diff options
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/ncp/CONFIG/nc-nextcloud.sh | 31 | ||||
| -rw-r--r-- | bin/ncp/NETWORKING/letsencrypt.sh | 21 | ||||
| -rw-r--r-- | bin/ncp/SYSTEM/metrics.sh | 78 |
3 files changed, 97 insertions, 33 deletions
diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh index 7f354b31..fa522a57 100644 --- a/bin/ncp/CONFIG/nc-nextcloud.sh +++ b/bin/ncp/CONFIG/nc-nextcloud.sh @@ -175,30 +175,13 @@ EOF ## SET APACHE VHOST echo "Setting up Apache..." - cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF' -<IfModule mod_ssl.c> - <VirtualHost _default_:443> - DocumentRoot /var/www/nextcloud - CustomLog /var/log/apache2/nc-access.log combined - ErrorLog /var/log/apache2/nc-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - </VirtualHost> - <Directory /var/www/nextcloud/> - Options +FollowSymlinks - AllowOverride All - <IfModule mod_dav.c> - Dav off - </IfModule> - LimitRequestBody 0 - SSLRenegBufferSize 10486000 - </Directory> - <IfModule mod_headers.c> - Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" - </IfModule> -</IfModule> -EOF + bash /usr/local/etc/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { + echo "ERROR: An error occured while generating the nextcloud apache2 config. Attempting safe mode..." + bash /usr/local/etc/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf || { + echo "ERROR: Safe mode templating failed as well. Nextcloud will not work." + exit 1 + } + } a2ensite nextcloud cat > /etc/apache2/sites-available/000-default.conf <<'EOF' diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 415567b0..9b5df324 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -9,7 +9,7 @@ ncdir=/var/www/nextcloud -vhostcfg=/etc/apache2/sites-available/nextcloud.conf +nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf vhostcfg2=/etc/apache2/sites-available/ncp.conf letsencrypt=/usr/bin/letsencrypt @@ -18,6 +18,16 @@ is_active() [[ $( find /etc/letsencrypt/live/ -maxdepth 0 -empty | wc -l ) == 0 ]] } +tmpl_letsencrypt_domain() { + ( + . /usr/local/etc/library.sh + if is_active + then + find_app_param letsencrypt DOMAIN + fi + ) +} + install() { cd /etc || return 1 @@ -48,11 +58,6 @@ configure() [[ "$DOMAIN" == "" ]] && { echo "empty domain"; return 1; } - # Configure Apache - grep -q ServerName $vhostcfg && \ - sed -i "s|ServerName .*|ServerName $DOMAIN|" $vhostcfg || \ - sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg - # Do it local domain_string="" for domain in $DOMAIN $OTHER_DOMAIN; do @@ -94,9 +99,7 @@ EOF chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp # Configure Apache - sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg - sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg - + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > ${nc_vhostcfg} sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2 diff --git a/bin/ncp/SYSTEM/metrics.sh b/bin/ncp/SYSTEM/metrics.sh new file mode 100644 index 00000000..bd13de28 --- /dev/null +++ b/bin/ncp/SYSTEM/metrics.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +is_active() { + systemctl is-active -q prometheus-node-exporter || return 0 + return 1 +} + +tmpl_metrics_enabled() { + ( + . /usr/local/etc/library.sh + local param_active="$(find_app_param metrics.sh ACTIVE)" + [[ "$param_active" == yes ]] || exit 1 + ) +} + +install() { + + # Subshell to return on failure instead of exiting (due to set -e) + ( + + set -e + cat > /etc/default/prometheus-node-exporter <<'EOF' +ARGS="--collector.filesystem.ignored-mount-points=\"^/(dev|proc|run|sys|mnt|var/log|var/lib/docker)($|/)\"" +EOF + apt_install prometheus-node-exporter + + # TODO: Docker support? + systemctl disable prometheus-node-exporter + service prometheus-node-exporter stop + + ) +} + +configure() { + + if [[ "$ACTIVE" != yes ]] + then + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + + systemctl disable prometheus-node-exporter + service prometheus-node-exporter stop + else + [[ -n "$USER" ]] || { + echo "ERROR: User can not be empty!" >&2 + return 1 + } + + [[ -n "$PASSWORD" ]] || { + echo "ERROR: Password can not be empty!" >&2 + return 1 + } + + [[ ${#PASSWORD} -ge 10 ]] || { + echo "ERROR: Password must be at least 10 characters long!" >&2 + return 1 + } + + local htpasswd_file="/usr/local/etc/metrics.htpasswd" + rm -f "${htpasswd_file}" + echo "$PASSWORD" | htpasswd -ciB "${htpasswd_file}" metrics + + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { + echo "An unexpected error occurred while configuring apache. Rolling back..." >&2 + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + return 1 + } + + systemctl enable prometheus-node-exporter + service prometheus-node-exporter start + + echo "Metric endpoint enabled. You can test it at https://nextcloudpi.local/metrics/system (or under your NC domain under the same path)" + fi + echo "Apache Test:" + apache2ctl -t + bash -c "sleep 2 && service apache2 reload" &>/dev/null & + + +} |