diff options
| author | nachoparker <nacho@ownyourbits.com> | 2018-12-10 04:08:33 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2019-01-05 04:14:52 +0300 |
| commit | d5c1f0058b43c22ebb132f51df0ea144fbd927ec (patch) | |
| tree | b826d4fefb22afc2513a57e9464a486b9fd24dcc /etc/ncp-config.d | |
| parent | 21fee19452410817d26b6caebd0a91b5968b0a44 (diff) | |
rework to use JSON based cfg and more
Diffstat (limited to 'etc/ncp-config.d')
108 files changed, 1153 insertions, 4792 deletions
diff --git a/etc/ncp-config.d/DDNS_duckDNS.cfg b/etc/ncp-config.d/DDNS_duckDNS.cfg new file mode 100644 index 00000000..2341691a --- /dev/null +++ b/etc/ncp-config.d/DDNS_duckDNS.cfg @@ -0,0 +1,26 @@ +{ + "id": "DDNS_duckDNS", + "name": "DDNS_duckDNS", + "title": "DDNS_duckDNS", + "description": "Free Dynamic DNS provider (need account from https://duckdns.org)", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mycloud.duckdns.org" + }, + { + "id": "TOKEN", + "name": "TOKEN", + "value": "your-duckdns-token" + } + ] +} diff --git a/etc/ncp-config.d/DDNS_duckDNS.sh b/etc/ncp-config.d/DDNS_duckDNS.sh deleted file mode 100644 index 4f6edd3e..00000000 --- a/etc/ncp-config.d/DDNS_duckDNS.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -# DuckDNS installation on Raspbian for NextCloudPi -# -# -# Copyleft 2017 by Courtney Hicks -# GPL licensed (see end of file) * Use at your own risk! -# - -ACTIVE_=no -DOMAIN_=mycloud.duckdns.org -TOKEN_=your-duckdns-token - -INSTALLDIR=duckdns -INSTALLPATH=/usr/local/etc/$INSTALLDIR -CRONFILE=/etc/cron.d/duckdns -DESCRIPTION="Free Dynamic DNS provider (need account from https://duckdns.org)" - -configure() -{ - local DOMAIN="$( sed 's|.duckdns.org||' <<<"$DOMAIN_" )" - if [[ $ACTIVE_ == "yes" ]]; then - mkdir -p "$INSTALLPATH" - - # Creates duck.sh script that checks for updates to DNS records - touch "$INSTALLPATH"/duck.sh - touch "$INSTALLPATH"/duck.log - echo -e "echo url=\"https://www.duckdns.org/update?domains=$DOMAIN&token=$TOKEN_&ip=\" | curl -k -o "$INSTALLPATH"/duck.log -K -" > "$INSTALLPATH"/duck.sh - - # Adds file to cron to run script for DNS record updates and change permissions - touch $CRONFILE - echo "*/5 * * * * root $INSTALLPATH/duck.sh >/dev/null 2>&1" > "$CRONFILE" - chmod 700 "$INSTALLPATH"/duck.sh - chmod +x "$CRONFILE" - - # First-time execution of duck script - "$INSTALLPATH"/duck.sh > /dev/null 2>&1 - - SUCCESS="$( cat $INSTALLPATH/duck.log )" - - # Checks for successful run of duck.sh - if [[ $SUCCESS == "OK" ]]; then - echo "DuckDNS is enabled" - elif [[ $SUCCESS == "KO" ]]; then - echo "DuckDNS install failed, is your information correct?" - fi - - # Removes config files and cron job if ACTIVE_ is set to no - elif [[ $ACTIVE_ == "no" ]]; then - rm -f "$CRONFILE" - rm -f "$INSTALLPATH"/duck.sh - rm -f "$INSTALLPATH"/duck.log - rmdir "$INSTALLPATH" - echo "DuckDNS is now disabled" - fi -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/DDNS_freeDNS.cfg b/etc/ncp-config.d/DDNS_freeDNS.cfg new file mode 100644 index 00000000..fc2f6fc0 --- /dev/null +++ b/etc/ncp-config.d/DDNS_freeDNS.cfg @@ -0,0 +1,31 @@ +{ + "id": "DDNS_freeDNS", + "name": "DDNS_freeDNS", + "title": "DDNS_freeDNS", + "description": "DDNS FreeDNS client (need account)", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "UPDATEHASH", + "name": "UPDATEHASH", + "value": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJK1234567" + }, + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mynextcloud.example.com" + }, + { + "id": "UPDATEINTERVAL", + "name": "UPDATEINTERVAL", + "value": "30" + } + ] +} diff --git a/etc/ncp-config.d/DDNS_freeDNS.sh b/etc/ncp-config.d/DDNS_freeDNS.sh deleted file mode 100644 index 15ea4612..00000000 --- a/etc/ncp-config.d/DDNS_freeDNS.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -# FreeDNS updater client installation on Raspbian -# -# Copyleft 2017 by Panteleimon Sarantos <pantelis.fedora _a_t_ gmail _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# - -ACTIVE_=no -UPDATEHASH_=abcdefghijklmnopqrstuvwxyzABCDEFGHIJK1234567 -DOMAIN_=mynextcloud.example.com -UPDATEINTERVAL_=30 -DESCRIPTION="DDNS FreeDNS client (need account)" - -UPDATEURL=https://freedns.afraid.org/dynamic/update.php -URL="${UPDATEURL}?${UPDATEHASH_}" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y dnsutils -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/freeDNS - service cron restart - echo "FreeDNS client is disabled" - return 0 - } - - cat > /usr/local/bin/freedns.sh <<EOF -#!/bin/bash -echo "FreeDNS client started" -echo "${URL}" -registeredIP=$(dig +short "$DOMAIN_"|tail -n1) -currentIP=\$(wget -q -O - http://checkip.dyndns.org|sed s/[^0-9.]//g) - [ "\$currentIP" != "\$registeredIP" ] && { - wget -q -O /dev/null ${URL} - } -echo "Registered IP: \$registeredIP | Current IP: \$currentIP" -EOF - chmod +744 /usr/local/bin/freedns.sh - - echo "*/${UPDATEINTERVAL_} * * * * root /bin/bash /usr/local/bin/freedns.sh" > /etc/cron.d/freeDNS - service cron restart - - cd /var/www/nextcloud - sudo -u www-data php occ config:system:set trusted_domains 3 --value="$DOMAIN_" - sudo -u www-data php occ config:system:set overwrite.cli.url --value=https://"$DOMAIN_"/ - - echo "FreeDNS client is enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/DDNS_no-ip.cfg b/etc/ncp-config.d/DDNS_no-ip.cfg new file mode 100644 index 00000000..df7e04b4 --- /dev/null +++ b/etc/ncp-config.d/DDNS_no-ip.cfg @@ -0,0 +1,36 @@ +{ + "id": "DDNS_no-ip", + "name": "DDNS_no-ip", + "title": "DDNS_no-ip", + "description": "DDNS no-ip free provider (need account)", + "info": "For this step to succeed, you need to register a noip account first.\nInternet access is required for this configuration to complete.", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "USER", + "name": "USER", + "value": "my-noip-user@email.com" + }, + { + "id": "PASS", + "name": "PASS", + "value": "noip-pass" + }, + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mycloud.ownyourbits.com" + }, + { + "id": "TIME", + "name": "TIME", + "value": "30" + } + ] +} diff --git a/etc/ncp-config.d/DDNS_no-ip.sh b/etc/ncp-config.d/DDNS_no-ip.sh deleted file mode 100644 index 0e5b0478..00000000 --- a/etc/ncp-config.d/DDNS_no-ip.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -# no-ip.org installation on Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/03/05/dynamic-dns-for-raspbian-with-no-ip-org-installer/ -# - -ACTIVE_=no -USER_=my-noip-user@email.com -PASS_=noip-pass -DOMAIN_=mycloud.ownyourbits.com -TIME_=30 -DESCRIPTION="DDNS no-ip free provider (need account)" - -INFO="For this step to succeed, you need to register a noip account first. -Internet access is required for this configuration to complete." - -install() -{ - apt-get update - apt-get install --no-install-recommends -y make gcc libc-dev - - local TMPDIR="$( mktemp -d /tmp/noip.XXXXXX )" - cd "$TMPDIR" - wget -O- --content-disposition https://github.com/nachoparker/noip-DDNS/archive/master/latest.tar.gz \ - | tar -xz \ - || return 1 - cd -; cd "$OLDPWD"/noip-DDNS-master/ - make - cp noip2 /usr/local/bin/ - - cat > /etc/init.d/noip2 <<'EOF' -#! /bin/sh -# /etc/init.d/noip2 - -### BEGIN INIT INFO -# Provides: no-ip.org -# Required-Start: $local_fs $remote_fs -# Required-Stop: $local_fs $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start no-ip.org dynamic DNS -### END INIT INFO -EOF - - cat debian.noip2.sh >> /etc/init.d/noip2 - - chmod +x /etc/init.d/noip2 - cd - - rm -r "$TMPDIR" - - update-rc.d noip2 defaults - update-rc.d noip2 disable - - mkdir -p /usr/local/etc/noip2 - - [[ "$DOCKERBUILD" == 1 ]] && { - cat > /etc/services-available.d/100noip <<EOF -#!/bin/bash - -source /usr/local/etc/library.sh - -[[ "\$1" == "stop" ]] && { - echo "stopping noip..." - service noip2 stop - exit 0 -} - -persistent_cfg /usr/local/etc/noip2 /data/etc/noip2 - -echo "Starting noip..." -service noip2 start - -exit 0 -EOF - chmod +x /etc/services-available.d/100noip - } -} - -configure() -{ - service noip2 stop - [[ $ACTIVE_ != "yes" ]] && { update-rc.d noip2 disable; return 0; } - - local IF=$( ip -br l | awk '{ if ( $2 == "UP" ) print $1 }' | head -1 ) - [[ "$IF" != "" ]] && IF="-I $IF" - - /usr/local/bin/noip2 -C -c /usr/local/etc/no-ip2.conf $IF -U "$TIME_" -u "$USER_" -p "$PASS_" 2>&1 | tee >(cat - >&2) \ - | grep -q "New configuration file .* created" || return 1 - - update-rc.d noip2 enable - service noip2 restart - cd /var/www/nextcloud - sudo -u www-data php occ config:system:set trusted_domains 3 --value="$DOMAIN_" - sudo -u www-data php occ config:system:set overwrite.cli.url --value=https://"$DOMAIN_"/ - echo "noip DDNS enabled" - -} - -cleanup() -{ - # this uninstalls udiskie, commented out - # udiskie with these dependencies fixed in Buster - # apt-get purge -y make gcc libc-dev - : -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/DDNS_spDYN.cfg b/etc/ncp-config.d/DDNS_spDYN.cfg new file mode 100644 index 00000000..130b6494 --- /dev/null +++ b/etc/ncp-config.d/DDNS_spDYN.cfg @@ -0,0 +1,26 @@ +{ + "id": "DDNS_spDYN", + "name": "DDNS_spDYN", + "title": "DDNS_spDYN", + "description": "Free Dynamic DNS provider (need account from spdyn.de)", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mycloud.spdns.de" + }, + { + "id": "TOKEN", + "name": "TOKEN", + "value": "your-spdns-token" + } + ] +} diff --git a/etc/ncp-config.d/DDNS_spDYN.sh b/etc/ncp-config.d/DDNS_spDYN.sh deleted file mode 100644 index 380b136e..00000000 --- a/etc/ncp-config.d/DDNS_spDYN.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/bash - -# spDYN setup for NextCloudPi -# -# -# Copyleft 2017/2018 by Timm Goldenstein and Timo Stiefel -# https://github.com/TimmThaler/spdnsUpdater -# -# GPL licensed (see end of file) * Use at your own risk! -# - -ACTIVE_=no -DOMAIN_=mycloud.spdns.de -TOKEN_=your-spdns-token -IPv6_=no - -INSTALLDIR=spdnsupdater -INSTALLPATH=/usr/local/etc/$INSTALLDIR -CRONFILE=/etc/cron.d/spdnsupdater -DESCRIPTION="Free Dynamic DNS provider (need account from spdyn.de)" - -install() -{ - # Create the spdnsUpdater.sh - mkdir -p "$INSTALLPATH" - # Write the script to file - cat > "$INSTALLPATH"/spdnsUpdater.sh <<'EOF' -#!/bin/bash - -### Usage -# -# Recommended usage: ./spdnsUpdater.sh <hostname> <token> -# Alternative usage: ./spdnsUpdater.sh <hostname> <user> <passwd> (not implemented) -# - -### Configuration -HOST=$1 -TOKEN=$2 -IPv6=$3 - -# Get current IP address from -if [[ $IPv6 == "yes" ]]; then - get_ip_url="http://checkip6.spdyn.de" -else - get_ip_url="http://checkip4.spdyn.de" -fi - -update_url="https://update.spdyn.de/nic/update" - - -### Update procedure -function spdnsUpdater { - # Send the current IP address to spdyn.de - # and show the response - - params=$1 - updater=$(wget -qO- --post-data $params $update_url) - updater=$(echo $updater | grep -o '^[a-z]*') - - case "$updater" in - abuse) echo "[$updater] Der Host kann nicht aktualisiert werden, da er aufgrund vorheriger fehlerhafter Updateversuche gesperrt ist." - ;; - badauth) echo "[$updater] Ein ungültiger Benutzername und / oder ein ungültiges Kennwort wurde eingegeben." - ;; - good) echo "[$updater] Die Hostname wurde erfolgreich auf die neue IP aktualisiert." - ;; - yours) echo "[$updater] Der angegebene Host kann nicht unter diesem Benutzer-Account verwendet werden." - ;; - notfqdn) echo "[$updater] Der angegebene Host ist kein FQDN." - ;; - numhost) echo "[$updater] Es wurde versucht, mehr als 20 Hosts in einer Anfrage zu aktualisieren." - ;; - nochg) echo "[$updater] Die IP hat sich zum letzten Update nicht geändert." - ;; - nohost) echo "[$updater] Der angegebene Host existiert nicht oder wurde gelöscht." - ;; - fatal) echo "[$updater] Der angegebene Host wurde manuell deaktiviert." - ;; - *) echo "[$updater]" - ;; - esac - -} - - # Get registered IP address - registered_ip=$(dig +short "$HOST"|tail -n1) - # Get current IP address - current_ip=$(wget -qO- "$get_ip_url"); - # Update only when IP address has changed. - [ "\$current_ip" == "\$registered_ip" ] && { - return 0 - } - params="hostname=$HOST&myip=$current_ip&user=$HOST&pass=$TOKEN" - spdnsUpdater "$params" -EOF - - chmod 700 "$INSTALLPATH"/spdnsUpdater.sh - chmod a+x "$INSTALLPATH"/spdnsUpdater.sh - -} - -configure() -{ - if [[ $ACTIVE_ == "yes" ]]; then - - # Adds file to cron to run script for DNS record updates and change permissions - touch $CRONFILE - echo "*/5 * * * * root $INSTALLPATH/spdnsUpdater.sh $DOMAIN_ $TOKEN_ $IPv6_ >/dev/null 2>&1" > "$CRONFILE" - chmod +x "$CRONFILE" - - # First-time execution of update script and print response from spdns.de server - "$INSTALLPATH"/spdnsUpdater.sh "$DOMAIN_" "$TOKEN_" "$IPv6_" - - echo -e "\nspdnsUpdater is now enabled" - - # Removes config files and cron job if ACTIVE_ is set to no - elif [[ $ACTIVE_ == "no" ]]; then - echo "... removing cronfile: $CRONFILE" - rm -f "$CRONFILE" - echo -e "\nspdnsUpdater is now disabled" - fi - service cron restart -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/NFS.cfg b/etc/ncp-config.d/NFS.cfg new file mode 100644 index 00000000..38298e74 --- /dev/null +++ b/etc/ncp-config.d/NFS.cfg @@ -0,0 +1,36 @@ +{ + "id": "NFS", + "name": "NFS", + "title": "NFS", + "description": "NFS network file system server (for Linux LAN)", + "info": "If we intend to modify the data folder through NFS,\nthen we have to synchronize NextCloud to make it aware of the changes.\n\nThis can be done manually or automatically using 'nc-scan' and 'nc-scan-auto'", + "infotitle": "Instructions for external synchronization", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DIR", + "name": "DIR", + "value": "/media/USBdrive/ncdata/admin/files" + }, + { + "id": "SUBNET", + "name": "SUBNET", + "value": "192.168.1.0/24" + }, + { + "id": "USER", + "name": "USER", + "value": "www-data" + }, + { + "id": "GROUP", + "name": "GROUP", + "value": "www-data" + } + ] +} diff --git a/etc/ncp-config.d/NFS.sh b/etc/ncp-config.d/NFS.sh deleted file mode 100644 index db9d4336..00000000 --- a/etc/ncp-config.d/NFS.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -# NFS server for Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -DIR_=/media/USBdrive/ncdata/admin/files -SUBNET_=192.168.1.0/24 -USER_=www-data -GROUP_=www-data -DESCRIPTION="NFS network file system server (for Linux LAN)" - -INFOTITLE="Instructions for external synchronization" -INFO="If we intend to modify the data folder through NFS, -then we have to synchronize NextCloud to make it aware of the changes. - -This can be done manually or automatically using 'nc-scan' and 'nc-scan-auto'" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y nfs-kernel-server - systemctl disable nfs-kernel-server - systemctl mask nfs-blkmap - - # delay init because of automount - sed -i 's|^ExecStartPre=.*|ExecStartPre=/bin/bash -c "/bin/sleep 30; /usr/sbin/exportfs -r"|' /lib/systemd/system/nfs-server.service -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - service nfs-kernel-server stop - systemctl disable nfs-kernel-server - echo -e "NFS disabled" - return - } - - # CHECKS - ################################ - id "$USER_" &>/dev/null || { echo "user USER_ does not exist" ; return 1; } - id -g "$GROUP_" &>/dev/null || { echo "group GROUP_ does not exist"; return 1; } - [ -d "$DIR_" ] || { echo -e "INFO: directory $DIR_ does not exist. Creating"; mkdir -p "$DIR_"; } - [[ $( stat -fc%d / ) == $( stat -fc%d $DIR_ ) ]] && \ - echo -e "INFO: mounting a in the SD card\nIf you want to use an external mount, make sure it is properly set up" - - # CONFIG - ################################ - cat > /etc/exports <<EOF -$DIR_ $SUBNET_(rw,sync,all_squash,anonuid=$(id -u $USER_),anongid=$(id -g $GROUP_),no_subtree_check) -EOF - - systemctl enable rpcbind - systemctl enable nfs-kernel-server - service nfs-kernel-server restart - echo -e "NFS enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/SSH.cfg b/etc/ncp-config.d/SSH.cfg new file mode 100644 index 00000000..947faed5 --- /dev/null +++ b/etc/ncp-config.d/SSH.cfg @@ -0,0 +1,31 @@ +{ + "id": "SSH", + "name": "SSH", + "title": "SSH", + "description": "Activate or deactivate SSH", + "info": "In order to enable SSH, the password for user 'pi' can NOT remain set to the default raspberry. \nYou HAVE to create a NEW password for 'pi' if you want this program to enable SSH, it will fail if you dont!\nThe same will happen with user 'root' and password '1234'\nNote: Use normal AlphaNumeric, the only special characters allowed are .,@-_/", + "infotitle": "SSH notes", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "USER", + "name": "USER", + "value": "root" + }, + { + "id": "PASS", + "name": "PASS", + "value": "1234" + }, + { + "id": "CONFIRM", + "name": "CONFIRM", + "value": "1234" + } + ] +} diff --git a/etc/ncp-config.d/SSH.sh b/etc/ncp-config.d/SSH.sh deleted file mode 100644 index 0693753f..00000000 --- a/etc/ncp-config.d/SSH.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/bash - -# Activate/deactivate SSH -# -# -# Copyleft 2017 by Courtney Hicks and Ignacio Nunez Hernanz -# GPL licensed (see end of file) * Use at your own risk! -# - -ACTIVE_=no -USER_=root -PASS_=1234 -CONFIRM_=1234 - -DESCRIPTION="Activate or deactivate SSH" -INFOTITLE="SSH notes" -INFO="In order to enable SSH, the password for user 'pi' can NOT remain set to the default raspberry. -You HAVE to create a NEW password for 'pi' if you want this program to enable SSH, it will fail if you dont! -The same will happen with user 'root' and password '1234' -Note: Use normal AlphaNumeric, the only special characters allowed are .,@-_/" - -install() { :; } - -is_active() -{ - systemctl -q is-enabled ssh &>/dev/null -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - systemctl stop ssh - systemctl disable ssh - echo "SSH disabled" - return 0 - } - - # Check for bad ideas - [[ "$USER_" == "pi" ]] && [[ "$PASS_" == "raspberry" ]] && { - echo "Refusing to use the default Raspbian user and password. It's insecure" - return 1 - } - [[ "$USER_" == "root" ]] && [[ "$PASS_" == "1234" ]] && { - echo "Refusing to use the default Armbian user and password. It's insecure" - return 1 - } - - # Change credentials - id "$USER_" &>/dev/null || { echo "$USER_ doesn't exist"; return 1; } - echo -e "$PASS_\n$CONFIRM_" | passwd "$USER_" || return 1 - - # Check for insecure default pi password ( taken from old jessie method ) - local SHADOW="$( grep -E '^pi:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/pi:\$6\$//;s/\$.*//p') - - [[ "${SALT}" != "" ]] && { - local HASH=$(mkpasswd -msha-512 raspberry "$SALT") - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user pi is using the default password. Refusing to activate SSH" - echo "SSH disabled" - return 1 - } - } - } - - # Check for insecure default root password ( taken from old jessie method ) - local SHADOW="$( grep -E '^root:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/root:\$6\$//;s/\$.*//p') - - [[ "${SALT}" != "" ]] && { - local HASH=$(mkpasswd -msha-512 1234 "$SALT") - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user root is using the default password. Refusing to activate SSH" - echo "SSH disabled" - return 1 - } - } - } - - # Enable - chage -d 0 "$USER_" - systemctl enable ssh - systemctl start ssh - echo "SSH enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/UFW.cfg b/etc/ncp-config.d/UFW.cfg new file mode 100644 index 00000000..0bf29a86 --- /dev/null +++ b/etc/ncp-config.d/UFW.cfg @@ -0,0 +1,31 @@ +{ + "id": "UFW", + "name": "UFW", + "title": "UFW", + "description": "Uncomplicated Firewall", + "info": "Beware of blocking the SSH port you are using!", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "HTTP", + "name": "HTTP", + "value": "80" + }, + { + "id": "HTTPS", + "name": "HTTPS", + "value": "443" + }, + { + "id": "SSH", + "name": "SSH", + "value": "22" + } + ] +} diff --git a/etc/ncp-config.d/UFW.sh b/etc/ncp-config.d/UFW.sh deleted file mode 100644 index 3676e338..00000000 --- a/etc/ncp-config.d/UFW.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -# Uncomplicated Firewall -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ACTIVE_=no -HTTP_=80 -HTTPS_=443 -SSH_=22 -DESCRIPTION="Uncomplicated Firewall" - -INFO="Beware of blocking the SSH port you are using!" - -install() -{ - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ufw - systemctl disable ufw - - # Disable logging to kernel - grep -q maxsize /etc/logrotate.d/ufw || sed -i /weekly/amaxsize2M /etc/logrotate.d/ufw -} - -configure() -{ - [[ "$ACTIVE_" != yes ]] && { - ufw --force reset - systemctl disable ufw - systemctl stop ufw - echo "UFW disabled" - return 0 - } - ufw --force enable - systemctl enable ufw - systemctl start ufw - - echo -e "\n# web server rules" - ufw allow $HTTP_/tcp - ufw allow $HTTPS_/tcp - ufw allow 4443/tcp - - echo -e "\n# SSH rules" - ufw allow $SSH_ - - echo -e "\n# DNS rules" - ufw allow dns - - echo -e "\n# SAMBA rules" - ufw allow samba - - echo -e "\n# NFS rules" - ufw allow nfs - - echo -e "\n# UPnP rules" - ufw allow proto udp from 192.168.0.0/16 - - echo "UFW enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/dnsmasq.cfg b/etc/ncp-config.d/dnsmasq.cfg new file mode 100644 index 00000000..8a66d38d --- /dev/null +++ b/etc/ncp-config.d/dnsmasq.cfg @@ -0,0 +1,31 @@ +{ + "id": "dnsmasq", + "name": "dnsmasq", + "title": "dnsmasq", + "description": "DNS server with cache", + "info": "Remember to point your PC and devices DNS or\nyou router DNS to your Raspberry Pi IP", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mycloud.ownyourbits.com" + }, + { + "id": "DNSSERVER", + "name": "DNSSERVER", + "value": "8.8.8.8" + }, + { + "id": "CACHESIZE", + "name": "CACHESIZE", + "value": "150" + } + ] +} diff --git a/etc/ncp-config.d/dnsmasq.sh b/etc/ncp-config.d/dnsmasq.sh deleted file mode 100644 index 553bb402..00000000 --- a/etc/ncp-config.d/dnsmasq.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -# dnsmasq DNS server with cache installation on Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com/2017/03/09/dnsmasq-as-dns-cache-server-for-nextcloudpi-and-raspbian/ -# - -ACTIVE_=no -DOMAIN_=mycloud.ownyourbits.com -DNSSERVER_=8.8.8.8 -CACHESIZE_=150 -DESCRIPTION="DNS server with cache" - -INFO="Remember to point your PC and devices DNS or -you router DNS to your Raspberry Pi IP" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y dnsmasq - update-rc.d dnsmasq disable - - [[ "$DOCKERBUILD" == 1 ]] && { - cat > /etc/services-available.d/100dnsmasq <<EOF -#!/bin/bash - -source /usr/local/etc/library.sh - -[[ "\$1" == "stop" ]] && { - echo "stopping dnsmasq..." - service dnsmasq stop - exit 0 -} - -persistent_cfg /etc/dnsmasq.conf - -echo "Starting dnsmasq..." -service dnsmasq start - -exit 0 -EOF - chmod +x /etc/services-available.d/100dnsmasq - } -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - service dnsmasq stop - update-rc.d dnsmasq disable - echo "dnmasq disabled" - return - } - - local IFACE=$( ip r | grep "default via" | awk '{ print $5 }' | head -1 ) - local IP=$( ip a show dev "$IFACE" | grep global | grep -oP '\d{1,3}(.\d{1,3}){3}' | head -1 ) - - [[ "$IP" == "" ]] && { echo "could not detect IP"; return 1; } - - cat > /etc/dnsmasq.conf <<EOF -interface=$IFACE -domain-needed # Never forward plain names (without a dot or domain part) -bogus-priv # Never forward addresses in the non-routed address spaces. -no-poll # Don't poll for changes in /etc/resolv.conf -no-resolv # Don't use /etc/resolv.conf or any other file -cache-size=$CACHESIZE_ -server=$DNSSERVER_ -address=/$DOMAIN_/$IP # This is optional if we add it to /etc/hosts -EOF - - # required to run in container - test -d /data && echo "user=root" >> /etc/dnsmasq.conf - - sed -i 's|#\?IGNORE_RESOLVCONF=.*|IGNORE_RESOLVCONF=yes|' /etc/default/dnsmasq - - update-rc.d dnsmasq defaults - update-rc.d dnsmasq enable - service dnsmasq restart - cd /var/www/nextcloud - sudo -u www-data php occ config:system:set trusted_domains 2 --value=$DOMAIN_ - sudo -u www-data php occ config:system:set overwrite.cli.url --value=https://"$DOMAIN_"/ - echo "dnsmasq enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/fail2ban.cfg b/etc/ncp-config.d/fail2ban.cfg new file mode 100644 index 00000000..cfaaad19 --- /dev/null +++ b/etc/ncp-config.d/fail2ban.cfg @@ -0,0 +1,42 @@ +{ + "id": "fail2ban", + "name": "fail2ban", + "title": "fail2ban", + "description": "Brute force protection for SSH and NextCloud", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "BANTIME", + "name": "BANTIME", + "value": "600" + }, + { + "id": "FINDTIME", + "name": "FINDTIME", + "value": "600" + }, + { + "id": "MAXRETRY", + "name": "MAXRETRY", + "value": "6" + }, + { + "id": "MAILALERTS", + "name": "MAILALERTS", + "value": "no", + "type": "bool" + }, + { + "id": "EMAIL", + "name": "EMAIL", + "value": "optional@email.com" + } + ] +} diff --git a/etc/ncp-config.d/fail2ban.sh b/etc/ncp-config.d/fail2ban.sh deleted file mode 100644 index b89b411f..00000000 --- a/etc/ncp-config.d/fail2ban.sh +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/bash - -# Fail2ban installation script for Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com/2017/02/24/nextcloudpi-fail2ban-installer/ -# - -ACTIVE_=no - -# time to ban an IP that exceeded attempts -BANTIME_=600 - -# cooldown time for incorrect passwords -FINDTIME_=600 - -# bad attempts before banning an IP -MAXRETRY_=6 - - -# Option to activate email notifications -MAILALERTS_=no - -# email to send notifications to -EMAIL_=optional@email.com - -DESCRIPTION="Brute force protection for SSH and NextCloud" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y fail2ban whois - update-rc.d fail2ban disable - rm -f /etc/fail2ban/jail.d/defaults-debian.conf - - [[ "$DOCKERBUILD" == 1 ]] && { - cat > /etc/services-available.d/100fail2ban <<EOF -#!/bin/bash - -source /usr/local/etc/library.sh - -[[ "\$1" == "stop" ]] && { - echo "stopping fail2ban..." - service fail2ban stop - exit 0 -} - -persistent_cfg /etc/fail2ban - -echo "Starting fail2ban..." -service fail2ban start - -exit 0 -EOF - chmod +x /etc/services-available.d/100fail2ban - } - - # tweak fail2ban email - local F=/etc/fail2ban/action.d/sendmail-common.conf - sed -i 's|Fail2Ban|NextCloudPi|' /etc/fail2ban/action.d/sendmail-whois-lines.conf - grep -q actionstart_ "$F" || sed -i 's|actionstart|actionstart_|' "$F" - grep -q actionstop_ "$F" || sed -i 's|actionstop|actionstop_|' "$F" - - # delay init because of automount - sed -i "/^ExecStart=/iExecStartPre=/bin/sleep 10" /lib/systemd/system/fail2ban.service - -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - service fail2ban stop - update-rc.d fail2ban disable - echo "fail2ban disabled" - return - } - - local NCLOG="/var/www/nextcloud/data/nextcloud.log" - local NCLOG1="$( sudo -u www-data php /var/www/nextcloud/occ config:system:get logfile )" - - [[ "$NCLOG1" != "" ]] && NCLOG="$NCLOG1" - - local BASEDIR=$( dirname "$NCLOG" ) - [ -d "$BASEDIR" ] || { echo -e "directory $BASEDIR not found"; return 1; } - - sudo -u www-data touch "$NCLOG" || { echo -e "ERROR: user www-data does not have write permissions on $NCLOG"; return 1; } - - cd /var/www/nextcloud - sudo -u www-data php occ config:system:set loglevel --value=2 - sudo -u www-data php occ config:system:set log_type --value=file - - cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF' -[INCLUDES] -before = common.conf - -[Definition] -failregex = Login failed.*Remote IP.*'<HOST>' -ignoreregex = -EOF - - [[ "$MAILALERTS_" == "yes" ]] && local ACTION=action_mwl || local ACTION=action_ - - cat > /etc/fail2ban/jail.conf <<EOF -# The DEFAULT allows a global definition of the options. They can be overridden -# in each jail afterwards. -[DEFAULT] - -# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not -# ban a host which matches an address in this list. Several addresses can be -# defined using space separator. -ignoreip = 127.0.0.1/8 - -# "bantime" is the number of seconds that a host is banned. -bantime = $BANTIME_ - -# A host is banned if it has generated "maxretry" during the last "findtime" -# seconds. -findtime = $FINDTIME_ -maxretry = $MAXRETRY_ - -# -# ACTIONS -# -banaction = iptables-multiport -protocol = tcp -chain = INPUT -action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - sendmail-whois-lines[name=%(__name__)s, dest=$EMAIL_, sender=ncp-fail2ban@ownyourbits.com] -action = %($ACTION)s - -# -# SSH -# - -[ssh] - -enabled = true -port = ssh -filter = sshd -logpath = /var/log/auth.log -maxretry = $MAXRETRY_ - -# -# HTTP servers -# - -[nextcloud] - -enabled = true -port = http,https -filter = nextcloud -logpath = $NCLOG -maxretry = $MAXRETRY_ -EOF - cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local - update-rc.d fail2ban defaults - update-rc.d fail2ban enable - service fail2ban restart - echo "fail2ban enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/letsencrypt.cfg b/etc/ncp-config.d/letsencrypt.cfg new file mode 100644 index 00000000..4c3a56f9 --- /dev/null +++ b/etc/ncp-config.d/letsencrypt.cfg @@ -0,0 +1,25 @@ +{ + "id": "letsencrypt", + "name": "letsencrypt", + "title": "letsencrypt", + "description": "Automatic signed SSL certificates", + "info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n \nYour certificate will be automatically renewed every month", + "infotitle": "Warning", + "params": [ + { + "id": "DOMAIN", + "name": "DOMAIN", + "value": "mycloud.ownyourbits.com" + }, + { + "id": "EMAIL", + "name": "EMAIL", + "value": "mycloud@ownyourbits.com" + }, + { + "id": "NOTIFYUSER", + "name": "NOTIFYUSER", + "value": "ncp" + } + ] +} diff --git a/etc/ncp-config.d/letsencrypt.sh b/etc/ncp-config.d/letsencrypt.sh deleted file mode 100644 index 87467d00..00000000 --- a/etc/ncp-config.d/letsencrypt.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash - -# Let's encrypt certbot installation on Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/03/17/lets-encrypt-installer-for-apache/ - -DOMAIN_=mycloud.ownyourbits.com -EMAIL_=mycloud@ownyourbits.com -NOTIFYUSER_=ncp - -NCDIR=/var/www/nextcloud -OCC="$NCDIR/occ" -VHOSTCFG=/etc/apache2/sites-available/nextcloud.conf -VHOSTCFG2=/etc/apache2/sites-available/ncp.conf -DESCRIPTION="Automatic signed SSL certificates" - -INFOTITLE="Warning" -INFO="Internet access is required for this configuration to complete -Both ports 80 and 443 need to be accessible from the internet - -Your certificate will be automatically renewed every month" - -is_active() -{ - [[ $( find /etc/letsencrypt/live/ -maxdepth 0 -empty | wc -l ) == 0 ]] -} - -install() -{ - cd /etc || return 1 - apt-get update - apt-get install --no-install-recommends -y letsencrypt - mkdir -p /etc/letsencrypt/live - - [[ "$DOCKERBUILD" == 1 ]] && { - # execute before lamp stack - cat > /etc/services-available.d/009letsencrypt <<EOF -#!/bin/bash - -source /usr/local/etc/library.sh -persistent_cfg /etc/letsencrypt - -exit 0 -EOF - chmod +x /etc/services-available.d/009letsencrypt - } -} - -# tested with certbot 0.10.2 -configure() -{ - local DOMAIN_LOWERCASE="${DOMAIN_,,}" - - # Configure Apache - grep -q ServerName $VHOSTCFG && \ - sed -i "s|ServerName .*|ServerName $DOMAIN_|" $VHOSTCFG || \ - sed -i "/DocumentRoot/aServerName $DOMAIN_" $VHOSTCFG - - # Do it - letsencrypt certonly -n --no-self-upgrade --webroot -w $NCDIR --hsts --agree-tos -m $EMAIL_ -d $DOMAIN_ && { - - # Set up auto-renewal - cat > /etc/cron.weekly/letsencrypt-ncp <<EOF -#!/bin/bash - -# renew and notify -/usr/bin/certbot renew --quiet --renew-hook ' - sudo -u www-data php $OCC notification:generate \ - $NOTIFYUSER_ "SSL renewal" \ - -l "Your SSL certificate(s) \$RENEWED_DOMAINS has been renewed for another 90 days" - ' - -# notify if fails -[[ \$? -ne 0 ]] && sudo -u www-data php $OCC notification:generate \ - $NOTIFYUSER_ "SSL renewal error" \ - -l "SSL certificate renewal failed. See /var/log/letsencrypt/letsencrypt.log" - -# cleanup -rm -rf $NCDIR/.well-known -EOF - chmod +x /etc/cron.weekly/letsencrypt-ncp - - # Configure Apache - sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG - sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG - - sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG2 - sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG2 - - # Configure Nextcloud - sudo -u www-data php $OCC config:system:set trusted_domains 4 --value=$DOMAIN_ - sudo -u www-data php $OCC config:system:set overwrite.cli.url --value=https://"$DOMAIN_"/ - - # delayed in bg so it does not kill the connection, and we get AJAX response - bash -c "sleep 2 && service apache2 reload" &>/dev/null & - rm -rf $NCDIR/.well-known - - # Update configuration - [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt enable - - return 0 - } - rm -rf $NCDIR/.well-known - return 1 -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/modsecurity.cfg b/etc/ncp-config.d/modsecurity.cfg new file mode 100644 index 00000000..504147e9 --- /dev/null +++ b/etc/ncp-config.d/modsecurity.cfg @@ -0,0 +1,16 @@ +{ + "id": "modsecurity", + "name": "modsecurity", + "title": "modsecurity", + "description": "Web Application Firewall for extra security (experimental)", + "info": "This feature is highly experimental and has only been tested with\na basic NextCloud installation. If a new App does not work disable it", + "infotitle": "Experimental feature warning", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/modsecurity.sh b/etc/ncp-config.d/modsecurity.sh deleted file mode 100644 index 86d239e8..00000000 --- a/etc/ncp-config.d/modsecurity.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash - -# modsecurity WAF installation on Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at ownyourbits.com -# - -ACTIVE_=no -NCDIR=/var/www/nextcloud/ -NCPWB=/var/www/ncp-web/ -DESCRIPTION="Web Application Firewall for extra security (experimental)" - -INFOTITLE="Experimental feature warning" -INFO="This feature is highly experimental and has only been tested with -a basic NextCloud installation. If a new App does not work disable it" - -install() -{ - apt-get update - apt-get install -y --no-install-recommends libapache2-mod-security2 modsecurity-crs - a2dismod security2 - - cat >> /etc/modsecurity/crs/crs-setup.conf <<'EOF' - - # NextCloudPi: allow PROPFIND for webDAV - SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PROPFIND'" -EOF - - # CONFIGURE - cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf - sed -i "s|SecRuleEngine .*|SecRuleEngine Off|" /etc/modsecurity/modsecurity.conf - sed -i 's|SecTmpDir .*|SecTmpDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf - sed -i 's|SecDataDir .*|SecDataDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf - sed -i 's|^SecRequestBodyLimit .*|#SecRequestBodyLimit 13107200|' /etc/modsecurity/modsecurity.conf - - # turn modsecurity logs off, too spammy - sed -i 's|SecAuditEngine .*|SecAuditEngine Off|' /etc/modsecurity/modsecurity.conf - - cat >> /etc/apache2/apache2.conf <<EOF -<IfModule mod_security2.c> - SecServerSignature " " -</IfModule> -EOF -} - -configure() -{ - cat > /etc/modsecurity/modsecurity_crs_99_whitelist.conf <<EOF -<Directory $NCDIR> - # VIDEOS - SecRuleRemoveById 958291 # Range Header Checks - SecRuleRemoveById 980120 # Correlated Attack Attempt - - # PDF - SecRuleRemoveById 920230 # Check URL encodings - - # ADMIN (webdav) - SecRuleRemoveById 960024 # Repeatative Non-Word Chars (heuristic) - SecRuleRemoveById 981173 # SQL Injection Character Anomaly Usage - SecRuleRemoveById 980130 # Correlated Attack Attempt - SecRuleRemoveById 981243 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981245 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981246 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981318 # String Termination/Statement Ending Injection Testing - SecRuleRemoveById 973332 # XSS Filters from IE - SecRuleRemoveById 973338 # XSS Filters - Category 3 - SecRuleRemoveById 981143 # CSRF Protections ( TODO edit LocationMatch filter ) - - # COMING BACK FROM OLD SESSION - SecRuleRemoveById 970903 # Microsoft Office document properties leakage - - # NOTES APP - SecRuleRemoveById 981401 # Content-Type Response Header is Missing and X-Content-Type-Options is either missing or not set to 'nosniff' - SecRuleRemoveById 200002 # Failed to parse request body - - # UPLOADS ( 5 MB max excluding file size ) - SecRequestBodyNoFilesLimit 5242880 - - # GENERAL - SecRuleRemoveById 920350 # Host header is a numeric IP address - - # REGISTERED WARNINGS, BUT DID NOT HAVE TO DISABLE THEM - #SecRuleRemoveById 981220 900046 981407 - #SecRuleRemoveById 981222 981405 981185 949160 - -</Directory> -<Directory $NCPWB> - # GENERAL - SecRuleRemoveById 920350 # Host header is a numeric IP address -</Directory> -EOF - - [[ $ACTIVE_ == "yes" ]] && local STATE=On || local STATE=Off - sed -i "s|SecRuleEngine .*|SecRuleEngine $STATE|" /etc/modsecurity/modsecurity.conf - [[ $ACTIVE_ == "yes" ]] && echo "Enabling module security2" || echo "Disabling module security2" - [[ $ACTIVE_ == "yes" ]] && a2enmod security2 &>/dev/null || a2dismod security2 &>/dev/null - - # delayed in bg so it does not kill the connection, and we get AJAX response - bash -c "sleep 2 && service apache2 reload" &>/dev/null & -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-admin.cfg b/etc/ncp-config.d/nc-admin.cfg new file mode 100644 index 00000000..d2d97e81 --- /dev/null +++ b/etc/ncp-config.d/nc-admin.cfg @@ -0,0 +1,25 @@ +{ + "id": "nc-admin", + "name": "nc-admin", + "title": "nc-admin", + "description": "Change password for the Nextcloud admin user", + "info": "", + "infotitle": "", + "params": [ + { + "id": "USER", + "name": "USER", + "value": "ncp" + }, + { + "id": "PASSWORD", + "name": "PASSWORD", + "value": "ownyourbits" + }, + { + "id": "CONFIRM", + "name": "CONFIRM", + "value": "ownyourbits" + } + ] +} diff --git a/etc/ncp-config.d/nc-admin.sh b/etc/ncp-config.d/nc-admin.sh deleted file mode 100644 index 10ffff15..00000000 --- a/etc/ncp-config.d/nc-admin.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -# Change password for the Nextcloud admin user -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -USER_=ncp -PASSWORD_=ownyourbits -CONFIRM_=ownyourbits - -DESCRIPTION="Change password for the Nextcloud admin user" - -configure() -{ - [[ "$PASSWORD_" == "$CONFIRM_" ]] || { echo "passwords do not match"; return 1; } - - OC_PASS="$PASSWORD_" \ - sudo -E -u www-data php /var/www/nextcloud/occ \ - user:resetpassword --password-from-env "$USER_" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-audit.cfg b/etc/ncp-config.d/nc-audit.cfg new file mode 100644 index 00000000..b02a62cb --- /dev/null +++ b/etc/ncp-config.d/nc-audit.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-audit", + "name": "nc-audit", + "title": "nc-audit", + "description": "Perform a security audit with lynis and debsecan", + "info": "", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-audit.sh b/etc/ncp-config.d/nc-audit.sh deleted file mode 100644 index 5b032527..00000000 --- a/etc/ncp-config.d/nc-audit.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Launch security audit reports for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -DESCRIPTION="Perform a security audit with lynis and debsecan" - -install() -{ - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - lynis debsecan debian-goodies debsums - cp /etc/lynis/default.prf /etc/lynis/ncp.prf - cat >> /etc/lynis/ncp.prf <<EOF -# Won't install apt-listbugs and all its ruby dependencies -skip-test=CUST-0810 - -# Won't install puppet or similar -skip-test=TOOL-5002 - -# Raspbian doesn't have security sources ( https://www.raspberrypi.org/forums/viewtopic.php?t=98006&p=680175 ) -skip-test=PKGS-7388 - -# We have a preset partition scheme in the SD card -skip-test=FILE-6310 - -# We don't use firewire -skip-test=STRG-1846 - -# We use USB in NCP -skip-test=STRG-1840 - -# Won't recompile kernel to support auditd -skip-test=ACCT-9628 - -# Won't be protected against DDOS in self-hosting, will save the resources -skip-test=HTTP-6640 -skip-test=HTTP-6641 - -# False positive about mysql root password ( https://github.com/CISOfy/lynis/issues/288 ) -skip-test=DBS-1816 - -# vmlinuz missing at least in Raspbian -skip-test=KRNL-5788 - -# won't recompile kernels for PAE NX -skip-test=KRNL-5677 - -# false positive with DNS settings. We use mDNS and dnsmasq (and they work) -skip-test=NAME-4028 - -# false positive due to fail2ban -skip-test=FIRE-4513 -EOF -} - -configure() -{ - echo "General security audit" - lynis audit system --profile /etc/lynis/ncp.prf --no-colors - - echo "Known vulnerabilities in this system" - debsecan -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-automount.cfg b/etc/ncp-config.d/nc-automount.cfg new file mode 100644 index 00000000..7a25c5a4 --- /dev/null +++ b/etc/ncp-config.d/nc-automount.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-automount", + "name": "nc-automount", + "title": "nc-automount", + "description": "Automount USB drives by plugging them in", + "info": "Plugged in USB drives will be automounted under /media\non boot or at the moment of insertion.\n\nFormat your drive as ext4 in order to move NC datafolder or database\nVFAT or NTFS is not recommended for this task, as it does not suport permissions\n\nIMPORTANT: halt or umount the drive before extracting", + "infotitle": "Automount notes", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-automount.sh b/etc/ncp-config.d/nc-automount.sh deleted file mode 100644 index 14c5437b..00000000 --- a/etc/ncp-config.d/nc-automount.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash - -# Automount configuration for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -ACTIVE_=no -DESCRIPTION="Automount USB drives by plugging them in" - -INFOTITLE="Automount notes" -INFO="Plugged in USB drives will be automounted under /media -on boot or at the moment of insertion. - -Format your drive as ext4 in order to move NC datafolder or database -VFAT or NTFS is not recommended for this task, as it does not suport permissions - -IMPORTANT: halt or umount the drive before extracting" - -install() -{ - apt-get update - apt-get install -y --no-install-recommends udiskie inotify-tools - - cat > /etc/udev/rules.d/99-udisks2.rules <<'EOF' -ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1" -EOF - - cat > /usr/lib/systemd/system/nc-automount.service <<'EOF' -[Unit] -Description=Automount USB drives -Before=mysqld.service dphys-swapfile.service fail2ban.service smbd.service nfs-server.service - -[Service] -Restart=always -ExecStartPre=/bin/bash -c "rmdir /media/* || true" -ExecStart=/usr/bin/udiskie -NTF - -[Install] -WantedBy=multi-user.target -EOF - - cat > /usr/lib/systemd/system/nc-automount-links.service <<'EOF' -[Unit] -Description=Monitor /media for mountpoints and create USBdrive* symlinks -Before=nc-automount.service - -[Service] -Restart=always -ExecStart=/usr/local/etc/nc-automount-links-mon - -[Install] -WantedBy=multi-user.target -EOF - - cat > /usr/local/etc/nc-automount-links <<'EOF' -#!/bin/bash - -ls -d /media/* &>/dev/null && { - - # remove old links - for l in $( ls /media/ ); do - test -L /media/"$l" && rm /media/"$l" - done - - # create links - i=0 - for d in $( ls -d /media/* 2>/dev/null ); do - if [ $i -eq 0 ]; then - test -e /media/USBdrive || test -d "$d" && ln -sT "$d" /media/USBdrive - else - test -e /media/USBdrive$i || test -d "$d" && ln -sT "$d" /media/USBdrive$i - fi - i=$(( i + 1 )) - done - -} -EOF - chmod +x /usr/local/etc/nc-automount-links - - cat > /usr/local/etc/nc-automount-links-mon <<'EOF' -#!/bin/bash -inotifywait --monitor --event create --event delete --format '%f %e' /media/ | \ - grep --line-buffered ISDIR | while read f; do - echo $f - sleep 0.5 - /usr/local/etc/nc-automount-links -done -EOF - chmod +x /usr/local/etc/nc-automount-links-mon - - # delay init because of automount - sed -i "/^ExecStart=/iExecStartPre=/bin/sleep 20" /lib/systemd/system/mariadb.service - sed -i 's|^Restart=.*|Restart=on-failure|' /lib/systemd/system/mariadb.service -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - systemctl stop nc-automount - systemctl stop nc-automount-links - systemctl disable nc-automount - systemctl disable nc-automount-links - echo "automount disabled" - return 0 - } - systemctl enable nc-automount - systemctl enable nc-automount-links - systemctl start nc-automount - systemctl start nc-automount-links - echo "automount enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-autoupdate-nc.cfg b/etc/ncp-config.d/nc-autoupdate-nc.cfg new file mode 100644 index 00000000..35f4eb60 --- /dev/null +++ b/etc/ncp-config.d/nc-autoupdate-nc.cfg @@ -0,0 +1,21 @@ +{ + "id": "nc-autoupdate-nc", + "name": "nc-autoupdate-nc", + "title": "nc-autoupdate-nc", + "description": "Automatically apply Nextcloud updates", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "NOTIFYUSER", + "name": "NOTIFYUSER", + "value": "ncp" + } + ] +} diff --git a/etc/ncp-config.d/nc-autoupdate-nc.sh b/etc/ncp-config.d/nc-autoupdate-nc.sh deleted file mode 100644 index 1f6d5d18..00000000 --- a/etc/ncp-config.d/nc-autoupdate-nc.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Automatically apply Nextcloud updates -# -# Copyleft 2018 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -NOTIFYUSER_=ncp -DESCRIPTION="Automatically apply Nextcloud updates" - -# just change this value and re-activate in update.sh to upgrade users -VERSION=14.0.4 - -configure() -{ - [[ "$ACTIVE_" != "yes" ]] && { - rm -f /etc/cron.daily/ncp-autoupdate-nc - echo "automatic Nextcloud updates disabled" - return 0 - } - - cat > /etc/cron.daily/ncp-autoupdate-nc <<EOF -#!/bin/bash - -echo -e "[ncp-update-nc]" >> /var/log/ncp.log -/usr/local/bin/ncp-update-nc "$VERSION" 2>&1 | tee -a /var/log/ncp.log - -if [[ \${PIPESTATUS[0]} -eq 0 ]]; then - - VER="\$( sudo -u www-data php /var/www/nextcloud/occ status | grep "version:" | awk '{ print \$3 }' )" - - sudo -u www-data php /var/www/nextcloud/occ notification:generate \ - "$NOTIFYUSER_" "NextCloudPi" -l "Nextcloud was updated to \$VER" -fi -echo "" >> /var/log/ncp.log -EOF - chmod a+x /etc/cron.daily/ncp-autoupdate-nc - echo "automatic Nextcloud updates enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-autoupdate-ncp.cfg b/etc/ncp-config.d/nc-autoupdate-ncp.cfg new file mode 100644 index 00000000..a22878ce --- /dev/null +++ b/etc/ncp-config.d/nc-autoupdate-ncp.cfg @@ -0,0 +1,21 @@ +{ + "id": "nc-autoupdate-ncp", + "name": "nc-autoupdate-ncp", + "title": "nc-autoupdate-ncp", + "description": "Automatically apply NextCloudPi updates", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "NOTIFYUSER", + "name": "NOTIFYUSER", + "value": "ncp" + } + ] +} diff --git a/etc/ncp-config.d/nc-autoupdate-ncp.sh b/etc/ncp-config.d/nc-autoupdate-ncp.sh deleted file mode 100644 index fbbee1b3..00000000 --- a/etc/ncp-config.d/nc-autoupdate-ncp.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash - -# Automatically apply NextCloudPi updates -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -NOTIFYUSER_=ncp -DESCRIPTION="Automatically apply NextCloudPi updates" - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.daily/ncp-autoupdate - echo "automatic NextCloudPi updates disabled" - return 0 - } - - cat > /etc/cron.daily/ncp-autoupdate <<EOF -#!/bin/bash -if /usr/local/bin/ncp-test-updates; then - /usr/local/bin/ncp-update || exit 1 - sudo -u www-data php /var/www/nextcloud/occ notification:generate \ - "$NOTIFYUSER_" "NextCloudPi" \ - -l "NextCloudPi was updated to \$( cat /usr/local/etc/ncp-version )" -fi -EOF - chmod a+x /etc/cron.daily/ncp-autoupdate - echo "automatic NextCloudPi updates enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-backup-auto.cfg b/etc/ncp-config.d/nc-backup-auto.cfg new file mode 100644 index 00000000..69bcad8c --- /dev/null +++ b/etc/ncp-config.d/nc-backup-auto.cfg @@ -0,0 +1,43 @@ +{ + "id": "nc-backup-auto", + "name": "nc-backup-auto", + "title": "nc-backup-auto", + "description": "Periodic backups", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DESTDIR", + "name": "DESTDIR", + "value": "/media/USBdrive/ncp-backups" + }, + { + "id": "INCLUDEDATA", + "name": "INCLUDEDATA", + "value": "no", + "type": "bool" + }, + { + "id": "COMPRESS", + "name": "COMPRESS", + "value": "no", + "type": "bool" + }, + { + "id": "BACKUPDAYS", + "name": "BACKUPDAYS", + "value": "7" + }, + { + "id": "BACKUPLIMIT", + "name": "BACKUPLIMIT", + "value": "4" + } + ] +} diff --git a/etc/ncp-config.d/nc-backup-auto.sh b/etc/ncp-config.d/nc-backup-auto.sh deleted file mode 100644 index 3c10d3d0..00000000 --- a/etc/ncp-config.d/nc-backup-auto.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Nextcloud backups -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - - -ACTIVE_=no -DESTDIR_=/media/USBdrive/ncp-backups -INCLUDEDATA_=no -COMPRESS_=no -BACKUPDAYS_=7 -BACKUPLIMIT_=4 -DESCRIPTION="Periodic backups" - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/ncp-backup-auto - service cron restart - echo "automatic backups disabled" - return 0 - } - - cat > /usr/local/bin/ncp-backup-auto <<EOF -#!/bin/bash -sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on -/usr/local/bin/ncp-backup "$DESTDIR_" "$INCLUDEDATA_" "$COMPRESS_" "$BACKUPLIMIT_" -sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off -EOF - chmod +x /usr/local/bin/ncp-backup-auto - - echo "0 3 */${BACKUPDAYS_} * * root /usr/local/bin/ncp-backup-auto" > /etc/cron.d/ncp-backup-auto - service cron restart - - echo "automatic backups enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-backup.cfg b/etc/ncp-config.d/nc-backup.cfg new file mode 100644 index 00000000..9734c1db --- /dev/null +++ b/etc/ncp-config.d/nc-backup.cfg @@ -0,0 +1,32 @@ +{ + "id": "nc-backup", + "name": "nc-backup", + "title": "nc-backup", + "description": "Backup this NC instance to a file", + "info": "", + "infotitle": "", + "params": [ + { + "id": "DESTDIR", + "name": "DESTDIR", + "value": "/media/USBdrive/ncp-backups" + }, + { + "id": "INCLUDEDATA", + "name": "INCLUDEDATA", + "value": "no", + "type": "bool" + }, + { + "id": "COMPRESS", + "name": "COMPRESS", + "value": "no", + "type": "bool" + }, + { + "id": "BACKUPLIMIT", + "name": "BACKUPLIMIT", + "value": "4" + } + ] +} diff --git a/etc/ncp-config.d/nc-backup.sh b/etc/ncp-config.d/nc-backup.sh deleted file mode 100644 index fbe70677..00000000 --- a/etc/ncp-config.d/nc-backup.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash -# Nextcloud backups -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - - -DESTDIR_=/media/USBdrive/ncp-backups -INCLUDEDATA_=no -COMPRESS_=no -BACKUPLIMIT_=4 -DESCRIPTION="Backup this NC instance to a file" - -install() -{ - cat > /usr/local/bin/ncp-backup <<'EOF' -#!/bin/bash -set -eE - -DESTDIR="${1:-/media/USBdrive/ncp-backups}" -INCLUDEDATA="${2:-no}" -COMPRESS="${3:-no}" -BACKUPLIMIT="${4:-0}" - -DESTFILE="$DESTDIR"/nextcloud-bkp_$( date +"%Y%m%d_%s" ).tar -DBBACKUP=nextcloud-sqlbkp_$( date +"%Y%m%d" ).bak -OCC="sudo -u www-data php /var/www/nextcloud/occ" - -DATADIR=$( $OCC config:system:get datadirectory ) || { - echo "Error reading data directory. Is NextCloud running and configured?"; - exit 1; -} - -cleanup(){ local RET=$?; rm -f "${DBBACKUP}" ;[[ -f /.docker-image ]] && mv /data/nextcloud /data/app; $OCC maintenance:mode --off; exit $RET; } -fail() { local RET=$?; echo "Abort..." ; rm -f "${DBBACKUP}" "${DESTFILE}";[[ -f /.docker-image ]] && mv /data/nextcloud /data/app; $OCC maintenance:mode --off; exit $RET; } -trap cleanup EXIT -trap fail INT TERM HUP ERR - -echo "check free space..." # allow at least ~500 MiB for backups without data -mkdir -p "$DESTDIR" -[[ "$INCLUDEDATA" == "yes" ]] && SIZE=$( du -s "$DATADIR" | awk '{ print $1 }' ) || SIZE=500000 -FREE=$( df "$DESTDIR" | tail -1 | awk '{ print $4 }' ) - -[ $SIZE -ge $FREE ] && { - echo "free space check failed. Need $SIZE Bytes"; - exit 1; -} - -# delete older backups -[[ $BACKUPLIMIT != 0 ]] && { - NUMBKPS=$( ls "$DESTDIR"/nextcloud-bkp_* 2>/dev/null | wc -l ) - [[ $NUMBKPS -ge $BACKUPLIMIT ]] && \ - ls -t $DESTDIR/nextcloud-bkp_* | tail -$(( NUMBKPS - BACKUPLIMIT + 1 )) | while read -r f; do - echo "clean up old backup $f" - rm "$f" - done -} - -# database -$OCC maintenance:mode --on -[[ -f /.docker-image ]] && mv /data/app /data/nextcloud && DATADIR=/data/nextcloud/data -[[ -f /.docker-image ]] && BASEDIR=/data || BASEDIR=/var/www -cd "$BASEDIR" || exit 1 -echo "backup database..." -mysqldump -u root --single-transaction nextcloud > "$DBBACKUP" - -# files -echo "backup base files..." -mkdir -p "$DESTDIR" -tar --exclude "nextcloud/data/*/files/*" \ - --exclude "nextcloud/data/.opcache" \ - --exclude "nextcloud/data/{access,error,nextcloud}.log" \ - --exclude "nextcloud/data/access.log" \ - --exclude "nextcloud/data/ncp-update-backups/" \ - -cf "$DESTFILE" "$DBBACKUP" "nextcloud"/ \ - || { - echo "error generating backup" - exit 1 - } -rm "$DBBACKUP" - -[[ "$INCLUDEDATA" == "yes" ]] && { - echo "backup data files..." - tar --exclude "data/.opcache" \ - --exclude "data/{access,error,nextcloud}.log" \ - --exclude "data/access.log" \ - --exclude "data/ncp-update-backups/" \ - -rf "$DESTFILE" -C "$DATADIR"/.. "$( basename "$DATADIR" )" \ - || { - echo "error generating backup" - exit 1 - } -} - -[[ "$COMPRESS" == "yes" ]] && { - echo "compressing backup file..." - tar -czf "${DESTFILE}.gz" -C "$( dirname "$DESTFILE" )" "$( basename "$DESTFILE" )" - rm "$DESTFILE" - DESTFILE="${DESTFILE}.gz" -} -chmod 600 "$DESTFILE" - -echo "backup $DESTFILE generated" -EOF - chmod +x /usr/local/bin/ncp-backup -} - -configure() -{ - ncp-backup "$DESTDIR_" "$INCLUDEDATA_" "$COMPRESS_" "$BACKUPLIMIT_" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-database.cfg b/etc/ncp-config.d/nc-database.cfg new file mode 100644 index 00000000..232b3f18 --- /dev/null +++ b/etc/ncp-config.d/nc-database.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-database", + "name": "nc-database", + "title": "nc-database", + "description": "Move your database to a new location, like a USB drive", + "info": "Note that non Unix filesystems such as NTFS are not supported\nbecause they do not provide a compatible user/permissions system.\n\nYou need to use a USB drive that is permanently on and is responsive \nor the database will fail.\n\nPlease note that the default location, when first installed is /var/lib/mysql/. \nMove it to the desired location by editing the DBDIR= field, the one shown is an example.\n\n** If it ever fails with a white page, move the database back to the SD **", + "infotitle": "", + "params": [ + { + "id": "DBDIR", + "name": "DBDIR", + "value": "/media/USBdrive/ncdatabase" + } + ] +} diff --git a/etc/ncp-config.d/nc-database.sh b/etc/ncp-config.d/nc-database.sh deleted file mode 100644 index 9e8f8204..00000000 --- a/etc/ncp-config.d/nc-database.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -DBDIR_=/media/USBdrive/ncdatabase -DESCRIPTION="Move your database to a new location, like a USB drive" - -INFO="Note that non Unix filesystems such as NTFS are not supported -because they do not provide a compatible user/permissions system. - -You need to use a USB drive that is permanently on and is responsive -or the database will fail. - -Please note that the default location, when first installed is /var/lib/mysql/. -Move it to the desired location by editing the DBDIR= field, the one shown is an example. - -** If it ever fails with a white page, move the database back to the SD **" - -is_active() -{ - local SRCDIR=$( grep datadir /etc/mysql/mariadb.conf.d/90-ncp.cnf | awk -F "= " '{ print $2 }' ) - [[ "$SRCDIR" != "/var/lib/mysql" ]] -} - -configure() -{ - local SRCDIR=$( grep datadir /etc/mysql/mariadb.conf.d/90-ncp.cnf | awk -F "= " '{ print $2 }' ) - [ -d "$SRCDIR" ] || { echo -e "database directory $SRCDIR not found"; return 1; } - - [ -d "$DBDIR_" ] && { - [[ $( find "$DBDIR_" -maxdepth 0 -empty | wc -l ) == 0 ]] && { - echo "$DBDIR_ is not empty" - return 1 - } - rmdir "$DBDIR_" - } - - local BASEDIR=$( dirname "$DBDIR_" ) - mkdir -p "$BASEDIR" - - grep -q -e ext -e btrfs <( stat -fc%T "$BASEDIR" ) || { echo -e "Only ext/btrfs filesystems can hold the data directory"; return 1; } - - sudo -u mysql test -x "$BASEDIR" || { echo -e "ERROR: the user mysql does not have access permissions over $BASEDIR"; return 1; } - - [[ $( stat -fc%d / ) == $( stat -fc%d "$BASEDIR" ) ]] && \ - echo -e "INFO: moving database to another place in the same SD card\nIf you want to use an external mount, make sure it is properly set up" - - cd /var/www/nextcloud - sudo -u www-data php occ maintenance:mode --on - - echo "moving database to $DBDIR_..." - service mysql stop - mv "$SRCDIR" "$DBDIR_" && \ - sed -i "s|^datadir.*|datadir = $DBDIR_|" /etc/mysql/mariadb.conf.d/90-ncp.cnf - service mysql start - - sudo -u www-data php occ maintenance:mode --off -} - -install(){ :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-datadir.cfg b/etc/ncp-config.d/nc-datadir.cfg new file mode 100644 index 00000000..bea782b2 --- /dev/null +++ b/etc/ncp-config.d/nc-datadir.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-datadir", + "name": "nc-datadir", + "title": "nc-datadir", + "description": "Change your data dir to a new location, like a USB drive", + "info": "Note that non Unix filesystems such as NTFS are not supported\nbecause they do not provide a compatible user/permissions system.\nAlso please note that the default location, when first installed is /var/www/nextcloud/data. \nMove it to the desired location by editing the DATADIR= field, the PATH shown is an example.", + "infotitle": "", + "params": [ + { + "id": "DATADIR", + "name": "DATADIR", + "value": "/media/USBdrive/ncdata" + } + ] +} diff --git a/etc/ncp-config.d/nc-datadir.sh b/etc/ncp-config.d/nc-datadir.sh deleted file mode 100644 index a79b45d4..00000000 --- a/etc/ncp-config.d/nc-datadir.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ -# - -DATADIR_=/media/USBdrive/ncdata -DESCRIPTION="Change your data dir to a new location, like a USB drive" - -INFO="Note that non Unix filesystems such as NTFS are not supported -because they do not provide a compatible user/permissions system. -Also please note that the default location, when first installed is /var/www/nextcloud/data. -Move it to the desired location by editing the DATADIR= field, the PATH shown is an example." - -PHPVER=7.2 - -is_active() -{ - local SRCDIR - SRCDIR="$( grep datadirectory /var/www/nextcloud/config/config.php | awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 )" || return 1 - [[ "$SRCDIR" != "/var/www/nextcloud/data" ]] -} - -install() -{ - apt-get update - apt-get install -y --no-install-recommends btrfs-tools -} - -configure() -{ - ## CHECKS - local SRCDIR - SRCDIR=$( cd /var/www/nextcloud; sudo -u www-data php occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - [ -d "$SRCDIR" ] || { echo -e "data directory $SRCDIR not found"; return 1; } - - [[ "$SRCDIR" == "$DATADIR_" ]] && { echo -e "INFO: data already there"; return 0; } - - # checks - local BASEDIR=$( dirname "$DATADIR_" ) - - [ -d "$BASEDIR" ] || { echo "$BASEDIR does not exist"; return 1; } - - # If the user chooses the root of the mountpoint, force a folder - mountpoint -q "$DATADIR_" && { - BASEDIR="$DATADIR_" - DATADIR_="$DATADIR_/ncdata" - } - - grep -q -e ext -e btrfs <( stat -fc%T "$BASEDIR" ) || { - echo -e "Only ext/btrfs filesystems can hold the data directory" - return 1 - } - - sudo -u www-data test -x "$BASEDIR" || { - echo -e "ERROR: the user www-data does not have access permissions over $BASEDIR" - return 1 - } - - [[ $( stat -fc%d / ) == $( stat -fc%d "$BASEDIR" ) ]] && { - echo "Refusing to move to the SD card. Abort" - return 1 - } - - # backup possibly existing datadir - [ -d $DATADIR_ ] && { - local BKP="${DATADIR_}-$( date "+%m-%d-%y" )" - echo "INFO: $DATADIR_ is not empty. Creating backup $BKP" - mv "$DATADIR_" "$BKP" - } - - - ## COPY - cd /var/www/nextcloud - sudo -u www-data php occ maintenance:mode --on - - echo "moving data dir from $SRCDIR to $DATADIR_..." - - # use subvolumes, if BTRFS - [[ "$( stat -fc%T "$BASEDIR" )" == "btrfs" ]] && { - echo "BTRFS filesystem detected" - btrfs subvolume create "$DATADIR_" || return 1 - } - - cp --reflink=auto -raT "$SRCDIR" "$DATADIR_" || return 1 - chown www-data:www-data "$DATADIR_" - - # tmp upload dir - mkdir -p "$DATADIR_/tmp" - chown www-data:www-data "$DATADIR_/tmp" - sudo -u www-data php occ config:system:set tempdirectory --value "$DATADIR_/tmp" - sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR_/tmp|" /etc/php/${PHPVER}/cli/php.ini - sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR_/tmp|" /etc/php/${PHPVER}/fpm/php.ini - sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $DATADIR_/tmp|" /etc/php/${PHPVER}/fpm/php.ini - - # opcache dir - sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$DATADIR_/.opcache|" /etc/php/${PHPVER}/mods-available/opcache.ini - - # update fail2ban logpath - sed -i "s|logpath =.*nextcloud.log|logpath = $DATADIR_/nextcloud.log|" /etc/fail2ban/jail.conf - - # datadir - sudo -u www-data php occ config:system:set datadirectory --value="$DATADIR_" - sudo -u www-data php occ config:system:set logfile --value="$DATADIR_/nextcloud.log" - sudo -u www-data php occ maintenance:mode --off -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-export-ncp.cfg b/etc/ncp-config.d/nc-export-ncp.cfg new file mode 100644 index 00000000..4009a9e7 --- /dev/null +++ b/etc/ncp-config.d/nc-export-ncp.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-export-ncp", + "name": "nc-export-ncp", + "title": "nc-export-ncp", + "description": "Export NextCloudPi configuration", + "info": "", + "infotitle": "", + "params": [ + { + "id": "DIR", + "name": "DIR", + "value": "/media/USBdrive/" + } + ] +} diff --git a/etc/ncp-config.d/nc-export-ncp.sh b/etc/ncp-config.d/nc-export-ncp.sh deleted file mode 100644 index ca1548e1..00000000 --- a/etc/ncp-config.d/nc-export-ncp.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# Export NextCloudPi configuration -# -# -# Copyleft 2017 by Courtney Hicks -# GPL licensed (see end of file) * Use at your own risk! -# - -DIR_=/media/USBdrive/ - -DESCRIPTION="Export NextCloudPi configuration" - -configure() -{ - [[ -d "$DIR_" ]] || { echo "directory $DIR_ does not exist"; return 1; } - - local DESTFILE="$DIR_"/ncp-config_$( date +"%Y%m%d" ).tar - rm -rf /tmp/ncp-export - mkdir -p /tmp/ncp-export - cd /tmp/ncp-export || return 1 - - for file in /usr/local/etc/ncp-config.d/*; do - VARS=( $( grep "^[[:alpha:]]\+_=" "$file" | cut -d= -f1 | sed 's|_$||' ) ) - VALS=( $( grep "^[[:alpha:]]\+_=" "$file" | cut -d= -f2 ) ) - local CONFIG="" - for i in $( seq 0 1 $(( ${#VARS[@]} - 1 )) ); do - CONFIG+="${VARS[$i]}=${VALS[$i]}\n" - done - echo -e "$CONFIG" > "$( basename "$file" .sh ).cfg" - done - - tar -cf "$DESTFILE" * - chmod 600 "$DESTFILE" - - cd $OLDPWD - rm -rf /tmp/ncp-export - echo -e "configuration exported to $DESTFILE" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-fix-permissions.cfg b/etc/ncp-config.d/nc-fix-permissions.cfg new file mode 100644 index 00000000..2737c2cd --- /dev/null +++ b/etc/ncp-config.d/nc-fix-permissions.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-fix-permissions", + "name": "nc-fix-permissions", + "title": "nc-fix-permissions", + "description": "Fix permissions for NC data files, in case they were copied externally", + "info": "", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-fix-permissions.sh b/etc/ncp-config.d/nc-fix-permissions.sh deleted file mode 100644 index d1cb578e..00000000 --- a/etc/ncp-config.d/nc-fix-permissions.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -# Fix permissions of the data files, in case they were copied externally -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -DESCRIPTION="Fix permissions for NC data files, in case they were copied externally" - -configure() -{ - local DATADIR - DATADIR=$( cd /var/www/nextcloud; sudo -u www-data php occ config:system:get datadirectory ) || { - echo "data dir not found"; - return 1; - } - echo -ne "fixing permissions in $DATADIR... " - chown -R www-data:www-data "$DATADIR"/*/files - chmod -R u+rw "$DATADIR"/*/files - echo "done" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-format-USB.cfg b/etc/ncp-config.d/nc-format-USB.cfg new file mode 100644 index 00000000..7169520f --- /dev/null +++ b/etc/ncp-config.d/nc-format-USB.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-format-USB", + "name": "nc-format-USB", + "title": "nc-format-USB", + "description": "Format an external USB drive as a BTRFS partition (dangerous)", + "info": "Make sure that ONLY the USB drive that you want to format is plugged in.\ncareful, this will destroy any data in the USB drive\n\n** YOU WILL LOSE ALL YOUR USB DATA **", + "infotitle": "Instructions for USB drive formatting", + "params": [ + { + "id": "LABEL", + "name": "LABEL", + "value": "myCloudDrive" + } + ] +} diff --git a/etc/ncp-config.d/nc-format-USB.sh b/etc/ncp-config.d/nc-format-USB.sh deleted file mode 100644 index dcd2a926..00000000 --- a/etc/ncp-config.d/nc-format-USB.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# Format a USB external drive as a unique BTRFS partition -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -LABEL_=myCloudDrive -DESCRIPTION="Format an external USB drive as a BTRFS partition (dangerous)" - -INFOTITLE="Instructions for USB drive formatting" -INFO="Make sure that ONLY the USB drive that you want to format is plugged in. -careful, this will destroy any data in the USB drive - -** YOU WILL LOSE ALL YOUR USB DATA **" - -configure() -{ - # count all disk devices except mmcblk0 - local NUM=$( lsblk -ln | grep "^sd[[:alpha:]].*disk" | awk '{ print $6 }' | wc -l ) - - # only one plugged in - [[ $NUM != 1 ]] && { - echo "ERROR: counted $NUM devices. Please, only plug in the USB drive you want to format"; - return 1; - } - - # disable nc-automount if enabled - killall -STOP udiskie 2>/dev/null - - # umount if mounted - umount /media/USBdrive* &> /dev/null - - # check still not mounted - for dir in $( ls -d /media/* 2>/dev/null ); do - mountpoint -q $dir && { echo "$dir is still mounted"; return 1; } - done - - # do it - local NAME=( $( lsblk -ln | grep "^sd[[:alpha:]].*disk" | awk '{ print $1 }' ) ) - [[ ${#NAME[@]} != 1 ]] && { echo "unexpected error"; return 1; } - - wipefs -a -f /dev/"$NAME" || return 1 - parted /dev/"$NAME" --script -- mklabel gpt || return 2 - parted /dev/"$NAME" --script -- mkpart primary 0% 100% || return 3 - sleep 0.5 - mkfs.btrfs -q /dev/"${NAME}1" -f -L "$LABEL_" - local RET=$? - - # enable nc-automount if enabled - killall -CONT udiskie 2>/dev/null - [ $RET -eq 0 ] && echo "Drive $NAME formatted successfuly and labeled $LABEL_" - return $RET -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-forward-ports.cfg b/etc/ncp-config.d/nc-forward-ports.cfg new file mode 100644 index 00000000..5491c1eb --- /dev/null +++ b/etc/ncp-config.d/nc-forward-ports.cfg @@ -0,0 +1,20 @@ +{ + "id": "nc-forward-ports", + "name": "nc-forward-ports", + "title": "nc-forward-ports", + "description": "Set port forwarding to access from outside (UPnP)", + "info": "For NextCloudPi to be able to setup your ports, UPnP must be activated\nin your router. Activate it now on your router admin webpage.\n\n** UPnP is considered a security risk **\n\nDon't forget to disable it afterwards", + "infotitle": "Instructions for UPnP Port Forwarding", + "params": [ + { + "id": "HTTPSPORT", + "name": "HTTPSPORT", + "value": "443" + }, + { + "id": "HTTPPORT", + "name": "HTTPPORT", + "value": "80" + } + ] +} diff --git a/etc/ncp-config.d/nc-forward-ports.sh b/etc/ncp-config.d/nc-forward-ports.sh deleted file mode 100644 index 70560434..00000000 --- a/etc/ncp-config.d/nc-forward-ports.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -# Use uPnP to forward router ports for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -HTTPSPORT_=443 -HTTPPORT_=80 -DESCRIPTION="Set port forwarding to access from outside (UPnP)" - -INFOTITLE="Instructions for UPnP Port Forwarding" -INFO="For NextCloudPi to be able to setup your ports, UPnP must be activated -in your router. Activate it now on your router admin webpage. - -** UPnP is considered a security risk ** - -Don't forget to disable it afterwards" - -install() -{ - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends miniupnpc -} - -configure() -{ - local IFACE=$( ip r | grep "default via" | awk '{ print $5 }' | head -1 ) - local IP=$( ip a show dev "$IFACE" | grep global | grep -oP '\d{1,3}(.\d{1,3}){3}' | head -1 ) - upnpc -d "$HTTPSPORT_" TCP - upnpc -d "$HTTPPORT_" TCP - upnpc -a "$IP" 443 "$HTTPSPORT_" TCP | tee >(cat - >&2) | grep -q "is redirected to internal" || \ - { echo -e "\nCould not forward ports automatically.\nDo it manually, or activate UPnP in your router and try again"; return 1; } - upnpc -a "$IP" 80 "$HTTPPORT_" TCP | tee >(cat - >&2) | grep -q "is redirected to internal" || \ - { echo -e "\nCould not forward ports automatically.\nDo it manually, or activate UPnP in your router and try again"; return 1; } -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-hdd-monitor.cfg b/etc/ncp-config.d/nc-hdd-monitor.cfg new file mode 100644 index 00000000..045baccf --- /dev/null +++ b/etc/ncp-config.d/nc-hdd-monitor.cfg @@ -0,0 +1,26 @@ +{ + "id": "nc-hdd-monitor", + "name": "nc-hdd-monitor", + "title": "nc-hdd-monitor", + "description": "Monitor HDD health automatically", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "NOTIFYUSER", + "name": "NOTIFYUSER", + "value": "ncp" + }, + { + "id": "EMAIL", + "name": "EMAIL", + "value": "optional@email.com" + } + ] +} diff --git a/etc/ncp-config.d/nc-hdd-monitor.sh b/etc/ncp-config.d/nc-hdd-monitor.sh deleted file mode 100644 index d6f2e60a..00000000 --- a/etc/ncp-config.d/nc-hdd-monitor.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/bash - -# Monitor HDD health automatically -# -# Copyleft 2018 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com -# - -ACTIVE_=no -NOTIFYUSER_=ncp -EMAIL_=optional@email.com - -DESCRIPTION="Monitor HDD health automatically" - -is_active() -{ - systemctl -q is-enabled smartd &>/dev/null -} - -configure() -{ - local DRIVES=($(lsblk -ln | grep "^sd[[:alpha:]].*disk" | awk '{ print $1 }')) - - [[ ${#DRIVES[@]} == 0 ]] && { - echo "no drives detected. Disabling.." - ACTIVE_=no - } - - [[ "$ACTIVE_" != yes ]] && { - systemctl disable smartd - systemctl stop smartd - echo "HDD monitor disabled" - return 0 - } - - cat > /etc/smartd.conf <<EOF -# short scan every day at 1am, long one on sundays at 2am -DEVICESCAN -a -m $EMAIL_ -M exec /usr/local/etc/ncp-hdd-notif.sh -s (S/../.././01|L/../../7/02) -EOF - - cat > /usr/local/etc/ncp-hdd-notif.sh <<EOF -#!/bin/bash -EOF - - [[ "$EMAIL_" != "" ]] && { - cat >> /usr/local/etc/ncp-hdd-notif.sh <<EOF -sendmail "$EMAIL_" <<EOFMAIL -Subject: Hard drive problems found - -"\$SMARTD_MESSAGE" -EOFMAIL -EOF - } - - cat >> /usr/local/etc/ncp-hdd-notif.sh <<EOF -wall "\$SMARTD_MESSAGE" -sudo -u www-data php /var/www/nextcloud/occ notification:generate \ - $NOTIFYUSER_ "NextCloudPi HDD health \$SMARTD_FAILTYPE" \ - -l "\$SMARTD_MESSAGE" -EOF -chmod +x /usr/local/etc/ncp-hdd-notif.sh - - for dr in "${DRIVES[@]}"; do smartctl --smart=on /dev/${dr} | sed 1,2d; done - systemctl enable smartd - systemctl start smartd - echo "HDD monitor enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-hdd-test.cfg b/etc/ncp-config.d/nc-hdd-test.cfg new file mode 100644 index 00000000..8514d019 --- /dev/null +++ b/etc/ncp-config.d/nc-hdd-test.cfg @@ -0,0 +1,22 @@ +{ + "id": "nc-hdd-test", + "name": "nc-hdd-test", + "title": "nc-hdd-test", + "description": "Check HDD health", + "info": "Running no test will display test results", + "infotitle": "", + "params": [ + { + "id": "SHORTTEST", + "name": "SHORTTEST", + "value": "yes", + "type": "bool" + }, + { + "id": "LONGTEST", + "name": "LONGTEST", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-hdd-test.sh b/etc/ncp-config.d/nc-hdd-test.sh deleted file mode 100644 index 8490b40f..00000000 --- a/etc/ncp-config.d/nc-hdd-test.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Check HDD health -# -# Copyleft 2018 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com -# - -SHORTTEST_=yes -LONGTEST_=no -DESCRIPTION="Check HDD health" - -INFO="Running no test will display test results" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y smartmontools - systemctl disable smartd - systemctl stop smartd -} - -configure() -{ - local DRIVES=($(lsblk -ln | grep "^sd[[:alpha:]].*disk" | awk '{ print $1 }')) - - [[ ${#DRIVES[@]} == 0 ]] && { - echo "no drives detected. Abort" - return 0 - } - - for dr in "${DRIVES[@]}"; do - smartctl --smart=on /dev/${dr} | sed 1,2d - if [[ "$SHORTTEST_" == yes ]]; then - echo "* Starting test on $dr. Check results later" - smartctl -X "/dev/$dr" &>/dev/null - smartctl -t short "/dev/$dr" | sed 1,2d - elif [[ "$LONGTEST_" == yes ]]; then - echo "* Starting test on $dr. Check results later" - smartctl -X "/dev/$dr" &>/dev/null - smartctl -t long "/dev/$dr" | sed 1,2d - else - echo "* Stats for $dr" - smartctl -a "/dev/$dr" | sed 1,2d - fi - done -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-httpsonly.cfg b/etc/ncp-config.d/nc-httpsonly.cfg new file mode 100644 index 00000000..e1eb831e --- /dev/null +++ b/etc/ncp-config.d/nc-httpsonly.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-httpsonly", + "name": "nc-httpsonly", + "title": "nc-httpsonly", + "description": "Force HTTPS", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "yes", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-httpsonly.sh b/etc/ncp-config.d/nc-httpsonly.sh deleted file mode 100644 index 9e544897..00000000 --- a/etc/ncp-config.d/nc-httpsonly.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# HTTPS rewrite configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ -# - -ACTIVE_=yes -DESCRIPTION="Force HTTPS" - -configure() -{ - [[ $ACTIVE_ == "no" ]] && local OPT=Off || local OPT=On - sed -i "s|RewriteEngine .*|RewriteEngine $OPT|" /etc/apache2/sites-available/000-default.conf - echo "Forcing HTTPS $OPT" - - # delayed in bg so it does not kill the connection, and we get AJAX response - bash -c "sleep 2 && service apache2 reload" &>/dev/null & -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-import-ncp.cfg b/etc/ncp-config.d/nc-import-ncp.cfg new file mode 100644 index 00000000..01a8ab2d --- /dev/null +++ b/etc/ncp-config.d/nc-import-ncp.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-import-ncp", + "name": "nc-import-ncp", + "title": "nc-import-ncp", + "description": "Import NextCloudPi configuration from file", + "info": "", + "infotitle": "", + "params": [ + { + "id": "FILE", + "name": "FILE", + "value": "/media/USBdrive/ncp-config_xxxxxx.cfg" + } + ] +} diff --git a/etc/ncp-config.d/nc-import-ncp.sh b/etc/ncp-config.d/nc-import-ncp.sh deleted file mode 100644 index 97e9de99..00000000 --- a/etc/ncp-config.d/nc-import-ncp.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Import NextCloudPi configuration -# -# -# Copyleft 2017 by Courtney Hicks -# GPL licensed (see end of file) * Use at your own risk! -# - -FILE_=/media/USBdrive/ncp-config_xxxxxx.cfg - -DESCRIPTION="Import NextCloudPi configuration from file" - -configure() -{ - [[ -f "$FILE_" ]] || { echo "export file $FILE_ does not exist"; return 1; } - - source /usr/local/etc/library.sh || return 1 - cd /usr/local/etc/ncp-config.d || return 1 - - # extract export - local TMP="/tmp/ncp-export" - rm -rf "$TMP" - mkdir -p "$TMP" - tar -xf "$FILE_" -C "$TMP" - - # UGLY workaround to prevent apache from restarting upon activating some extras - # which leads to the operation appearing to fail in ncp-web - echo "invalid_op" >> /etc/apache2/sites-available/000-default.conf - - # restore configuration and activate - for file in /"$TMP"/*; do - local SCRIPT="$( basename "$file" .cfg ).sh" - - # restore - [ -f /usr/local/etc/ncp-config.d/"$SCRIPT" ] && { - local VARS=( $( grep "^[[:alpha:]]\+=" "$file" | cut -d= -f1 ) ) - local VALS=( $( grep "^[[:alpha:]]\+=" "$file" | cut -d= -f2 ) ) - for i in $( seq 0 1 ${#VARS[@]} ); do - sed -i "s|^${VARS[$i]}_=.*|${VARS[$i]}_=${VALS[$i]}|" "$SCRIPT" - done - } - - # activate - grep -q "^ACTIVE_=yes" "$SCRIPT" && echo && activate_script "$SCRIPT" - done - - # Fix invalid configuration - sed -i "/^invalid_op/d" /etc/apache2/sites-available/000-default.conf - - # cleanup - rm -rf "$TMP" - echo -e "\nconfiguration restored" - - # delayed in bg so it does not kill the connection, and we get AJAX response - bash -c "sleep 2 && service apache2 reload" &>/dev/null & -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-info.cfg b/etc/ncp-config.d/nc-info.cfg new file mode 100644 index 00000000..8f902c02 --- /dev/null +++ b/etc/ncp-config.d/nc-info.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-info", + "name": "nc-info", + "title": "nc-info", + "description": "Print NextCloudPi system info", + "info": "", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-info.sh b/etc/ncp-config.d/nc-info.sh deleted file mode 100644 index d03c53c1..00000000 --- a/etc/ncp-config.d/nc-info.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -# Print NCP sytem info -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -DESCRIPTION="Print NextCloudPi system info" - -install() -{ - apt-get update - apt-get install -y --no-install-recommends bsdmainutils -} - -configure() -{ - echo "Gathering information..." - local OUT="$( bash /usr/local/bin/ncp-diag )" - - # info - echo "$OUT" | column -t -s'|' - - # suggestions - echo - bash /usr/local/bin/ncp-suggestions "$OUT" - - return 0 -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-init.cfg b/etc/ncp-config.d/nc-init.cfg new file mode 100644 index 00000000..48149829 --- /dev/null +++ b/etc/ncp-config.d/nc-init.cfg @@ -0,0 +1,20 @@ +{ + "id": "nc-init", + "name": "nc-init", + "title": "nc-init", + "description": "(Re)initiate Nextcloud to a clean configuration", + "info": "This action will configure NextCloud to NextCloudPi defaults.\n\n** YOUR CONFIGURATION WILL BE LOST **\n\n", + "infotitle": "Clean NextCloud configuration", + "params": [ + { + "id": "ADMINUSER", + "name": "ADMINUSER", + "value": "ncp" + }, + { + "id": "ADMINPASS", + "name": "ADMINPASS", + "value": "ownyourbits" + } + ] +} diff --git a/etc/ncp-config.d/nc-init.sh b/etc/ncp-config.d/nc-init.sh deleted file mode 100644 index 961b1c94..00000000 --- a/etc/ncp-config.d/nc-init.sh +++ /dev/null @@ -1,191 +0,0 @@ -#!/bin/bash - -# Init NextCloud database and perform initial configuration -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ADMINUSER_=ncp -ADMINPASS_=ownyourbits -DBADMIN=ncadmin -DESCRIPTION="(Re)initiate Nextcloud to a clean configuration" - -INFOTITLE="Clean NextCloud configuration" -INFO="This action will configure NextCloud to NextCloudPi defaults. - -** YOUR CONFIGURATION WILL BE LOST ** - -" - -PHPVER=7.2 - -configure() -{ - echo "Setting up a clean Nextcloud instance... wait until message 'NC init done'" - - # checks - local REDISPASS=$( grep "^requirepass" /etc/redis/redis.conf | cut -d' ' -f2 ) - [[ "$REDISPASS" == "" ]] && { echo "redis server without a password. Abort"; return 1; } - - ## RE-CREATE DATABASE TABLE - - echo "Setting up database..." - - # launch mariadb if not already running - if ! pgrep -c mysqld &>/dev/null; then - mysqld & - fi - - # wait for mariadb - pgrep -x mysqld &>/dev/null || { - echo "mariaDB process not found. Waiting..." - while :; do - [[ -S /run/mysqld/mysqld.sock ]] && break - sleep 0.5 - done - } - - # workaround to emulate DROP USER IF EXISTS ..;) - local DBPASSWD=$( grep password /root/.my.cnf | sed 's|password=||' ) - mysql <<EOF -DROP DATABASE IF EXISTS nextcloud; -CREATE DATABASE nextcloud - CHARACTER SET utf8mb4 - COLLATE utf8mb4_unicode_ci; -GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -DROP USER '$DBADMIN'@'localhost'; -CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost; -EXIT -EOF - - ## INITIALIZE NEXTCLOUD - - # make sure redis is running first - if ! pgrep -c redis-server &>/dev/null; then - mkdir -p /var/run/redis - chown redis /var/run/redis - sudo -u redis redis-server /etc/redis/redis.conf & - fi - - while :; do - [[ -S /run/redis/redis.sock ]] && break - sleep 0.5 - done - - - echo "Setting up Nextcloud..." - - cd /var/www/nextcloud/ - rm -f config/config.php - sudo -u www-data php occ maintenance:install --database \ - "mysql" --database-name "nextcloud" --database-user "$DBADMIN" --database-pass \ - "$DBPASSWD" --admin-user "$ADMINUSER_" --admin-pass "$ADMINPASS_" - - # cron jobs - sudo -u www-data php occ background:cron - - # redis cache - sed -i '$d' config/config.php - cat >> config/config.php <<EOF - 'memcache.local' => '\\OC\\Memcache\\Redis', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'redis' => - array ( - 'host' => '/var/run/redis/redis.sock', - 'port' => 0, - 'timeout' => 0.0, - 'password' => '$REDISPASS', - ), -); -EOF - - # tmp upload dir - local UPLOADTMPDIR=/var/www/nextcloud/data/tmp - mkdir -p "$UPLOADTMPDIR" - chown www-data:www-data "$UPLOADTMPDIR" - sudo -u www-data php occ config:system:set tempdirectory --value "$UPLOADTMPDIR" - sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $UPLOADTMPDIR|" /etc/php/${PHPVER}/cli/php.ini - sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $UPLOADTMPDIR|" /etc/php/${PHPVER}/fpm/php.ini - sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $UPLOADTMPDIR|" /etc/php/${PHPVER}/fpm/php.ini - - - # 4 Byte UTF8 support - sudo -u www-data php occ config:system:set mysql.utf8mb4 --type boolean --value="true" - - # Default trusted domain ( only from ncp-config ) - test -f /usr/local/bin/nextcloud-domain.sh && { - test -f /.ncp-image || bash /usr/local/bin/nextcloud-domain.sh - } - sudo -u www-data php occ config:system:set trusted_domains 5 --value="nextcloudpi.local" - # trusted_domains 6 used by docker - sudo -u www-data php occ config:system:set trusted_domains 7 --value="nextcloudpi" - sudo -u www-data php occ config:system:set trusted_domains 8 --value="nextcloudpi.lan" - - # email - sudo -u www-data php occ config:system:set mail_smtpmode --value="sendmail" - sudo -u www-data php occ config:system:set mail_smtpauthtype --value="LOGIN" - sudo -u www-data php occ config:system:set mail_from_address --value="admin" - sudo -u www-data php occ config:system:set mail_domain --value="ownyourbits.com" - - # NCP theme - [[ -e /usr/local/etc/logo ]] && { - local ID=$( grep instanceid config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" ) - [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; } - mkdir -p data/appdata_${ID}/theming/images - cp /usr/local/etc/logo /usr/local/etc/background data/appdata_${ID}/theming/images - chown -R www-data:www-data data/appdata_${ID} - } - - mysql nextcloud <<EOF -replace into oc_appconfig values ( 'theming', 'name' , "NextCloudPi" ); -replace into oc_appconfig values ( 'theming', 'slogan' , "keep your data close" ); -replace into oc_appconfig values ( 'theming', 'url' , "https://ownyourbits.com" ); -replace into oc_appconfig values ( 'theming', 'logoMime' , "image/svg+xml" ); -replace into oc_appconfig values ( 'theming', 'backgroundMime', "image/png" ); -EOF - - # enable some apps by default - sudo -u www-data php /var/www/nextcloud/occ app:install calendar - sudo -u www-data php /var/www/nextcloud/occ app:install contacts - sudo -u www-data php /var/www/nextcloud/occ app:install notes - sudo -u www-data php /var/www/nextcloud/occ app:install tasks - sudo -u www-data php /var/www/nextcloud/occ app:install news - sudo -u www-data php /var/www/nextcloud/occ app:install admin_notifications - sudo -u www-data php /var/www/nextcloud/occ app:install previewgenerator - - sudo -u www-data php /var/www/nextcloud/occ app:enable calendar - sudo -u www-data php /var/www/nextcloud/occ app:enable contacts - sudo -u www-data php /var/www/nextcloud/occ app:enable notes - sudo -u www-data php /var/www/nextcloud/occ app:enable tasks - sudo -u www-data php /var/www/nextcloud/occ app:enable news - sudo -u www-data php /var/www/nextcloud/occ app:enable admin_notifications - sudo -u www-data php /var/www/nextcloud/occ app:enable previewgenerator - - # other - sudo -u www-data php /var/www/nextcloud/occ config:system:set overwriteprotocol --value=https - - echo "NC init done" -} - -install(){ :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-limits.cfg b/etc/ncp-config.d/nc-limits.cfg new file mode 100644 index 00000000..9f5982bd --- /dev/null +++ b/etc/ncp-config.d/nc-limits.cfg @@ -0,0 +1,30 @@ +{ + "id": "nc-limits", + "name": "nc-limits", + "title": "nc-limits", + "description": "Configure system limits for NextCloudPi", + "info": "Examples: 200M or 2G. Write 0 for autoconfig", + "infotitle": "", + "params": [ + { + "id": "MAXFILESIZE", + "name": "MAXFILESIZE", + "value": "10G" + }, + { + "id": "MEMORYLIMIT", + "name": "MEMORYLIMIT", + "value": "0" + }, + { + "id": "PHPTHREADS", + "name": "PHPTHREADS", + "value": "0" + }, + { + "id": "REDISMEM", + "name": "REDISMEM", + "value": "0" + } + ] +} diff --git a/etc/ncp-config.d/nc-limits.sh b/etc/ncp-config.d/nc-limits.sh deleted file mode 100644 index 545aa5b1..00000000 --- a/etc/ncp-config.d/nc-limits.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -# System limit configurator for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ -# - -MAXFILESIZE_=10G -MEMORYLIMIT_=0 -PHPTHREADS_=0 -REDISMEM_=0 -PHPVER=7.2 - -DESCRIPTION="Configure system limits for NextCloudPi" -INFO="Examples: 200M or 2G. Write 0 for autoconfig" - -configure() -{ - # Set auto memory limit to 75% of the total memory - local TOTAL_MEM="$( free -b | sed -n 2p | awk '{ print $2 }' )" - AUTOMEM=$(( TOTAL_MEM * 75 / 100 )) - - # MAX FILESIZE - local CONF=/var/www/nextcloud/.user.ini - local CURRENT_FILE_SIZE="$( grep "^upload_max_filesize" "$CONF" | sed 's|.*=||' )" - [[ "$MAXFILESIZE_" == "0" ]] && MAXFILESIZE_=10G - - # MAX PHP MEMORY - local CONF=/var/www/nextcloud/.user.ini - local CURRENT_PHP_MEM="$( grep "^memory_limit" "$CONF" | sed 's|.*=||' )" - [[ "$MEMORYLIMIT_" == "0" ]] && MEMORYLIMIT_=$AUTOMEM && echo "Using ${AUTOMEM}B for PHP" - sed -i "s/^post_max_size=.*/post_max_size=$MAXFILESIZE_/" "$CONF" - sed -i "s/^upload_max_filesize=.*/upload_max_filesize=$MAXFILESIZE_/" "$CONF" - sed -i "s/^memory_limit=.*/memory_limit=$MEMORYLIMIT_/" "$CONF" - - # MAX PHP THREADS - local CONF=/etc/php/${PHPVER}/fpm/pool.d/www.conf - local CURRENT_THREADS=$( grep "^pm.max_children" "$CONF" | awk '{ print $3 }' ) - [[ "$PHPTHREADS_" == "0" ]] && PHPTHREADS_=$( nproc ) && echo "Using $PHPTHREADS_ PHP threads" - sed -i "s|^pm.max_children =.*|pm.max_children = $PHPTHREADS_|" "$CONF" - sed -i "s|^pm.max_spare_servers =.*|pm.max_spare_servers = $PHPTHREADS_|" "$CONF" - sed -i "s|^pm.start_servers =.*|pm.start_servers = $PHPTHREADS_|" "$CONF" - - # RESTART PHP - [[ "$PHPTHREADS_" != "$CURRENT_THREADS" ]] || \ - [[ "$MEMORYLIMIT" != "$CURRENT_PHP_MEM" ]] || \ - [[ "$MAXFILESIZE_" != "$CURRENT_FILE_SIZE" ]] && \ - bash -c "sleep 3; service php${PHPVER}-fpm restart" &>/dev/null & - - # redis max memory - local CONF=/etc/redis/redis.conf - local CURRENT_REDIS_MEM=$( grep "^maxmemory" "$CONF" | awk '{ print $2 }' ) - [[ "$REDISMEM_" == "0" ]] && REDISMEM_=$AUTOMEM && echo "Using ${AUTOMEM}B for Redis" - [[ "$REDISMEM_" != "$CURRENT_REDIS_MEM" ]] && { - sed -i "s|^maxmemory .*|maxmemory $REDISMEM_|" "$CONF" - service redis-server restart - } -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-nextcloud.cfg b/etc/ncp-config.d/nc-nextcloud.cfg new file mode 100644 index 00000000..89288726 --- /dev/null +++ b/etc/ncp-config.d/nc-nextcloud.cfg @@ -0,0 +1,36 @@ +{ + "id": "nc-nextcloud", + "name": "nc-nextcloud", + "title": "nc-nextcloud", + "description": "Install any NextCloud version", + "info": "", + "infotitle": "", + "params": [ + { + "id": "VER", + "name": "VER", + "value": "14.0.4" + }, + { + "id": "BETA", + "name": "BETA", + "value": "no", + "type": "bool" + }, + { + "id": "MAXFILESIZE", + "name": "MAXFILESIZE", + "value": "2G" + }, + { + "id": "MEMORYLIMIT", + "name": "MEMORYLIMIT", + "value": "768M" + }, + { + "id": "MAXTRANSFERTIME", + "name": "MAXTRANSFERTIME", + "value": "3600" + } + ] +} diff --git a/etc/ncp-config.d/nc-nextcloud.sh b/etc/ncp-config.d/nc-nextcloud.sh deleted file mode 100644 index af39bcb7..00000000 --- a/etc/ncp-config.d/nc-nextcloud.sh +++ /dev/null @@ -1,266 +0,0 @@ -#!/bin/bash - -# Nextcloud installation on Raspbian over LAMP base -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -VER_=14.0.4 -BETA_=no -MAXFILESIZE_=2G -MEMORYLIMIT_=768M -MAXTRANSFERTIME_=3600 -DBADMIN=ncadmin -REDIS_MEM=3gb -PHPVER=7.2 -DESCRIPTION="Install any NextCloud version" - -APTINSTALL="apt-get install -y --no-install-recommends" -export DEBIAN_FRONTEND=noninteractive - -[ -d /var/www/nextcloud ] && { # don't show this during image build -INFOTITLE="NextCloud installation" -INFO="This new installation will cleanup current -NextCloud instance, including files and database. - -You can later use nc-init to configure to NextCloudPi defaults - -** perform backup before proceding ** - -You can use nc-backup " -} - -install() -{ - # During build, this step is run before ncp.sh. Avoid executing twice - [[ -f /usr/lib/systemd/system/nc-provisioning.service ]] && return 0 - - local RELEASE=stretch - - # Optional packets for Nextcloud and Apps - apt-get update - $APTINSTALL lbzip2 iputils-ping - $APTINSTALL -t $RELEASE php-smbclient # for external storage - $APTINSTALL -t $RELEASE imagemagick php${PHPVER}-imagick php${PHPVER}-exif # for gallery - - - # POSTFIX - $APTINSTALL postfix || { - # [armbian] workaround for bug - https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1531299 - echo "[NCP] Please, ignore the previous postfix installation error ..." - mv /usr/bin/newaliases / - ln -s /bin/true /usr/bin/newaliases - $APTINSTALL postfix - rm /usr/bin/newaliases - mv /newaliases /usr/bin/newaliases - } - - $APTINSTALL redis-server - $APTINSTALL -t $RELEASE php${PHPVER}-redis - - local REDIS_CONF=/etc/redis/redis.conf - local REDISPASS="default" - sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|" $REDIS_CONF - sed -i "s|# unixsocketperm .*|unixsocketperm 770|" $REDIS_CONF - sed -i "s|# requirepass .*|requirepass $REDISPASS|" $REDIS_CONF - sed -i 's|# maxmemory-policy .*|maxmemory-policy allkeys-lru|' $REDIS_CONF - sed -i 's|# rename-command CONFIG ""|rename-command CONFIG ""|' $REDIS_CONF - sed -i "s|^port.*|port 0|" $REDIS_CONF - echo "maxmemory $REDIS_MEM" >> $REDIS_CONF - echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf - - usermod -a -G redis www-data - - service redis-server restart - update-rc.d redis-server enable - service php${PHPVER}-fpm restart - - # service to randomize passwords on first boot - mkdir -p /usr/lib/systemd/system - cat > /usr/lib/systemd/system/nc-provisioning.service <<'EOF' -[Unit] -Description=Randomize passwords on first boot -Requires=network.target -After=mysql.service redis.service - -[Service] -ExecStart=/bin/bash /usr/local/bin/ncp-provisioning.sh - -[Install] -WantedBy=multi-user.target -EOF - [[ "$DOCKERBUILD" != 1 ]] && systemctl enable nc-provisioning - return 0 -} - -configure() -{ - ## IF BETA SELECTED ADD "pre" to DOWNLOAD PATH - [[ "$BETA_" == yes ]] && local PREFIX="pre" - - ## DOWNLOAD AND (OVER)WRITE NEXTCLOUD - cd /var/www/ - - local URL="https://download.nextcloud.com/server/${PREFIX}releases/nextcloud-$VER_.tar.bz2" - echo "Downloading Nextcloud $VER_..." - wget -q "$URL" -O nextcloud.tar.bz2 || { - echo "couldn't download $URL" - return 1 - } - rm -rf nextcloud - - echo "Installing Nextcloud $VER_..." - tar -xf nextcloud.tar.bz2 - rm nextcloud.tar.bz2 - - ## CONFIGURE FILE PERMISSIONS - local ocpath='/var/www/nextcloud' - local htuser='www-data' - local htgroup='www-data' - local rootuser='root' - - printf "Creating possible missing Directories\n" - mkdir -p $ocpath/data - mkdir -p $ocpath/updater - - printf "chmod Files and Directories\n" - find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640 - find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750 - - printf "chown Directories\n" - - chown -R ${htuser}:${htgroup} ${ocpath}/ - chown -R ${htuser}:${htgroup} ${ocpath}/apps/ - chown -R ${htuser}:${htgroup} ${ocpath}/config/ - chown -R ${htuser}:${htgroup} ${ocpath}/data/ - chown -R ${htuser}:${htgroup} ${ocpath}/themes/ - chown -R ${htuser}:${htgroup} ${ocpath}/updater/ - - chmod +x ${ocpath}/occ - - printf "chmod/chown .htaccess\n" - if [ -f ${ocpath}/.htaccess ]; then - chmod 0644 ${ocpath}/.htaccess - chown ${htuser}:${htgroup} ${ocpath}/.htaccess - fi - if [ -f ${ocpath}/data/.htaccess ]; then - chmod 0644 ${ocpath}/data/.htaccess - chown ${htuser}:${htgroup} ${ocpath}/data/.htaccess - fi - - # create and configure opcache dir - local OPCACHEDIR=/var/www/nextcloud/data/.opcache - sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$OPCACHEDIR|" /etc/php/${PHPVER}/mods-available/opcache.ini - mkdir -p $OPCACHEDIR - chown -R www-data:www-data $OPCACHEDIR - - ## RE-CREATE DATABASE TABLE - # launch mariadb if not already running (for docker build) - if ! pgrep -c mysqld &>/dev/null; then - echo "Starting mariaDB" - mysqld & - fi - - # wait for mariadb - pgrep -x mysqld &>/dev/null || echo "mariaDB process not found" - - while :; do - [[ -S /var/run/mysqld/mysqld.sock ]] && break - sleep 0.5 - done - - echo "Setting up database..." - - # workaround to emulate DROP USER IF EXISTS ..;) - local DBPASSWD=$( grep password /root/.my.cnf | sed 's|password=||' ) - mysql <<EOF -DROP DATABASE IF EXISTS nextcloud; -CREATE DATABASE nextcloud - CHARACTER SET utf8mb4 - COLLATE utf8mb4_unicode_ci; -GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -DROP USER '$DBADMIN'@'localhost'; -CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost; -EXIT -EOF - -## SET APACHE VHOST - echo "Setting up Apache..." - cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF' -<IfModule mod_ssl.c> - <VirtualHost _default_:443> - DocumentRoot /var/www/nextcloud - CustomLog /var/log/apache2/nc-access.log combined - ErrorLog /var/log/apache2/nc-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - </VirtualHost> - <Directory /var/www/nextcloud/> - Options +FollowSymlinks - AllowOverride All - <IfModule mod_dav.c> - Dav off - </IfModule> - LimitRequestBody 0 - SSLRenegBufferSize 10486000 - </Directory> -</IfModule> -EOF - a2ensite nextcloud - - cat > /etc/apache2/sites-available/000-default.conf <<'EOF' -<VirtualHost _default_:80> - DocumentRoot /var/www/nextcloud - <IfModule mod_rewrite.c> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] - </IfModule> -</VirtualHost> -EOF - - # some added security - sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/apache2/conf-enabled/security.conf - sed -i 's|^ServerTokens .*|ServerTokens Prod|' /etc/apache2/conf-enabled/security.conf - - echo "Setting up system..." - - ## SET LIMITS - sed -i "s/post_max_size=.*/post_max_size=$MAXFILESIZE_/" /var/www/nextcloud/.user.ini - sed -i "s/upload_max_filesize=.*/upload_max_filesize=$MAXFILESIZE_/" /var/www/nextcloud/.user.ini - sed -i "s/memory_limit=.*/memory_limit=$MEMORYLIMIT_/" /var/www/nextcloud/.user.ini - - # slow transfers will be killed after this time - cat >> /var/www/nextcloud/.user.ini <<< "max_execution_time=$MAXTRANSFERTIME_" - cat >> /var/www/nextcloud/.user.ini <<< "max_input_time=$MAXTRANSFERTIME_" - - ## SET CRON - echo "*/15 * * * * php -f /var/www/nextcloud/cron.php" > /tmp/crontab_http - crontab -u www-data /tmp/crontab_http - rm /tmp/crontab_http - - echo "Don't forget to run nc-init" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-notify-updates.cfg b/etc/ncp-config.d/nc-notify-updates.cfg new file mode 100644 index 00000000..577c8ccd --- /dev/null +++ b/etc/ncp-config.d/nc-notify-updates.cfg @@ -0,0 +1,21 @@ +{ + "id": "nc-notify-updates", + "name": "nc-notify-updates", + "title": "nc-notify-updates", + "description": "Notify in NC when a NextCloudPi update is available", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "yes", + "type": "bool" + }, + { + "id": "USER", + "name": "USER", + "value": "ncp" + } + ] +} diff --git a/etc/ncp-config.d/nc-notify-updates.sh b/etc/ncp-config.d/nc-notify-updates.sh deleted file mode 100644 index c66c9ddf..00000000 --- a/etc/ncp-config.d/nc-notify-updates.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash - -# Install the latest News third party app -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=yes -USER_=ncp - -DESCRIPTION="Notify in NC when a NextCloudPi update is available" - -# check every hour -CHECKINTERVAL=1 -NCDIR=/var/www/nextcloud - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/ncp-notify-updates - service cron restart - echo "update web notifications disabled" - return 0 - } - - # code - cat > /usr/local/bin/ncp-notify-update <<EOF -#!/bin/bash -VERFILE=/usr/local/etc/ncp-version -LATEST=/var/run/.ncp-latest-version -NOTIFIED=/var/run/.ncp-version-notified - -test -e \$LATEST || exit 0; -/usr/local/bin/ncp-test-updates || { echo "NextCloudPi up to date"; exit 0; } - -test -e \$NOTIFIED && [[ "\$( cat \$LATEST )" == "\$( cat \$NOTIFIED )" ]] && { - echo "Found update from \$( cat \$VERFILE ) to \$( cat \$LATEST ). Already notified" - exit 0 -} - -echo "Found update from \$( cat \$VERFILE ) to \$( cat \$LATEST ). Sending notification..." - -IFACE=\$( ip r | grep "default via" | awk '{ print \$5 }' | head -1 ) -IP=\$( ip a show dev "\$IFACE" | grep global | grep -oP '\d{1,3}(\.\d{1,3}){3}' | head -1 ) - -sudo -u www-data php /var/www/nextcloud/occ notification:generate \ - $USER_ "NextCloudPi update" \ - -l "Update from \$( cat \$VERFILE ) to \$( cat \$LATEST ) is available. Update from https://\$IP:4443" - -cat \$LATEST > \$NOTIFIED -EOF - chmod +x /usr/local/bin/ncp-notify-update - - cat > /usr/local/bin/ncp-notify-unattended-upgrade <<EOF -#!/bin/bash - -LOGFILE=/var/log/unattended-upgrades/unattended-upgrades.log -STAMPFILE=/var/run/.ncp-notify-unattended-upgrades -VERFILE=/usr/local/etc/ncp-version - -test -e "\$LOGFILE" || { echo "\$LOGFILE not found"; exit 1; } - -# find lines with package updates -LINE=\$( grep "INFO Packages that will be upgraded:" "\$LOGFILE" ) - -[[ "\$LINE" == "" ]] && { echo "no new upgrades"; exit 0; } - -# extract package names -PKGS=\$( sed 's|^.*Packages that will be upgraded: ||' <<< "\$LINE" | tr '\\n' ' ' ) - -# mark lines as read -sed -i 's|INFO Packages that will be upgraded:|INFO Packages that will be upgraded :|' \$LOGFILE - -echo -e "Packages automatically upgraded: \$PKGS\\n" - -# notify -sudo -u www-data php /var/www/nextcloud/occ notification:generate \ - $USER_ "NextCloudPi Unattended Upgrades" \ - -l "Packages automatically upgraded \$PKGS" -EOF - chmod +x /usr/local/bin/ncp-notify-unattended-upgrade - - # check every hour at 40th minute - echo "40 */${CHECKINTERVAL} * * * root /usr/local/bin/ncp-notify-update && /usr/local/bin/ncp-notify-unattended-upgrade" > /etc/cron.d/ncp-notify-updates - [[ -f /run/crond.pid ]] && service cron restart - - echo "update web notifications enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-passwd.cfg b/etc/ncp-config.d/nc-passwd.cfg new file mode 100644 index 00000000..fb2ccfd3 --- /dev/null +++ b/etc/ncp-config.d/nc-passwd.cfg @@ -0,0 +1,20 @@ +{ + "id": "nc-passwd", + "name": "nc-passwd", + "title": "nc-passwd", + "description": "Change password for the NextCloudPi Panel", + "info": "", + "infotitle": "", + "params": [ + { + "id": "PASSWORD", + "name": "PASSWORD", + "value": "ownyourbits" + }, + { + "id": "CONFIRM", + "name": "CONFIRM", + "value": "ownyourbits" + } + ] +} diff --git a/etc/ncp-config.d/nc-passwd.sh b/etc/ncp-config.d/nc-passwd.sh deleted file mode 100644 index 1cb54775..00000000 --- a/etc/ncp-config.d/nc-passwd.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -# Change password for the ncp-web user -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -PASSWORD_=ownyourbits -CONFIRM_=ownyourbits - -DESCRIPTION="Change password for the NextCloudPi Panel" - -configure() -{ - # update password - echo -e "$PASSWORD_\n$CONFIRM_" | passwd ncp &>/dev/null && \ - echo "password updated successfully" || \ - { echo "passwords do not match"; return 1; } - - # persist ncp-web password in docker container - [[ -f /.docker-image ]] && { - mv /etc/shadow /data/etc/shadow - ln -s /data/etc/shadow /etc/shadow - } - - # Run cron.php once now to get all checks right in CI. - sudo -u www-data php /var/www/nextcloud/cron.php - - # activate NCP - a2ensite ncp nextcloud - a2dissite ncp-activation - bash -c "sleep 1.5 && service apache2 reload" &>/dev/null & -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-prettyURL.cfg b/etc/ncp-config.d/nc-prettyURL.cfg new file mode 100644 index 00000000..e51d967e --- /dev/null +++ b/etc/ncp-config.d/nc-prettyURL.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-prettyURL", + "name": "nc-prettyURL", + "title": "nc-prettyURL", + "description": "Set pretty URLs (no index.php in URL)", + "info": "", + "infotitle": "PrettyURL notes", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-prettyURL.sh b/etc/ncp-config.d/nc-prettyURL.sh deleted file mode 100644 index 0039f5f3..00000000 --- a/etc/ncp-config.d/nc-prettyURL.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# -# Activate/deactivate a pretty URL without index.php -# -# -# Copyleft 2018 by Timo Stiefel and xxx -# GPL licensed (see end of file) * Use at your own risk! - - -ACTIVE_=no -DESCRIPTION="Set pretty URLs (no index.php in URL)" -INFOTITLE="PrettyURL notes" - -NCDIR=/var/www/nextcloud -OCC="$NCDIR/occ" - -install() { :; } - -isactive() -{ - local REWRITEBASE - REWRITEBASE="$( grep RewriteBase /var/www/nextcloud/.htaccess )" || return 1 - [[ $REWRITEBASE != 1 ]] -} - -configure() -{ - # make sure overwrite.cli.url end with a '/' - local URL="$(ncc config:system:get overwrite.cli.url)" - [[ "${URL: -1}" != "/" ]] && ncc config:system:set overwrite.cli.url --value="${URL}/" - - [[ $ACTIVE_ != "yes" ]] && { - sudo -u www-data php "$OCC" config:system:set htaccess.RewriteBase --value="" - sudo -u www-data php "$OCC" maintenance:update:htaccess - [[ $? -ne 0 ]] && { - echo "There has been an error." - return 1 - } - echo "Your cloud does no longer have a pretty domain name." - } || { - sudo -u www-data php "$OCC" config:system:set htaccess.RewriteBase --value="/" - sudo -u www-data php "$OCC" maintenance:update:htaccess - [[ $? -ne 0 ]] && { - echo "There has been an error." - return 1 - } - echo "Your cloud now has a pretty domain name." - } - bash -c "sleep 2 && service apache2 reload" &>/dev/null & - return 0 -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-previews.cfg b/etc/ncp-config.d/nc-previews.cfg new file mode 100644 index 00000000..4ec1e9f1 --- /dev/null +++ b/etc/ncp-config.d/nc-previews.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-previews", + "name": "nc-previews", + "title": "nc-previews", + "description": "Generate previews for the gallery", + "info": "This will make browsing the gallery much more smooth.\nFor big collections, this can take a LONG time, depending on your hardware", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-previews.sh b/etc/ncp-config.d/nc-previews.sh deleted file mode 100644 index ef325a75..00000000 --- a/etc/ncp-config.d/nc-previews.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# Generate previews for the gallery -# -# Copyleft 2018 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at nextcloudpi.com -# - -DESCRIPTION="Generate previews for the gallery" - -INFO="This will make browsing the gallery much more smooth. -For big collections, this can take a LONG time, depending on your hardware" - -configure() -{ - sudo -u www-data php /var/www/nextcloud/occ preview:generate-all -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-ramlogs.cfg b/etc/ncp-config.d/nc-ramlogs.cfg new file mode 100644 index 00000000..568d18b9 --- /dev/null +++ b/etc/ncp-config.d/nc-ramlogs.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-ramlogs", + "name": "nc-ramlogs", + "title": "nc-ramlogs", + "description": "mount logs in RAM to prevent SD degradation (faster, consumes more RAM)", + "info": "You need to reboot for this change to take effect", + "infotitle": "Warning", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-ramlogs.sh b/etc/ncp-config.d/nc-ramlogs.sh deleted file mode 100644 index cbca9a82..00000000 --- a/etc/ncp-config.d/nc-ramlogs.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -ACTIVE_=no -DESCRIPTION="mount logs in RAM to prevent SD degradation (faster, consumes more RAM)" - -INFOTITLE="Warning" -INFO="You need to reboot for this change to take effect" - -is_active() -{ - systemctl -q is-active log2ram &>/dev/null -} - -find_unit_name() -{ - UNIT_NAME="" - entry=$(systemctl list-unit-files --no-pager | grep -e ramlog) - if [[ -z "$entry" ]] - then - UNIT_NAME="" - elif [[ $entry == *armbian-ramlog* ]] - then - UNIT_NAME=armbian-ramlog - else - UNIT_NAME=log2ram - fi -} - -install() -{ - [[ -d /var/log.hdd ]] || [[ -d /var/hdd.log ]] && { echo "log2ram detected, not installing"; return; } - cd /tmp - curl -Lo log2ram.tar.gz https://github.com/azlux/log2ram/archive/master.tar.gz - tar xf log2ram.tar.gz - cd log2ram-master - sed -i '/systemctl -q is-active log2ram/d' install.sh - sed -i '/systemctl enable log2ram/d' install.sh - chmod +x install.sh && sudo ./install.sh - cd .. - rm -r log2ram-master log2ram.tar.gz - rm /etc/cron.hourly/log2ram /usr/local/bin/uninstall-log2ram.sh -} - -configure() -{ - find_unit_name - if [[ -z "$UNIT_NAME" ]] - then - echo "ERROR: log2ram service not found!" - fi - - [[ $ACTIVE_ != "yes" ]] && { - systemctl disable "$UNIT_NAME" - systemctl stop "$UNIT_NAME" - echo "Logs in SD. Reboot to take effect" - return - } - systemctl enable "$UNIT_NAME" - systemctl start "$UNIT_NAME" - - echo "Logs in RAM. Reboot to take effect" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-restore.cfg b/etc/ncp-config.d/nc-restore.cfg new file mode 100644 index 00000000..0cfbbb1f --- /dev/null +++ b/etc/ncp-config.d/nc-restore.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-restore", + "name": "nc-restore", + "title": "nc-restore", + "description": "Restore a previously backuped NC instance", + "info": "This new installation will cleanup current\nNextCloud instance, including files and database.\n\n** perform backup before proceding **\n\nYou can use nc-backup", + "infotitle": "Restore NextCloud backup", + "params": [ + { + "id": "BACKUPFILE", + "name": "BACKUPFILE", + "value": "/media/USBdrive/nextcloud-bkp_xxxxxxxx.tar" + } + ] +} diff --git a/etc/ncp-config.d/nc-restore.sh b/etc/ncp-config.d/nc-restore.sh deleted file mode 100644 index 05de9db9..00000000 --- a/etc/ncp-config.d/nc-restore.sh +++ /dev/null @@ -1,192 +0,0 @@ -#!/bin/bash - -#!/bin/bash -# Nextcloud restore backup -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - - -BACKUPFILE_=/media/USBdrive/nextcloud-bkp_xxxxxxxx.tar -DESCRIPTION="Restore a previously backuped NC instance" - -INFOTITLE="Restore NextCloud backup" -INFO="This new installation will cleanup current -NextCloud instance, including files and database. - -** perform backup before proceding ** - -You can use nc-backup" - -install() -{ - cat > /usr/local/bin/ncp-restore <<'EOF' -#!/bin/bash -set -eE - -BACKUPFILE="$1" - -DBADMIN=ncadmin -DBPASSWD="$( grep password /root/.my.cnf | sed 's|password=||' )" -PHPVER=7.2 - -DIR="$( cd "$( dirname "$BACKUPFILE" )" &>/dev/null && pwd )" #abspath - -[[ -f /.docker-image ]] && NCDIR=/data/app || NCDIR=/var/www/nextcloud - -[[ $# -eq 0 ]] && { echo "missing first argument" ; exit 1; } -[[ -f "$BACKUPFILE" ]] || { echo "$BACKUPFILE not found" ; exit 1; } -[[ "$DIR" =~ "$NCDIR" ]] && { echo "Refusing to restore from $NCDIR"; exit 1; } - -TMPDIR="$( mktemp -d "$( dirname "$BACKUPFILE" )"/ncp-restore.XXXXXX )" || { echo "Failed to create temp dir" >&2; exit 1; } -grep -q -e ext -e btrfs <( stat -fc%T "$TMPDIR" ) || { echo "Can only restore from ext/btrfs filesystems" >&2; exit 1; } - -TMPDIR="$( cd "$TMPDIR" &>/dev/null && pwd )" || { echo "$TMPDIR not found"; exit 1; } #abspath -cleanup(){ local RET=$?; echo "Cleanup..."; rm -rf "${TMPDIR}"; trap "" EXIT; exit $RET; } -trap cleanup INT TERM HUP ERR EXIT -rm -rf "$TMPDIR" && mkdir -p "$TMPDIR" - -# EXTRACT FILES -[[ "$BACKUPFILE" =~ ".tar.gz" ]] && COMPRESSED=1 || COMPRESSED=0 -[[ "$COMPRESSED" == "1" ]] && { - echo "decompressing backup file $BACKUPFILE..." - tar -xzf "$BACKUPFILE" -C "$TMPDIR" || exit 1 - BACKUPFILE="$( ls "$TMPDIR"/*.tar 2>/dev/null )" - [[ -f "$BACKUPFILE" ]] || { echo "$BACKUPFILE not found"; exit 1; } -} - -echo "extracting backup file $BACKUPFILE..." -tar -xf "$BACKUPFILE" -C "$TMPDIR" || exit 1 - -## SANITY CHECKS -[[ -d "$TMPDIR"/nextcloud ]] && [[ -f "$( ls "$TMPDIR"/nextcloud-sqlbkp_*.bak 2>/dev/null )" ]] || { - echo "invalid backup file. Abort" - exit 1 -} - -## RESTORE FILES - -echo "restore files..." -rm -rf "$NCDIR" -mv -T "$TMPDIR"/nextcloud "$NCDIR" || { echo "Error restoring base files"; exit 1; } - -# update NC database password to this instance -sed -i "s|'dbpassword' =>.*|'dbpassword' => '$DBPASSWD',|" /var/www/nextcloud/config/config.php - -# update redis credentials -REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )" -[[ "$REDISPASS" != "" ]] && \ - sed -i "s|'password'.*|'password' => '$REDISPASS',|" /var/www/nextcloud/config/config.php -service redis-server restart - -## RE-CREATE DATABASE TABLE - -echo "restore database..." -mysql -u root <<EOFMYSQL -DROP DATABASE IF EXISTS nextcloud; -CREATE DATABASE nextcloud; -GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -DROP USER '$DBADMIN'@'localhost'; -CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; -GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost; -EXIT -EOFMYSQL -[ $? -ne 0 ] && { echo "Error configuring nextcloud database"; exit 1; } - -mysql -u root nextcloud < "$TMPDIR"/nextcloud-sqlbkp_*.bak || { echo "Error restoring nextcloud database"; exit 1; } - -## RESTORE DATADIR - -cd "$NCDIR" - -### INCLUDEDATA=yes situation - -NUMFILES=$(( 2 + COMPRESSED )) -if [[ $( ls "$TMPDIR" | wc -l ) -eq $NUMFILES ]]; then - - DATADIR=$( grep datadirectory "$NCDIR"/config/config.php | awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 ) - [[ "$DATADIR" == "" ]] && { echo "Error reading data directory"; exit 1; } - - echo "restore datadir to $DATADIR..." - - [[ -e "$DATADIR" ]] && { - echo "backing up existing $DATADIR" - mv "$DATADIR" "$DATADIR-$( date "+%m-%d-%y" )" || exit 1 - } - - mkdir -p "$DATADIR" - [[ "$( stat -fc%T "$DATADIR" )" == "btrfs" ]] && { - rmdir "$DATADIR" || exit 1 - btrfs subvolume create "$DATADIR" || exit 1 - } - chown www-data:www-data "$DATADIR" - TMPDATA="$TMPDIR/$( basename "$DATADIR" )" - mv "$TMPDATA"/* "$TMPDATA"/.[!.]* "$DATADIR" || exit 1 - rmdir "$TMPDATA" || exit 1 - - sudo -u www-data php occ maintenance:mode --off - -### INCLUDEDATA=no situation - -else - echo "no datadir found in backup" - DATADIR="$NCDIR"/data - - sudo -u www-data php occ maintenance:mode --off - sudo -u www-data php occ files:scan --all - - # cache needs to be cleaned as of NC 12 - NEED_RESTART=1 -fi - -# Just in case we moved the opcache dir -sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$DATADIR/.opcache|" /etc/php/${PHPVER}/mods-available/opcache.ini - -# tmp upload dir -mkdir -p "$DATADIR/tmp" -chown www-data:www-data "$DATADIR/tmp" -sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/cli/php.ini -sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/fpm/php.ini -sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/fpm/php.ini - -# update fail2ban logpath -[[ ! -f /.docker-image ]] && { - sed -i "s|logpath =.*|logpath = $DATADIR/nextcloud.log|" /etc/fail2ban/jail.conf - pgrep fail2ban &>/dev/null && service fail2ban restart -} - -# refresh nextcloud trusted domains -bash /usr/local/bin/nextcloud-domain.sh - -# restart PHP if needed -[[ "$NEED_RESTART" == "1" ]] && \ - bash -c " sleep 3; service php${PHPVER}-fpm restart" &>/dev/null & -EOF - chmod +x /usr/local/bin/ncp-restore -} - -configure() -{ - ncp-restore "$BACKUPFILE_" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-rsync-auto.cfg b/etc/ncp-config.d/nc-rsync-auto.cfg new file mode 100644 index 00000000..9a86d743 --- /dev/null +++ b/etc/ncp-config.d/nc-rsync-auto.cfg @@ -0,0 +1,26 @@ +{ + "id": "nc-rsync-auto", + "name": "nc-rsync-auto", + "title": "nc-rsync-auto", + "description": "Periodically sync Nextcloud data through rsync", + "info": "DESTINATION can be a regular path for local sync\n'user' needs SSH autologin from the NCP 'root' user at 'ip'", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "DESTINATION", + "name": "DESTINATION", + "value": "user@ip:/path/to/sync" + }, + { + "id": "SYNCDAYS", + "name": "SYNCDAYS", + "value": "3" + } + ] +} diff --git a/etc/ncp-config.d/nc-rsync-auto.sh b/etc/ncp-config.d/nc-rsync-auto.sh deleted file mode 100644 index becf806e..00000000 --- a/etc/ncp-config.d/nc-rsync-auto.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -# Periodically sync Nextcloud datafolder through rsync -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ACTIVE_=no -DESTINATION_=user@ip:/path/to/sync -SYNCDAYS_=3 -DESCRIPTION="Periodically sync Nextcloud data through rsync" - -INFO="DESTINATION can be a regular path for local sync -'user' needs SSH autologin from the NCP 'root' user at 'ip'" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y rsync -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/ncp-rsync-auto - echo "automatic rsync disabled" - return 0 - } - - local DATADIR - DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - - [[ "$DESTINATION_" =~ : ]] && { - local NET="$( sed 's|:.*||' <<<"$DESTINATION_" )" - local SSH=( ssh -o "BatchMode=yes" "$NET" ) - ${SSH[@]} : || { echo "SSH non-interactive not properly configured"; return 1; } - } - - echo "0 5 */${SYNCDAYS_} * * root /usr/bin/rsync -ax --delete \"$DATADIR\" \"$DESTINATION_\"" > /etc/cron.d/ncp-rsync-auto - service cron restart - - echo "automatic rsync enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-rsync.cfg b/etc/ncp-config.d/nc-rsync.cfg new file mode 100644 index 00000000..7f7ee7ce --- /dev/null +++ b/etc/ncp-config.d/nc-rsync.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-rsync", + "name": "nc-rsync", + "title": "nc-rsync", + "description": "Sync Nextcloud data through rsync", + "info": "'user' needs SSH autologin from the NCP 'root' user at 'ip'\nif we are launching from ncp-web", + "infotitle": "", + "params": [ + { + "id": "DESTINATION", + "name": "DESTINATION", + "value": "user@ip:/path/to/sync" + } + ] +} diff --git a/etc/ncp-config.d/nc-rsync.sh b/etc/ncp-config.d/nc-rsync.sh deleted file mode 100644 index d75e7453..00000000 --- a/etc/ncp-config.d/nc-rsync.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# Sync Nextcloud datafolder through rsync -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -DESTINATION_=user@ip:/path/to/sync -DESCRIPTION="Sync Nextcloud data through rsync" - -INFO="'user' needs SSH autologin from the NCP 'root' user at 'ip' -if we are launching from ncp-web" - -BASEDIR=/var/www - -install() -{ - apt-get update - apt-get install --no-install-recommends -y rsync -} - -configure() -{ - sudo -u www-data php "$BASEDIR"/nextcloud/occ maintenance:mode --on - - local DATADIR - DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - - rsync -ax --delete "$DATADIR" "$DESTINATION_" - - sudo -u www-data php "$BASEDIR"/nextcloud/occ maintenance:mode --off -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-scan-auto.cfg b/etc/ncp-config.d/nc-scan-auto.cfg new file mode 100644 index 00000000..4b2f6cfa --- /dev/null +++ b/etc/ncp-config.d/nc-scan-auto.cfg @@ -0,0 +1,21 @@ +{ + "id": "nc-scan-auto", + "name": "nc-scan-auto", + "title": "nc-scan-auto", + "description": "Periodically scan NC for externally modified files", + "info": "Set the time in minutes in SCANINTERVAL.\n\n>>> If there are too many files this can greatly affect performance. <<<", + "infotitle": "Instructions for auto synchronization", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "SCANINTERVAL", + "name": "SCANINTERVAL", + "value": "60" + } + ] +} diff --git a/etc/ncp-config.d/nc-scan-auto.sh b/etc/ncp-config.d/nc-scan-auto.sh deleted file mode 100644 index 0d30f84f..00000000 --- a/etc/ncp-config.d/nc-scan-auto.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Periodically synchronize NextCloud for externally modified files -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -SCANINTERVAL_=60 -DESCRIPTION="Periodically scan NC for externally modified files" - -INFOTITLE="Instructions for auto synchronization" -INFO="Set the time in minutes in SCANINTERVAL. - ->>> If there are too many files this can greatly affect performance. <<<" - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/ncp-scan-auto - service cron restart - echo "automatic scans disabled" - return 0 - } - - # set crontab - local DAYS HOURS MINS - DAYS=$(( SCANINTERVAL_ / 1440 )) - if [[ "$DAYS" != "0" ]]; then - DAYS="*/$DAYS" HOUR="1" MINS="15" - else - DAYS="*" - HOUR=$(( SCANINTERVAL_ / 60 )) - MINS=$(( SCANINTERVAL_ % 60 )) - MINS="*/$MINS" - [[ $HOUR == 0 ]] && HOUR="*" || { HOUR="*/$HOUR" MINS="15"; } - fi - - echo "${MINS} ${HOUR} ${DAYS} * * root /usr/local/bin/ncp-scan" > /etc/cron.d/ncp-scan-auto - service cron restart - - echo "automatic scans enabled" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-scan.cfg b/etc/ncp-config.d/nc-scan.cfg new file mode 100644 index 00000000..3386816d --- /dev/null +++ b/etc/ncp-config.d/nc-scan.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-scan", + "name": "nc-scan", + "title": "nc-scan", + "description": "Scan NC for externally modified files", + "info": "", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-scan.sh b/etc/ncp-config.d/nc-scan.sh deleted file mode 100644 index 70b7570a..00000000 --- a/etc/ncp-config.d/nc-scan.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -# Synchronize NextCloud for externally modified files -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -DESCRIPTION="Scan NC for externally modified files" - -install() -{ - cat > /usr/local/bin/ncp-scan <<EOF -#!/bin/bash -cd /var/www/nextcloud -sudo -u www-data php occ files:scan --all -EOF - chmod +x /usr/local/bin/ncp-scan -} - -configure() -{ - /usr/local/bin/ncp-scan -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA diff --git a/etc/ncp-config.d/nc-snapshot-auto.cfg b/etc/ncp-config.d/nc-snapshot-auto.cfg new file mode 100644 index 00000000..add2ff22 --- /dev/null +++ b/etc/ncp-config.d/nc-snapshot-auto.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-snapshot-auto", + "name": "nc-snapshot-auto", + "title": "nc-snapshot-auto", + "description": "Scheduled datadir BTRFS snapshots", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-snapshot-auto.sh b/etc/ncp-config.d/nc-snapshot-auto.sh deleted file mode 100644 index 03eb25ae..00000000 --- a/etc/ncp-config.d/nc-snapshot-auto.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# -# NextCloudPi scheduled datadir BTRFS snapshots -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ACTIVE_=no -DESCRIPTION="Scheduled datadir BTRFS snapshots" - -install() -{ - wget https://raw.githubusercontent.com/nachoparker/btrfs-snp/master/btrfs-snp -O /usr/local/bin/btrfs-snp - chmod +x /usr/local/bin/btrfs-snp -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.hourly/btrfs-snp - echo "automatic snapshots disabled" - return 0 - } - - local DATADIR MOUNTPOINT - DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - - # file system check - MOUNTPOINT="$( stat -c "%m" "$DATADIR" )" || return 1 - [[ "$( stat -fc%T "$MOUNTPOINT" )" != "btrfs" ]] && { - echo "$MOUNTPOINT is not in a BTRFS filesystem" - return 1 - } - - cat > /etc/cron.hourly/btrfs-snp <<EOF -#!/bin/bash -/usr/local/bin/btrfs-snp $MOUNTPOINT hourly 24 3600 ../ncp-snapshots -/usr/local/bin/btrfs-snp $MOUNTPOINT daily 7 86400 ../ncp-snapshots -/usr/local/bin/btrfs-snp $MOUNTPOINT weekly 4 604800 ../ncp-snapshots -/usr/local/bin/btrfs-snp $MOUNTPOINT monthly 12 2592000 ../ncp-snapshots -EOF - chmod +x /etc/cron.hourly/btrfs-snp - echo "automatic snapshots enabled" -} - - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-snapshot-sync.cfg b/etc/ncp-config.d/nc-snapshot-sync.cfg new file mode 100644 index 00000000..f5803836 --- /dev/null +++ b/etc/ncp-config.d/nc-snapshot-sync.cfg @@ -0,0 +1,37 @@ +{ + "id": "nc-snapshot-sync", + "name": "nc-snapshot-sync", + "title": "nc-snapshot-sync", + "description": "Sync BTRFS snapshots to USBdrive or remote machine", + "info": "Use format user@ip:/path/to/snapshots for remote sync\n'user' needs permissions for the 'btrfs' command at 'ip'\n'user' needs SSH autologin from the NCP 'root' user at 'ip'\nOnly use compression for internet transfer, because it uses many resources", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "SNAPDIR", + "name": "SNAPDIR", + "value": "/media/USBdrive/ncp-snapshots" + }, + { + "id": "DESTINATION", + "name": "DESTINATION", + "value": "/media/myBackupDrive/ncp-snapshots" + }, + { + "id": "COMPRESSION", + "name": "COMPRESSION", + "value": "no", + "type": "bool" + }, + { + "id": "SYNCDAYS", + "name": "SYNCDAYS", + "value": "1" + } + ] +} diff --git a/etc/ncp-config.d/nc-snapshot-sync.sh b/etc/ncp-config.d/nc-snapshot-sync.sh deleted file mode 100644 index 7eccd93f..00000000 --- a/etc/ncp-config.d/nc-snapshot-sync.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -# Sync Nextcloud BTRFS snapshots -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ACTIVE_=no -SNAPDIR_=/media/USBdrive/ncp-snapshots -DESTINATION_=/media/myBackupDrive/ncp-snapshots -COMPRESSION_=no -SYNCDAYS_=1 -DESCRIPTION="Sync BTRFS snapshots to USBdrive or remote machine" - -INFO="Use format user@ip:/path/to/snapshots for remote sync -'user' needs permissions for the 'btrfs' command at 'ip' -'user' needs SSH autologin from the NCP 'root' user at 'ip' -Only use compression for internet transfer, because it uses many resources" - -install() -{ - apt-get update - apt-get install -y --no-install-recommends pv openssh-client - wget https://raw.githubusercontent.com/nachoparker/btrfs-sync/master/btrfs-sync -O /usr/local/bin/btrfs-sync - chmod +x /usr/local/bin/btrfs-sync - ssh-keygen -N "" -f /root/.ssh/id_rsa -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - rm -f /etc/cron.d/ncp-snapsync-auto - service cron restart - echo "snapshot sync disabled" - return 0 - } - - # checks - [[ -d "$SNAPDIR_" ]] || { echo "$SNAPDIR_ does not exist"; return 1; } - - [[ "$DESTINATION_" =~ : ]] && { - local NET="$( sed 's|:.*||' <<<"$DESTINATION_" )" - local DST="$( sed 's|.*:||' <<<"$DESTINATION_" )" - local SSH=( ssh -o "BatchMode=yes" "$NET" ) - ${SSH[@]} : || { echo "SSH non-interactive not properly configured"; return 1; } - } || DST="$DESTINATION_" - [[ "$( ${SSH[@]} stat -fc%T "$DST" )" != "btrfs" ]] && { - echo "$DESTINATION_ is not in a BTRFS filesystem" - return 1 - } - - [[ "$COMPRESSION_" == "yes" ]] && ZIP="-z" - - echo "30 4 */${SYNCDAYS_} * * root /usr/local/bin/btrfs-sync -qd $ZIP \"$SNAPDIR_\" \"$DESTINATION_\"" > /etc/cron.d/ncp-snapsync-auto - service cron restart - echo "snapshot sync enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-snapshot.cfg b/etc/ncp-config.d/nc-snapshot.cfg new file mode 100644 index 00000000..77edb622 --- /dev/null +++ b/etc/ncp-config.d/nc-snapshot.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-snapshot", + "name": "nc-snapshot", + "title": "nc-snapshot", + "description": "Create BTRFS snapshot of the datadir", + "info": "Snapshots take up very little space because only the differences from one \nto the next are saved. This requires the datadir to be in a BTRFS filesystem", + "infotitle": "", + "params": [ + { + "id": "LIMIT", + "name": "LIMIT", + "value": "4" + } + ] +} diff --git a/etc/ncp-config.d/nc-snapshot.sh b/etc/ncp-config.d/nc-snapshot.sh deleted file mode 100644 index 607bc47e..00000000 --- a/etc/ncp-config.d/nc-snapshot.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Nextcloud BTRFS snapshots -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -LIMIT_=4 -DESCRIPTION="Create BTRFS snapshot of the datadir" - -INFO="Snapshots take up very little space because only the differences from one -to the next are saved. This requires the datadir to be in a BTRFS filesystem" - -BASEDIR=/var/www - -install() -{ - wget https://raw.githubusercontent.com/nachoparker/btrfs-snp/master/btrfs-snp -O /usr/local/bin/btrfs-snp - chmod +x /usr/local/bin/btrfs-snp -} - -configure() -{ - sudo -u www-data php "$BASEDIR"/nextcloud/occ maintenance:mode --on - - local DATADIR MOUNTPOINT - DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - - # file system check - MOUNTPOINT="$( stat -c "%m" "$DATADIR" )" || return 1 - [[ "$( stat -fc%T "$MOUNTPOINT" )" != "btrfs" ]] && { - echo "$MOUNTPOINT is not in a BTRFS filesystem" - return 1 - } - - btrfs-snp $MOUNTPOINT manual $LIMIT_ 0 ../ncp-snapshots - - sudo -u www-data php "$BASEDIR"/nextcloud/occ maintenance:mode --off -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-static-IP.cfg b/etc/ncp-config.d/nc-static-IP.cfg new file mode 100644 index 00000000..df17a9e4 --- /dev/null +++ b/etc/ncp-config.d/nc-static-IP.cfg @@ -0,0 +1,21 @@ +{ + "id": "nc-static-IP", + "name": "nc-static-IP", + "title": "nc-static-IP", + "description": "Set up a static IP address (ACTIVE=yes), or DHCP (ACTIVE=no)", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "IP", + "name": "IP", + "value": "192.168.1.130" + } + ] +} diff --git a/etc/ncp-config.d/nc-static-IP.sh b/etc/ncp-config.d/nc-static-IP.sh deleted file mode 100644 index 7598f63e..00000000 --- a/etc/ncp-config.d/nc-static-IP.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash - -# Enable static IP or DHCP for Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -IP_=192.168.1.130 - -DESCRIPTION="Set up a static IP address (ACTIVE=yes), or DHCP (ACTIVE=no)" - -configure() -{ - local GW="$( ip r | grep "default via" | awk '{ print $3 }' )" - local DNS="$( grep nameserver /etc/resolv.conf | head -1 | awk '{ print $2 }' )" - [[ "$DNS" == "" ]] && DNS="$GW" - local IFACE="$( ip r | grep "default via" | awk '{ print $5 }' | head -1 )" - [[ "$IFACE" == "" ]] && { echo "Couldn't find default interface"; exit 1; } - - ## DHCPCD - [[ -f /etc/dhcpcd.conf ]] && { - # delete NCP config - grep -q "^# NextCloudPi autogenerated" /etc/dhcpcd.conf && \ - sed -i '/^# NextCloudPi autogenerated/,+6d' /etc/dhcpcd.conf - - [[ $ACTIVE_ != "yes" ]] && { - systemctl restart dhcpcd - echo "DHCP enabled" - return - } - - cat >> /etc/dhcpcd.conf <<EOF -# NextCloudPi autogenerated -# don't modify! better use ncp-config -interface $IFACE -static ip_address=$IP_/24 -static routers=$GW -static domain_name_servers=$DNS - -# Local loopback -auto lo -iface lo inet loopback -EOF - - systemctl restart dhcpcd - } || { - ## NETWORK MANAGER - - cp -n /etc/network/interfaces /etc/network/interfaces-ncp-backup-orig - - [[ $ACTIVE_ != "yes" ]] && { - cat > /etc/network/interfaces <<EOF -# Wired adapter #1 -allow-hotplug $IFACE -no-auto-down $IFACE -auto $IFACE -iface $IFACE inet dhcp - -# Local loopback -auto lo -iface lo inet loopback -EOF - systemctl restart NetworkManager - echo "DHCP enabled" - return - } - - cat > /etc/network/interfaces <<EOF -# ncp-config generated -source /etc/network/interfaces.d/* - -# Local loopback -auto lo -iface lo inet loopback - -# Interface $IFACE -auto $IFACE -allow-hotplug $IFACE -iface $IFACE inet static - address $IP_ - netmask 255.255.255.0 - gateway $GW - dns-nameservers $DNS 8.8.8.8 -EOF - systemctl restart networking - } - - sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value="$IP_" - sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://"$IP_"/ - echo "Static IP set to $IP_" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-swapfile.cfg b/etc/ncp-config.d/nc-swapfile.cfg new file mode 100644 index 00000000..a1f95ff1 --- /dev/null +++ b/etc/ncp-config.d/nc-swapfile.cfg @@ -0,0 +1,20 @@ +{ + "id": "nc-swapfile", + "name": "nc-swapfile", + "title": "nc-swapfile", + "description": "Move and resize your swapfile. Recommended to move to a permanent USB drive", + "info": "", + "infotitle": "", + "params": [ + { + "id": "SWAPFILE", + "name": "SWAPFILE", + "value": "/media/USBdrive/swap" + }, + { + "id": "SWAPSIZE", + "name": "SWAPSIZE", + "value": "1024" + } + ] +} diff --git a/etc/ncp-config.d/nc-swapfile.sh b/etc/ncp-config.d/nc-swapfile.sh deleted file mode 100644 index e2799235..00000000 --- a/etc/ncp-config.d/nc-swapfile.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -SWAPFILE_=/media/USBdrive/swap -SWAPSIZE_=1024 -DESCRIPTION="Move and resize your swapfile. Recommended to move to a permanent USB drive" - -is_active() -{ - local DIR=$( swapon -s | sed -n 2p | awk '{ print $1 }' ) - [[ "$DIR" != "" ]] && [[ "$DIR" != "/var/swap" ]] -} - -configure() -{ - local ORIG="$( swapon | tail -1 | awk '{ print $1 }' )" - local DSTDIR="$( dirname "$SWAPFILE_" )" - [[ "$ORIG" == "$SWAPFILE_" ]] && { echo "nothing to do"; return 0; } - [[ -d "$SWAPFILE_" ]] && { echo "$SWAPFILE_ is a directory. Abort"; return 1; } - [[ -d "$DSTDIR" ]] || { echo "$DSTDIR Doesn't exist. Abort"; return 1; } - - [[ "$( stat -fc%T "$DSTDIR" )" == "btrfs" ]] && { - echo "BTRFS doesn't support swapfiles. You can still use nc-zram" - return 1 - } - - [[ $( stat -fc%d / ) == $( stat -fc%d "$DSTDIR" ) ]] && \ - echo -e "INFO: moving swapfile to another place in the same SD card\nIf you want to use an external mount, make sure it is properly set up" - - sed -i "s|#\?CONF_SWAPFILE=.*|CONF_SWAPFILE=$SWAPFILE_|" /etc/dphys-swapfile - sed -i "s|#\?CONF_SWAPSIZE=.*|CONF_SWAPSIZE=$SWAPSIZE_|" /etc/dphys-swapfile - grep -q vm.swappiness /etc/sysctl.conf || echo "vm.swappiness = 10" >> /etc/sysctl.conf && sysctl --load &>/dev/null - - dphys-swapfile setup && dphys-swapfile swapon && { - [[ -f "$ORIG" ]] && swapoff "$ORIG" && rm -f "$ORIG" - echo "swapfile moved successfully" - return 0 - } - - echo "moving swapfile failed" - return 1 -} - -install() -{ - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends dphys-swapfile - # delay init because of automount - sed -i "/\<start)/asleep 30" /etc/init.d/dphys-swapfile -} - - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-update-nextcloud.cfg b/etc/ncp-config.d/nc-update-nextcloud.cfg new file mode 100644 index 00000000..8358867e --- /dev/null +++ b/etc/ncp-config.d/nc-update-nextcloud.cfg @@ -0,0 +1,15 @@ +{ + "id": "nc-update-nextcloud", + "name": "nc-update-nextcloud", + "title": "nc-update-nextcloud", + "description": "Update current instance to a new Nextcloud version", + "info": "Set to 0 to update to the latest avaliable version", + "infotitle": "", + "params": [ + { + "id": "VERSION", + "name": "VERSION", + "value": "0" + } + ] +} diff --git a/etc/ncp-config.d/nc-update-nextcloud.sh b/etc/ncp-config.d/nc-update-nextcloud.sh deleted file mode 100644 index 664baad6..00000000 --- a/etc/ncp-config.d/nc-update-nextcloud.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# Update current instance to a new Nextcloud version -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -VERSION_=0 -LATEST=14.0.4 -DESCRIPTION="Update current instance to a new Nextcloud version" -INFO="Set to 0 to update to the latest avaliable version" - -configure() -{ - [[ "$VERSION_" == "0" ]] && VERSION_="$LATEST" - bash /usr/local/bin/ncp-update-nc "$VERSION_" -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-update.cfg b/etc/ncp-config.d/nc-update.cfg new file mode 100644 index 00000000..c653340b --- /dev/null +++ b/etc/ncp-config.d/nc-update.cfg @@ -0,0 +1,9 @@ +{ + "id": "nc-update", + "name": "nc-update", + "title": "nc-update", + "description": "Update NextCloudPi", + "info": "", + "infotitle": "", + "params": [] +} diff --git a/etc/ncp-config.d/nc-update.sh b/etc/ncp-config.d/nc-update.sh deleted file mode 100644 index 6f297dd3..00000000 --- a/etc/ncp-config.d/nc-update.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -DESCRIPTION="Update NextCloudPi" - -configure() -{ - /usr/local/bin/ncp-update -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-webui.cfg b/etc/ncp-config.d/nc-webui.cfg new file mode 100644 index 00000000..33a5f4ef --- /dev/null +++ b/etc/ncp-config.d/nc-webui.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-webui", + "name": "nc-webui", + "title": "nc-webui", + "description": "Enable or disable the NCP web interface", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-webui.sh b/etc/ncp-config.d/nc-webui.sh deleted file mode 100644 index ef22ea3a..00000000 --- a/etc/ncp-config.d/nc-webui.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -# Periodically synchronize NextCloud for externally modified files -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -DESCRIPTION="Enable or disable the NCP web interface" - -is_active() -{ - a2query -s ncp &>/dev/null -} - -configure() -{ - if [[ $ACTIVE_ != "yes" ]]; then - a2dissite ncp - echo "ncp-web disabled" - else - a2ensite ncp - echo "ncp-web enabled" - fi - - # delayed in bg so it does not kill the connection, and we get AJAX response - bash -c "sleep 2 && service apache2 reload" &>/dev/null & -} - -install() { :; } - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-wifi.cfg b/etc/ncp-config.d/nc-wifi.cfg new file mode 100644 index 00000000..18061cf5 --- /dev/null +++ b/etc/ncp-config.d/nc-wifi.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-wifi", + "name": "nc-wifi", + "title": "nc-wifi", + "description": "Configure your Wi-Fi connection", + "info": "\n0) Write 'yes' to activate wifi, and 'no' to disable it\n1) Select a Wi-Fi network\n2) Press right arrow ->\n3) Enter the passphrase for your Wi-Fi\n4) Make sure to select 'connect automatically'\n5) F10 to save\n6) C to connect", + "infotitle": "Instructions to configure Wi-Fi", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-wifi.sh b/etc/ncp-config.d/nc-wifi.sh deleted file mode 100644 index 18e52bd3..00000000 --- a/etc/ncp-config.d/nc-wifi.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -# Data dir configuration script for NextCloudPi -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/ -# - -ACTIVE_=no -DESCRIPTION="Configure your Wi-Fi connection" - -INFOTITLE="Instructions to configure Wi-Fi" -INFO=" -0) Write 'yes' to activate wifi, and 'no' to disable it -1) Select a Wi-Fi network -2) Press right arrow -> -3) Enter the passphrase for your Wi-Fi -4) Make sure to select 'connect automatically' -5) F10 to save -6) C to connect" - -install() -{ - apt-get update - apt install -y --no-install-recommends wicd-curses - systemctl disable wicd -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - systemctl stop wicd - systemctl disable wicd - systemctl start dhcpcd - systemctl enable dhcpcd - ip link set down dev wlan0 - systemctl start nextcloud-domain - return; - } - - ip link set up dev wlan0 - systemctl stop dhcpcd - systemctl disable dhcpcd - systemctl enable wicd - systemctl start wicd - - wicd-curses - clear - - systemctl start nextcloud-domain -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/nc-zram.cfg b/etc/ncp-config.d/nc-zram.cfg new file mode 100644 index 00000000..afbb27e1 --- /dev/null +++ b/etc/ncp-config.d/nc-zram.cfg @@ -0,0 +1,16 @@ +{ + "id": "nc-zram", + "name": "nc-zram", + "title": "nc-zram", + "description": "Enable compressed RAM to improve swap performance", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/nc-zram.sh b/etc/ncp-config.d/nc-zram.sh deleted file mode 100644 index a7d57037..00000000 --- a/etc/ncp-config.d/nc-zram.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -# NextCloudPi ZRAM settings -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ -# - -ACTIVE_=no -DESCRIPTION="Enable compressed RAM to improve swap performance" - -install() -{ - cat > /etc/systemd/system/zram.service <<EOF -[Unit] -Description=Set up ZRAM - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/ncp-zram start -ExecStop=/usr/local/bin/ncp-zram stop -RemainAfterExit=yes - -[Install] -WantedBy=sysinit.target -EOF - -cat > /usr/local/bin/ncp-zram <<'EOF' -#!/bin/bash -# inspired by https://github.com/novaspirit/rpi_zram/blob/master/zram.sh - -case "$1" in - start) - CORES=$(nproc --all) - modprobe zram num_devices=$CORES || exit 1 - - swapoff -a - - TOTALMEM=`free | grep -e "^Mem:" | awk '{print $2}'` - MEM=$(( ($TOTALMEM / $CORES)* 1024 )) - - core=0 - while [ $core -lt $CORES ]; do - echo $MEM > /sys/block/zram$core/disksize - mkswap /dev/zram$core - swapon -p 5 /dev/zram$core - let core=core+1 - done - ;; - - stop) - swapoff -a - rmmod zram - ;; - *) - echo "Usage: $0 {start|stop}" >&2 - exit 1 - ;; -esac -EOF -chmod +x /usr/local/bin/ncp-zram -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - systemctl stop zram - systemctl disable zram - echo "ZRAM disabled" - return 0 - } - systemctl start zram - systemctl enable zram - echo "ZRAM enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/samba.cfg b/etc/ncp-config.d/samba.cfg new file mode 100644 index 00000000..2c2d8054 --- /dev/null +++ b/etc/ncp-config.d/samba.cfg @@ -0,0 +1,21 @@ +{ + "id": "samba", + "name": "samba", + "title": "samba", + "description": "SMB/CIFS file server (for Mac/Linux/Windows)", + "info": "The username will be the Nextcloud username, and the password will be one we setup here.\nIf we intend to modify the data folder through SAMBA,\nthen we have to synchronize NextCloud to make it aware of the changes.\n\nThis can be done manually or automatically using 'nc-scan' and 'nc-scan-auto'", + "infotitle": "Instructions for external synchronization", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "no", + "type": "bool" + }, + { + "id": "PWD", + "name": "PWD", + "value": "ownyourbits" + } + ] +} diff --git a/etc/ncp-config.d/samba.sh b/etc/ncp-config.d/samba.sh deleted file mode 100644 index aac737dd..00000000 --- a/etc/ncp-config.d/samba.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/bin/bash - -# SAMBA server for Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: https://ownyourbits.com -# - -ACTIVE_=no -PWD_=ownyourbits -DESCRIPTION="SMB/CIFS file server (for Mac/Linux/Windows)" - -INFOTITLE="Instructions for external synchronization" -INFO="If we intend to modify the data folder through SAMBA, -then we have to synchronize NextCloud to make it aware of the changes. - -This can be done manually or automatically using 'nc-scan' and 'nc-scan-auto'" - -install() -{ - apt-get update - apt-get install --no-install-recommends -y samba - update-rc.d smbd disable - update-rc.d nmbd disable - - # the directory needs to be recreated if we are using nc-ramlogs - grep -q mkdir /etc/init.d/smbd || sed -i "/\<start)/amkdir -p /var/log/samba" /etc/init.d/smbd - - # disable SMB1 and SMB2 - grep -q SMB3 /etc/samba/smb.conf || sed -i '/\[global\]/aprotocol = SMB3' /etc/samba/smb.conf - - # disable the [homes] share by default - sed -i /\[homes\]/s/homes/homes_disabled_ncp/ /etc/samba/smb.conf - - cat >> /etc/samba/smb.conf <<EOF - -# NextCloudPi automatically generated from here. Do not remove this comment -EOF -} - -configure() -{ - [[ $ACTIVE_ != "yes" ]] && { - service smbd stop - update-rc.d smbd disable - update-rc.d nmbd disable - echo "SMB disabled" - return - } - - # CHECKS - ################################ - local DATADIR - DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || { - echo -e "Error reading data directory. Is NextCloud running and configured?"; - return 1; - } - [ -d "$DATADIR" ] || { echo -e "data directory $DATADIR not found" ; return 1; } - - # CONFIG - ################################ - - # remove files from this line to the end - sed -i '/# NextCloudPi automatically/,/\$/d' /etc/samba/smb.conf - - # restore this line - cat >> /etc/samba/smb.conf <<EOF -# NextCloudPi automatically generated from here. Do not remove this comment -EOF - - # create a share per Nextcloud user - local USERS=() - while read -r path; do - USERS+=( "$( basename $( dirname "$path" ) )" ) - done < <( ls -d "$DATADIR"/*/files ) - - for user in ${USERS[@]}; do - echo "adding SAMBA share for user $user" - local DIR="$DATADIR/$user/files" - [ -d "$DIR" ] || { echo -e "INFO: directory $DIR does not exist."; return 1; } - - cat >> /etc/samba/smb.conf <<EOF - -[ncp-$user] - path = $DIR - writeable = yes -; browseable = yes - valid users = $user - force user = www-data - force group = www-data - create mask = 0770 - directory mask = 0771 - force create mode = 0660 - force directory mode = 0770 - -EOF - - ## create user with no login if it doesn't exist - id "$user" &>/dev/null || adduser --disabled-password --force-badname --gecos "" "$user" || return 1 - echo -e "$PWD_\n$PWD_" | smbpasswd -s -a $user - - usermod -aG www-data $user - sudo chmod g+w $DIR - done - - update-rc.d smbd defaults - update-rc.d smbd enable - service smbd restart - - update-rc.d nmbd enable - service nmbd restart - - echo "SMB enabled" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - diff --git a/etc/ncp-config.d/unattended-upgrades.cfg b/etc/ncp-config.d/unattended-upgrades.cfg new file mode 100644 index 00000000..fae568c8 --- /dev/null +++ b/etc/ncp-config.d/unattended-upgrades.cfg @@ -0,0 +1,22 @@ +{ + "id": "unattended-upgrades", + "name": "unattended-upgrades", + "title": "unattended-upgrades", + "description": "Automatic installation of security updates. Keep your cloud safe", + "info": "", + "infotitle": "", + "params": [ + { + "id": "ACTIVE", + "name": "ACTIVE", + "value": "yes", + "type": "bool" + }, + { + "id": "AUTOREBOOT", + "name": "AUTOREBOOT", + "value": "yes", + "type": "bool" + } + ] +} diff --git a/etc/ncp-config.d/unattended-upgrades.sh b/etc/ncp-config.d/unattended-upgrades.sh deleted file mode 100644 index eba93a5d..00000000 --- a/etc/ncp-config.d/unattended-upgrades.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash - -# Unattended upgrades installation on Raspbian -# -# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> -# GPL licensed (see end of file) * Use at your own risk! -# -# More at: ownyourbits.com -# - -ACTIVE_=yes -AUTOREBOOT_=yes -DESCRIPTION="Automatic installation of security updates. Keep your cloud safe" - -install() -{ - apt-get update - apt install -y --no-install-recommends unattended-upgrades - rm /etc/apt/apt.conf.d/20auto-upgrades -} - -configure() -{ - [[ $ACTIVE_ == "yes" ]] && local AUTOUPGRADE=1 || local AUTOUPGRADE=0 - [[ $AUTOREBOOT_ == "yes" ]] && local AUTOREBOOT=true || local AUTOREBOOT=false - - # Raspbian case - grep -q Raspbian /etc/issue && { - - # It seems like the label Raspbian-Security does not work for Raspbian - # See https://www.raspberrypi.org/forums/viewtopic.php?t=82863&p=585739 - cat > /etc/apt/apt.conf.d/20ncp-upgrades <<EOF -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "$AUTOUPGRADE"; -APT::Periodic::MaxAge "14"; -APT::Periodic::AutocleanInterval "7"; -Unattended-Upgrade::Automatic-Reboot "$AUTOREBOOT"; -Unattended-Upgrade::Automatic-Reboot-Time "04:00"; -Unattended-Upgrade::Origins-Pattern { -o=Raspbian,n=stretch,l=Raspbian; -} -Dpkg::Options { - "--force-confdef"; - "--force-confold"; -}; -EOF - - # Armbian case # TODO security only? - } || { - cat > /etc/apt/apt.conf.d/20ncp-upgrades <<EOF -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "$AUTOUPGRADE"; -APT::Periodic::MaxAge "14"; -APT::Periodic::AutocleanInterval "7"; -Unattended-Upgrade::Automatic-Reboot "$AUTOREBOOT"; -Unattended-Upgrade::Automatic-Reboot-Time "04:00"; -Unattended-Upgrade::Origins-Pattern { -o=Debian,n=stretch,l=Debian; -} -Dpkg::Options { - "--force-confdef"; - "--force-confold"; -}; -EOF - } - echo "Unattended upgrades active: $ACTIVE_ (autoreboot $AUTOREBOOT_)" -} - -# License -# -# This script is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this script; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place, Suite 330, -# Boston, MA 02111-1307 USA - |