Add ncp-app for prometheus (system) metricsv1.37.3

* metrics.{sh,cfg}: Implement ncp-app for prometheus (system) metrics letsencrypts.sh, nc-nextcloud.sh, nextcloud.conf.sh: Introduce templating/generator concept to allow multiple ncp apps to edit the same file without conflicts library.sh: Add convenience function find_app_param Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * letsencrypt.sh: Remove commented code Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Deactivate by default - Add title, description and remove TODO entries Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Restart apache after enabling proxy_http Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * update.sh: Update ncp-templates directory during updates Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * update.sh: Copy ncp-templates directory, not just its content Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh,update.sh: Disable metrics in docker for now Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Disable prometheus-node-exporter via systemctl Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Move apache mod configuration to updates Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Remove invalid parameter type Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Create /etc/default/prometheus-node-exporter via heredoc Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Prevent template parsing error if metrics.sh is disabled (i.e. on docker) Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Add info directing users to my preconfigured ncp dashboard Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * Various fixes - metrics.sh: Fix is_active function always returning 1 - metrics.sh: Fix apache2 reload potentially interrupting web ui - nc-nextcloud.sh: exit if nextcloud.conf templating fails - various readability and code style improvements Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * letsencrypt.sh: Use consistent return codes in tmpl_letsencrypt_domain Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Remove obsolete return code escape Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Ensure that the snakeoil self-signed cert exists before enabling it Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * updates/1.36.4.sh: Reload apache in the background instead of restarting it blockingly Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
author: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> 2021-08-03 00:12:56 +0300
committer: GitHub <noreply@github.com> 2021-08-03 00:12:56 +0300
commit: b8a990e264a34f3d47c3365bcdf67efd6f974132 (patch)
tree: c442ef0b25d98b885da3dc33d2fcf4072f2a0423 /bin
parent: 4300e30d78cd3f8b103a15eac0aa6dfc157e230f (diff)
3 files changed, 97 insertions, 33 deletions
diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh
index 7f354b31..fa522a57 100644
--- a/bin/ncp/CONFIG/nc-nextcloud.sh
+++ b/bin/ncp/CONFIG/nc-nextcloud.sh
@@ -175,30 +175,13 @@ EOF
 
 ## SET APACHE VHOST
   echo "Setting up Apache..."
-  cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF'
-<IfModule mod_ssl.c>
-  <VirtualHost _default_:443>
-    DocumentRoot /var/www/nextcloud
-    CustomLog /var/log/apache2/nc-access.log combined
-    ErrorLog  /var/log/apache2/nc-error.log
-    SSLEngine on
-    SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
-    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-  </VirtualHost>
-  <Directory /var/www/nextcloud/>
-    Options +FollowSymlinks
-    AllowOverride All
-    <IfModule mod_dav.c>
-      Dav off
-    </IfModule>
-    LimitRequestBody 0
-    SSLRenegBufferSize 10486000
-  </Directory>
-  <IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-  </IfModule>
-</IfModule>
-EOF
+  bash /usr/local/etc/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || {
+    echo "ERROR: An error occured while generating the nextcloud apache2 config. Attempting safe mode..."
+    bash /usr/local/etc/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf || {
+      echo "ERROR: Safe mode templating failed as well. Nextcloud will not work."
+      exit 1
+    }
+  }
   a2ensite nextcloud
 
   cat > /etc/apache2/sites-available/000-default.conf <<'EOF'
diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh
index 415567b0..9b5df324 100644
--- a/bin/ncp/NETWORKING/letsencrypt.sh
+++ b/bin/ncp/NETWORKING/letsencrypt.sh
@@ -9,7 +9,7 @@
 
 
 ncdir=/var/www/nextcloud
-vhostcfg=/etc/apache2/sites-available/nextcloud.conf
+nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
 vhostcfg2=/etc/apache2/sites-available/ncp.conf
 letsencrypt=/usr/bin/letsencrypt
 
@@ -18,6 +18,16 @@ is_active()
   [[ $( find /etc/letsencrypt/live/ -maxdepth 0 -empty | wc -l ) == 0 ]]
 }
 
+tmpl_letsencrypt_domain() {
+  (
+  . /usr/local/etc/library.sh
+  if is_active
+  then
+    find_app_param letsencrypt DOMAIN
+  fi
+  )
+}
+
 install()
 {
   cd /etc || return 1
@@ -48,11 +58,6 @@ configure()
 
   [[ "$DOMAIN" == "" ]] && { echo "empty domain"; return 1; }
 
-  # Configure Apache
-  grep -q ServerName $vhostcfg && \
-    sed -i "s|ServerName .*|ServerName $DOMAIN|" $vhostcfg || \
-    sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg
-
   # Do it
   local domain_string=""
   for domain in $DOMAIN $OTHER_DOMAIN; do
@@ -94,9 +99,7 @@ EOF
     chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp
 
     # Configure Apache
-    sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg
-    sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg
-
+    bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > ${nc_vhostcfg}
     sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2
     sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2
 
diff --git a/bin/ncp/SYSTEM/metrics.sh b/bin/ncp/SYSTEM/metrics.sh
new file mode 100644
index 00000000..bd13de28
--- /dev/null
+++ b/bin/ncp/SYSTEM/metrics.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+is_active() {
+  systemctl is-active -q prometheus-node-exporter || return 0
+  return 1
+}
+
+tmpl_metrics_enabled() {
+  (
+  . /usr/local/etc/library.sh
+  local param_active="$(find_app_param metrics.sh ACTIVE)"
+  [[ "$param_active" == yes ]] || exit 1
+  )
+}
+
+install() {
+
+  # Subshell to return on failure  instead of exiting (due to set -e)
+  (
+
+  set -e
+  cat > /etc/default/prometheus-node-exporter <<'EOF'
+ARGS="--collector.filesystem.ignored-mount-points=\"^/(dev|proc|run|sys|mnt|var/log|var/lib/docker)($|/)\""
+EOF
+  apt_install prometheus-node-exporter
+
+  # TODO: Docker support?
+  systemctl disable prometheus-node-exporter
+  service prometheus-node-exporter stop
+
+  )
+}
+
+configure() {
+
+  if [[ "$ACTIVE" != yes ]]
+  then
+    bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf
+
+    systemctl disable prometheus-node-exporter
+    service prometheus-node-exporter stop
+  else
+    [[ -n "$USER" ]] || {
+      echo "ERROR: User can not be empty!" >&2
+      return 1
+    }
+
+    [[ -n "$PASSWORD" ]] || {
+      echo "ERROR: Password can not be empty!" >&2
+      return 1
+    }
+
+    [[ ${#PASSWORD} -ge 10 ]] || {
+      echo "ERROR: Password must be at least 10 characters long!" >&2
+      return 1
+    }
+
+    local htpasswd_file="/usr/local/etc/metrics.htpasswd"
+    rm -f "${htpasswd_file}"
+    echo "$PASSWORD" | htpasswd -ciB "${htpasswd_file}" metrics
+
+    bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || {
+      echo "An unexpected error occurred while configuring apache. Rolling back..." >&2
+      bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf
+      return 1
+    }
+
+    systemctl enable prometheus-node-exporter
+    service prometheus-node-exporter start
+
+    echo "Metric endpoint enabled. You can test it at https://nextcloudpi.local/metrics/system (or under your NC domain under the same path)"
+  fi
+  echo "Apache Test:"
+  apache2ctl -t
+  bash -c "sleep 2 && service apache2 reload" &>/dev/null &
+
+
+}
author	Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com>	2021-08-03 00:12:56 +0300
committer	GitHub <noreply@github.com>	2021-08-03 00:12:56 +0300
commit	b8a990e264a34f3d47c3365bcdf67efd6f974132 (patch)
tree	c442ef0b25d98b885da3dc33d2fcf4072f2a0423 /bin
parent	4300e30d78cd3f8b103a15eac0aa6dfc157e230f (diff)