allow to add dependencies and php extensions into the Nextcloud container

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/nextcloud-update.yml

@@ -57,7 +57,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version|" ./Containers/nextcloud/start.sh
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"

Containers/mastercontainer/start.sh

@@ -185,6 +185,22 @@ It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi
 fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
+        exit 1
+    fi
+fi
 
 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565

Containers/nextcloud/Dockerfile

@@ -64,13 +64,11 @@ RUN set -ex; \
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
-    pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
         apcu \
         memcached \
         redis \
-        imagick \
     ; \
     rm -r /tmp/pear; \
     \

Containers/nextcloud/start.sh

@@ -36,6 +36,34 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
 fi
 sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
+# Install additional dependencies
+if [ -n "$ADDITIONAL_APKS" ]; then
+    if ! [ -f "/additional-apks-are-installed" ]; then
+        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
+        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
+            apk add "$app"
+        done
+    fi
+    touch /additional-apks-are-installed
+fi
+
+# Install additional php extensions
+if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
+        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                pecl install imagick-3.7.0
+                docker-php-ext-enable imagick
+            else
+                pecl install "$app"
+                docker-php-ext-enable "$app"
+            fi
+        done
+    fi
+    touch /additional-php-extensions-are-installed
+fi
+
 # Run original entrypoint
 if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1

docker-compose.yml

@@ -30,6 +30,8 @@ services:
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently.
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

manual-install/update-yaml.sh

@@ -77,6 +77,8 @@ sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the p
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagick        # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf

php/containers.json

@@ -158,7 +158,9 @@
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%"
+        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
+        "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"

php/src/Data/ConfigurationManager.php

@@ -561,6 +561,20 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetNextcloudAdditionalApks() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
+        $configName = 'nextcloud_additional_apks';
+        $defaultValue = '';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
+    public function GetNextcloudAdditionalPhpExtensions() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS';
+        $configName = 'nextcloud_additional_php_extensions';
+        $defaultValue = 'imagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
         if ($this->GetCollaboraSeccompDisabledState() !== 'true') {

php/src/Docker/DockerActionManager.php

@@ -332,6 +332,10 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                 } elseif ($out[1] === '%NEXTCLOUD_STARTUP_APPS%') {
                     $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
+                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_APKS%') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
+                } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }

readme.md

@@ -467,6 +467,16 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 ### How to change the Nextcloud apps that are installed on the first startup?
 You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
 
+### How to add packets permanently to the Nextcloud container?
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS=dependency1 dependency2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=
+
+### How to add PHP extensions permanently to the Nextcloud container?
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick extension1 extension2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 

tests/QA/060-environmental-variables.md

@@ -16,5 +16,7 @@
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)