nextcloud: Connect to mysql using socket instead of TCP

- This eliminates the need to reconfigure mysql. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2024-04-01 15:13:51 -07:00 · 2024-04-01 15:13:51 -07:00 · fba3d6339b
commit fba3d6339b
parent 96035c2e2d
2 changed files with 14 additions and 30 deletions
--- a/plinth/modules/nextcloud/init.py
+++ b/plinth/modules/nextcloud/init.py
@ -89,13 +89,6 @@ class NextcloudApp(app_module.App):
                              urls=['https://{host}/nextcloud/login'])
        self.add(webserver)

-        daemon = Daemon('daemon-nextcloud', 'nextcloud-freedombox')
-        self.add(daemon)
-
-        daemon = Daemon('daemon-nextcloud-timer',
-                        'nextcloud-cron-freedombox.timer')
-        self.add(daemon)
-
        daemon = SharedDaemon('shared-daemon-podman-auto-update',
                              'podman-auto-update.timer')
        self.add(daemon)
@ -107,6 +100,13 @@ class NextcloudApp(app_module.App):
        daemon = SharedDaemon('shared-daemon-nextcloud-mysql', 'mysql')
        self.add(daemon)

+        daemon = Daemon('daemon-nextcloud', 'nextcloud-freedombox')
+        self.add(daemon)
+
+        daemon = Daemon('daemon-nextcloud-timer',
+                        'nextcloud-cron-freedombox.timer')
+        self.add(daemon)
+
        backup_restore = NextcloudBackupRestore('backup-restore-nextcloud',
                                                **manifest.backup)
        self.add(backup_restore)
--- a/plinth/modules/nextcloud/privileged.py
+++ b/plinth/modules/nextcloud/privileged.py
@ -28,8 +28,6 @@ GUI_ADMIN = 'nextcloud-admin'

 _volume_path = pathlib.Path(
    '/var/lib/containers/storage/volumes/') / VOLUME_NAME
-_socket_config_file = pathlib.Path('/etc/mysql/mariadb.conf.d/'
-                                   '99-freedombox.cnf')
 _systemd_location = pathlib.Path('/etc/systemd/system/')
 _cron_service_file = _systemd_location / 'nextcloud-cron-freedombox.service'
 _cron_timer_file = _systemd_location / 'nextcloud-cron-freedombox.timer'
@ -46,7 +44,7 @@ def setup():
    """Setup Nextcloud configuration."""
    database_password = _generate_secret_key(16)
    administrator_password = _generate_secret_key(16)
-    _configure_db_socket()
+
    _create_database(database_password)
    action_utils.podman_run(
        network_name=NETWORK_NAME, subnet='172.16.16.0/24',
@ -54,6 +52,7 @@ def setup():
        container_ip=CONTAINER_IP, volume_name=VOLUME_NAME,
        container_name=CONTAINER_NAME, image_name=IMAGE_NAME,
        extra_run_options=[
+            '--volume=/run/mysqld/mysqld.sock:/run/mysqld/mysqld.sock',
            f'--env=TRUSTED_PROXIES={BRIDGE_IP}',
            '--env=OVERWRITEWEBROOT=/nextcloud'
        ])
@ -161,16 +160,6 @@ def _configure_firewall(action, interface_name):
    action_utils.service_restart('firewalld')


-def _configure_db_socket():
-    file_content = f'''## This file is automatically generated by FreedomBox
-## Enable database to create a socket for podman's bridge network
-[mysqld]
-bind-address            = {BRIDGE_IP}
-'''
-    _socket_config_file.write_text(file_content, encoding='utf-8')
-    action_utils.service_restart('mariadb')
-
-
 def _create_database(db_password):
    """Create an empty MySQL database for Nextcloud."""
    # SQL injection is avoided due to known input.
@ -189,7 +178,7 @@ def _create_database(db_password):
 def _set_db_privileges(db_password):
    """Create user, set password and provide permissions on the database."""
    query = f'''GRANT ALL PRIVILEGES ON {DB_NAME}.* TO
-  '{DB_USER}'@'{CONTAINER_IP}'
+  '{DB_USER}'@'localhost'
  IDENTIFIED BY'{db_password}';
 FLUSH PRIVILEGES;
 '''
@ -201,10 +190,11 @@ def _nextcloud_setup_wizard(db_password, admin_password):
    admin_data_dir = _volume_path / '_data/data' / GUI_ADMIN
    if not admin_data_dir.exists():
        _run_occ('maintenance:install', '--database=mysql',
-                 f'--database-name={DB_NAME}', f'--database-host={BRIDGE_IP}',
-                 '--database-port=3306', f'--database-user={DB_USER}',
+                 '--database-host=localhost:/run/mysqld/mysqld.sock',
+                 f'--database-name={DB_NAME}', f'--database-user={DB_USER}',
                 f'--database-pass={db_password}', f'--admin-user={GUI_ADMIN}',
                 f'--admin-pass={admin_password}')
+
    # For the server to work properly, it's important to configure background
    # jobs correctly. Cron is the recommended setting.
    _run_occ('background:cron')
@ -284,7 +274,6 @@ def uninstall():
    _bind_redis('127.0.0.1 -::1')
    action_utils.service_restart('redis-server')
    _drop_database()
-    _remove_db_socket()
    _configure_firewall(action='remove', interface_name=NETWORK_NAME)
    action_utils.podman_uninstall(container_name=CONTAINER_NAME,
                                  network_name=NETWORK_NAME,
@ -294,16 +283,11 @@ def uninstall():
        path.unlink(missing_ok=True)


-def _remove_db_socket():
-    _socket_config_file.unlink(missing_ok=True)
-    action_utils.service_restart('mariadb')
-
-
 def _drop_database():
    """Drop the mysql database that was created during install."""
    with action_utils.service_ensure_running('mysql'):
        query = f'''DROP DATABASE {DB_NAME};
-    DROP User '{DB_USER}'@'{CONTAINER_IP}';'''
+    DROP User '{DB_USER}'@'localhost';'''
        subprocess.run(['mysql', '--user', 'root'], input=query.encode(),
                       check=True)