diff options
-rw-r--r-- | .gitignore | 22 | ||||
-rw-r--r-- | README.md | 20 | ||||
-rw-r--r-- | bin/ncp-provisioning.sh | 4 | ||||
-rw-r--r-- | bin/ncp/BACKUPS/nc-restore.sh | 2 | ||||
-rw-r--r-- | bin/ncp/CONFIG/nc-nextcloud.sh | 14 | ||||
-rw-r--r-- | bin/ncp/NETWORKING/letsencrypt.sh | 4 | ||||
-rw-r--r-- | bin/ncp/SYSTEM/nc-swapfile.sh | 3 | ||||
-rw-r--r-- | build/Vagrantfile (renamed from Vagrantfile) | 2 | ||||
-rw-r--r-- | build/armbian/armbian.sh (renamed from armbian.sh) | 17 | ||||
-rw-r--r-- | build/armbian/config-odroidc2.conf (renamed from config-odroidc2.conf) | 0 | ||||
-rw-r--r-- | build/armbian/config-odroidhc4.conf (renamed from config-odroidhc4.conf) | 0 | ||||
-rw-r--r-- | build/armbian/config-odroidxu4.conf (renamed from config-odroidxu4.conf) | 0 | ||||
-rw-r--r-- | build/armbian/config-orangepizeroplus2-h5.conf (renamed from config-orangepizeroplus2-h5.conf) | 0 | ||||
-rw-r--r-- | build/armbian/config-rock64.conf (renamed from config-rock64.conf) | 0 | ||||
-rwxr-xr-x | build/batch.sh (renamed from batch.sh) | 36 | ||||
-rwxr-xr-x | build/build-LXC.sh | 73 | ||||
-rwxr-xr-x | build/build-LXD.sh | 70 | ||||
-rwxr-xr-x | build/build-SD-armbian.sh (renamed from build-SD-armbian.sh) | 7 | ||||
-rwxr-xr-x | build/build-SD-berryboot.sh (renamed from build-SD-berryboot.sh) | 6 | ||||
-rwxr-xr-x | build/build-SD-rpi.sh (renamed from build-SD-rpi.sh) | 5 | ||||
-rwxr-xr-x | build/build-VM.sh (renamed from build-VM.sh) | 3 | ||||
-rwxr-xr-x | build/build-docker.sh (renamed from build-docker.sh) | 11 | ||||
-rw-r--r-- | build/buildlib.sh (renamed from buildlib.sh) | 3 | ||||
-rw-r--r-- | build/docker/debian-ncp/Dockerfile (renamed from docker/debian-ncp/Dockerfile) | 2 | ||||
-rwxr-xr-x | build/docker/debian-ncp/run-parts.sh (renamed from docker/debian-ncp/run-parts.sh) | 0 | ||||
-rw-r--r-- | build/docker/docker-compose-ncpdev.yml (renamed from docker-compose-ncpdev.yml) | 0 | ||||
-rw-r--r-- | build/docker/docker-compose.yml (renamed from docker-compose.yml) | 0 | ||||
-rwxr-xr-x | build/docker/lamp/010lamp (renamed from docker/lamp/010lamp) | 0 | ||||
-rw-r--r-- | build/docker/lamp/Dockerfile (renamed from docker/lamp/Dockerfile) | 2 | ||||
-rwxr-xr-x | build/docker/nextcloud/020nextcloud (renamed from docker/nextcloud/020nextcloud) | 0 | ||||
-rw-r--r-- | build/docker/nextcloud/Dockerfile (renamed from docker/nextcloud/Dockerfile) | 2 | ||||
-rwxr-xr-x | build/docker/nextcloudpi/000ncp (renamed from docker/nextcloudpi/000ncp) | 0 | ||||
-rw-r--r-- | build/docker/nextcloudpi/Dockerfile (renamed from docker/nextcloudpi/Dockerfile) | 4 | ||||
-rw-r--r-- | build/lxc_config | 31 | ||||
-rw-r--r-- | changelog.md | 4 | ||||
-rw-r--r-- | docker-compose-armhf.yml | 16 | ||||
-rw-r--r-- | docker-compose-nc-armhf.yml | 15 | ||||
-rw-r--r-- | docker-compose-nc.yml | 15 | ||||
-rw-r--r-- | etc/library.sh | 10 | ||||
-rw-r--r-- | etc/ncp-templates/nextcloud.conf.sh | 8 | ||||
-rw-r--r-- | install.sh | 15 | ||||
-rw-r--r-- | ncp.sh | 3 | ||||
-rwxr-xr-x | tag_and_push.sh | 2 | ||||
-rwxr-xr-x | tests/libvirt_forwarding.sh | 40 | ||||
-rwxr-xr-x | tests/lxd_forwarding.sh | 33 | ||||
-rwxr-xr-x | update.sh | 30 |
46 files changed, 391 insertions, 143 deletions
@@ -1,13 +1,13 @@ .*.swp -qemu-raspbian-network/ -archive/ -output/ -cache/ -torrent/ -armbian/ -raspbian_root -raspbian_boot -ncp-web/wizard.cfg -ncp-web/ncp-web.cfg -docker-armhf/qemu-arm-static +/qemu-raspbian-network/ +/archive/ +/output/ +/cache/ +/torrent/ +/armbian/ +/raspbian_root +/raspbian_boot +/ncp-web/wizard.cfg +/ncp-web/ncp-web.cfg +/docker-armhf/qemu-arm-static .vagrant/ @@ -88,6 +88,12 @@ sudo ncp-config docker run -d -p 4443:4443 -p 443:443 -p 80:80 -v ncdata:/data --name nextcloudpi ownyourbits/nextcloudpi $DOMAIN ``` +## Run in LXD + +``` +lxc import NextCloudPi_LXD_09-29-21.tar.bz +lxc start ncp +``` ## How to build @@ -96,7 +102,7 @@ Install git, docker, qemu-user-static, chroot and all the usual building tools. ``` git clone https://github.com/nextcloud/nextcloudpi.git cd nextcloudpi -./build-SD-rpi.sh +build/build-SD-rpi.sh ``` , or for an Armbian based board @@ -110,9 +116,15 @@ In order to generate the Docker images ``` git clone https://github.com/nextcloud/nextcloudpi.git cd nextcloudpi -./build-docker.sh x86 -./build-docker.sh armhf -./build-docker.sh arm64 +build/build-docker.sh x86 +build/build-docker.sh armhf +build/build-docker.sh arm64 +``` + +, for LXD + +``` +build/build-LXD.sh ``` NextCloudPi can be installed in any architecture running the latest Debian diff --git a/bin/ncp-provisioning.sh b/bin/ncp-provisioning.sh index 8e51556d..cda1c70c 100644 --- a/bin/ncp-provisioning.sh +++ b/bin/ncp-provisioning.sh @@ -2,6 +2,8 @@ # this script runs at startup to provide an unique random passwords for each instance +source /usr/local/etc/library.sh + ## redis provisioning CFG=/var/www/nextcloud/config/config.php @@ -14,7 +16,7 @@ REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )" echo Provisioning Redis password sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf chown redis:redis /etc/redis/redis.conf - [[ "$DOCKERBUILD" != 1 ]] && systemctl restart redis + is_docker || systemctl restart redis } ### If there exists already a configuration adjust the password diff --git a/bin/ncp/BACKUPS/nc-restore.sh b/bin/ncp/BACKUPS/nc-restore.sh index 0ada9950..26301346 100644 --- a/bin/ncp/BACKUPS/nc-restore.sh +++ b/bin/ncp/BACKUPS/nc-restore.sh @@ -158,7 +158,7 @@ sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $DATADIR/tmp|" /etc/php/${PHP ncc config:system:set logfile --value="$DATADIR/nextcloud.log" # update fail2ban logpath -[[ ! -f /.docker-image ]] && { +[[ -f /etc/fail2ban/jail.conf ]] && { sed -i "s|logpath =.*|logpath = $DATADIR/nextcloud.log|" /etc/fail2ban/jail.conf pgrep fail2ban &>/dev/null && service fail2ban restart } diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh index 4b9cf9de..17333bd6 100644 --- a/bin/ncp/CONFIG/nc-nextcloud.sh +++ b/bin/ncp/CONFIG/nc-nextcloud.sh @@ -19,11 +19,9 @@ install() # During build, this step is run before ncp.sh. Avoid executing twice [[ -f /usr/lib/systemd/system/nc-provisioning.service ]] && return 0 - source /usr/local/etc/library.sh # sets PHPVER RELEASE - # Optional packets for Nextcloud and Apps apt-get update - $APTINSTALL lbzip2 iputils-ping jq + $APTINSTALL lbzip2 iputils-ping jq wget $APTINSTALL -t $RELEASE php-smbclient exfat-fuse exfat-utils # for external storage $APTINSTALL -t $RELEASE php${PHPVER}-exif # for gallery $APTINSTALL -t $RELEASE php${PHPVER}-gmp # for bookmarks @@ -56,6 +54,16 @@ install() echo "maxmemory $REDIS_MEM" >> $REDIS_CONF echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf + if is_lxc; then + # Otherwise it fails to start in Buster LXC container + mkdir -p /etc/systemd/system/redis-server.service.d + cat > /etc/systemd/system/redis-server.service.d/lxc_fix.conf <<'EOF' +[Service] +ReadOnlyDirectories= +EOF + systemctl daemon-reload + fi + chown redis: "$REDIS_CONF" usermod -a -G redis www-data diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index f2e48ae2..70e10285 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -35,7 +35,7 @@ install() rm -f /etc/cron.d/certbot mkdir -p /etc/letsencrypt/live - [[ "$DOCKERBUILD" == 1 ]] && { + is_docker && { # execute before lamp stack cat > /etc/services-available.d/009letsencrypt <<EOF #!/bin/bash @@ -125,7 +125,7 @@ EOF rm -rf $ncdir/.well-known # Update configuration - [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt enable + is_docker && update-rc.d letsencrypt enable return 0 } diff --git a/bin/ncp/SYSTEM/nc-swapfile.sh b/bin/ncp/SYSTEM/nc-swapfile.sh index 48f8de7c..c4ce3d4f 100644 --- a/bin/ncp/SYSTEM/nc-swapfile.sh +++ b/bin/ncp/SYSTEM/nc-swapfile.sh @@ -47,8 +47,7 @@ configure() install() { - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends dphys-swapfile + apt_install dphys-swapfile } diff --git a/Vagrantfile b/build/Vagrantfile index 7cb94fac..c924cf9e 100644 --- a/Vagrantfile +++ b/build/Vagrantfile @@ -26,7 +26,7 @@ Vagrant.configure("2") do |config| BRANCH=master #BRANCH=devel # uncomment to install devel apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git ca-certificates # install git clone -b "$BRANCH" https://github.com/nextcloud/nextcloudpi.git /tmp/nextcloudpi diff --git a/armbian.sh b/build/armbian/armbian.sh index b594d28e..1401b022 100644 --- a/armbian.sh +++ b/build/armbian/armbian.sh @@ -32,25 +32,16 @@ touch /.ncp-image # install NCP echo -e "\nInstalling NextCloudPi" -mkdir -p /usr/local/etc/ncp-config.d/ -cp etc/ncp-config.d/nc-nextcloud.cfg /usr/local/etc/ncp-config.d/ -cp etc/library.sh /usr/local/etc/ -cp etc/ncp.cfg /usr/local/etc/ - hostname -F /etc/hostname # fix 'sudo resolve host' errors -install_app lamp.sh -install_app bin/ncp/CONFIG/nc-nextcloud.sh -run_app_unsafe bin/ncp/CONFIG/nc-nextcloud.sh -rm /usr/local/etc/ncp-config.d/nc-nextcloud.cfg # armbian overlay is ro -install_app ncp.sh -run_app_unsafe bin/ncp/CONFIG/nc-init.sh -run_app_unsafe post-inst.sh -cd - +CODE_DIR="$(pwd)" bash install.sh +run_app_unsafe post-inst.sh # disable SSH by default, it can be enabled through ncp-web systemctl disable ssh +cd - + # License # diff --git a/config-odroidc2.conf b/build/armbian/config-odroidc2.conf index e3b8e8b5..e3b8e8b5 100644 --- a/config-odroidc2.conf +++ b/build/armbian/config-odroidc2.conf diff --git a/config-odroidhc4.conf b/build/armbian/config-odroidhc4.conf index e3b8e8b5..e3b8e8b5 100644 --- a/config-odroidhc4.conf +++ b/build/armbian/config-odroidhc4.conf diff --git a/config-odroidxu4.conf b/build/armbian/config-odroidxu4.conf index e3b8e8b5..e3b8e8b5 100644 --- a/config-odroidxu4.conf +++ b/build/armbian/config-odroidxu4.conf diff --git a/config-orangepizeroplus2-h5.conf b/build/armbian/config-orangepizeroplus2-h5.conf index 6d5ecaf2..6d5ecaf2 100644 --- a/config-orangepizeroplus2-h5.conf +++ b/build/armbian/config-orangepizeroplus2-h5.conf diff --git a/config-rock64.conf b/build/armbian/config-rock64.conf index defe2be1..defe2be1 100644 --- a/config-rock64.conf +++ b/build/armbian/config-rock64.conf diff --git a/batch.sh b/build/batch.sh index 00749e09..059797d8 100755 --- a/batch.sh +++ b/build/batch.sh @@ -8,12 +8,9 @@ # set -e - -version=$(git describe --tags --always) -version=${version%-*-*} +source build/buildlib.sh # initializes $IMGNAME ## BUILDING -source buildlib.sh # initializes $IMGNAME [[ "$FTPPASS" == "" ]] && { echo -e "\e[1mNo FTPPASS variable found, FTP won't work.\nYou can ^C to cancel now\e[0m" @@ -29,27 +26,30 @@ sleep 5 rm -f ncp-web/wizard.cfg # Raspbian -./build-SD-rpi.sh +build/build-SD-rpi.sh IMG="$( ls -1t tmp/*.img | head -1 )" -./build-SD-berryboot.sh "$IMG" +build/build-SD-berryboot.sh "$IMG" # Armbian -./build-SD-armbian.sh odroidxu4 OdroidHC2 -./build-SD-armbian.sh rockpro64 RockPro64 -./build-SD-armbian.sh rock64 Rock64 -./build-SD-armbian.sh bananapi Bananapi -./build-SD-armbian.sh odroidhc4 OdroidHC4 -./build-SD-armbian.sh odroidc4 OdroidC4 -./build-SD-armbian.sh odroidc2 OdroidC2 -#./build-SD-armbian.sh orangepizeroplus2-h5 OrangePiZeroPlus2 +build/build-SD-armbian.sh odroidxu4 OdroidHC2 +build/build-SD-armbian.sh rockpro64 RockPro64 +build/build-SD-armbian.sh rock64 Rock64 +build/build-SD-armbian.sh bananapi Bananapi +build/build-SD-armbian.sh odroidhc4 OdroidHC4 +build/build-SD-armbian.sh odroidc4 OdroidC4 +build/build-SD-armbian.sh odroidc2 OdroidC2 +#build/build-SD-armbian.sh orangepizeroplus2-h5 OrangePiZeroPlus2 # VM -./build-VM.sh +build/build-VM.sh + +# LXD +build/build-LXD.sh # Docker -./build-docker.sh x86 -./build-docker.sh armhf -./build-docker.sh arm64 +build/build-docker.sh x86 +build/build-docker.sh armhf +build/build-docker.sh arm64 [[ "$FTPPASS" == "" ]] && exit diff --git a/build/build-LXC.sh b/build/build-LXC.sh new file mode 100755 index 00000000..e909ff11 --- /dev/null +++ b/build/build-LXC.sh @@ -0,0 +1,73 @@ +#!/bin/bash + +# Batch creation of NextCloudPi LXC image +# +# Copyleft 2021 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# + +set -e +source build/buildlib.sh + +#CLEAN=0 # Pass this envvar to skip cleaning download cache +IMG="NextCloudPi_LXC_$( date "+%m-%d-%y" ).img" +IMG=tmp/"$IMG" + +TAR=output/"$( basename "$IMG" .img ).tar.bz2" + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } + +############################################################################## + +## preparations + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } +set -e +prepare_dirs # tmp cache output + +## BUILD NCP + +echo -e "\e[1m\n[ Build NCP ]\e[0m" + +# TODO sudo +sudo lxc-destroy ncp -f +sudo lxc-create -n ncp -t download -B btrfs -- --dist debian --release buster --arch amd64 # TODO vars for distro and stuff +sudo cp lxc_config /var/lib/lxc/ncp/config +sudo lxc-start -n ncp +sudo lxc-attach -n ncp --clear-env -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' +sudo lxc-attach -n ncp --clear-env -- bash /build/install.sh +sudo lxc-attach -n ncp --clear-env -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh' +sudo lxc-attach -n ncp --clear-env -- poweroff + +exit 0 # TODO + +## pack +pack_image "$IMG" "$TAR" + +## test +#set_static_IP "$IMG" "$IP" +#test_image "$IMG" "$IP" # TODO fix tests + +# upload +create_torrent "$TAR" +upload_ftp "$( basename "$TAR" .tar.bz2 )" + + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA diff --git a/build/build-LXD.sh b/build/build-LXD.sh new file mode 100755 index 00000000..b1cb2cf5 --- /dev/null +++ b/build/build-LXD.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# Batch creation of NextCloudPi LXD image +# +# Copyleft 2021 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# + +set -e +source build/buildlib.sh + +#CLEAN=0 # Pass this envvar to skip cleaning download cache +IMG="NextCloudPi_LXD_$( date "+%m-%d-%y" ).img" +IMG=tmp/"$IMG" + +TAR=output/"$( basename "$IMG" .img ).tar.bz2" + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } + +############################################################################## + +## preparations + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } +set -e +prepare_dirs # tmp cache output + +## BUILD NCP + +echo -e "\e[1m\n[ Build NCP ]\e[0m" + +lxc delete -f ncp 2>/dev/null || true +systemd-run --user --scope -p "Delegate=yes" lxc launch images:debian/buster ncp +lxc config device add ncp buildcode disk source="$(pwd)" path=/build +lxc exec ncp -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' +lxc exec ncp -- bash -c 'CODE_DIR=/build bash /build/install.sh' +lxc exec ncp -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh' +lxc config device remove ncp buildcode +lxc publish ncp -f --alias ncp/"${version}" + +## pack +lxc export ncp "$TAR" + +## test +#set_static_IP "$IMG" "$IP" +#test_image "$IMG" "$IP" + +# upload +create_torrent "$TAR" +upload_ftp "$( basename "$TAR" .tar.bz2 )" + + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA diff --git a/build-SD-armbian.sh b/build/build-SD-armbian.sh index da1a1945..93069e53 100755 --- a/build-SD-armbian.sh +++ b/build/build-SD-armbian.sh @@ -17,10 +17,11 @@ IMG="NextCloudPi_${BNAME}_$( date "+%m-%d-%y" ).img" IMG=tmp/"$IMG" TAR=output/"$( basename "$IMG" .img ).tar.bz2" +set -e +source build/buildlib.sh + test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } -set -e -source buildlib.sh source etc/library.sh # sets RELEASE prepare_dirs # tmp cache output @@ -32,7 +33,7 @@ prepare_dirs # tmp cache output # add NCP modifications mkdir -p armbian/userpatches armbian/userpatches/overlay rm -f ncp-web/{wizard.cfg,ncp-web.cfg} -cp armbian.sh armbian/userpatches/customize-image.sh +cp build/armbian/armbian.sh armbian/userpatches/customize-image.sh rsync -Aax --delete --exclude-from .gitignore --exclude *.img --exclude *.bz2 . armbian/userpatches/overlay/ # GENERATE IMAGE diff --git a/build-SD-berryboot.sh b/build/build-SD-berryboot.sh index 4857902d..115ed994 100755 --- a/build-SD-berryboot.sh +++ b/build/build-SD-berryboot.sh @@ -8,13 +8,13 @@ # Usage: ./build-SD-berryboot.sh <img> # +set -e +source build/buildlib.sh + SRC="$1" IMG="NextCloudPi_RPi_Berryboot_$( date "+%m-%d-%y" ).img" TAR=output/"$( basename "$IMG" .img ).tar.bz2" -set -e -source buildlib.sh - test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } [[ -f "$SRC" ]] || { echo "$SRC not found"; exit 1; } diff --git a/build-SD-rpi.sh b/build/build-SD-rpi.sh index 91e22e0a..c2ecb50f 100755 --- a/build-SD-rpi.sh +++ b/build/build-SD-rpi.sh @@ -9,7 +9,7 @@ # set -e -source buildlib.sh +source build/buildlib.sh URL="https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2020-08-24/2020-08-20-raspios-buster-arm64-lite.zip" SIZE=3G # Raspbian image size @@ -50,6 +50,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ # mark the image as an image build touch /.ncp-image + # allow oldstable + apt-get update --allow-releaseinfo-change + # As of 10-2018 this upgrades raspi-kernel and messes up wifi and BTRFS #apt-get upgrade -y #apt-get dist-upgrade -y diff --git a/build-VM.sh b/build/build-VM.sh index a5c85980..72cfa186 100755 --- a/build-VM.sh +++ b/build/build-VM.sh @@ -9,7 +9,7 @@ # set -e -source buildlib.sh +source build/buildlib.sh IP=${1:-192.168.0.145} # For QEMU automated testing (optional) SIZE=3G # Raspbian image size @@ -34,6 +34,7 @@ prepare_dirs # tmp cache output echo -e "\e[1m\n[ Build NCP ]\e[0m" export DEB_RELEASE=$(jq -r .release < etc/ncp.cfg) +cd build/ vagrant destroy -f vagrant box update vagrant up --provider=libvirt --provision diff --git a/build-docker.sh b/build/build-docker.sh index cd72dc06..019026cf 100755 --- a/build-docker.sh +++ b/build/build-docker.sh @@ -6,8 +6,7 @@ set -e -version=$(git describe --tags --always) -version=${version%-*-*} +source build/buildlib.sh release=$(jq -r .release < etc/ncp.cfg) function docker_build() { DOCKER_BUILDKIT=1 docker build --progress=plain . "$@"; } @@ -19,10 +18,10 @@ function build_arch() local arch_qemu="${3}" local ncp_tag="${4:-$arch}" - docker_build -f docker/debian-ncp/Dockerfile -t ownyourbits/debian-ncp-${ncp_tag}:latest --pull --build-arg release=${release} --build-arg arch=${arch} --build-arg arch_qemu=${arch_qemu} - docker_build -f docker/lamp/Dockerfile -t ownyourbits/lamp-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} - docker_build -f docker/nextcloud/Dockerfile -t ownyourbits/nextcloud-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} - docker_build -f docker/nextcloudpi/Dockerfile -t ownyourbits/nextcloudpi-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} --build-arg ncp_ver=${version} + docker_build -f build/docker/debian-ncp/Dockerfile -t ownyourbits/debian-ncp-${ncp_tag}:latest --pull --build-arg release=${release} --build-arg arch=${arch} --build-arg arch_qemu=${arch_qemu} + docker_build -f build/docker/lamp/Dockerfile -t ownyourbits/lamp-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} + docker_build -f build/docker/nextcloud/Dockerfile -t ownyourbits/nextcloud-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} + docker_build -f build/docker/nextcloudpi/Dockerfile -t ownyourbits/nextcloudpi-${ncp_tag}:latest --build-arg release=${release} --build-arg arch=${ncp_tag} --build-arg ncp_ver=${version} docker tag ownyourbits/debian-ncp-${ncp_tag}:latest ownyourbits/debian-ncp-${ncp_tag}:"${version}" docker tag ownyourbits/lamp-${ncp_tag}:latest ownyourbits/lamp-${ncp_tag}:"${version}" diff --git a/buildlib.sh b/build/buildlib.sh index d3507916..d589111f 100644 --- a/buildlib.sh +++ b/build/buildlib.sh @@ -10,6 +10,9 @@ DBG=x +version=$(git describe --tags --always) +version=${version%-*-*} + # $IMG is the source image # $IP is the IP of the QEMU images # $IMGOUT will contain the name of the generated image diff --git a/docker/debian-ncp/Dockerfile b/build/docker/debian-ncp/Dockerfile index ff5717d0..c2196d94 100644 --- a/docker/debian-ncp/Dockerfile +++ b/build/docker/debian-ncp/Dockerfile @@ -19,4 +19,4 @@ COPY --from=qemu /usr/bin/qemu-${arch_qemu}-static /usr/bin/ RUN mkdir -p /etc/services-available.d /etc/services-enabled.d -COPY docker/debian-ncp/run-parts.sh / +COPY build/docker/debian-ncp/run-parts.sh / diff --git a/docker/debian-ncp/run-parts.sh b/build/docker/debian-ncp/run-parts.sh index 6ae2c4e0..6ae2c4e0 100755 --- a/docker/debian-ncp/run-parts.sh +++ b/build/docker/debian-ncp/run-parts.sh diff --git a/docker-compose-ncpdev.yml b/build/docker/docker-compose-ncpdev.yml index e4e5d7db..e4e5d7db 100644 --- a/docker-compose-ncpdev.yml +++ b/build/docker/docker-compose-ncpdev.yml diff --git a/docker-compose.yml b/build/docker/docker-compose.yml index fefdb3b1..fefdb3b1 100644 --- a/docker-compose.yml +++ b/build/docker/docker-compose.yml diff --git a/docker/lamp/010lamp b/build/docker/lamp/010lamp index ca55dd6e..ca55dd6e 100755 --- a/docker/lamp/010lamp +++ b/build/docker/lamp/010lamp diff --git a/docker/lamp/Dockerfile b/build/docker/lamp/Dockerfile index 41c3b213..61c5eb4b 100644 --- a/docker/lamp/Dockerfile +++ b/build/docker/lamp/Dockerfile @@ -44,7 +44,7 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \ rm /data-ro/database/ib_logfile*; \ rm /usr/local/etc/lamp.sh -COPY docker/lamp/010lamp /etc/services-enabled.d/ +COPY build/docker/lamp/010lamp /etc/services-enabled.d/ ENTRYPOINT ["/run-parts.sh"] diff --git a/docker/nextcloud/020nextcloud b/build/docker/nextcloud/020nextcloud index 4826e035..4826e035 100755 --- a/docker/nextcloud/020nextcloud +++ b/build/docker/nextcloud/020nextcloud diff --git a/docker/nextcloud/Dockerfile b/build/docker/nextcloud/Dockerfile index bc802187..a20465e2 100644 --- a/docker/nextcloud/Dockerfile +++ b/build/docker/nextcloud/Dockerfile @@ -50,5 +50,5 @@ apt-get purge -y wget ca-certificates; \ rm /nc-nextcloud.sh /usr/local/etc/ncp-config.d/nc-nextcloud.cfg; \ rm /.ncp-image; -COPY docker/nextcloud/020nextcloud /etc/services-enabled.d/ +COPY build/docker/nextcloud/020nextcloud /etc/services-enabled.d/ COPY bin/ncp-provisioning.sh /usr/local/bin/ diff --git a/docker/nextcloudpi/000ncp b/build/docker/nextcloudpi/000ncp index 820eb8cf..820eb8cf 100755 --- a/docker/nextcloudpi/000ncp +++ b/build/docker/nextcloudpi/000ncp diff --git a/docker/nextcloudpi/Dockerfile b/build/docker/nextcloudpi/Dockerfile index 7d7d6864..be63ba09 100644 --- a/docker/nextcloudpi/Dockerfile +++ b/build/docker/nextcloudpi/Dockerfile @@ -19,7 +19,7 @@ COPY ncp.sh update.sh post-inst.sh /tmp/ncp-build/ COPY ncp-web /tmp/ncp-build/ncp-web/ COPY ncp-app /tmp/ncp-build/ncp-app/ COPY ncp-previewgenerator /tmp/ncp-build/ncp-previewgenerator/ -COPY docker /tmp/ncp-build/docker/ +COPY build/docker /tmp/ncp-build/docker/ COPY etc/ncp-config.d/nc-init.cfg /usr/local/etc/ncp-config.d/nc-init-copy.cfg RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \ @@ -66,4 +66,4 @@ rm /var/cache/debconf/*-old; \ # set version echo "${ncp_ver}" > /usr/local/etc/ncp-version -COPY docker/nextcloudpi/000ncp /etc/services-enabled.d/ +COPY build/docker/nextcloudpi/000ncp /etc/services-enabled.d/ diff --git a/build/lxc_config b/build/lxc_config new file mode 100644 index 00000000..59640994 --- /dev/null +++ b/build/lxc_config @@ -0,0 +1,31 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-download +# Parameters passed to the template: --dist debian --release buster --arch amd64 +# Template script checksum (SHA-1): 1ad14dde73ae69ed485f71e26793af87573947d4 +# For additional config options, please look at lxc.container.conf(5) + +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) + + +# Distribution configuration +lxc.include = /usr/share/lxc/config/common.conf +lxc.arch = linux64 + +# Container specific configuration +lxc.rootfs.path = btrfs:/var/lib/lxc/ncp/rootfs +lxc.uts.name = ncp + +# Network configuration +#lxc.net.0.type = empty +lxc.net.0.type = veth +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up +lxc.net.0.hwaddr = 00:16:3e:2d:5d:80 + +# Mounts +lxc.mount.entry = /media/DATA/src/nextcloudpi build none bind,create=dir 0 0 + +# Moar privileges (TODO review) +#lxc.apparmor.profile = unconfined +#lxc.cgroup2.devices.allow = a diff --git a/changelog.md b/changelog.md index e85f0333..abc29447 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v1.39.18](https://github.com/nextcloud/nextcloudpi/commit/edaf4f1) (2021-09-30) nc-httpsonly: always use overwriteprotocol https in all cases +[v1.39.19](https://github.com/nextcloud/nextcloudpi/commit/b177bd1) (2021-09-30) ncp-web: fix upload from local file path + +[v1.39.18](https://github.com/nextcloud/nextcloudpi/commit/f1c90f5) (2021-09-30) nc-httpsonly: always use overwriteprotocol https in all cases [v1.39.17](https://github.com/nextcloud/nextcloudpi/commit/c037c11) (2021-09-29) add bash completion to ncc diff --git a/docker-compose-armhf.yml b/docker-compose-armhf.yml deleted file mode 100644 index 27e033cb..00000000 --- a/docker-compose-armhf.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' -services: - nextcloudpi: - image: ownyourbits/nextcloudpi-armhf - command: "${IP}" - ports: - - "80:80" - - "443:443" - - "4443:4443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/docker-compose-nc-armhf.yml b/docker-compose-nc-armhf.yml deleted file mode 100644 index 3ed6c7e1..00000000 --- a/docker-compose-nc-armhf.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' -services: - nextcloud: - image: ownyourbits/nextcloud-armhf - command: "${IP}" - ports: - - "80:80" - - "443:443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/docker-compose-nc.yml b/docker-compose-nc.yml deleted file mode 100644 index e45f7bed..00000000 --- a/docker-compose-nc.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' -services: - nextcloud: - image: ownyourbits/nextcloud-x86 - command: "${IP}" - ports: - - "80:80" - - "443:443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/etc/library.sh b/etc/library.sh index 2e147645..06405aa8 100644 --- a/etc/library.sh +++ b/etc/library.sh @@ -417,7 +417,15 @@ function clear_password_fields() function apt_install() { apt-get update --allow-releaseinfo-change - apt-get install -y --no-install-recommends -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@" + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@" +} + +function is_docker() { + [[ -f /.dockerenv ]] || [[ "$DOCKERBUILD" == 1 ]] +} + +function is_lxc() { + grep -q container=lxc /proc/1/environ &>/dev/null } function notify_admin() diff --git a/etc/ncp-templates/nextcloud.conf.sh b/etc/ncp-templates/nextcloud.conf.sh index 728217be..caf987f3 100644 --- a/etc/ncp-templates/nextcloud.conf.sh +++ b/etc/ncp-templates/nextcloud.conf.sh @@ -13,7 +13,7 @@ if [[ "$1" != "--defaults" ]]; then )" fi -if ! [[ -f /.docker-image ]] && [[ "$1" != "--defaults" ]]; then +if ! [[ -f /.ncp-image ]] && [[ "$1" != "--defaults" ]]; then METRICS_IS_ENABLED="$( source "${BINDIR}/SYSTEM/metrics.sh" tmpl_metrics_enabled && echo yes || echo no @@ -103,5 +103,7 @@ cat <<EOF </IfModule> EOF -echo "Apache self check:" >> /var/log/ncp.log -apache2ctl -t >> /var/log/ncp.log 2>&1 +if ! [[ -f /.ncp-image ]]; then + echo "Apache self check:" >> /var/log/ncp.log + apache2ctl -t >> /var/log/ncp.log 2>&1 +fi @@ -10,7 +10,7 @@ # more details at https://ownyourbits.com BRANCH="${BRANCH:-master}" -DBG=x +#DBG=x set -e$DBG @@ -27,13 +27,17 @@ export PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}" # check installed software type mysqld &>/dev/null && echo ">>> WARNING: existing mysqld configuration will be changed <<<" -# get install code -echo "Getting build code..." +# get dependencies apt-get update apt-get install --no-install-recommends -y git ca-certificates sudo lsb-release -git clone -b "${BRANCH}" https://github.com/nextcloud/nextcloudpi.git "${TMPDIR}"/nextcloudpi -cd "${TMPDIR}"/nextcloudpi +# get install code +if [[ "${CODE_DIR}" == "" ]]; then + echo "Getting build code..." + CODE_DIR="${TMPDIR}"/nextcloudpi + git clone -b "${BRANCH}" https://github.com/nextcloud/nextcloudpi.git "${CODE_DIR}" +fi +cd "${CODE_DIR}" # install NCP echo -e "\nInstalling NextCloudPi..." @@ -58,6 +62,7 @@ cp -r etc/ncp-templates /usr/local/etc/ install_app lamp.sh install_app bin/ncp/CONFIG/nc-nextcloud.sh run_app_unsafe bin/ncp/CONFIG/nc-nextcloud.sh +rm /usr/local/etc/ncp-config.d/nc-nextcloud.cfg # armbian overlay is ro systemctl restart mysqld # TODO this shouldn't be necessary, but somehow it's needed in Debian 9.6. Fixme install_app ncp.sh run_app_unsafe bin/ncp/CONFIG/nc-init.sh @@ -248,7 +248,8 @@ EOF echo nextcloudpi > /etc/hostname ## tag image - [[ -f /.docker-image ]] && local DOCKER_TAG="_docker" + is_docker && local DOCKER_TAG="_docker" + is_lxc && local DOCKER_TAG="_lxc" echo "NextCloudPi${DOCKER_TAG}_$( date "+%m-%d-%y" )" > /usr/local/etc/ncp-baseimage ## SSH hardening diff --git a/tag_and_push.sh b/tag_and_push.sh index a3c39d73..d6e3d835 100755 --- a/tag_and_push.sh +++ b/tag_and_push.sh @@ -18,7 +18,7 @@ set -e TAG="$@" -source buildlib.sh +source build/buildlib.sh git tag "$TAG" generate_changelog git add changelog.md diff --git a/tests/libvirt_forwarding.sh b/tests/libvirt_forwarding.sh new file mode 100755 index 00000000..0c3d715d --- /dev/null +++ b/tests/libvirt_forwarding.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# copy to /etc/libvirt/hooks/qemu and restart libvirtd + +function manage_ports() +{ + local GUEST_IP=$1 + local GUEST_PORT=$2 + local HOST_PORT=$3 + local OP=$4 + + if [ "${OP}" = "stopped" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -D FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi + if [ "${OP}" = "start" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -I FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi +} + +VM_NAME="${1}" +OP="${2}" +GUEST_IP=192.168.121.243 + +# IMPORTANT: Change the "VM NAME" string to match your actual VM Name. +# In order to create rules to other VMs, just duplicate the below block and configure +# it accordingly. +[ "${VM_NAME}" = "nextcloudpi_default" ] || exit 0 + +manage_ports "${GUEST_IP}" 80 80 "${OP}" +manage_ports "${GUEST_IP}" 443 443 "${OP}" +manage_ports "${GUEST_IP}" 4443 4443 "${OP}" + +# these are for SMB +manage_ports "${GUEST_IP}" 137 137 "${OP}" +manage_ports "${GUEST_IP}" 138 138 "${OP}" +manage_ports "${GUEST_IP}" 139 139 "${OP}" +manage_ports "${GUEST_IP}" 445 445 "${OP}" +manage_ports "${GUEST_IP}" 900 900 "${OP}" diff --git a/tests/lxd_forwarding.sh b/tests/lxd_forwarding.sh new file mode 100755 index 00000000..6642713e --- /dev/null +++ b/tests/lxd_forwarding.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +GUEST_IP="${1}" +OP="${2}" +IFACE=lxdbr0 + +function manage_ports() +{ + local GUEST_IP=$1 + local GUEST_PORT=$2 + local HOST_PORT=$3 + local OP=$4 + + if [ "${OP}" = "stopped" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -D FORWARD -o "${IFACE}" -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi + if [ "${OP}" = "start" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -I FORWARD -o "${IFACE}" -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi +} + +manage_ports "${GUEST_IP}" 80 80 "${OP}" +manage_ports "${GUEST_IP}" 443 443 "${OP}" +manage_ports "${GUEST_IP}" 4443 4443 "${OP}" + +# these are for SMB +manage_ports "${GUEST_IP}" 137 137 "${OP}" +manage_ports "${GUEST_IP}" 138 138 "${OP}" +manage_ports "${GUEST_IP}" 139 139 "${OP}" +manage_ports "${GUEST_IP}" 445 445 "${OP}" +manage_ports "${GUEST_IP}" 900 900 "${OP}" @@ -8,6 +8,8 @@ # More at https://ownyourbits.com/ # +source /usr/local/etc/library.sh + set -e CONFDIR=/usr/local/etc/ncp-config.d/ @@ -23,8 +25,6 @@ nc-ramlogs nc-swapfile nc-static-IP nc-wifi -nc-nextcloud -nc-init UFW nc-snapshot nc-snapshot-auto @@ -39,10 +39,18 @@ NFS metrics " +if is_docker &>/dev/null; then +# in docker, just remove the volume for this +EXCL_DOCKER+=" +nc-nextcloud +nc-init +" + # better use a designated container EXCL_DOCKER+=" samba " +fi # check running apt pgrep apt &>/dev/null && { echo "apt is currently running. Try again later"; exit 1; } @@ -53,12 +61,12 @@ source /usr/local/etc/library.sh mkdir -p "$CONFDIR" -# prevent installing some ncp-apps in the docker version -[[ -f /.docker-image ]] && { +# prevent installing some ncp-apps in the containerized versions +if is_docker || is_lxc; then for opt in $EXCL_DOCKER; do touch $CONFDIR/$opt.cfg done -} +fi # copy all files in bin and etc cp -r bin/* /usr/local/bin/ @@ -144,16 +152,18 @@ rm -rf /var/www/nextcloud/apps/nextcloudpi cp -r /var/www/ncp-app /var/www/nextcloud/apps/nextcloudpi chown -R www-data: /var/www/nextcloud/apps/nextcloudpi -[[ -f /.docker-image ]] && { - # remove unwanted ncp-apps for the docker version +# remove unwanted ncp-apps for containerized versions +if is_docker || is_lxc; then for opt in $EXCL_DOCKER; do rm $CONFDIR/$opt.cfg find /usr/local/bin/ncp -name "$opt.sh" -exec rm '{}' \; done +fi - # update services - cp docker/{lamp/010lamp,nextcloud/020nextcloud,nextcloudpi/000ncp} /etc/services-enabled.d -} +# update services for docker +if is_docker; then + cp build/docker/{lamp/010lamp,nextcloud/020nextcloud,nextcloudpi/000ncp} /etc/services-enabled.d +fi # only live updates from here [[ -f /.ncp-image ]] && exit 0 |