Themes for Pico

Hi - have been fiddling about with my PicoCMS installation and found a few things. But have run out of time - and have to go. So sorry for not searching the forum to see if this has been posted anywhere else.

It appears to me that when installing a theme you need to put a copy of the theme in

/appdata/cms_pico/themes/

and another copy in

/apps/cms_pico/Pico/themes/

where the appdata directory has some big serial number on it.

It seems that the twig templates have to go in the appdata dir, and the css files have to go in the apps directory. That is about as far as I have got.

But I have now got a Nextcloud PicoCMS running a different template. :slight_smile:

Happy new year. It is another 30 deg C day down here in NZ - maybe the beach this afternoon. :slight_smile:

What theme did you install?
Because any of them who links to google for fonts or ui element are not working,
because of security restrictions.

Security restrictions are a different issue. It is a webserver security issue. You need to modify the content security policy to allow content from those sites.

I have

Header always set Content-Security-Policy “default-src ‘none’;base-uri ‘none’;manifest-src ‘self’’;style-src ‘self’ ‘unsafe-inline’ https://fonts.googleapis.com/;img-src ‘self’ data: blob: *;font-src ‘self’ https://fonts.gstatic.com;connect-src ‘self’;media-src ‘self’;frame-src www.youtube.com prezi.com player.vimeo.com vine.co ‘self’;child-src ‘self’;”

Hey, can you describe exactly whereto put that? I run nextcloudpi on a raspberrypi, so its an apache webserver and am struggling enabling themes as well.

I would rather like download the fonts and stuff from google, implement that on my own server and rewrite the links. Most of that is clear, except for the fonts.
That looks a bit trickier.

Hi - wow, how time flies. Been meaning to get back to update this, but …

First - I would not recommend using this app. It does not appear to be being maintained - both nextcloud and PicoCMS have been updated since this was released.

I did fork the project, but have not had time to do anything other than change the version numbers and try to understand composer :slight_smile:

Anyway - Content Security Policies.
I am running Nextcloud on a cloud.domain.name subdomain. I also have jQuery in my theme/scripts directory. These policies allow fonts and style sheets from google, and local files to be loaded.

To add the content security policies, you need to edit the Apache configuration file (or probably the htaccess file). With my setup, I have the following in the /etc/httpd/conf.d/virtualhosts.conf file:

`
<VirtualHost *:443>

DocumentRoot "/usr/share/nextcloud"
ServerName cloud.domain.name
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    Header always set Content-Security-Policy "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;img-src 'self' data: blob: *;font-src 'self' https://fonts.gstatic.com;connect-src 'self';media-src 'self';frame-src www.youtube.com prezi.com player.vimeo.com vine.co 'self';child-src 'self';"
    Header set Referrer-Policy "no-referrer"
</IfModule>

etc

You might notice I am using nethserver. To do this in nethserver, create and edit /etc/e-smith/templates-custom/httpd/vhost-extra/10headers and enter

{
my $nextcloudheaders = << "EOF";

<IfModule mod_headers\.c>Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
       Header always set Content-Security-Policy "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;img-src 'self' data: blob: *;font-src 'self' https://fonts.gstatic.com;connect-src 'self';media-src 'self';frame-src www.youtube.com prezi.com player.vimeo.com vine.co 'self';child-src 'self';"

        Header set Referrer-Policy "no-referrer"

   </IfModule>

EOF

$OUT .= $nextcloudheaders if ($VhostName eq 'cloud');
}

Templates and themes

The easiest way to get these running is as follows. My Nextcloud installation is at /usr/share/nextcloud/, and my Nextcloud data directory is at /var/lib/nethserver/nextcloud/data/

The easiest way to get it all working is to make a system link from the cms_pico directory in the nextcloud apps directory to the cms_pico directory in the nextcloud appdata directory. eg:

cd /usr/share/nextcloud/apps/cms_pico/
rm Pico
ln -s /var/lib/nethserver/nextcloud/data/appdata_abcdefghi/cms_pico/ Pico

This seems to be working for me so far :slight_smile:

I might try to update the pico files to the latest Picocms version, or I might just install Pico in another virtual host. Or use Grav.

Hope this helps.