some service or setting was already found (preinstalled) initally will have to get saved, to later skip any corresponding updates.
Is there some specific way you would imagine this to work? Append lines naming preinstalled or external options to some file?
I have made some things optional in the https://github.com/testbird/nextcloudpi/ branch, and after php-redis is installed manually from sid (because it is currently not available in buster) the installer is now able to run through in the freedombox debian-testing image. (https://ftp.freedombox.org/pub/freedombox/testing-latest/freedombox-testing-free_latest_all-amd64.vdi.xz)
To test the adaptions in a debian testing dev image:
wget http://ftp.debian.org/debian/pool/main/p/php-redis/php-redis_3.1.6-1+b1_amd64.deb
dpkg -i php-redis_3.1.6-1+b1_amd64.deb
apt install -f
curl -sSL https://raw.githubusercontent.com/testbird/nextcloudpi/master/install.sh | bash
However, I am not able to find out why it broke the web access. I don't know enough how all the parts are interrelated. Would be great if you could improve on my patches.
@MichaIng It would be really great if you could find the time to update your G_CONFIG_INJECT() with prior-state tests and backup keeping of the prior and the configured state, in a way that it could also be used in the NCP installer.
Edit: basic pointer https://github.com/nextcloud/nextcloudpi/wiki/ncp-app-developer-guide
One of the reasons why I use Apache is because of mod_security. This is harder to install in nginx. I definitely don't have the manpower for supporting three different LAMP stacks, but if I had more help it would be doable. For the same reason, I only support Stretch, and again if there was someone adapting the system to Jessie I would gladly merge that.
In the days of insecure IoT I believe that even in your local network you need HTTPS. Maybe you can skip signing your certificates, but HTTPS is a must. In any case, both Letsencrypt and HTTPS are optional in NCP, but by default NCP works with HTTPS only and you have to disable that manually, which I think it's the right thing to do in this case.
I add postfix because that way the user receives notifications about shared files and other activity in their cloud. It is quite standard in Nextcloud and I think it is nice to include it. It is true that it is a bit heavy for what it does. I would be happy to replace but something lighter, we don't need a full fledged email server to send some informative emails.
Again here our projects have different goals. NC aims to be an all-included ready to use solution, and tries to minimize the amount of obscure steps that a non-technical user has to go through. Most people don't even know what postfix is, but they appreciate that the system sends them emails automatically out of the box. That being said, it could be a good improvement to have some option to disable it, and maybe install it separatedly from NC itself (in a separate step).
For now at least we stay with the default APT version each repo.
Agreed.
Agreed, we should detect this, and probably just throw a big warning in case it already exists. I created https://github.com/nextcloud/nextcloudpi/issues/579
Created https://github.com/nextcloud/nextcloudpi/issues/580
In order to be able to run in systems that are not under our control, it would be nice to add a few functions to the NCP library and use that during build/update/installation. We can take the config injection function from DietPi, and potentially others as well.
In the past I wanted each single .sh
file to be as self contained as possible, so I was trying to avoid sourcing other files, but in the new situation at hand I think it would be a nice move. This would make the code more readable as it is full of seds and greps, we could log actions better, backup configs and more.
https://github.com/nextcloud/nextcloudpi/issues/581
I think that @testbird agrees on this ;)
Sadly I won't have both time and a computer for a few weeks, but it is good that we start creating items. Feel free to open other ones in NCP github.
BTW: feel free to join our Telegram group, it's quite active and we share feedback and ideas.
Updated G_CONFIG_INJECT: https://github.com/Fourdee/DietPi/pull/2042
grep
error catching of the if statements. This is needed to prevent e.g. adding setting to end of file, if grep
checks fail due to error instead of string not found.BACKUP=1
handling to create backup /path/to/file.bak before editing the file.Only issue with direct NCP implementation is that it uses G_DIETPI-NOTIFY
and G_WHIP_MSG
, which would need to be replaced by echo -e
and whiptail --msg
.
Feel free to use and adjust for own needs of course. If you know the settings you want to add, all the error handling could be skipped, to have a lightweight version. I added this just, since we use the function much throughout DietPi and source it to current terminal session, so end users can use it as well as global function. Errors can happen if []$"{}() and such are not escaped properly (see function comments), also since extended regular expressions are handled (grep/sed -E).
Is PHP 7 coming soon? Nextcloud 14 requires PHP 7 so checking. Thanks.
@kevkha
Is PHP 7 coming soon?
We offer Debian Stretch images, thus PHP7, for all our supported devices, besides Odroid C1.
Nextcloud 14 requires PHP 7
Are you sure??? Can't believe it, haven't heard of it and it would break compatibility for a very large user space. Do you have a link for this info? In case this would mean that we need to manually install NC13 on Jessie images and inform users that they can't use Nextcloud 14. Flash new Stretch image would be needed otherwise, or manual steps to dist-upgrade to Debian Stretch or install PHP7 π€.
https://github.com/nextcloud/server/commit/ace96a406a4fea0dcc07abd003495da34b5fa71c Indeed PHP5 support dropped with Nextcloud 14. Not sure what is best to do. I hope on Jessie/PHP5 systems, WebUI update attempt shows meaningful output and is prevented, so we can resolve it by forcing NC13 on Jessie. Otherwise we need to inform Jessie users that they shall not update and remove Nextcloud install option for Jessie to avoid unexpected issues. Test needed. @Fourdee This should be fixed/worked around before v6.15 release, as Nextcloud 14 is already released. Today official launch is planned, a fresh install already pulls v14, just the WebUI upgrade is not yet offered in my case.
indeed a situation. Until when are you guys going to support Jessie? I guess you will have to support two versions of NC :S
in NCP due to shortage of manpower we only support the latest stable debian
@nachoparker At least with PHP5 in use, NC14 update is not offered and we do no NC14-only install steps. So we just need to download/install the latest NC13 on Jessie systems.
The reason to still support Jessie is, besides existing Jessie users from older times, that the Odroid Stretch pre-image we use does not have full GPU support to play e.g. Kodi smoothly. And Kodi is one of the more used software on DietPi systems. Also we have no Stretch image for Odroid C1 available :thinking:. We can just hope that Meveric finds a fix for his Odroid Stretch images soon or have to disappoint many of our Odroid users, sooner or later.
@MichaIng Yes, pretty sure. I received a recommendation from my previous NC 13.0.6 upgrade. More details here https://nextcloud.com/blog/changes-for-developers-in-nextcloud-14-beta-4-ready-for-testing/
@kevkha Thanks for additional verification. Solution from our side will be as above to simply install https://download.nextcloud.com/server/releases/latest-13.zip on Jessie systems. Damn, wanted to add it to my open PR today, but simply to busy with other stuff... Tomorrow, at latest on Thursday it will be finished, including some other enhancements. I hope Fourdee has enough patience to wait with v6.15 release for this, to prevent Jessie users run into unusable Nextcloud installs.
I am still surprised by the decision to drop PHP5.6 support, as e.g. all the RHEL users already had problems to get PHP5.6 when PHP5.4 support was dropped. But the step to PHP7.0 is indeed a larger one, if one wants to stick with LTS distros and their native software repos.
Too bad for boards with shitty support. IIRC all Armbian boards NCP supports are on Stretch already
Another thought. Switching to use docker container https://ownyourbits.com/2017/06/08/nextcloudpi-docker-for-raspberry-pi/
@nachoparker Odroids are actually well supported. Sadly official images just include Ubuntu and Android π. But one developer Meveric offers clean Debian images, including an own large APT software and kernel repository with regular updates.
The missing Kodi (rechecked, it's really just Kodi, Chromium GPU acceleration works) GPU support is the left Stretch-only issue I am aware of.
@kevkha
We offer docker and everyone is free to install docker containers of course, but we will not add docker container installs to dietpi-software
or take special care about it. DietPi tries to integrate software hierarchically flat into the system. Docker encapsulates software and has a hierarchically vertical system structure. This has great benefits, e.g. avoiding the need to take care of compatibility and dependencies of different software titles, but the abstraction/encapsulation also has disadvantages of multiple resource (e.g. drive space, ram) usage and in some areas less performance (although not 100% sure which areas, also in comparison to snaps and such). Configuration abilities are mostly reduced as well.
I mark this issue as closed. I think it has been discussed enough that both projects have their own stranges and aims and should be seen as either/or for now. Making DietPi(-Software) more flexible and compatible with 3rd party installers is a general long term aim that is followed by many small steps with every DietPi update. I'll have a look back at NextCloudPi, as I am following it anyway with great interest, so as fast as we can think of an integration, we'll open it as new software request.
Aside from that, the NextCloudPi installer CAN run on DietPi, it is just the DietPi-Software installs and things like dietpi-letsencrypt, that currently assume and/or establish an incompatible webserver setup, which must be kept in mind from then on.
I just saw this thread comparing the two projects and see no reason you could not further integrate NextcloudPi to improve Nextcloud integration and deployment in DietPi.
The NextcloudPi curl script installation or docker image could be easily modified to give you best of both worlds. This would allow you to integrate the ncp-config and ncp-web tools to more easily run OCC commands, or just run your particular Nextcloud scripts from an attractive terminal / SSH / web interface. @nachoparker is the friendly lead dev.