voltron/Nextcloud-Install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Clone

Browse Source
This commit is contained in:
David Schroeder
2019-11-14 19:36:04 -06:00
parent 1051826ba8
commit ac7cd93dfe
48 changed files with 7742 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
static/adduser.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
if [[ $UNIXUSER != "ncadmin" ]]
then
msg_box "Current user with sudo permissions is: $UNIXUSER.
This script will set up everything with that user.
If the field after ':' is blank you are probably running as a pure root user.
It's possible to install with root, but there will be minor errors.
Please create a user with sudo permissions if you want an optimal installation.
The preferred user is 'ncadmin'."
if [[ "no" == $(ask_yes_or_no "Do you want to create a new user?") ]]
then
print_text_in_color "$ICyan" "Not adding another user..."
sleep 1
else
read -r -p "Enter name of the new user: " NEWUSER
adduser --disabled-password --gecos "" "$NEWUSER"
sudo usermod -aG sudo "$NEWUSER"
usermod -s /bin/bash "$NEWUSER"
while true
do
sudo passwd "$NEWUSER" && break
done
sudo -u "$NEWUSER" sudo bash "$1"
fi
fi

42
static/automatic_updates.sh Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
print_text_in_color "$ICyan" "Configuring automatic updates..."
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
msg_box "This option will update your server every week on Saturdays at 18:00 (6 PM).
The update will run the built in script '$SCRIPTS/update.sh' which will update both the server packages and Nextcloud itself.
You can read more about it here: https://www.techandme.se/nextcloud-update-is-now-fully-automated/
Please keep in mind that automatic updates might fail hence it's important to have a proper backup in place if you plan to run this option.
You can disable the automatic updates by entering the crontab file like this:
'sudo crontab -e -u root'
Then just put a hash (#) in front of the row that you want to disable.
In the next step you will be able to choose to proceed or exit."
if [[ "yes" == $(ask_yes_or_no "Do you want to enable automatic updates?") ]]
then
touch $VMLOGS/update.log
crontab -u root -l | { cat; echo "0 18 * * 6 $SCRIPTS/update.sh minor >> $VMLOGS/update.log"; } | crontab -u root -
if [[ "yes" == $(ask_yes_or_no "Do you want to reboot your server after every update? *recommended*") ]]
then
sed -i "s|exit|shutdown -r +1|g" "$SCRIPTS"/update.sh
echo "exit" >> "$SCRIPTS"/update.sh
fi
fi

51
static/change-ncadmin-profile.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
rm "/home/$UNIXUSER/.profile"
cat <<-UNIXUSER-PROFILE > "$UNIXUSER_PROFILE"
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]
then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]
then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ]
then
PATH="$HOME/bin:$PATH"
fi
bash /var/scripts/instruction.sh
bash /var/scripts/history.sh
sudo -i
UNIXUSER-PROFILE
chown "$UNIXUSER:$UNIXUSER" "$UNIXUSER_PROFILE"
chown "$UNIXUSER:$UNIXUSER" "$SCRIPTS/history.sh"
chown "$UNIXUSER:$UNIXUSER" "$SCRIPTS/instruction.sh"
exit 0

49
static/change-root-profile.sh Executable file
View File

@@ -0,0 +1,49 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
[ -f /root/.profile ] && rm -f /root/.profile
cat <<ROOT-PROFILE > "$ROOT_PROFILE"
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]
then
if [ -f ~/.bashrc ]
then
. ~/.bashrc
fi
fi
if [ -x /var/scripts/nextcloud-startup-script.sh ]
then
/var/scripts/nextcloud-startup-script.sh
fi
if [ -x /var/scripts/history.sh ]
then
/var/scripts/history.sh
fi
mesg n
ROOT-PROFILE
# Add Aliases
{
echo "alias nextcloud_occ='sudo -u www-data php $NCPATH/occ'"
echo "alias run_update_nextcloud='bash $SCRIPTS/update.sh'"
} > /root/.bash_aliases

28
static/change_db_pass.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
NCDBPASS=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
unset NCDBPASS
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Change PostgreSQL Password
cd /tmp
sudo -u www-data php "$NCPATH"/occ config:system:set dbpassword --value="$NEWPGPASS"
if [ "$(sudo -u postgres psql -c "ALTER USER $NCUSER WITH PASSWORD '$NEWPGPASS'";)" == "ALTER ROLE" ]
then
sleep 1
else
print_text_in_color "$IRed" "Changing PostgreSQL Nextcloud password failed."
sed -i "s| 'dbpassword' =>.*| 'dbpassword' => '$NCCONFIGDBPASS',|g" /var/www/nextcloud/config/config.php
print_text_in_color "$IRed" "Nothing is changed. Your old password is: $NCCONFIGDBPASS"
exit 1
fi

167
static/docker_overlay2.sh Executable file
View File

@@ -0,0 +1,167 @@
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
### Migrating Docker images to overlay2 ###
# https://www.techandme.se/changes-to-docker-ce-in-the-nextcloud-vm/
# Credits to: https://gist.github.com/hydra1983/22b2bed38b4f5f56caa87c830c96378d
# Make sure DOCKERBACKUP is created
if [ -f "$NCPATH"/config/config.php ]
then
NCDATA="$(grep 'datadir' "$NCPATH"/config/config.php | awk '{print $3}' | cut -d "'" -f2)"
fi
DOCKERBACKUP="$NCDATA/DOCKERBACKUP"
mkdir -p "$DOCKERBACKUP"
# Check if aufs and don't run
if grep -q "aufs" /etc/default/docker
then
msg_box "This script doesn't support images that uses the AUFS driver, sorry
You are welcome to send a PR, or report an issue here: $ISSUES"
exit 1
fi
readonly DB_FILE="$DOCKERBACKUP/images.db"
readonly IMG_DIR="$DOCKERBACKUP/images"
save_images() {
print_text_in_color "$ICyan" "Create ${IMG_DIR}"
if [[ ! -d "${IMG_DIR}" ]]; then
mkdir "${IMG_DIR}"
fi
print_text_in_color "$ICyan" "Create ${DB_FILE}"
docker images|grep -v 'IMAGE ID'|awk '{printf("%s %s %s\n", $1, $2, $3)}'|column -t > "${DB_FILE}"
print_text_in_color "$ICyan" "Read ${DB_FILE}"
local images
while read -r image; do
images+=("$image");
done <<< "$(cat "${DB_FILE}")"
local name tag id
for image in "${images[@]}"; do
name=$(echo "$image"|awk '{print $1}')
tag=$(echo "$image"|awk '{print $2}')
id=$(echo "$image"|awk '{print $3}')
if [[ "${id}" != "" ]]; then
local imgPath="${IMG_DIR}/${id}.dim"
if [[ ! -f "${imgPath}" ]] ; then
print_text_in_color "$ICyan" "[DEBUG] save ${id} ${name}:${tag} to ${imgPath}"
(time docker save -o "${imgPath}" "${name}":"${tag}") 2>&1 | grep real
else
print_text_in_color "$ICyan" "[DEBUG] ${id} ${name}:${tag} already saved"
fi
fi
done
}
load_images() {
if [[ ! -f "${DB_FILE}" ]]; then
print_text_in_color "$ICyan" "No ${DB_FILE} to read"
exit 0
fi
if [[ ! -d "${IMG_DIR}" ]]; then
print_text_in_color "$ICyan" "No ${IMG_DIR} to load images"
exit 0
fi
print_text_in_color "$ICyan" "Read ${DB_FILE}"
local images
while read -r image; do
images+=("$image");
done <<< "$(cat "${DB_FILE}")"
local name tag id
for image in "${images[@]}"; do
name=$(echo "$image"|awk '{print $1}')
tag=$(echo "$image"|awk '{print $2}')
id=$(echo "$image"|awk '{print $3}')
if [[ "${id}" != "" ]]; then
local imgPath="${IMG_DIR}/${id}.dim"
if [[ "$(docker images|grep "${id}" | grep "${name}" | grep "${tag}")" == "" ]]; then
if [[ "$(docker images|grep "${id}")" == "" ]]; then
print_text_in_color "$ICyan" "[DEBUG] load ${id} ${name}:${tag} from ${imgPath}"
docker load -i "${imgPath}"
else
print_text_in_color "$ICyan" "[DEBUG] tag ${id} as ${name}:${tag}"
docker tag "${id}" "${name}":"${tag}"
fi
else
print_text_in_color "$ICyan" "[DEBUG] ${id} ${name}:${tag} already loaded"
fi
fi
done
}
# Save all docker images in one file
check_command docker ps -a > "$DOCKERBACKUP"/dockerps.txt
check_command docker images | sed '1d' | awk '{print $1 " " $2 " " $3}' > "$DOCKERBACKUP"/mydockersimages.list
msg_box "The following images will be saved to $DOCKERBACKUP/images
$(cat "$DOCKERBACKUP"/mydockersimages.list)
It may take a while so please be patient."
check_command save_images
# Set overlay2
print_text_in_color "$ICyan" "Setting overlay2 in /etc/docker/daemon.json"
cat << OVERLAY2 > /etc/docker/daemon.json
{
"storage-driver": "overlay2"
}
OVERLAY2
rm -f /etc/systemd/system/docker.service
systemctl restart docker.service
print_text_in_color "$ICyan" "Reloading daemon"
systemctl daemon-reload
print_text_in_color "$ICyan" "Restarting the docker service"
check_command systemctl restart docker
apt-mark unhold docker-ce
# Remove old cached versions to avoid failures on update to new version
rm -Rf /var/cache/apt/archives/docker*
rm -Rf /var/cache/apt/archives/container*
rm -Rf /var/cache/apt/archives/aufs*
# Upgrade docker to latest version
rm -Rf /var/lib/docker
apt update -q4 & spinner_loading
apt upgrade docker-ce -y
# Load docker images back
print_text_in_color "$ICyan" "Importing saved docker images to overlay2..."
check_command load_images
msg_box "Your Docker images are now imported to overlay2, but not yet running.
To start the images again, please run the appropriate 'docker run' command for each docker.
These are all the imported docker images:
$(cat "${DB_FILE}")
You can also find the file with the imported docker images here:
$DB_FILE
If you experiance any issues, please report them to $ISSUES."
rm -f "$DOCKERBACKUP"/mydockersimages.list

203
static/format-chosen.sh Executable file
View File

@@ -0,0 +1,203 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check if root
root_check
# Needs to be Ubuntu 18.04 and Multiverse
check_distro_version
check_multiverse
LABEL_=ncdata
MOUNT_=/mnt/$LABEL_
format() {
# umount if mounted
umount /mnt/* &> /dev/null
# mkdir if not existing
mkdir -p "$MOUNT_"
# Check what Hypervisor disks are available
SYSVENDOR=$(cat /sys/devices/virtual/dmi/id/sys_vendor)
if [ "$SYSVENDOR" == "VMware, Inc." ];
then
SYSNAME="VMware"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "Microsoft Corporation" ];
then
SYSNAME="Hyper-V"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "innotek GmbH" ];
then
SYSNAME="VirtualBox"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "Xen" ];
then
SYSNAME="Xen/XCP-NG"
DEVTYPE=xvdb
elif [ "$SYSVENDOR" == "QEMU" ];
then
SYSNAME="KVM/QEMU"
DEVTYPE=vdb
elif [ "$SYSVENDOR" == "DigitalOcean" ];
then
SYSNAME="DigitalOcean"
DEVTYPE=sda
elif partprobe /dev/sdb &>/dev/null;
then
SYSNAME="machines"
DEVTYPE=sdb
else
msg_box "It seems like you didn't mount a second disk.
To be able to put the DATA on a second drive formatted as ZFS you need to add a second disk to this server.
This script will now exit. Please mount a second disk and start over."
exit 1
fi
msg_box "You will now see a list with available devices. Choose the device where you want to put your nextcloud data.
Attention, the selected device will be formatted!"
AVAILABLEDEVICES="$(lsblk | grep 'disk' | awk '{print $1}')"
# https://github.com/koalaman/shellcheck/wiki/SC2206
mapfile -t AVAILABLEDEVICES <<< "$AVAILABLEDEVICES"
# Ask for user input
while
lsblk
read -r -e -p "Enter the drive for the nextcloud data:" -i "$DEVTYPE" userinput
userinput=$(echo "$userinput" | awk '{print $1}')
for disk in "${AVAILABLEDEVICES[@]}";
do
[[ "$userinput" == "$disk" ]] && devtype_present=1 && DEVTYPE="$userinput"
done
[[ -z "${devtype_present+x}" ]]
do
printf "${BRed}$DEVTYPE is not a valid disk. Please try again.${Color_Off}\n"
:
done
# Get the name of the drive
DISKTYPE=$(fdisk -l | grep "$DEVTYPE" | awk '{print $2}' | cut -d ":" -f1 | head -1)
if [ "$DISKTYPE" != "/dev/$DEVTYPE" ]
then
msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
# Check if ZFS utils are installed
install_if_not zfsutils-linux
# Check still not mounted
#These functions return exit codes: 0 = found, 1 = not found
isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device
isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only
isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only
isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool
if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok.
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevMounted "/dev/$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script."
exit 1
fi
# Universal:
if isMounted "/mnt/ncdata";
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isMounted "/dev/${DEVTYPE}1";
then
msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevPartOfZFS "$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script."
exit 1
fi
if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null
then
msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK.
*** WARNING: ALL YOUR DATA WILL BE ERASED! ***"
if zpool list | grep "$LABEL_" > /dev/null
then
check_command zpool destroy "$LABEL_"
fi
check_command wipefs -a -f "$DISKTYPE"
sleep 0.5
check_command zpool create -f -o ashift=12 "$LABEL_" "$DISKTYPE"
check_command zpool set failmode=continue "$LABEL_"
check_command zfs set mountpoint="$MOUNT_" "$LABEL_"
check_command zfs set compression=lz4 "$LABEL_"
check_command zfs set sync=standard "$LABEL_"
check_command zfs set xattr=sa "$LABEL_"
check_command zfs set primarycache=all "$LABEL_"
check_command zfs set atime=off "$LABEL_"
check_command zfs set recordsize=128k "$LABEL_"
check_command zfs set logbias=latency "$LABEL_"
else
msg_box "It seems like /dev/$DEVTYPE does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
}
format
# Do a backup of the ZFS mount
if is_this_installed libzfs2linux
then
if grep -r $LABEL_ /etc/mtab
then
install_if_not zfs-auto-snapshot
sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot
fi
fi
# Success!
if grep "$LABEL_" /etc/mtab
then
msg_box "$MOUNT_ mounted successfully as a ZFS volume.
Automatic scrubbing is done monthly via a cronjob that you can find here:
/etc/cron.d/zfsutils-linux
Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with:
'sudo zfs list -t snapshot'.
Manpage is here:
http://manpages.ubuntu.com/manpages/bionic/man8/zfs-auto-snapshot.8.html
CURRENT STATUS:
$(zpool status $LABEL_)
$(zpool list)"
fi

182
static/format-sda-nuc-server.sh Executable file
View File

@@ -0,0 +1,182 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check if root
root_check
# Needs to be Ubuntu 18.04 and Multiverse
check_distro_version
check_multiverse
LABEL_=ncdata
MOUNT_=/mnt/$LABEL_
format() {
# umount if mounted
umount /mnt/* &> /dev/null
# mkdir if not existing
mkdir -p "$MOUNT_"
# Check what Hypervisor disks are available
SYSVENDOR=$(cat /sys/devices/virtual/dmi/id/sys_vendor)
if [ "$SYSVENDOR" == "VMware, Inc." ];
then
SYSNAME="VMware"
DEVTYPE=sda
elif [ "$SYSVENDOR" == "Microsoft Corporation" ];
then
SYSNAME="Hyper-V"
DEVTYPE=sda
elif [ "$SYSVENDOR" == "innotek GmbH" ];
then
SYSNAME="VirtualBox"
DEVTYPE=sda
elif [ "$SYSVENDOR" == "Xen" ];
then
SYSNAME="Xen/XCP-NG"
DEVTYPE=xvdb
elif [ "$SYSVENDOR" == "QEMU" ];
then
SYSNAME="KVM/QEMU"
DEVTYPE=vdb
elif [ "$SYSVENDOR" == "DigitalOcean" ];
then
SYSNAME="DigitalOcean"
DEVTYPE=sda
elif partprobe /dev/sda &>/dev/null;
then
SYSNAME="machines"
DEVTYPE=sda
else
msg_box "It seems like you didn't mount a second disk.
To be able to put the DATA on a second drive formatted as ZFS you need to add a second disk to this server.
This script will now exit. Please mount a second disk and start over."
exit 1
fi
# Get the name of the drive
DISKTYPE=$(fdisk -l | grep $DEVTYPE | awk '{print $2}' | cut -d ":" -f1 | head -1)
if [ "$DISKTYPE" != "/dev/$DEVTYPE" ]
then
msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
# Check if ZFS utils are installed
install_if_not zfsutils-linux
# Check still not mounted
#These functions return exit codes: 0 = found, 1 = not found
isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device
isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only
isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only
isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool
if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok.
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevMounted "/dev/$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script."
exit 1
fi
# Universal:
if isMounted "/mnt/ncdata";
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isMounted "/dev/${DEVTYPE}1";
then
msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevPartOfZFS "$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script."
exit 1
fi
if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null
then
msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK.
*** WARNING: ALL YOUR DATA WILL BE ERASED! ***"
if zpool list | grep "$LABEL_" > /dev/null
then
check_command zpool destroy "$LABEL_"
fi
check_command wipefs -a -f "$DISKTYPE"
sleep 0.5
check_command zpool create -f -o ashift=12 "$LABEL_" "$DISKTYPE"
check_command zpool set failmode=continue "$LABEL_"
check_command zfs set mountpoint="$MOUNT_" "$LABEL_"
check_command zfs set compression=lz4 "$LABEL_"
check_command zfs set sync=standard "$LABEL_"
check_command zfs set xattr=sa "$LABEL_"
check_command zfs set primarycache=all "$LABEL_"
check_command zfs set atime=off "$LABEL_"
check_command zfs set recordsize=128k "$LABEL_"
check_command zfs set logbias=latency "$LABEL_"
else
msg_box "It seems like /dev/$DEVTYPE does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
}
format
# Do a backup of the ZFS mount
if is_this_installed libzfs2linux
then
if grep -r $LABEL_ /etc/mtab
then
install_if_not zfs-auto-snapshot
sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot
fi
fi
# Success!
if grep "$LABEL_" /etc/mtab
then
msg_box "$MOUNT_ mounted successfully as a ZFS volume.
Automatic scrubbing is done monthly via a cronjob that you can find here:
/etc/cron.d/zfsutils-linux
Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with:
'sudo zfs list -t snapshot'.
Manpage is here:
http://manpages.ubuntu.com/manpages/bionic/man8/zfs-auto-snapshot.8.html
CURRENT STATUS:
$(zpool status $LABEL_)
$(zpool list)"
fi

182
static/format-sdb.sh Executable file
View File

@@ -0,0 +1,182 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check if root
root_check
# Needs to be Ubuntu 18.04 and Multiverse
check_distro_version
check_multiverse
LABEL_=ncdata
MOUNT_=/mnt/$LABEL_
format() {
# umount if mounted
umount /mnt/* &> /dev/null
# mkdir if not existing
mkdir -p "$MOUNT_"
# Check what Hypervisor disks are available
SYSVENDOR=$(cat /sys/devices/virtual/dmi/id/sys_vendor)
if [ "$SYSVENDOR" == "VMware, Inc." ];
then
SYSNAME="VMware"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "Microsoft Corporation" ];
then
SYSNAME="Hyper-V"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "innotek GmbH" ];
then
SYSNAME="VirtualBox"
DEVTYPE=sdb
elif [ "$SYSVENDOR" == "Xen" ];
then
SYSNAME="Xen/XCP-NG"
DEVTYPE=xvdb
elif [ "$SYSVENDOR" == "QEMU" ];
then
SYSNAME="KVM/QEMU"
DEVTYPE=vdb
elif [ "$SYSVENDOR" == "DigitalOcean" ];
then
SYSNAME="DigitalOcean"
DEVTYPE=sda
elif partprobe /dev/sdb &>/dev/null;
then
SYSNAME="machines"
DEVTYPE=sdb
else
msg_box "It seems like you didn't mount a second disk.
To be able to put the DATA on a second drive formatted as ZFS you need to add a second disk to this server.
This script will now exit. Please mount a second disk and start over."
exit 1
fi
# Get the name of the drive
DISKTYPE=$(fdisk -l | grep $DEVTYPE | awk '{print $2}' | cut -d ":" -f1 | head -1)
if [ "$DISKTYPE" != "/dev/$DEVTYPE" ]
then
msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
# Check if ZFS utils are installed
install_if_not zfsutils-linux
# Check still not mounted
#These functions return exit codes: 0 = found, 1 = not found
isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device
isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only
isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only
isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool
if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok.
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevMounted "/dev/$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script."
exit 1
fi
# Universal:
if isMounted "/mnt/ncdata";
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isMounted "/dev/${DEVTYPE}1";
then
msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevPartOfZFS "$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script."
exit 1
fi
if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null
then
msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK.
*** WARNING: ALL YOUR DATA WILL BE ERASED! ***"
if zpool list | grep "$LABEL_" > /dev/null
then
check_command zpool destroy "$LABEL_"
fi
check_command wipefs -a -f "$DISKTYPE"
sleep 0.5
check_command zpool create -f -o ashift=12 "$LABEL_" "$DISKTYPE"
check_command zpool set failmode=continue "$LABEL_"
check_command zfs set mountpoint="$MOUNT_" "$LABEL_"
check_command zfs set compression=lz4 "$LABEL_"
check_command zfs set sync=standard "$LABEL_"
check_command zfs set xattr=sa "$LABEL_"
check_command zfs set primarycache=all "$LABEL_"
check_command zfs set atime=off "$LABEL_"
check_command zfs set recordsize=128k "$LABEL_"
check_command zfs set logbias=latency "$LABEL_"
else
msg_box "It seems like /dev/$DEVTYPE does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
}
format
# Do a backup of the ZFS mount
if is_this_installed libzfs2linux
then
if grep -r $LABEL_ /etc/mtab
then
install_if_not zfs-auto-snapshot
sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot
fi
fi
# Success!
if grep "$LABEL_" /etc/mtab
then
msg_box "$MOUNT_ mounted successfully as a ZFS volume.
Automatic scrubbing is done monthly via a cronjob that you can find here:
/etc/cron.d/zfsutils-linux
Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with:
'sudo zfs list -t snapshot'.
Manpage is here:
http://manpages.ubuntu.com/manpages/bionic/man8/zfs-auto-snapshot.8.html
CURRENT STATUS:
$(zpool status $LABEL_)
$(zpool list)"
fi

5
static/history.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
truncate -s0 "$HOME/.bash_history"
exit 0

148
static/index.php Executable file
View File

@@ -0,0 +1,148 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Nextcloud VM</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<style type="text/css">
body {
background-color: #0082c9;
font-weight: 300;
font-size: 1em;
line-height: 1.6em;
font-family: 'Open Sans', Frutiger, Calibri, 'Myriad Pro', Myriad, sans-serif;
color: white;
height: auto;
margin-left: auto;
margin-right: auto;
align: center;
text-align: center;
background: #0082c9; /* Old browsers */
background-image: url('/nextcloud/core/img/background.png');
background-size: cover;
}
div.logotext {
width: 50%;
margin: 0 auto;
}
div.logo {
background-image: url('/nextcloud/core/img/logo/logo.svg');
background-repeat: no-repeat; top center;
width: 50%;
height: 25%;
margin: 0 auto;
background-size: 40%;
margin-left: 40%;
margin-right: 20%;
}
pre {
padding:10pt;
width: 50%
text-align: center;
margin-left: 20%;
margin-right: 20%;
}
div.information {
align: center;
width: 50%;
margin: 10px auto;
display: block;
padding: 10px;
background-color: rgba(0,0,0,.3);
color: #fff;
text-align: left;
border-radius: 3px;
cursor: default;
}
/* unvisited link */
a:link {
color: #FFFFFF;
}
/* visited link */
a:visited {
color: #FFFFFF;
}
/* mouse over link */
a:hover {
color: #E0E0E0;
}
/* selected link */
a:active {
color: #E0E0E0;
}
</style>
</head>
<body>
<br>
<div class="logo"></div>
<div class="logotext">
<h2><a href="https://github.com/nextcloud/vm" target="_blank">Nextcloud VM</a> - by <a href="https://www.hanssonit.se/nextcloud-vm/" target="_blank">T&M Hansson IT AB</a></h2>
</div>
<br>
<div class="information">
<p>Thank you for downloading the Nextcloud VM, you made a good choice! If you see this page, you have run the first setup, and you are now ready to start using Nextcloud on your new server. Congratulations! :)</p>
<p>We have set everything up for you and the only thing you have to do now is to login. You can find login details in the middle of this page.</p>
<p>Don't hesitate to ask if you have any questions. You can ask for help in our community <a href="https://help.nextcloud.com/c/support/appliances-docker-snappy-vm" target="_blank">support</a> channels, or <a href="https://shop.hanssonit.se/product/premium-support-per-30-minutes/" target="_blank">buy hands on support</a> from T&M Hansson IT AB. You can also check the <a href="https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration" target="_blank">documentation</a>.</p>
</div>
<h2>Access Nextcloud</h2>
<div class="information">
<p>Use the following address:
<h3>
<ul>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/nextcloud">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you have a self-signed certificate.<br>
<p>It's recomended to <a href="https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W6-83ePiqQz3_MrT/publish-your-server-online" target="_blank">get your own certificate and replace the self-signed certificate to your own.</a>
The easiest way to get a real SSL certificate is to run the Lets' Encrypt script included on this server.<br>
Just run 'sudo bash /var/scripts/activate-ssl.sh' from your terminal and follow the instructions.
<h3>
<a href="https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W6fMquPiqQz3_Moi/nextcloud-vm-first-setup-instructions?currentPageId=W6yn7ePiqQz3_Mpi" target="_blank">Login details</a>
</h3>
</div>
<h2>Access Webmin</h2>
<div class="information">
<p>Use the following address:
<h3>
<ul>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>:10000">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you have a self-signed certificate.<br>
<h3>
<a href="https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W6fMquPiqQz3_Moi/nextcloud-vm-first-setup-instructions?currentPageId=W6yn_ePiqQz3_Mpk" target="_blank">Login details</a>
</h3>
<p>Note: To access Webmin externally you have to open port 10000 in your router, it's not recomended though due to security concerns.</p>
</div>
<h2>Access Adminer</h2>
<div class="information">
<p>Use one of the following addresses, HTTPS is preffered:
<h3>
<ul>
<li><a href="http://<?=$_SERVER['SERVER_NAME'];?>/adminer.php">http://<?=$_SERVER['SERVER_NAME'];?></a> (HTTP)</li>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/adminer.php">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you connect via HTTPS.</p>
<h3>
<a href="https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W6fMquPiqQz3_Moi/nextcloud-vm-first-setup-instructions?currentPageId=W6ypBePiqQz3_Mp0" target="_blank">Login details</a>
</h3>
<p>Note: Your LAN IP is set as approved in /etc/apache2/conf-available/adminer.conf, all other access is forbidden.</p>
</div>
<h2>Follow us on Social Media</h2>
<div class="information">
<p>If you want to get the latest news and updates, please consider following us! We are very active on Twitter, and post some videos from time to time on Youtube. It might be worth checking out. ;)</p>
</div>
<p><b><a href="https://twitter.com/tmhanssonit" class="twitter-follow-button" data-show-count="false" target="_blank">Follow @tmhanssonit</a><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></b></p>
<script src="https://apis.google.com/js/platform.js"></script>
<div class="g-ytsubscribe" data-channelid="UCLXe8RpVdOsoapYM9_GcrfA" data-layout="full" data-count="default"></div>
</body>
</html>

39
static/instruction.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
VMLOGS=/var/log/nextcloud
BIGreen='\e[1;92m' # Green
IGreen='\e[0;92m' # Green
Color_Off='\e[0m' # Text Reset
clear
cat << INST1
+-----------------------------------------------------------------------+
| Welcome to the first setup of your own Nextcloud Server! :) |
| |
INST1
echo -e "|" "${IGreen}To run the startup script type the sudoer password, then hit [ENTER].${Color_Off} |"
echo -e "|" "${IGreen}The default sudoer password is: ${BIGreen}nextcloud${IGreen}${Color_Off} |"
cat << INST2
| |
| You can find the complete install instructions here: |
| Nextcloud VM = https://bit.ly/2S8eGfS |
| Nextcloud Home/SME Server = https://bit.ly/2k2TNaM |
| |
| To be 100% sure that all the keystrokes work correctly (like @), |
| please use an SSH terminal like Putty. You can download it here: |
| https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html |
| Connect like this: ncadmin@local.IP.of.this.server |
| |
| You can schedule the Nextcloud update process using a cron job. |
| This is done using a script built into this server that automatically |
| updates Nextcloud, sets secure permissions, and logs the successful |
| update to $VMLOGS/update_run.log |
| Just choose to configure it when asked to do so later in this script. |
| |
| ###################### T&M Hansson IT - $(date +"%Y") ###################### |
+-----------------------------------------------------------------------+
INST2
exit 0

98
static/modsecurity.sh Executable file
View File

@@ -0,0 +1,98 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
print_text_in_color "$ICyan" "Installing ModSecurity..."
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Add modsecurity
apt update -q4 & spinner_loading
install_if_not libapache2-mod-security2
install_if_not modsecurity-crs
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
msg_box "WARNING WARNING WARNING WARNING WARNING WARNING:
Do not enable active defence if you don't know what you're doing!
It will break OnlyOffice, and it may break other stuff as well in Nextcloud as it's
blocking access to files automatically.
You can monitor the audit log by typing this command in your shell:
tail -f /var/log/apache2/modsec_audit.log
You can disable it by typing this command in your shell:
sed -i 's/SecRuleEngine .*/SecRuleEngine DetectionOnly/g' /etc/modsecurity/modsecurity.conf
YOU HAVE BEEN WARNED."
if [[ "yes" == $(ask_yes_or_no "Do you want to enable active defence?") ]]
then
sed -i 's|SecRuleEngine .*|SecRuleEngine on|g' /etc/modsecurity/modsecurity.conf
fi
cat << MODSECWHITE > "/etc/modsecurity/whitelist.conf"
<Directory $NCPATH>
# VIDEOS
SecRuleRemoveById 958291 # Range Header Checks
SecRuleRemoveById 981203 # Correlated Attack Attempt
# PDF
SecRuleRemoveById 950109 # Check URL encodings
# ADMIN (webdav)
SecRuleRemoveById 960024 # Repeatative Non-Word Chars (heuristic)
SecRuleRemoveById 981173 # SQL Injection Character Anomaly Usage
SecRuleRemoveById 981204 # Correlated Attack Attempt
SecRuleRemoveById 981243 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981245 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981246 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981318 # String Termination/Statement Ending Injection Testing
SecRuleRemoveById 973332 # XSS Filters from IE
SecRuleRemoveById 973338 # XSS Filters - Category 3
SecRuleRemoveById 981143 # CSRF Protections ( TODO edit LocationMatch filter )
# COMING BACK FROM OLD SESSION
SecRuleRemoveById 970903 # Microsoft Office document properties leakage
# NOTES APP
SecRuleRemoveById 981401 # Content-Type Response Header is Missing and X-Content-Type-Options is either missing or not set to 'nosniff'
SecRuleRemoveById 200002 # Failed to parse request body
# UPLOADS ( 20 MB max excluding file size )
SecRequestBodyNoFilesLimit 20971520
# GENERAL
SecRuleRemoveById 960017 # Host header is a numeric IP address
# SAMEORIGN
SecRuleRemoveById 911100 # fpm socket
# REGISTERED WARNINGS, BUT DID NOT HAVE TO DISABLE THEM
#SecRuleRemoveById 981220 900046 981407
#SecRuleRemoveById 981222 981405 981185 981184
</Directory>
MODSECWHITE
# Don't log in Apache2 error.log, only in a seperate log (/var/log/apache2/modsec_audit.log)
check_command sed -i 's|SecDefaultAction "phase:1,log,auditlog,pass"|# SecDefaultAction "phase:1,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|SecDefaultAction "phase:2,log,auditlog,pass"|# SecDefaultAction "phase:2,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|# SecDefaultAction "phase:1,nolog,auditlog,pass"|SecDefaultAction "phase:1,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|# SecDefaultAction "phase:2,nolog,auditlog,pass"|SecDefaultAction "phase:2,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
if [ -f /etc/modsecurity/whitelist.conf ]
then
print_text_in_color "$IGreen" "ModSecurity activated!"
restart_webserver
fi

19
static/nextcloud.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
WANIP6=$(curl -s -k -m 5 https://ipv6bot.whatismyipaddress.com)
WANIP4=$(curl -s -k -m 5 https://ipv4bot.whatismyipaddress.com)
ADDRESS=$(hostname -I | cut -d ' ' -f 1)
clear
figlet -f small Nextcloud
echo "https://www.hanssonit.se/nextcloud-vm"
echo
echo
echo "Hostname: $(hostname -s)"
echo "WAN IPv4: $WANIP4"
echo "WAN IPv6: $WANIP6"
echo "LAN IPv4: $ADDRESS"
echo
exit 0

148
static/nhss_index.php Executable file
View File

@@ -0,0 +1,148 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Nextcloud Home/SME Server</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<style type="text/css">
body {
background-color: #0082c9;
font-weight: 300;
font-size: 1em;
line-height: 1.6em;
font-family: 'Open Sans', Frutiger, Calibri, 'Myriad Pro', Myriad, sans-serif;
color: white;
height: auto;
margin-left: auto;
margin-right: auto;
align: center;
text-align: center;
background: #0082c9; /* Old browsers */
background-image: url('/nextcloud/core/img/background.png');
background-size: cover;
}
div.logotext {
width: 50%;
margin: 0 auto;
}
div.logo {
background-image: url('/nextcloud/core/img/logo/logo.svg');
background-repeat: no-repeat; top center;
width: 50%;
height: 25%;
margin: 0 auto;
background-size: 40%;
margin-left: 40%;
margin-right: 20%;
}
pre {
padding:10pt;
width: 50%
text-align: center;
margin-left: 20%;
margin-right: 20%;
}
div.information {
align: center;
width: 50%;
margin: 10px auto;
display: block;
padding: 10px;
background-color: rgba(0,0,0,.3);
color: #fff;
text-align: left;
border-radius: 3px;
cursor: default;
}
/* unvisited link */
a:link {
color: #FFFFFF;
}
/* visited link */
a:visited {
color: #FFFFFF;
}
/* mouse over link */
a:hover {
color: #E0E0E0;
}
/* selected link */
a:active {
color: #E0E0E0;
}
</style>
</head>
<body>
<br>
<div class="logo"></div>
<div class="logotext">
<h2><a href="https://shop.hanssonit.se/product-category/nextcloud/home-sme-server/" target="_blank">Nextcloud Home/SME Server</a> - by <a href="https://www.hanssonit.se" target="_blank">T&M Hansson IT AB</a></h2>
</div>
<br>
<div class="information">
<p>Thank you for purchasing the Nextcloud Home/SME Server, you made a good choice! If you see this page, you have run the first setup, and you are now ready to start using Nextcloud on your new server. Congratulations! :)</p>
<p>We have set everything up for you and the only thing you have to do now is to login. You can find login details in the middle of this page.</p>
<p>Don't hesitate to ask if you have any questions. You can ask for help in our community <a href="https://help.nextcloud.com/c/support/appliances-docker-snappy-vm" target="_blank">support</a> channels, or <a href="https://shop.hanssonit.se/product/premium-support-per-30-minutes/" target="_blank">buy hands on support</a> from T&M Hansson IT AB. You can also check the <a href="https://docs.hanssonit.se/s/blkkp2qhv0jgrltpicl0/nextcloud-homesme-server" target="_blank">documentation</a>.</p>
</div>
<h2>Access Nextcloud</h2>
<div class="information">
<p>Use the following address:
<h3>
<ul>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/nextcloud">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you have a self-signed certificate.<br>
<p>It's recomended to <a href="https://docs.hanssonit.se/s/blkkp2qhv0jgrltpicl0/nextcloud-homesme-server/d/blkkp2qhv0jgrltpidm0/publish-your-server-online" target="_blank">get your own certificate and replace the self-signed certificate to your own.</a>
The easiest way to get a real SSL certificate is to run the Lets' Encrypt script included on this server.<br>
Just run 'sudo bash /var/scripts/activate-ssl.sh' from your terminal and follow the instructions.
<h3>
<a href="https://docs.hanssonit.se/s/blkkp2qhv0jgrltpicl0/nextcloud-homesme-server/d/blkkp2qhv0jgrltpid50/server-installation-instructions?currentPageId=blkkp2qhv0jgrltpidb0" target="_blank">Login details</a>
</h3>
</div>
<h2>Access Webmin</h2>
<div class="information">
<p>Use the following address:
<h3>
<ul>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>:10000">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you have a self-signed certificate.<br>
<h3>
<a href="https://docs.hanssonit.se/s/blkkp2qhv0jgrltpicl0/nextcloud-homesme-server/d/blkkp2qhv0jgrltpid50/server-installation-instructions?currentPageId=blkkp2qhv0jgrltpidc0" target="_blank">Login details</a>
</h3>
<p>Note: To access Webmin externally you have to open port 10000 in your router, it's not recomended though due to security concerns.</p>
</div>
<h2>Access Adminer</h2>
<div class="information">
<p>Use one of the following addresses, HTTPS is preffered:
<h3>
<ul>
<li><a href="http://<?=$_SERVER['SERVER_NAME'];?>/adminer.php">http://<?=$_SERVER['SERVER_NAME'];?></a> (HTTP)</li>
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/adminer.php">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
</ul>
</h3>
<p>Note: Please accept the warning in the browser if you connect via HTTPS.</p>
<h3>
<a href="https://docs.hanssonit.se/s/blkkp2qhv0jgrltpicl0/nextcloud-homesme-server/d/blkkp2qhv0jgrltpid50/server-installation-instructions?currentPageId=blkkp2qhv0jgrltpidcg" target="_blank">Login details</a>
</h3>
<p>Note: Your LAN IP is set as approved in /etc/apache2/conf-available/adminer.conf, all other access is forbidden.</p>
</div>
<h2>Follow us on Social Media</h2>
<div class="information">
<p>If you want to get the latest news and updates, please consider following us! We are very active on Twitter, and post some videos from time to time on Youtube. It might be worth checking out. ;)</p>
</div>
<p><b><a href="https://twitter.com/tmhanssonit" class="twitter-follow-button" data-show-count="false" target="_blank">Follow @tmhanssonit</a><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></b></p>
<script src="https://apis.google.com/js/platform.js"></script>
<div class="g-ytsubscribe" data-channelid="UCLXe8RpVdOsoapYM9_GcrfA" data-layout="full" data-count="default"></div>
</body>
</html>

20
static/ntpdate.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
if site_200 google.com
then
ntpdate -s 1.se.pool.ntp.org
fi
exit

51
static/prune_zfs_snaphots.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
if [ -d $NCDATA ]
then
if is_this_installed zfs-auto-snapshot
then
if [ "$(df -h $NCDATA | awk '{print $5}' | tail -1 | cut -d "%" -f1)" -gt 85 ]
then
# Notify user
# notify_user_gui "Disk space almost full!" "The disk space for ncdata is almost full. We have automatically deleted ZFS snapshots older than 8 weeks to free up some space. Please check $VMLOGS/zfs_prune.log for the results."
# On screen information
msg_box "Your disk space is almost full (more than 85%).
To solve that, we will now delete ZFS snapshots older than 8 weeks
The script will also delete everything in trashbin for all users to free up some space."
countdown "To abort, please press CTRL+C within 10 seconds." 10
# Get the latest prune script
if [ ! -f $SCRIPTS/zfs-prune-snapshots ]
then
check_command curl_to_dir "https://raw.githubusercontent.com/bahamas10/zfs-prune-snapshots/master/" "zfs-prune-snapshots" "$SCRIPTS"
fi
check_command chmod +x "$SCRIPTS"/zfs-prune-snapshots
# Prune!
cd "$SCRIPTS"
if [ ! -d "$VMLOGS" ]
then
mkdir -p "$VMLOGS"
fi
touch $VMLOGS/zfs_prune.log
./zfs-prune-snapshots 8w ncdata >> $VMLOGS/zfs_prune.log
occ_command trashbin:cleanup --all-users
fi
fi
fi

16
static/recover_apps.py Executable file
View File

@@ -0,0 +1,16 @@
import glob, json, os, subprocess, requests
nc_path = '/var/www/nextcloud/apps/'
backup_path = '/var/NCBACKUP/apps/'
shipped_url = 'http://raw.githubusercontent.com/nextcloud/server/master/core/shipped.json'
json_data = requests.get(shipped_url, timeout=60).json()
shipped_apps = json_data['shippedApps'] + json_data['alwaysEnabled']
installed_dirs = set(os.path.basename(path) for path in glob.glob(backup_path + '*'))
missing_dirs = installed_dirs.difference(shipped_apps)
for d in missing_dirs:
# subprocess.call(['rsync', '-Aax', os.path.join(backup_path, d), nc_path])
# subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:enable', d])
subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:install', d])

97
static/redis-server-ubuntu.sh Executable file
View File

@@ -0,0 +1,97 @@
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
# Check Ubuntu version
check_distro_version
# Check if dir exists
if [ ! -d $SCRIPTS ]
then
mkdir -p $SCRIPTS
fi
# Install Redis
install_if_not php"$PHPVER"-dev
pecl channel-update pecl.php.net
if ! yes no | pecl install -Z redis
then
msg_box "PHP module installation failed"
exit 1
else
printf "${IGreen}\nPHP module installation OK!${Color_Off}\n"
fi
install_if_not redis-server
# Setting direct to PHP-FPM as it's installed with PECL (globally doesn't work)
print_text_in_color "$ICyan" "Adding extension=redis.so to $PHP_INI..."
echo 'extension=redis.so' >> "$PHP_INI"
# Prepare for adding redis configuration
sed -i "s|);||g" $NCPATH/config/config.php
# Add the needed config to Nextclouds config.php
cat <<ADD_TO_CONFIG >> $NCPATH/config/config.php
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => true,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '$REDIS_SOCK',
'port' => 0,
'timeout' => 0.5,
'dbindex' => 0,
'password' => '$REDIS_PASS',
),
);
ADD_TO_CONFIG
## Redis performance tweaks ##
if ! grep -Fxq "vm.overcommit_memory = 1" /etc/sysctl.conf
then
echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
fi
# Disable THP
if ! grep -Fxq "never" /sys/kernel/mm/transparent_hugepage/enabled
then
echo "never" > /sys/kernel/mm/transparent_hugepage/enabled
fi
# Raise TCP backlog
#if ! grep -Fxq "net.core.somaxconn" /proc/sys/net/core/somaxconn
#then
# sed -i "s|net.core.somaxconn.*||g" /etc/sysctl.conf
# sysctl -w net.core.somaxconn=512
# echo "net.core.somaxconn = 512" >> /etc/sysctl.conf
#fi
sed -i "s|# unixsocket .*|unixsocket $REDIS_SOCK|g" $REDIS_CONF
sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF
sed -i "s|^port.*|port 0|" $REDIS_CONF
sed -i "s|# requirepass .*|requirepass $REDIS_PASS|g" $REDIS_CONF
sed -i 's|# rename-command CONFIG ""|rename-command CONFIG ""|' $REDIS_CONF
redis-cli SHUTDOWN
# Secure Redis
chown redis:root /etc/redis/redis.conf
chmod 600 /etc/redis/redis.conf
apt update -q4 & spinner_loading
apt autoremove -y
apt autoclean
exit

121
static/security.sh Executable file
View File

@@ -0,0 +1,121 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# REMOVE disable of SC2154 WHEN PUTTING SPAMHAUS IN PRODUCTION (it's just to fixing travis for now)
# shellcheck disable=2034,2059,SC2154
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
print_text_in_color "$ICyan" "Installing Extra Security..."
# Based on: http://www.techrepublic.com/blog/smb-technologist/secure-your-apache-server-from-ddos-slowloris-and-dns-injection-attacks/
# Protect against DDOS
apt update -q4 & spinner_loading
apt -y install libapache2-mod-evasive
mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive
if [ ! -f "$ENVASIVE" ]
then
touch "$ENVASIVE"
cat << ENVASIVE > "$ENVASIVE"
DOSHashTableSize 2048
DOSPageCount 20 # maximum number of requests for the same page
DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0 # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir
ENVASIVE
fi
# Protect against Slowloris
#apt -y install libapache2-mod-qos
a2enmod reqtimeout # http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
# Don't enable SpamHaus now as it's now working anyway
# REMOVE disable of SC2154 WHEN PUTTING SPAMHAUS IN PRODUCTION (it's just to fixing travis for now)
exit
# Protect against DNS Injection
# Insipired by: https://www.c-rieger.de/nextcloud-13-nginx-installation-guide-for-ubuntu-18-04-lts/#spamhausproject
# shellcheck disable=SC2016
DATE='$(date +%Y-%m-%d)'
cat << SPAMHAUS_ENABLE > "$SCRIPTS/spamhaus_cronjob.sh"
#!/bin/bash
# Thanks to @ank0m
EXEC_DATE='date +%Y-%m-%d'
SPAMHAUS_DROP="/usr/local/src/drop.txt"
SPAMHAUS_eDROP="/usr/local/src/edrop.txt"
URL="https://www.spamhaus.org/drop/drop.txt"
eURL="https://www.spamhaus.org/drop/edrop.txt"
DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt"
eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt"
DROP_ARCHIVE_FILE="/usr/local/src/DROP_{$EXEC_DATE}"
eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_{$EXEC_DATE}"
# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org
echo "Start time: $(date)"
echo " "
echo "Download daily DROP file:"
curl -fsSL "$URL" > $SPAMHAUS_DROP
grep -v '^;' $SPAMHAUS_DROP | cut -d ' ' -f 1 > $DROP_ADD_TO_UFW
echo " "
echo "Extract DROP IP addresses and add to UFW:"
cat $DROP_ADD_TO_UFW | while read line
do
/usr/sbin/ufw insert 1 deny from "$line" comment 'DROP_Blacklisted_IPs'
done
echo " "
echo "Downloading eDROP list and import to UFW"
echo " "
echo "Download daily eDROP file:"
curl -fsSL "$eURL" > $SPAMHAUS_eDROP
grep -v '^;' $SPAMHAUS_eDROP | cut -d ' ' -f 1 > $eDROP_ADD_TO_UFW
echo " "
echo "Extract eDROP IP addresses and add to UFW:"
cat $eDROP_ADD_TO_UFW | while read line
do
/usr/sbin/ufw insert 1 deny from "$line" comment 'eDROP_Blacklisted_IPs'
done
echo " "
#####
## To remove or revert these rules, keep the list of IPs!
## Run a command like so to remove the rules:
# while read line; do ufw delete deny from $line; done < $ARCHIVE_FILE
#####
echo "Backup DROP IP address list:"
mv $DROP_ADD_TO_UFW $DROP_ARCHIVE_FILE
echo " "
echo "Backup eDROP IP address list:"
mv $eDROP_ADD_TO_UFW $eDROP_ARCHIVE_FILE
echo " "
echo End time: $(date)
SPAMHAUS_ENABLE
# Make the file executable
chmod +x "$SCRIPTS"/spamhaus_cronjob.sh
# Add it to crontab
(crontab -l ; echo "10 2 * * * $SCRIPTS/spamhaus_crontab.sh 2>&1") | crontab -u root -
# Run it for the first time
check_command bash "$SCRIPTS"/spamhaus_cronjob.sh
# Enable $SPAMHAUS
if sed -i "s|#MS_WhiteList /etc/spamhaus.wl|MS_WhiteList $SPAMHAUS|g" /etc/apache2/mods-enabled/spamhaus.conf
then
print_text_in_color "$IGreen" "Security added!"
restart_webserver
fi

78
static/setup_secure_permissions_nextcloud.sh Executable file
View File

@@ -0,0 +1,78 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059,2012
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
htuser='www-data'
htgroup='www-data'
rootuser='root'
# Only check for existing datadir if Nextcloud is installed
if [ -f "$NCPATH"/config/config.php ]
then
NCDATA="$(grep 'datadir' "$NCPATH"/config/config.php | awk '{print $3}' | cut -d "'" -f2)"
fi
print_text_in_color "$IGreen" "Setting secure permissions..."
print_text_in_color "$ICyan" "Creating possible missing Directories"
mkdir -p "$NCPATH"/data
mkdir -p "$NCPATH"/updater
mkdir -p "$VMLOGS"
mkdir -p "$NCDATA"
if ! [ -f "$VMLOGS/nextcloud.log" ]
then
touch "$VMLOGS/nextcloud.log"
fi
if ! [ -f "$VMLOGS/audit.log" ]
then
touch "$VMLOGS/audit.log"
fi
print_text_in_color "$ICyan" "chmod Files and Directories"
find "${NCPATH}"/ -type f -print0 | xargs -0 chmod 0640
find "${VMLOGS}"/nextcloud.log -type f -print0 | xargs -0 chmod 0640
find "${VMLOGS}"/audit.log -type f -print0 | xargs -0 chmod 0640
find "${NCPATH}"/ -type d -print0 | xargs -0 chmod 0750
print_text_in_color "$ICyan" "chown Directories"
chown -R "${rootuser}":"${htgroup}" "${NCPATH}"/
chown -R "${htuser}":"${htgroup}" "${VMLOGS}"/nextcloud.log
chown -R "${htuser}":"${htgroup}" "${VMLOGS}"/audit.log
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/apps/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/config/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/themes/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/updater/
if ! [ "$(ls -ld "${NCDATA}" | awk '{print$3$4}')" == "${htuser}""${htgroup}" ]
then
chown -R "${htuser}":"${htgroup}" "${NCDATA}"/
fi
chmod +x "${NCPATH}"/occ
print_text_in_color "$ICyan" "chmod/chown .htaccess"
if [ -f "${NCPATH}"/.htaccess ]
then
chmod 0644 "${NCPATH}"/.htaccess
chown "${rootuser}":"${htgroup}" "${NCPATH}"/.htaccess
fi
if [ -f "${NCDATA}"/.htaccess ]
then
chmod 0644 "${NCDATA}"/.htaccess
chown "${rootuser}":"${htgroup}" "${NCDATA}"/.htaccess
fi

152
static/static_ip.sh Executable file
View File

@@ -0,0 +1,152 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
IRed='\e[0;91m' # Red
ICyan='\e[0;96m' # Cyan
Color_Off='\e[0m' # Text Reset
print_text_in_color() {
printf "%b%s%b\n" "$1" "$2" "$Color_Off"
}
# Use local lib file in case there is no internet connection
if [ -f /var/scripts/lib.sh ]
then
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
FIRST_IFACE=1 source /var/scripts/lib.sh
unset FIRST_IFACE
# If we have internet, then use the latest variables from the lib remote file
elif print_text_in_color "$ICyan" "Testing internet connection..." && ping github.com -c 2
then
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
FIRST_IFACE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
unset FIRST_IFACE
else
print_text_in_color "$IRed" "You don't seem to have a working internet connection, and /var/scripts/lib.sh is missing so you can't run this script."
print_text_in_color "$ICyan" "Please report this to https://github.com/nextcloud/vm/issues/"
exit 1
fi
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
# Check Ubuntu version
check_distro_version
# Copy old interfaces files
msg_box "Copying old netplan.io config files file to:
/tmp/netplan_io_backup/"
if [ -d /etc/netplan/ ]
then
mkdir -p /tmp/netplan_io_backup
check_command cp -vR /etc/netplan/* /tmp/netplan_io_backup/
fi
msg_box "Please note that if the IP address changes during an (remote) SSH connection (via Putty, or terminal for example), the connection will break and the IP will reset to DHCP or the IP you had before you started this script.
To avoid issues with lost connectivity, please use the VM Console directly, and not SSH."
if [[ "yes" == $(ask_yes_or_no "Are you connected via SSH?") ]]
then
print_text_in_color "$IRed" "Please use the VM Console instead."
sleep 1
exit
fi
echo
while true
do
# Ask for IP address
cat << ENTERIP
+----------------------------------------------------------+
| Please enter the static IP address you want to set, |
| including the subnet. Example: 192.168.1.100/24 |
+----------------------------------------------------------+
ENTERIP
echo
read -r LANIP
echo
if [[ $LANIP == *"/"* ]]
then
break
else
print_text_in_color "$IRed" "Did you forget the /subnet?"
fi
done
echo
while true
do
# Ask for domain name
cat << ENTERGATEWAY
+-------------------------------------------------------+
| Please enter the gateway address you want to set, |
| Your current gateway is: $GATEWAY |
+-------------------------------------------------------+
ENTERGATEWAY
echo
read -r GATEWAYIP
echo
if [[ "yes" == $(ask_yes_or_no "Is this correct? $GATEWAYIP") ]]
then
break
fi
done
# Check if IFACE is empty, if yes, try another method:
if [ -n "$IFACE" ]
then
cat <<-IPCONFIG > "$INTERFACES"
network:
version: 2
renderer: networkd
ethernets:
$IFACE: #object name
dhcp4: no # dhcp v4 disable
dhcp6: no # dhcp v6 disable
addresses: [$LANIP] # client IP address
gateway4: $GATEWAYIP # gateway address
nameservers:
addresses: [$DNS1,$DNS2] #name servers
IPCONFIG
msg_box "These are your settings, please make sure they are correct:
$(cat /etc/netplan/01-netcfg.yaml)"
netplan try
else
cat <<-IPCONFIGnonvmware > "$INTERFACES"
network:
version: 2
renderer: networkd
ethernets:
$IFACE2: #object name
dhcp4: no # dhcp v4 disable
dhcp6: no # dhcp v6 disable
addresses: [$ADDRESS/24] # client IP address
gateway4: $GATEWAY # gateway address
nameservers:
addresses: [$DNS1,$DNS2] #name servers
IPCONFIGnonvmware
msg_box "These are your settings, please make sure they are correct:
$(cat /etc/netplan/01-netcfg.yaml)"
netplan try
fi
if test_connection
then
sleep 1
msg_box "Static IP sucessfully set!"
fi

16
static/temporary-fix.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
exit

35
static/test_connection.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
curl_to_dir() {
check_command curl -sSL "$1"/"$2" -o "$3"/"$2"
}
# Colors
Color_Off='\e[0m'
IRed='\e[0;91m'
IGreen='\e[0;92m'
ICyan='\e[0;96m'
print_text_in_color() {
printf "%b%s%b\n" "$1" "$2" "$Color_Off"
}
curl_to_dir google.com google.connectiontest /tmp
if [ ! -s /tmp/google.connectiontest ]
then
print_text_in_color "$IRed" "Not connected!"
else
print_text_in_color "$IGreen" "Connected!"
fi

28
static/trusted.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
download_static_script update-config
if [ -f $SCRIPTS/update-config.php ]
then
# Change config.php
php $SCRIPTS/update-config.php $NCPATH/config/config.php 'trusted_domains[]' localhost "${ADDRESS[@]}" "$(hostname)" "$(hostname --fqdn)" >/dev/null 2>&1
php $SCRIPTS/update-config.php $NCPATH/config/config.php overwrite.cli.url https://"$(hostname --fqdn)"/ >/dev/null 2>&1
# Change .htaccess accordingly
sed -i "s|RewriteBase /nextcloud|RewriteBase /|g" $NCPATH/.htaccess
# Cleanup
rm -f $SCRIPTS/update-config.php
fi

53
static/update-config.php Executable file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/php
# Credit to: https://github.com/jnweiger
<?php
#
# Update or delete an entry in config.php.
# Called by kiwi's config.sh
#
if ($argc < 3)
{
print "Example Usage:\n\t". __FILE__." path/to/config.php overwritewebroot /nextcloud\n";
print "\t".__FILE__." path/to/config.php trusted_domains[] 17.0.2.15 localhost\n";
# nothing to do
return;
}
if (!is_file($argv[1]))
{
# do not create the file, if missing.
# Wrong permissions are deadly for nextcloud.
## FIXME: get some proper errno or strerror() please?
print($argv[1] . ": \$CONFIG cannot be loaded?\n");
return;
}
include "$argv[1]";
if ($argc > 3)
{
# append [] to the key name, if you need to pass an array object.
if (substr($argv[2], -2) === '[]')
{
$CONFIG[substr($argv[2],0,-2)] = array_slice($argv,3);
}
else
{
$CONFIG[$argv[2]] = $argv[3];
}
}
else
{
# exactly two parameter given -- means delete.
unset($CONFIG[$argv[2]]);
}
$text = var_export($CONFIG, true);
## A warning is printed, if argv[1] is not writable.
## PHP does not issue proper errno or strerror() does it?
file_put_contents($argv[1], "<?php\n\$CONFIG = $text;\n");
?>

29
static/update.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
mkdir -p "$SCRIPTS"
if [ "${1}" = "minor" ]
then
echo "$((NCMAJOR-1))" > /tmp/minor.version
fi
# Delete, download, run
run_main_script nextcloud_update
exit