diff options
| author | FaniD <fani.dimou92@gmail.com> | 2019-06-22 02:39:57 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2019-06-30 00:20:28 +0300 |
| commit | 2aa28d22a71343e5639b883b8ab9335f55aab4a6 (patch) | |
| tree | f6386a2ebd8b312fac87e469c3f1ad24ce0c9f52 /update.sh | |
| parent | fbdab43b96f7ad92935c0ea01f7c9c2ecfb7e712 (diff) | |
ncp-update: implement step based upgrade
Diffstat (limited to 'update.sh')
| -rwxr-xr-x | update.sh | 186 |
1 files changed, 2 insertions, 184 deletions
@@ -49,6 +49,8 @@ cp etc/library.sh /usr/local/etc/ source /usr/local/etc/library.sh +./run_update_history.sh "updates" + mkdir -p "$CONFDIR" # prevent installing some ncp-apps in the docker version @@ -123,190 +125,6 @@ cp -r ncp-app /var/www/ } -## BACKWARD FIXES ( for older images ) - -# not for image builds, only live updates -[[ ! -f /.ncp-image ]] && { - - # docker images only - [[ -f /.docker-image ]] && { - : - } - - # for non docker images - [[ ! -f /.docker-image ]] && { - cat > /etc/fail2ban/filter.d/ufwban.conf <<'EOF' -[INCLUDES] -before = common.conf -[Definition] -failregex = UFW BLOCK.* SRC= -ignoreregex = -EOF - : - } - - # update to the latest version - is_active_app nc-autoupdate-nc && run_app nc-autoupdate-nc - - # previews settings - ncc config:app:set previewgenerator squareSizes --value="32" - ncc config:app:set previewgenerator widthSizes --value="128 256 512" - ncc config:app:set previewgenerator heightSizes --value="128 256" - ncc config:system:set jpeg_quality --value 60 - - # update unattended labels - is_active_app unattended-upgrades && run_app unattended-upgrades - - # update sury keys - wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - - # fix cron path - is_active_app nc-backup-auto && run_app nc-backup-auto - is_active_app nc-scan-auto && run_app nc-scan-auto - is_active_app nc-autoupdate-ncp && run_app nc-autoupdate-ncp - is_active_app nc-notify-updates && run_app nc-notify-updates - is_active_app nc-previews-auto && run_app nc-previews-auto - is_active_app nc-update-nc-apps-auto && run_app nc-update-nc-apps-auto - - # rework letsencrypt notification - USER="$(jq -r '.params[2].value' "$CONFDIR"/letsencrypt.cfg)" - mkdir -p /etc/letsencrypt/renewal-hooks/deploy/ - cat > /etc/letsencrypt/renewal-hooks/deploy/ncp <<EOF -#!/bin/bash -/usr/local/bin/ncc notification:generate $USER "SSL renewal" -l "Your SSL certificate(s) \$RENEWED_DOMAINS has been renewed for another 90 days" -EOF - chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp - - # update nc-backup - install_app nc-backup - install_app nc-restore - - # create UPDATES section - updates_dir=/usr/local/bin/ncp/UPDATES - mkdir -p "$updates_dir" - ( - mv /usr/local/bin/ncp/{SYSTEM/unattended-upgrades.sh,CONFIG/nc-autoupdate-nc.sh,CONFIG/nc-autoupdate-ncp.sh,CONFIG/nc-update-nc-apps-auto.sh} "$updates_dir" || true - mv /usr/local/bin/ncp/TOOLS/{nc-update-nc-apps,nc-update-nextcloud,nc-update}.sh "$updates_dir" || true - mv /usr/local/bin/ncp/CONFIG/nc-notify-updates.sh "$updates_dir" || true - ) &>/dev/null - - # armbian fix uu - rm -f /etc/apt/apt.conf.d/02-armbian-periodic - - # switch back to the apt LE version - which letsencrypt &>/dev/null || install_app letsencrypt - - # update launchers - apt-get update - apt-get install -y --no-install-recommends file - cat > /home/www/ncp-launcher.sh <<'EOF' -#!/bin/bash -grep -q '[\\&#;`|*?~<>^()[{}$&[:space:]]' <<< "$*" && exit 1 -source /usr/local/etc/library.sh -run_app $1 -EOF - chmod 700 /home/www/ncp-launcher.sh - - cat > /home/www/ncp-backup-launcher.sh <<'EOF' -#!/bin/bash -action="${1}" -file="${2}" -compressed="${3}" -grep -q '[\\&#;`|*?~<>^()[{}$&]' <<< "$*" && exit 1 -[[ "$file" =~ ".." ]] && exit 1 -[[ "${action}" == "chksnp" ]] && { - btrfs subvolume show "$file" &>/dev/null || exit 1 - exit -} -[[ "${action}" == "delsnp" ]] && { - btrfs subvolume delete "$file" || exit 1 - exit -} -[[ -f "$file" ]] || exit 1 -[[ "$file" =~ ".tar" ]] || exit 1 -[[ "${action}" == "del" ]] && { - [[ "$(file "$file")" =~ "tar archive" ]] || [[ "$(file "$file")" =~ "gzip compressed data" ]] || exit 1 - rm "$file" || exit 1 - exit -} -[[ "$compressed" != "" ]] && pigz="-I pigz" -tar $pigz -tf "$file" data &>/dev/null -EOF - chmod 700 /home/www/ncp-backup-launcher.sh - sed -i 's|www-data ALL = NOPASSWD: .*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /home/www/ncp-backup-launcher.sh, /sbin/halt, /sbin/reboot|' /etc/sudoers - - # fix logrotate files - chmod 0444 /etc/logrotate.d/* - - # adjust preview sizes - [[ "$(ncc config:system:get preview_max_x)" == "" ]] && { - ncc config:app:set previewgenerator squareSizes --value="32 256" - ncc config:app:set previewgenerator widthSizes --value="256 384" - ncc config:app:set previewgenerator heightSizes --value="256" - ncc config:system:set preview_max_x --value 2048 - ncc config:system:set preview_max_y --value 2048 - ncc config:system:set jpeg_quality --value 60 - } - - # adjust local IPv6 - cat > /etc/apache2/sites-available/ncp.conf <<EOF -Listen 4443 -<VirtualHost _default_:4443> - DocumentRoot /var/www/ncp-web - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - # 2 days to avoid very big backups requests to timeout - TimeOut 172800 - - <IfModule mod_authnz_external.c> - DefineExternalAuth pwauth pipe /usr/sbin/pwauth - </IfModule> - -</VirtualHost> -<Directory /var/www/ncp-web/> - - AuthType Basic - AuthName "ncp-web login" - AuthBasicProvider external - AuthExternal pwauth - - SetEnvIf Request_URI "^" noauth - SetEnvIf Request_URI "^index\.php$" !noauth - SetEnvIf Request_URI "^/$" !noauth - SetEnvIf Request_URI "^/wizard/index.php$" !noauth - SetEnvIf Request_URI "^/wizard/$" !noauth - - <RequireAll> - - <RequireAny> - Require host localhost - Require local - Require ip 192.168 - Require ip 172 - Require ip 10 - Require ip fd00::/8 - Require ip fe80::/10 - </RequireAny> - - <RequireAny> - Require env noauth - Require user ncp - </RequireAny> - - </RequireAll> - -</Directory> -EOF - - # remove redundant opcache configuration. Leave until update bug is fixed -> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815968 - # Bug #416 reappeared after we moved to php7.2 and debian buster packages. (keep last) - [[ "$( ls -l /etc/php/7.2/fpm/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.2/fpm/conf.d/*-opcache.ini | tail -1 )" - [[ "$( ls -l /etc/php/7.2/cli/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.2/cli/conf.d/*-opcache.ini | tail -1 )" - -} # end - only live updates - exit 0 # License |