blob: 68b12df1ff3bfec5bfa59ccc9a281d41e2c3cd65 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/bin/bash
# this script runs at startup to provide an unique random passwords for each instance
source /usr/local/etc/library.sh
## redis provisioning
CFG=/var/www/nextcloud/config/config.php
REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )"
### IF redis password is the default one, generate a new one
[[ "$REDISPASS" == "default" ]] && {
REDISPASS="$( openssl rand -base64 32 )"
echo Provisioning Redis password
sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf
chown redis:redis /etc/redis/redis.conf
is_docker || systemctl restart redis
}
### If there exists already a configuration adjust the password
[[ -f "$CFG" ]] && {
echo "Updating NextCloud config with Redis password"
sed -i "s|'password'.*|'password' => '$REDISPASS',|" "$CFG"
}
## mariaDB provisioning
DBADMIN=ncadmin
DBPASSWD=$( grep password /root/.my.cnf | sed 's|password=||' )
[[ "$DBPASSWD" == "default" ]] && {
DBPASSWD=$( openssl rand -base64 32 )
echo Provisioning MariaDB password
echo -e "[client]\npassword=$DBPASSWD" > /root/.my.cnf
chmod 600 /root/.my.cnf
mysql <<EOF
GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
DROP USER '$DBADMIN'@'localhost';
CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD';
GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost;
FLUSH PRIVILEGES;
EXIT
EOF
}
[[ -f "$CFG" ]] && {
echo "Updating NextCloud config with MariaDB password"
sed -i "s|'dbpassword' =>.*|'dbpassword' => '$DBPASSWD',|" "$CFG"
}
## nc.limits.sh (auto)adjustments: number of threads, memory limits...
source /usr/local/etc/library.sh
run_app nc-limits
## Check for interrupted upgrades and rollback
BKP="$( ls -1t /var/www/nextcloud-bkp_*.tar.gz 2>/dev/null | head -1 )"
[[ -f "$BKP" ]] && [[ "$( stat -c %U "$BKP" )" == "root" ]] && [[ "$( stat -c %a "$BKP" )" == 600 ]] && {
echo "Detected interrupted upgrade. Restoring..."
BKP_NEW="failed_$BKP"
mv "$BKP" "$BKP_NEW"
ncp-restore "$BKP_NEW" && rm "$BKP_NEW"
}
## Check for encrypted data and ask for password
if needs_decrypt; then
echo "Detected encrypted instance"
a2dissite ncp nextcloud
a2ensite ncp-activation
apache2ctl -k graceful
fi
exit 0
|