diff options
| author | nachoparker <nacho@ownyourbits.com> | 2021-11-03 02:09:41 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2021-11-03 02:11:47 +0300 |
| commit | 19ede8a6598cba29af74f6462045b589b810b301 (patch) | |
| tree | b00bbdf4c993b55c0e6af5182bce652051dfdc1d | |
| parent | 99a701b18ea22afd71dd0b576a6283332b1a850e (diff) | |
nc-datadir: support for nc-encrypted foldersv1.43.3
Signed-off-by: nachoparker <nacho@ownyourbits.com>
| -rw-r--r-- | bin/ncp/CONFIG/nc-datadir.sh | 87 | ||||
| -rw-r--r-- | changelog.md | 10 | ||||
| -rw-r--r-- | etc/library.sh | 2 | ||||
| -rw-r--r-- | ncp-web/index.php | 4 |
4 files changed, 59 insertions, 44 deletions
diff --git a/bin/ncp/CONFIG/nc-datadir.sh b/bin/ncp/CONFIG/nc-datadir.sh index 6948518a..79aae121 100644 --- a/bin/ncp/CONFIG/nc-datadir.sh +++ b/bin/ncp/CONFIG/nc-datadir.sh @@ -23,84 +23,95 @@ install() configure() { source /usr/local/etc/library.sh # sets PHPVER + set -eu -o pipefail ## CHECKS - local SRCDIR + local SRCDIR BASEDIR ENCDIR SRCDIR=$( cd /var/www/nextcloud; ncc config:system:get datadirectory ) || { echo -e "Error reading data directory. Is NextCloud running and configured?"; return 1; } [ -d "$SRCDIR" ] || { echo -e "data directory $SRCDIR not found"; return 1; } - [[ "$SRCDIR" == "$DATADIR" ]] && { echo -e "INFO: data already there"; return 0; } - - # checks - local BASEDIR=$( dirname "$DATADIR" ) - - [ -d "$BASEDIR" ] || { echo "$BASEDIR does not exist"; return 1; } + [[ "$SRCDIR" == "${DATADIR}" ]] && { echo -e "INFO: data already there"; return 0; } + [[ "$SRCDIR" == "${DATADIR}"/data ]] && { echo -e "INFO: data already there"; return 0; } + BASEDIR="${DATADIR}" # If the user chooses the root of the mountpoint, force a folder - mountpoint -q "$DATADIR" && { - BASEDIR="$DATADIR" + mountpoint -q "${BASEDIR}" && { + BASEDIR="${BASEDIR}"/ncdata } - grep -q -e ext -e btrfs <( stat -fc%T "$BASEDIR" ) || { + mkdir -p "${BASEDIR}" + BASEDIR="$(cd "${BASEDIR}" && pwd -P)" # resolve symlinks and use the real path + DATADIR="${BASEDIR}"/data + ENCDIR="${BASEDIR}"/ncdata_enc + + # checks + grep -q -e ext -e btrfs <( stat -fc%T "${BASEDIR}" ) || { echo -e "Only ext/btrfs filesystems can hold the data directory" return 1 } - sudo -u www-data test -x "$BASEDIR" || { - echo -e "ERROR: the user www-data does not have access permissions over $BASEDIR" + sudo -u www-data test -x "${BASEDIR}" || { + echo -e "ERROR: the user www-data does not have access permissions over ${BASEDIR}" return 1 } # backup possibly existing datadir - [ -d $DATADIR ] && { - local BKP="${DATADIR}-$( date "+%m-%d-%y" )" - echo "INFO: $DATADIR is not empty. Creating backup $BKP" - mv "$DATADIR" "$BKP" + [ -d "${BASEDIR}" ] && { + rmdir "${BASEDIR}" &>/dev/null || { + local BKP="${BASEDIR}-$(date "+%m-%d-%y.%s")" + echo "INFO: ${BASEDIR} is not empty. Creating backup ${BKP}" + mv "${BASEDIR}" "${BKP}" + } + mkdir -p "${BASEDIR}" } - ## COPY cd /var/www/nextcloud save_maintenance_mode - echo "moving data directory from $SRCDIR to $DATADIR..." - - # resolve symlinks and use the real path - mkdir "$DATADIR" - DATADIR=$(cd "$DATADIR" && pwd -P) - rmdir "$DATADIR" + echo "moving data directory from ${SRCDIR} to ${BASEDIR}..." # use subvolumes, if BTRFS - [[ "$( stat -fc%T "$BASEDIR" )" == "btrfs" ]] && { + [[ "$(stat -fc%T "${BASEDIR}")" == "btrfs" ]] && { echo "BTRFS filesystem detected" - btrfs subvolume create "$DATADIR" || return 1 + rmdir "${BASEDIR}" + btrfs subvolume create "${BASEDIR}" } - cp --reflink=auto -raT "$SRCDIR" "$DATADIR" || return 1 - chown www-data:www-data "$DATADIR" + # use encryption, if selected + if is_active_app nc-encrypt; then + # if we have encryption AND BTRFS, then store ncdata_enc in the subvolume + mv "$(dirname "${SRCDIR}")"/ncdata_enc "${ENCDIR}" + mkdir "${DATADIR}" && mount --bind "${SRCDIR}" "${DATADIR}" + mkdir "$(dirname "${SRCDIR}")"/ncdata_enc && mount --bind "${ENCDIR}" "$(dirname "${SRCDIR}")"/ncdata_enc + else + mv "${SRCDIR}" "${DATADIR}" + fi + chown www-data: "${DATADIR}" + + # datadir + sed -i "s|'datadirectory' =>.*|'datadirectory' => '${DATADIR}',|" "$NCDIR"/config/config.php + ncc config:system:set logfile --value="${DATADIR}/nextcloud.log" + set_ncpcfg datadir "${DATADIR}" # tmp upload dir - mkdir -p "$DATADIR/tmp" - chown www-data:www-data "$DATADIR/tmp" + mkdir -p "${DATADIR}/tmp" + chown www-data:www-data "${DATADIR}/tmp" ncc config:system:set tempdirectory --value "$DATADIR/tmp" - sed -i "s|^;\?upload_tmp_dir =.*$|uploadtmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/cli/php.ini - sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/fpm/php.ini - sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/fpm/php.ini + sed -i "s|^;\?upload_tmp_dir =.*$|uploadtmp_dir = ${DATADIR}/tmp|" /etc/php/"${PHPVER}"/cli/php.ini + sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = ${DATADIR}/tmp|" /etc/php/"${PHPVER}"/fpm/php.ini + sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = ${DATADIR}/tmp|" /etc/php/"${PHPVER}"/fpm/php.ini # opcache dir - sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$DATADIR/.opcache|" /etc/php/${PHPVER}/mods-available/opcache.ini + sed -i "s|^opcache.file_cache=.*|opcache.file_cache=${DATADIR}/.opcache|" /etc/php/"${PHPVER}"/mods-available/opcache.ini # update fail2ban logpath [[ -f /etc/fail2ban/jail.local ]] && \ - sed -i "s|logpath =.*nextcloud.log|logpath = $DATADIR/nextcloud.log|" /etc/fail2ban/jail.local + sed -i "s|logpath =.*nextcloud.log|logpath = ${DATADIR}/nextcloud.log|" /etc/fail2ban/jail.local - # datadir - ncc config:system:set datadirectory --value="$DATADIR" - ncc config:system:set logfile --value="$DATADIR/nextcloud.log" - set_ncpcfg datadir "${datadir}" restore_maintenance_mode } diff --git a/changelog.md b/changelog.md index e559f3ab..4b793bbb 100644 --- a/changelog.md +++ b/changelog.md @@ -1,9 +1,13 @@ -[v1.43.0](https://github.com/nextcloud/nextcloudpi/commit/9bad41c) (2021-10-22) add nc-encrypt +[v1.43.2](https://github.com/nextcloud/nextcloudpi/commit/b555146) (2021-11-02) nc-datadir: support for nc-encrypted folders -[v1.42.5](https://github.com/nextcloud/nextcloudpi/commit/f0abbbc) (2021-10-27) letsencrypt: sync ncp and nc cert paths +[v1.43.1 ](https://github.com/nextcloud/nextcloudpi/commit/50a003a) (2021-10-27) ncp-web: tweak password suggestions -[v1.42.4 ](https://github.com/nextcloud/nextcloudpi/commit/f7e28c2) (2021-10-27) small trusted domains refactor +[v1.43.0](https://github.com/nextcloud/nextcloudpi/commit/7b73d1d) (2021-10-22) add nc-encrypt + +[v1.42.5](https://github.com/nextcloud/nextcloudpi/commit/532a6a8) (2021-10-27) letsencrypt: sync ncp and nc cert paths + +[v1.42.4 ](https://github.com/nextcloud/nextcloudpi/commit/41368fe) (2021-10-27) ncp-vm: add automatic testing and change default root password [v1.42.3 ](https://github.com/nextcloud/nextcloudpi/commit/b1e7323) (2021-10-25) nextcloud-domain: fix variable collision diff --git a/etc/library.sh b/etc/library.sh index be674f34..7be0fb2c 100644 --- a/etc/library.sh +++ b/etc/library.sh @@ -474,7 +474,7 @@ function save_maintenance_mode() function restore_maintenance_mode() { - if [[ "${NCP_MAINTENANCE_MODE}" != "" ]]; then + if [[ "${NCP_MAINTENANCE_MODE:-}" != "" ]]; then "${ncc}" maintenance:mode --on else "${ncc}" maintenance:mode --off diff --git a/ncp-web/index.php b/ncp-web/index.php index 21ce5475..fc909a68 100644 --- a/ncp-web/index.php +++ b/ncp-web/index.php @@ -13,14 +13,14 @@ ob_start(); // check for encrypted data to present unlock dialog exec("bash -c 'source /usr/local/etc/library.sh; needs_decrypt'", $output, $ret); if ($ret == 0) { - header("Location: decrypt"); + header("Location: /decrypt"); exit(); } // redirect to activation first time exec("a2query -s ncp-activation", $output, $ret); if ($ret == 0) { - header("Location: activate"); + header("Location: /activate"); exit(); } |