diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 959f38763d..0000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,478 +0,0 @@ -### Download can be found here: https://www.hanssonit.se/nextcloud-vm/ - -**Please note that BOTH disks need to be imported for the VM to function properly.** - -- Check the latest commits here: https://github.com/nextcloud/vm/commits/main -- Documentation can be found here: https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration - -PR's are more than welcome. Happy Nextclouding! - -### Different versions -If you run Hyper-V or want 500 GB, 1 TB or 2 TB VM you can download it from [T&M Hansson IT's shop](https://shop.hanssonit.se/product-category/virtual-machine/nextcloud/). - -## All future releases - -### Full changelog: -- [VM](https://github.com/nextcloud/vm/releases/) -- [Nextcloud](https://nextcloud.com/changelog/) - - -## 26.0.0 - -### Full changelog: -- [VM](https://github.com/nextcloud/vm/releases/tag/26.0.0) -- [Nextcloud](https://nextcloud.com/changelog/#latest26) - -## 25.0.2 - -### Small changelog: -- Drop all tables from FTS when reinstalling to avoid leftovers -- Make Talk security optional. Should work out of the box on all scenarios now. -- Previewgenerator and Webmin are no longer default apps during installation -- Support really old versions when migrating/upgrading Nextcloud -- Improve some scripts and other stuff in the `not-supported` folder -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- [https://github.com/nextcloud/vm/compare/24.0.5..25.0.2](https://github.com/nextcloud/vm/compare/24.0.5..25.0.2) -- [https://nextcloud.com/changelog/#latest25](https://nextcloud.com/changelog/#latest25) - -## 24.0.5 - -### Small changelog: -- Update Fail2ban with a better regex -- Fix FTS, and make sure it's gone when removed (even DB) -- Make Talk installable again by fixing source-repos and some tweaks to the script -- Fix dependencies for Bitwarden -- Improve the port checking function (for checking open ports) -- Allow `NCDATA` to be other than default when checking for Nextcloud version (`lowest_compatible_version()`) -- Upgrade Realtek firmware drivers for the Home/SME Nextcloud server -- Add Googles DNS as an option (user request) -- Always recover old Nextcloud apps, even if app store is broken -- Remove some legacy code -- Improve backup scripts and other stuff in the `not-supported` folder -- Ubuntu 22.04 reached its first maintenance release, consider it 100% stable. -- And more... - -### Full changelog: -- [https://github.com/nextcloud/vm/compare/24.0.1..24.0.5](https://github.com/nextcloud/vm/compare/24.0.1..24.0.5) -- [https://nextcloud.com/changelog/#latest24](https://nextcloud.com/changelog/#latest24) - - -## 24.0.1 - -This release is quite huge, including Ubuntu 22.04 (minimal), PHP-FPM 8.1, and PosgreSQL 14. - -### Small changelog: -- Prefer use of local lib file -- Add `addons/fix_invalid_modification_time.sh` -- Use minimal OS, instead of full blown. Install only needed dependecies. -- Deprecate Ubuntu 18.04 -- Upgrade to Ubuntu 22.04 -- Upgrade to PHP 8.1 -- Upgrade to PostgreSQL 14 -- Upgrade Documentserver scripts to work with the new Docker images -- Deprectae `apt-key` and introduce a new and better way for adding keys -- Make the menu update option default. It first upgrades minor, then asks for major if applicable -- Only clean disk if it's 70% full and/or less than 100 GB left -- Remove legacy code -- Make it possible to add your own DNS servers during installation (not setup) -- Do not ask for password change if it differs from default, since that means you probably already set your own password -- Make it possible to add your own GUI user during installation -- Change DH-param instead of DSA-param -- Make Talk a bit safer -- Minor bugfixes and improvements -- Updated geoblock database -- Fixed a few backup related details -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/23.0.2..24.0.1 -- https://nextcloud.com/changelog/#latest24 - -## 24.0.0.1 - -### This is a pre-release. Available as a VM, but only the free 40 GB version. - -### Full changelog: -- https://github.com/nextcloud/vm/compare/24.0.0..24.0.0.1 -- https://nextcloud.com/changelog/#latest24 - - -## 24.0.0 - -### This is a pre-release. Only available in master. - -### Full changelog: -- https://github.com/nextcloud/vm/compare/23.0.2..24.0.0 -- https://nextcloud.com/changelog/#latest24 - -## 23.0.2 - -### Small changelog: -- Change to another Full Text Search implementation -- Improve deSEC functions -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/23.0.1..23.0.2 -- https://nextcloud.com/changelog/#latest23 - -## 23.0.1 - -### Small changelog: -- Fixed all the bugs with the old release (23.0.0) -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/23.0.0..23.0.1 -- https://nextcloud.com/changelog/#latest23 - -## 23.0.0 - -### Small changelog: -- Change from lool to cool for Collabora -- Make it possible to ugrade NIC-firmware from all old releases ([Home/SME server](https://shop.hanssonit.se/product-category/nextcloud/home-sme-server/)) -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/22.2.2..23.0.0 -- https://nextcloud.com/changelog/#latest23 - -## 22.2.2 - -### Small changelog: -- Change to AllowOverride None for Apache and include .htaccess instead (speeds up I/O) -- Change IPv4 check (WANIP4) -- Set productname -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/22.2.0..22.2.2 -- https://nextcloud.com/changelog/#latest22 - -## 22.2.0 - -### Small changelog: -- Upgrade Home/SME server NIC firmware -- Add NVMe to format disk -- Change keyserver -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/22.1.1..22.2.0 -- https://nextcloud.com/changelog/#latest22 - - -## 22.1.1 - -### Small changelog: -- Remove Group Folders in the standard installation -- Improved deSEC and added support for existing accounts -- Improved SPAMHAUS rules and script -- Show the hostname when notifying - better if you run multiple servers -- Only update update script if it's older than 120 days -- Changed to EDCSA for certbot (TLS) -- Add script for removal or deSEC + subdomain -- Make deSEC a menu instead -- Crucial fixes for the new PN51 network drivers -- Update script - only update the updatenotification script if a new Nextcloud update is available -- Updated and renamed Bitwarden RS to Vaultwarden -- Updated geoblock database - August 2021 -- Update script - don't execute the update before all cronjobs are finished -- Always create a backup before updating -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/22.0.0..22.1.1 -- https://nextcloud.com/changelog/#latest22 - -## 22.0.0 - -### Small changelog: -- Add SMTP2GO to SMTP-Relay -- Remove APCu and replace with Redis instead -- Made it possible to add subdomains to deSEC -- Improved spinner_loading -- Added dates to automatic updates log -- Added regular ZFS snapshot prune -- Added retention for Nextclouds user activities -- Previewgenerator - allow to clear all previews -- Update script - update Nextclouds mimetype list -- Moved mimteype update to nextcloud_configuration menu -- Reworked office scripts -- Update script - change crontab on all installations to 5 minutes -- Fixed a bug with Netdata -- Geoblock - updated link to csv file -- Refactored the bitwarden_mailconfig script -- Added more functionality to curl_to_dir -- Docker documentserver - don't restart docker daemon upon installation -- Restart notify push in some situations -- Make sure sudo and software-properties-common is installed -- Fixed password generation in edge cases -- Reworked the cookielifetime script -- Updated geoblock database - June 2021 -- Added option to check for 0-byte files -- Changed from apt to apt-get -- Simplified ClamAV notifications and small fix to fail2ban notification -- Harden-SSH script - allow to set up 2FA authentication -- SMB-server - added option to automatically empty recylce bins -- SMB-server - added option to empty all recycle bins -- SMB-server - Create the files directory for new users directly during the user creation -- Reworked system-restore -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/21.0.2..22.0.0 -- https://nextcloud.com/changelog/#latest22 - -## 21.0.2 - -### Small changelog: -- Make it possible to choose port for public access in the deSEC setup (only when you choose TLS) -- Fix bugs with the deSEC script -- Avoid ending up in a loop in the deSEC script -- It's now possible to check for NONO ports with a function -- Loop port selection in the Talk script -- Move backups location to /mnt/NCBACKUPS and delete backups from last year -- Tune chunking in GUI uploads -- Clean up some more scripts in the end of each setup -- Add the Azure kernel for Hyper-V VMs -- Shorten the time files are stored in trashbin (can still be configured) -- Escape all Apache Log dirs correctly -- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) -- Minor bugfixes and improvements -- And more... - -### Full changelog: -- https://github.com/nextcloud/vm/compare/21.0.1..21.0.2 -- https://nextcloud.com/changelog/#latest21 - -## 21.0.1 - -### Small changelog: -- Add TLS with DNS and deSEC. It's now possible to get DNS from a local machine without any open ports! -- ClamAV - give the daemon more time to start -- SMB-server - completely rework how directories get mounted to Nextcloud -- SMTP-mail - add providers -- Create a script for the Pico CMS Nextcloud app -- Add a Firewall script to the not-supported folder -- Add SSH hardening -- Add deSEC magic -- S.M.A.R.T. Monitoring - test drives directly -- Add a script for the Facerecognition Nextcloud app -- ClamAV - improve weekly full-scan tremendously -- Update geoblock database - april -- Speed up the network check if the network already works -- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/21.0.0..21.0.1 -- https://nextcloud.com/changelog/#latest21 - -## 21.0.0 - -### Small changelog: -- Added Push Notifications for Nextcloud (`High Performance Backend for Nextcloud files`) -- Added Whiteboard for Nextcloud (`New in Nextcloud 21`) -- Moved Extract for Nextcloud to its own script -- Add phone region (new in 21) -- Made sure that all docker containers only listen on localhost -- Improve Strict Transport Security in TLS -- DDclient - added No-IP -- Updated geoblock database files -- Avoid double crontabs when reexecuting some scripts -- Don't enable disabled apps after update -- Geoblock - allow some IP-addresses by default -- Fix watchtower updates -- Geoblock - add Let's Encrypt advice -- Fix upgrade.disable-web -- Don't break update when enabling app -- Fix not enabled PECL extensions -- Prevent apps from breaking the update due to incompatibility -- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.7..21.0.0 -- https://nextcloud.com/changelog/#latest21 - -## 20.0.7 - -### Small changelog: -- Ask to get the latest `update.sh` script when running updates from `menu.sh` -- Allow to reinstall Bitwarden RS also if local files are present -- Updated geoblock database files -- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.5..20.0.7 -- https://nextcloud.com/changelog/#latest20 - -## 20.0.5 - -### Small changelog: -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.4..20.0.5 -- https://nextcloud.com/changelog/#latest20 - - -## 20.0.4 - -### Major changes: -- We upgraded the compatibility for VMware. More info [here](https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration). Changes are based on [this](https://github.com/nextcloud/vm/issues/1358) issue. - -### Small changelog: -- Happy new year! -- Add ban notifications to Fail2ban -- Remove unattended upgrades to improve stability (we have our own auto updater) -- Fixes to the SMB Mount script -- Fixes to DDclient -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.3..20.0.4 -- https://nextcloud.com/changelog/#latest20 - - -## 20.0.3 - -### Small changelog: -- Allow to choose between latest version or not -- Always run the permissions script -- Don't allow MariaDB specifically -- Fix PHP error message from Redis -- Fix grammar and spelling -- Update geoblock files -- Minor bugfixes and improvements - - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.2..20.0.3 -- https://nextcloud.com/changelog/#latest20 - -## 20.0.2 - -### Small changelog: -- Fixed bugs with the `--provisioning` flag -- Updated geoblock.sh to get rid of jq -- Added a script-explainer to nextcloud_install_production.sh -- ClamAV - added a mechanism to inform about found files -- Fixed a bug in midnight-commander.sh -- Created smart-monitoring.sh to allow continuously smart checking -- Switched from Travis to Github Actions -- Added Reviewdog -- Improved previewgenerator -- Made some SC rules global -- Fixed some problems with wrong ownership of /mnt/ncdata -- Fixed link in startup-script -- Fixed ClamAV-Fullscan -- Added apt over https -- Further improved ClamAV -- Allow to reinstall automatic updates -- Improved partition check during the install-script -- Fixed some typo's -- Added more options to the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) and made some enhancements -- Minor bugfixes and improvements - - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.1..20.0.2 -- https://nextcloud.com/changelog/#latest20 - -## 20.0.1 - -### Small changelog: -- Made the setup of SMTP-mail more reliable -- Added a switch to the install-script to enable automatic provisioning of new releases -- Changed occ_command to nextcloud_occ to simplify copy and paste between scripts and CLI -- Improved the logging for SMTP-mail -- Added deSEC to DDclient-configuration -- Implemented an option to create LVM snapshots during the update script for certain instances -- Don't clear the CLI history anymore to simplify debugging -- Created geblock.sh in order to allow access from configured countries and/or continents -- Made it more clear that a Nextcloud update started -- Added DuckDNS to DDclient-configuration -- Fixed an incorrect OnlyOffice-URL -- Improved the guidance how to control whiptails -- Added some popups that explain the Additional Apps Menu and Server Configuration Menu during the startup script -- Switched to TLS1.3 for new website-configurations on Ubuntu 20.04 -- Added a mechanism to update geoblock database file and added the geoblockdat folder to the repository -- SMTP-mail: allow to cancel the removal of configurations and packets if the testmail fails in order to simplify debugging -- Made BPYTOP its own script -- Standardized the usage of the word CLI -- Made Midnight Commander its own script -- Updated all app scripts with a new function for reinstalling -- Renamed the talk-signaling script to talk and deleted the old talk script -- Use start_if_stopped everywhere it fits -- Updatenotification: added an advice for Major Nextcloud updates -- Improved previewgenerator -- Fixed problems with static-ip -- Added Docker migrate script -- Fixed and issue with ClamAV -- Added more options to the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) and made some enhancements -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/20.0.0..20.0.1 -- https://nextcloud.com/changelog/#latest20 - -## 20.0.0 - -### Small changelog: -- Add SMTP email relay to be able to send emails directly from the OS (Ubuntu) -- Make it possible to open ports with UPNP -- Update notify_admin_gui to cache all found admin users (tested with 500 users, and it's MUCH faster now) -- Disable hibernation (Ubuntu) -- Set archive.ubuntu.com as default Repo (Ubuntu) -- Standardize whiptails even more -- Improve fetch_lib -- Use fetch_lib in all scripts to prefer local library instead of hammering Github with requests in every script -- Update all Docker containers one by one when the update script is run due to compatibility issues with Bitwarden Password manager -- Improve the way passwords are set during the initial setup -- SMBmount: Introduce the option to customize the mount before adding as external storage to Nextcloud -- SMBmount: Add the option to utilize inotify to actively watch over externally changed files and folders -- Repository: cleanup by removing duplicate scripts and not-needed functions -- Repository: added the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) with additional options like creating a SMB-server - -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/19.0.3..20.0.0 -- https://nextcloud.com/changelog/#latest20 - -## 19.0.3 - -### Small changelog: -- Standardize input_box flow -- Automatically rewrite Webmin to HTTPS -- Add default dark mode theme to Adminer -- Make Adminer work on HTTP/2 -- Introduce fetch_lib and chain libaries - this is now the new way of fetching the libs -- Add more menu scripts -- Add more Yes/No boxes and fix occurrences where the text wasn't shown due to print_text_in_color -- Standardize Whiptails even more -- Change to TLS1.2 all over -- Make functions out of all special variables -- Create a new (smart) startup script with basic server settings -- Automatically get the main domain for all scripts with built in proxies -- Minor bugfixes and improvements - -### Full changelog: -- https://github.com/nextcloud/vm/compare/19.0.2..19.0.3 -- https://nextcloud.com/changelog/#latest19 - -### Known errors: -- N/A diff --git a/README.md b/README.md index dd760920ab..2c1e7cb23b 100644 --- a/README.md +++ b/README.md @@ -1,122 +1,5 @@ Nextcloud VM Appliance ============ -Server installation. Simplified. :cloud: --------------------------------- - -#### Interactive Guidance -> **The Nextcloud VM** — _(aka **N**ext**c**loud **V**irtual **M**achine_ or _**NcVM**)_ — helps you create a personal or corporate [Nextcloud Server] _faster_ and _easier._ Fundamentally, NcVM is a carefully crafted _family_ of [\*nix] scripts which interactively guide you through a quality-controlled installation to obtain an [A+ security-rated] Nextcloud instance. - -#### Curated Extras -> The Nextcloud [app store] extends core features by allowing you to enable a multitude of free one-click apps. However, _integration apps_ there like [Collabora Online] and [ONLYOFFICE] are solely _bridges_ to Nextcloud. You’re still required to install those services _separately_, which can be complex. NcVM provides optional _**full installation of select curated apps**_, including those and others. Monitor and manage your cloud using any web browser with NcVM’s hand-picked collection of power utilities featuring stunning, modern UIs. - -#### All Systems Go -> NcVM can check for and install _stable_ updates to keep things current, smooth, and secure. - - --------------------- - -## Dependencies: -(Ubuntu Server 24.04 LTS *minimal* 64-bit) -
-(Linux Kernel: 6.8) -- Apache 2.4 -- PostgreSQL 16 -- PHP-FPM 8.3 -- Redis Memcache (latest stable version from PECL) -- PHP-igbinary (latest stable version from PECL -- PHP-smbclient (latest stable version from PECL) -- Nextcloud Server Latest - -## Support the development -* [Create a PR](https://help.github.com/articles/creating-a-pull-request/) and improve the code -* Report [your issue](https://github.com/nextcloud/vm/issues/new) -* Help us with [existing issues](https://github.com/nextcloud/vm/issues) -* Test what's not yet released into the stable VM. Please have a look at [this subfolder](https://github.com/nextcloud/vm/tree/main/not-supported) for further information. -* Write scripts so that the release process becomes automated with [Vagrant](https://www.vagrantup.com/docs/getting-started/), [Terraform](https://www.terraform.io/) or similar -* **[Donate](https://shop.hanssonit.se/product-category/donate/) or buy our [pre-configured VMs](https://shop.hanssonit.se/product-category/virtual-machine/): 500 GB, 1 TB, 2TB for both VMware, Hyper-V and [more](https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration?currentPageId=bls17dahv0jgrltpif20)** - -**FYI** - -Developed by [Daniel Hansson](https://github.com/enoch85) and the Nextcloud community. Nextcloud GmbH does not offer support for the VM in the [maain branch](https://github.com/nextcloud/vm/tree/main) (full-version), as we only support manual tarball/zip-package installations. You can download the official Nextcloud VM appliance ([also from this repo](https://github.com/nextcloud/vm/tree/official-basic-vm)) from [our website](https://download.nextcloud.com/vm/Official-Nextcloud-VM.zip) to get a stripped down version for testing if you rather want to skip all the manual steps in our documentation. - -If you want support regarding the full-version VM in main, please contact our partner [Hansson IT](https://www.hanssonit.se/nextcloud-vm). - -## Full documentation -* [VM](https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W6fMquPiqQz3_Moi/nextcloud-vm) (the easiest option) -* [Install with scripts](https://docs.hanssonit.se/s/bj0vl1ihv0jgrmfm08j0/build-your-own/d/bj0vl4ahv0jgrmfm0950/nextcloud-vm) (if you feel brave) -* [FAQ](https://docs.hanssonit.se/s/bj101nihv0jgrmfm09f0/faq/d/bj101pihv0jgrmfm0a10/nextcloud-vm?currentPageId=bj101sqhv0jgrmfm0a1g) (Frequently Asked Questions) -* [Machine configuration](https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/machine-setup-nextcloud-vm) (of the released version) - -## I want to test a Release Candidate (RC), or Beta! -No problem, brave explorer! We made it simple. - -In some cases we do pre-releases of the VM as well. Those can be found in the [TESTING](https://download.kafit.se/s/dnkWptz8AK4JZDM?path=%2FTESTING) folder on the download server. - -If you want to try the latest version yourself, there are two variables that you could use: - -1. For latest **beta** or **RC** version: `sudo bash /var/scripts/update.sh beta` - -2. For specific **RC** version: `sudo bash /var/scripts/update.sh 23.0.1rc2` - -Please keep in mind that this is only intended for testing and might crash your Nextcloud. Please keep backups! - - -## Vagrant example (Beta) - -The `nextcloud_install_production.sh` script can be run as part of Vagrant provisioning. - -See [this subrepo](https://github.com/nextcloud/vm/tree/main/vagrant) for more information. - -Please report any issues you can find. Improvements are welcome! - -## First look -#### Nextcloud -![alt tag](https://github.com/nextcloud/nextcloud.com/blob/main/assets/img/features/VMwelcome.png) -#### Adminer (Database Administration) *not default* -![alt tag](https://i.imgur.com/tiF4chg.png) -#### Webmin (Server Administration GUI) *not default* -![alt tag](https://i.imgur.com/hLkmA1D.png) -#### TLS rating -![alt tag](https://i.imgur.com/nBEvczb.png) - -## The usual tags -**Downloads from Github (not the main downloads location):** -
-![Downloads](https://img.shields.io/github/downloads/nextcloud/vm/total.svg) -
-**Downloads from main server:** -
-~100 per day since 2016 -
-**Build Status:** -
-[![Check-code-with-shellcheck Actions status](https://github.com/nextcloud/vm/workflows/check-code-with-shellcheck/badge.svg)](https://github.com/nextcloud/vm/actions) -
-[![Reviewdog Actions status](https://github.com/nextcloud/vm/workflows/reviewdog/badge.svg)](https://github.com/nextcloud/vm/actions) -
-**Stability Status:** -
-![Stability Status](https://img.shields.io/badge/stability-stable-brightgreen.svg) - -## Current [maintainers](https://github.com/nextcloud/vm/graphs/contributors) -(Most of the commit history is gone, since Github decided to remove it when an account email address is removed.) -* [Daniel Hanson](https://github.com/enoch85) @ [T&M Hansson IT AB](https://www.hanssonit.se) -* [szaimen](https://github.com/szaimen) -* You? :) - -## Special thanks to -* Ezra Holm @ [Tech and Me](https://www.techandme.se) -* [Luis Guzman](https://github.com/Ark74) @ [SwITNet](https://switnet.net) -* [Stefan Heitmüller](https://github.com/morph027) @ [morph027's Blog](https://morph027.gitlab.io/) -* [Lorenzo Faleschini](https://github.com/penzoiders) -* [Georg Großmann](https://github.com/ggeorgg) -* [liao20081228](https://github.com/liao20081228) -* [aaaskew](https://github.com/aaaskew) - -[Nextcloud Server]: http://shortio.hanssonit.se/r1Rx0GqXa9 -[app store]: http://shortio.hanssonit.se/Rz1GEXt9dL -[\*nix]: http://shortio.hanssonit.se/52hOTQbhdh -[A+ security-rated]: http://shortio.hanssonit.se/aMTjg0SJi3 -[Collabora Online]: http://shortio.hanssonit.se/IKjBoOfQOT -[ONLYOFFICE]: http://shortio.hanssonit.se/oRLShCfRK3 +THIS REPO IS ONLY HERE FOR BACKWARDS COMPATIBILITY, USE THE `MAIN` BRANCH INSTEAD. +============ diff --git a/migrate/docker/changes.md b/migrate/docker/changes.md deleted file mode 100644 index 95846644fd..0000000000 --- a/migrate/docker/changes.md +++ /dev/null @@ -1,53 +0,0 @@ -//create folders -mkdir nc && cd nc -mkdir db -mkdir config - - -//if you are running postgresql < v13, upgrade the cluster to v13 - -sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' - -wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - - -sudo apt-get update - -sudo apt-get -y install postgresql-13 - -sudo pg_dropcluster 13 main --stop - -sudo pg_upgradecluster -m upgrade 12 main - -//copy db files - -cp -r /var/lib/postgresql/13/main db -cp /etc/postgresql/13/main/pg_hba.conf db -cp /etc/postgresql/13/main/pg_ident.conf db -cp /etc/postgresql/13/main/postgresql.conf db - -//patch postgres config file -patch db/postgresql.conf postgres.patch - -//add authorization to pg-hba.conf file -echo "host all all all md5" >> db/pg_hba.conf - -//copy nc config -cp -R /var/www/nextcloud/config/* config - -/*copy configuration data in thes files: - nextcloud_admin_password.txt # put admin password to this file - nextcloud_admin_user.txt # put admin username to this file - postgres_db.txt # put postgresql db name to this file - postgres_password.txt # put postgresql password to this file - postgres_user.txt # put postgresql username to this file -*/ - -//patch nc config -patch config/config.php config.patch - -//change config directory ownership if not already the case (tofind out the needed id: docker exec -it nc id www-data) -chown -R www-data:www-data * - -docker-compose up -d - -// /usr/bin/sed -i "/);/i 'installed' => true" /var/www/html/config/config.php \ No newline at end of file diff --git a/migrate/docker/docker-compose.yml b/migrate/docker/docker-compose.yml deleted file mode 100644 index e21f8882ed..0000000000 --- a/migrate/docker/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '3.2' - -volumes: - nextcloud: - db: - -services: - db: - image: postgres - container_name: db - restart: always - volumes: - - ./db:/var/lib/postgresql/data - environment: - - POSTGRES_DB_FILE=/run/secrets/postgres_db - - POSTGRES_USER_FILE=/run/secrets/postgres_user - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - secrets: - - postgres_db - - postgres_password - - postgres_user - app: - image: nextcloud - container_name: nc - restart: always - ports: - - ${NC_PORT}:80 - volumes: - - ./config:/var/www/html/config:rw - - ${NC_DATADIR}:/var/www/html/data - environment: - - POSTGRES_HOST=db - - POSTGRES_DB_FILE=${POSTGRES_DB} - - POSTGRES_USER_FILE=${POSTGRES_USER} - - POSTGRES_PASSWORD_FILE=${POSTGRES_PASSWORD} - - NEXTCLOUD_ADMIN_PASSWORD_FILE=${NEXTCLOUD_ADMIN_PASSWORD} - - NEXTCLOUD_ADMIN_USER_FILE=${NEXTCLOUD_ADMIN_USER} - depends_on: - - db \ No newline at end of file diff --git a/migrate/docker/migrate.sh b/migrate/docker/migrate.sh deleted file mode 100644 index 2a2e66bda5..0000000000 --- a/migrate/docker/migrate.sh +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/bash - -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root" - exit 1 -fi - -if [ $# -eq 0 ] - then - echo "No arguments supplied" - exit 0 - elif [ $# -lt 4 ]; then - echo "Wrong number of arguments supplied" - exit 0 -fi - -echo "Using folder $1, and Nextcloud User $2" - -DIR="$1" -NC_USER=$2 -NC_PWD=$3 -NC_PORT=$4 - -POSTGRESPATH="/etc/postgresql" -PSQLVERSION_DOCKER=13 -CFG_VARS=("dbname" "dbpassword" "dbuser") -CFG_NAMES=("POSTGRES_DB" "POSTGRES_PASSWORD" "POSTGRES_USER") -CFG_NAMES_EXT=("NEXTCLOUD_ADMIN_USER" "NEXTCLOUD_ADMIN_PASSWORD") - -NC_CFG_PATH="config/config.php" -PG_CFG_PATH="db/postgresql.conf" -PG_COMMENT_OUT=("data_directory" "hba_file" "ident_file" "external_pid_file" "port" "ssl" "ssl_cert_file" "ssl_key_file" "log_line_prefix" "cluster_name" "stats_temp_directory" "include_dir") - -if [ -d "$POSTGRESPATH" ] -then - mapfile -t test < <(find /usr -wholename '*/bin/postgres' |grep -Eo "[0-9][0-9]") - - PSQLVERSION=0 - for v in "${test[@]}"; do - if (( v > PSQLVERSION )); then PSQLVERSION=$v; fi; - done - - echo "Postgresql installation Version $PSQLVERSION found" -else - echo "No postgresql installation found" - exit 0 -fi - -PG_CFG="/etc/postgresql/$PSQLVERSION/main" -PG_DATA="/var/lib/postgresql/$PSQLVERSION/main" - - -if (( PSQLVERSION < PSQLVERSION_DOCKER )); then - echo "Migrating database from version $PSQLVERSION to version $PSQLVERSION_DOCKER" - - sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' - - echo "Adding postgresql 13 repo and installing" - wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - - - apt-get update - - apt-get -y install postgresql-$PSQLVERSION_DOCKER -y - - echo "Stopping Version $PSQLVERSION_DOCKER cluster" - pg_dropcluster 13 main --stop - - echo "Migrating old cluster" - { - pg_upgradecluster -m upgrade "$PSQLVERSION" main - } || - { - # could also check postgresql owner - #USER=$(stat -c '%U' "/etc/postgresql/12/main") - #echo $USER - #USER=$(stat -c '%U' "/var/lib/postgresql/12/main") - #echo $USER - chown -R postgres:postgres "$PG_CFG" - chown -R postgres:postgres "$PG_DATA" - pg_upgradecluster -m upgrade "$PSQLVERSION" main - } -fi - -echo "making new folders" -mkdir "$DIR" - -echo "Copying docker-compose file" -cp docker-compose.yml "$DIR" - -cd "$DIR" || exit 0 -mkdir db -mkdir config - - - -echo "Copying database files" -cp -R /var/lib/postgresql/13/main db -cp /etc/postgresql/13/main/pg_hba.conf db -cp /etc/postgresql/13/main/pg_ident.conf db -cp /etc/postgresql/13/main/postgresql.conf db - -echo "copying Nextcloud config file" -cp -R /var/www/nextcloud/config/* config - - - -echo "Creating .env file" - -for var in "${CFG_VARS[@]}" -do - file=$(grep "$var" < config/config.php) - IFS=" " read -r -a line <<< "$(grep "[\"'][^\"']*[\"']" <<< "$file")" - value=$(echo "${line[2]}"| sed -r "s/[\"',-]//gi") - echo "${CFG_NAMES[INDEX]}=$value saved in .env file" - echo "${CFG_NAMES[INDEX]}=$value" >> ".env" - - ((INDEX=INDEX+1)) -done - -{ - echo "${CFG_NAMES_EXT[0]}=$NC_USER" - echo "${CFG_NAMES_EXT[1]}=$NC_PWD" -}>> ".env" - -echo "NC_PORT=${NC_PORT}" >> ".env" - - -file=$(grep datadirectory < config/config.php) -IFS=" " read -r -a line <<< "$(grep "[\"'][^\"']*[\"']" <<< "$file")" -ORG_DATADIR=$(echo "${line[2]}"| sed -r "s/[\"',-]//gi") -echo "NC_DATADIR=${ORG_DATADIR}" >> ".env" - -echo "Patching Nextcloud configuration file" - -sed -i '/memcache.distributed/s/^/#/g' $NC_CFG_PATH -sed -i '/memcache.locking/s/^/#/g' $NC_CFG_PATH - -start=$(sed -n '/redis/=' $NC_CFG_PATH| head -1) -mapfile -t ends < <(sed -n '/),/=' $NC_CFG_PATH ) - -for e in "${ends[@]}" -do - if [ "$e" -gt "$start" ]; then - end=$e - break - fi -done - -sed -i "$start,$end s/^/#/" $NC_CFG_PATH - -start=$(sed -n '/dbhost/=' $NC_CFG_PATH) -sed -i "$start s/.*/ 'dbhost' => 'db',/" $NC_CFG_PATH - -start=$(sed -n '/datadirectory/=' $NC_CFG_PATH) -sed -i "$start s/.*/ 'datadirectory' => '\/var\/www\/html\/data',/" $NC_CFG_PATH - - -echo "Patching Postgresql configuration file" - -for cmt in "${PG_COMMENT_OUT[@]}" -do - sed -i "/$cmt/s/^/#/g" $PG_CFG_PATH -done - -start=$(sed -n '/listen_addresses/=' $PG_CFG_PATH) -sed -i "$start s/.*/listen_addresses = '*'/" $PG_CFG_PATH - -echo "Patching Postgresql HBA file" -echo "host all all all md5" >> db/pg_hba.conf - -chown -R www-data:docker ./* - -echo "Disabling postgresql" -systemctl disable postgresql -systemctl stop postgresql - -echo "Finished" -echo "Change the 'trusted_domains' section in the config/config.php file to match your needs" -echo "Run 'docker-compose up -d' to start the Nextcloud docker container" -echo "You may have to adjust the ownership of config and db folders" -echo "Consider changing your Apache configuration" \ No newline at end of file diff --git a/migrate/docker/readme.md b/migrate/docker/readme.md deleted file mode 100644 index 02e16e9f7c..0000000000 --- a/migrate/docker/readme.md +++ /dev/null @@ -1,25 +0,0 @@ -This repo is intended to help migrate an existing Nextcloud VM installation to a Docker container. -The Docker container will use the existing Postgresql Database (and it may update it) and the existing datadir. - -# WARNING -This subfolder, and the migration tool have not been tested by the main maintainers of this repo. We put this here solely for inspiration, and you're on your own if something fails. We would still appreciate if you told us what went wrong though, by creating an issue. - -How to use: -1. clone git -2. cd nc_migration -3. chmod +x migrate.sh -4. sudo ./migrate.sh destinationdir nc_username nc_password nc_port -5. change the trusted_domainssection in the config/config.php file to you needs -6. run it: 'docker-compose up-d' - -Explanation of the bash script arguments: -- destinationdir = the folder containing all the files needed to run the Docker container -- nc_user = the Nextcloud administrator user -- nc_password = password for this user -- nc_port = port exposed by the container - - -TBD: -1. Implement SSL -2. Change bash script to include 'help' section and to be more versatile -3. Add redis diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh deleted file mode 100644 index 71d753ee9d..0000000000 --- a/nextcloud-startup-script.sh +++ /dev/null @@ -1,626 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# GNU General Public License v3.0 -# https://github.com/nextcloud/vm/blob/main/LICENSE - -######### - -IRed='\e[0;91m' # Red -IGreen='\e[0;92m' # Green -ICyan='\e[0;96m' # Cyan -Color_Off='\e[0m' # Text Reset -print_text_in_color() { - printf "%b%s%b\n" "$1" "$2" "$Color_Off" -} - -print_text_in_color "$ICyan" "Fetching all the variables from lib.sh..." - -is_process_running() { -PROCESS="$1" - -while : -do - RESULT=$(pgrep "${PROCESS}") - - if [ "${RESULT:-null}" = null ]; then - break - else - print_text_in_color "$ICyan" "${PROCESS} is running, waiting for it to stop..." - sleep 10 - fi -done -} - -######### - -# Check if dpkg or apt is running -is_process_running apt -is_process_running dpkg - -true -SCRIPT_NAME="Nextcloud Startup Script" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Get all needed variables from the library -ncdb - -# Check if root -root_check - -# Create a snapshot before modifying anything -check_free_space -if does_snapshot_exist "NcVM-installation" || [ "$FREE_SPACE" -ge 50 ] -then - if does_snapshot_exist "NcVM-installation" - then - check_command lvremove /dev/ubuntu-vg/NcVM-installation -y - fi - if ! lvcreate --size 5G --snapshot --name "NcVM-startup" /dev/ubuntu-vg/ubuntu-lv - then - msg_box "The creation of a snapshot failed. -If you just merged and old one, please reboot your server once more. -It should work afterwards again." - exit 1 - fi -fi - -# Check network -if network_ok -then - print_text_in_color "$IGreen" "Online!" -else - print_text_in_color "$ICyan" "Setting correct interface..." - [ -z "$IFACE" ] && IFACE=$(lshw -c network | grep "logical name" | awk '{print $3; exit}') - # Set correct interface - cat <<-SETDHCP > "/etc/netplan/01-netcfg.yaml" -network: - version: 2 - renderer: networkd - ethernets: - $IFACE: - dhcp4: true - dhcp6: true -SETDHCP - check_command netplan apply - print_text_in_color "$ICyan" "Checking connection..." - sleep 1 - set_systemd_resolved_dns "$IFACE" - if ! nslookup github.com - then - msg_box "The script failed to get an address from DHCP. -You must have a working network connection to run this script. - -You will now be provided with the option to set a static IP manually instead." - - # Run static_ip script - bash /var/scripts/static_ip.sh - fi -fi - -# Check network again -if network_ok -then - print_text_in_color "$IGreen" "Online!" -elif home_sme_server -then - msg_box "It seems like the last try failed as well using LAN ethernet. - -Since the Home/SME server is equipped with a Wi-Fi module, you will now be asked to enable it to get connectivity. - -Please note: It's not recommended to run a server on Wi-Fi; using an ethernet cable is always the best." - if yesno_box_yes "Do you want to enable Wi-Fi on this server?" - then - install_if_not network-manager - nmtui - fi - if network_ok - then - print_text_in_color "$IGreen" "Online!" - else - msg_box "Network is NOT OK. You must have a working network connection to run this script. - -Please contact us for support: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/ - -Please also post this issue on: https://github.com/nextcloud/vm/issues" - exit 1 - fi -else - msg_box "Network is NOT OK. You must have a working network connection to run this script. - -Please contact us for support: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/ - -Please also post this issue on: https://github.com/nextcloud/vm/issues" - exit 1 -fi - -# Check that this run on the PostgreSQL VM -if ! is_this_installed postgresql-common -then - print_text_in_color "$IRed" "This script is intended to be \ -run using a PostgreSQL database, but PostgreSQL is not installed." - print_text_in_color "$IRed" "Aborting..." - exit 1 -fi - -# Run the startup menu -run_script MENU startup_configuration - -true -SCRIPT_NAME="Nextcloud Startup Script" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Get all needed variables from the library -ncdb -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Nextcloud 21 is required -lowest_compatible_nc 21 - -# Add temporary fix if needed -if network_ok -then - run_script STATIC temporary-fix-beginning -fi - -# Import if missing and export again to import it with UUID -zpool_import_if_missing - -# Set phone region (needs the latest KEYBOARD_LAYOUT from lib) -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh -if [ -n "$KEYBOARD_LAYOUT" ] -then - nextcloud_occ config:system:set default_phone_region --value="$KEYBOARD_LAYOUT" -fi - -# Is this run as a pure root user? -if is_root -then - if [[ "$UNIXUSER" == "ncadmin" ]] - then - sleep 1 - else - if [ -z "$UNIXUSER" ] - then - msg_box "You seem to be running this as the root user. -You must run this as a regular user with sudo permissions. - -Please create a user with sudo permissions and the run this command: -sudo -u [user-with-sudo-permissions] sudo bash /var/scripts/nextcloud-startup-script.sh - -We will do this for you when you hit OK." - download_script STATIC adduser - bash $SCRIPTS/adduser.sh "$SCRIPTS/nextcloud-startup-script.sh" - rm $SCRIPTS/adduser.sh - else - msg_box "You probably see this message if the user 'ncadmin' does not exist on the system, -which could be the case if you are running directly from the scripts on Github and not the VM. - -As long as the user you created have sudo permissions it's safe to continue. -This would be the case if you created a new user with the script in the previous step. - -If the user you are running this script with is a user that doesn't have sudo permissions, -please abort this script and report this issue to $ISSUES." - if yesno_box_yes "Do you want to abort this script?" - then - exit - fi - fi - fi -fi - -######## The first setup is OK to run to this point several times, but not any further ######## -if [ -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times" ] -then - msg_box "The $SCRIPT_NAME script that handles this first setup \ -is designed to be run once, not several times in a row. - -If you feel uncertain about adding some extra features during this setup, \ -then it's best to wait until after the first setup is done. You can always add all the extra features later. - -[For the Nextcloud VM:] -Please delete this VM from your host and reimport it once again, then run this setup like you did the first time. - -[For the Nextcloud Home/SME Server:] -It's a bit trickier since you can't revert in the same way as a VM. \ -The best thing you can do now is to save all the output from the session you \ -ran before this one + write down all the steps you took and send and email to: -github@hanssonit.se with the subject 'Issues with first setup', and we'll take it from there. - -Full documentation can be found here: https://docs.hanssonit.se -Please report any bugs you find here: $ISSUES" - exit 1 -fi - -touch "$SCRIPTS/you-can-not-run-the-startup-script-several-times" - -if home_sme_server -then - download_script STATIC nhss_index - mv $SCRIPTS/nhss_index.php $HTML/index.php && rm -f $HTML/html/index.html - chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php -else - download_script STATIC index - mv $SCRIPTS/index.php $HTML/index.php && rm -f $HTML/html/index.html - chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php -fi - -# Change 000-default to $WEB_ROOT -sed -i "s|DocumentRoot /var/www/html|DocumentRoot $HTML|g" /etc/apache2/sites-available/000-default.conf - -# Make possible to see the welcome screen (without this php-fpm won't reach it) - sed -i '14i\ # http://lost.l-w.ca/0x05/apache-mod_proxy_fcgi-and-php-fpm/' /etc/apache2/sites-available/000-default.conf - sed -i '15i\ ' /etc/apache2/sites-available/000-default.conf - sed -i '16i\ ' /etc/apache2/sites-available/000-default.conf - sed -i '17i\ SetHandler "proxy:unix:/run/php/php'$PHPVER'-fpm.nextcloud.sock|fcgi://localhost"' /etc/apache2/sites-available/000-default.conf - sed -i '18i\ ' /etc/apache2/sites-available/000-default.conf - sed -i '19i\ ' /etc/apache2/sites-available/000-default.conf - sed -i '20i\ ' /etc/apache2/sites-available/000-default.conf - -# Allow $UNIXUSER to run figlet script -chown "$UNIXUSER":"$UNIXUSER" "$SCRIPTS/nextcloud.sh" - -msg_box "This script will configure your Nextcloud and activate TLS. -It will also do the following: - -- Generate new SSH keys for the server -- Generate new PostgreSQL password -- Install selected apps and automatically configure them -- Detect and set hostname -- Detect and set trusted domains -- Upgrade your system and Nextcloud to latest version -- Set secure permissions to Nextcloud -- Set new passwords to Linux and Nextcloud -- Change timezone -- Set correct Rewriterules for Nextcloud -- Copy content from .htaccess to .user.ini (because we use php-fpm) -- Add additional options if you choose them -- Set correct CPU cores for Imaginary -- And more..." - -msg_box "PLEASE NOTE: -[#] Please finish the whole setup. The server will reboot once done. - -[#] Please read the on-screen instructions carefully, they will guide you through the setup. - -[#] When complete it will delete all the *.sh, *.html, *.tar, *.zip inside: - /root - /home/$UNIXUSER - -[#] Please consider donating if you like the product: - https://shop.hanssonit.se/product-category/donate/ - -[#] You can also ask for help here: - https://help.nextcloud.com/c/support/appliances-docker-snappy-vm - https://shop.hanssonit.se/product/premium-support-per-30-minutes/" - -msg_box "PLEASE NOTE: - -The first setup is meant to be run once, and not aborted. -If you feel uncertain about the options during the setup, just choose the defaults by hitting [ENTER] at each question. - -When the setup is done, the server will automatically reboot. - -Please report any issues to: $ISSUES" - -# Change timezone in PHP -sed -i "s|;date.timezone.*|date.timezone = $(cat /etc/timezone)|g" "$PHP_INI" - -# Change timezone for logging -nextcloud_occ config:system:set logtimezone --value="$(cat /etc/timezone)" - -# Pretty URLs -print_text_in_color "$ICyan" "Setting RewriteBase to \"/\" in config.php..." -chown -R www-data:www-data $NCPATH -nextcloud_occ config:system:set overwrite.cli.url --value="http://localhost/" -nextcloud_occ config:system:set htaccess.RewriteBase --value="/" -nextcloud_occ maintenance:update:htaccess -bash $SECURE & spinner_loading - -# Generate new SSH Keys -printf "\nGenerating new SSH keys for the server...\n" -rm -v /etc/ssh/ssh_host_* -dpkg-reconfigure openssh-server - -# Generate new PostgreSQL password -print_text_in_color "$ICyan" "Generating new PostgreSQL password..." -check_command bash "$SCRIPTS/change_db_pass.sh" -sleep 3 - -# Server configurations -bash $SCRIPTS/server_configuration.sh - -# Nextcloud configuration -bash $SCRIPTS/nextcloud_configuration.sh - -# Install apps -bash $SCRIPTS/additional_apps.sh - -### Change passwords -# CLI USER -UNIXUSER="$(getent group sudo | cut -d: -f4 | cut -d, -f1)" -if [[ "$UNIXUSER" != "ncadmin" ]] -then - print_text_in_color "$ICyan" "No need to change password for CLI user '$UNIXUSER' since it's not the default user." -else - msg_box "For better security, we will now change the password for the CLI user in Ubuntu." - while : - do - UNIX_PASSWORD=$(input_box_flow "Please type in the new password for the current CLI user in Ubuntu: $UNIXUSER.") - if [[ "$UNIX_PASSWORD" == *" "* ]] - then - msg_box "Please don't use spaces." - else - break - fi - done - if check_command echo "$UNIXUSER:$UNIX_PASSWORD" | sudo chpasswd - then - msg_box "The new password for the current CLI user in Ubuntu ($UNIXUSER) is now set to: $UNIX_PASSWORD - -This is used when you login to the Ubuntu CLI." - fi -fi -unset UNIX_PASSWORD - -# NEXTCLOUD USER -NCADMIN=$(nextcloud_occ user:list | awk '{print $3}') -if [[ "$NCADMIN" != "ncadmin" ]] -then - print_text_in_color "$ICyan" "No need to change password for GUI user '$NCADMIN' since it's not the default user." -else - msg_box "We will now change the username and password for the Web Admin in Nextcloud." - while : - do - NEWUSER=$(input_box_flow "Please type in the name of the Web Admin in Nextcloud. -It must differ from the current one: $NCADMIN.\n\nThe only allowed characters for the username are: -'a-z', 'A-Z', '0-9', and '_.@-'") - if [[ "$NEWUSER" == *" "* ]] - then - msg_box "Please don't use spaces." - elif [ "$NEWUSER" = "$NCADMIN" ] - then - msg_box "This username ($NCADMIN) is already in use. Please choose a different one." - # - has to be escaped otherwise it won't work. - # Inspired by: https://unix.stackexchange.com/a/498731/433213 - elif [ "${NEWUSER//[A-Za-z0-9_.\-@]}" ] - then - msg_box "Allowed characters for the username are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again." - else - break - fi - done - while : - do - OC_PASS=$(input_box_flow "Please type in the new password for the new Web Admin ($NEWUSER) in Nextcloud.") - # Create new user - export OC_PASS - if su -s /bin/sh www-data -c "php $NCPATH/occ user:add $NEWUSER --password-from-env -g admin" - then - msg_box "The new Web Admin in Nextcloud is now: $NEWUSER\nThe password is set to: $OC_PASS -This is used when you login to Nextcloud itself, i.e. on the web." - unset OC_PASS - break - else - any_key "Press any key to choose a different password." - fi - done - # Delete old user - if [[ "$NCADMIN" ]] - then - print_text_in_color "$ICyan" "Deleting $NCADMIN..." - nextcloud_occ user:delete "$NCADMIN" - sleep 2 - fi -fi - -# We need to unset the cached admin-user since we have changed its name -unset NC_ADMIN_USER - -msg_box "Well done, you have now finished most of the setup. - -There are still a few steps left but they are automated so sit back and relax! :)" - -# Add default notifications -notify_admin_gui \ -"Do you need support?" \ -"If you need support, please visit the shop: https://shop.hanssonit.se, or the forum: https://help.nextcloud.com." - -if ! is_this_installed php"$PHPVER"-imagick -then - notify_admin_gui \ - "Regarding Imagick not being installed" \ - "As you may have noticed, Imagick is not installed. We care about your security, \ -and here's the reason: https://github.com/nextcloud/server/issues/13099" -fi - -# Fixes https://github.com/nextcloud/vm/issues/58 -a2dismod status -restart_webserver - -if home_sme_server -then - install_if_not bc - mem_available="$(awk '/MemTotal/{print $2}' /proc/meminfo)" - mem_available_gb="$(echo "scale=0; $mem_available/(1024*1024)" | bc)" - # 32 GB RAM - if [[ 30 -lt "${mem_available_gb}" ]] - then - # Add specific values to PHP-FPM based on 32 GB RAM - check_command sed -i "s|pm.max_children.*|pm.max_children = 600|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.start_servers.*|pm.start_servers = 100|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 20|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 480|g" "$PHP_POOL_DIR"/nextcloud.conf - restart_webserver - # 16 GB RAM - elif [[ 14 -lt "${mem_available_gb}" ]] - then - # Add specific values to PHP-FPM based on 16 GB RAM - check_command sed -i "s|pm.max_children.*|pm.max_children = 300|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.start_servers.*|pm.start_servers = 50|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 20|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 280|g" "$PHP_POOL_DIR"/nextcloud.conf - restart_webserver - fi -else - # Calculate the values of PHP-FPM based on the amount of RAM available (minimum 2 GB or 8 children) - calculate_php_fpm - - # Run again if values are reset on last run - calculate_php_fpm -fi - -# Set correct amount of CPUs for Imaginary -if does_this_docker_exist nextcloud/aio-imaginary -then - if which nproc >/dev/null 2>&1 - then - nextcloud_occ config:system:set preview_concurrency_new --value="$(nproc)" - nextcloud_occ config:system:set preview_concurrency_all --value="$(($(nproc)*2))" - else - nextcloud_occ config:system:set preview_concurrency_new --value="2" - nextcloud_occ config:system:set preview_concurrency_all --value="4" - fi -fi - -# Add temporary fix if needed -if network_ok -then - run_script STATIC temporary-fix-end -fi - -# Cleanup 1 -nextcloud_occ maintenance:repair -rm -f "$SCRIPTS/ip.sh" -rm -f "$SCRIPTS/change_db_pass.sh" -rm -f "$SCRIPTS/instruction.sh" -rm -f "$NCDATA/nextcloud.log" -rm -f "$SCRIPTS/static_ip.sh" -rm -f "$SCRIPTS/lib.sh" -rm -f "$SCRIPTS/server_configuration.sh" -rm -f "$SCRIPTS/nextcloud_configuration.sh" -rm -f "$SCRIPTS/additional_apps.sh" -rm -f "$SCRIPTS/adduser.sh" -rm -f "$SCRIPTS/activate-tls.sh" -rm -f "$SCRIPTS/desec_menu.sh" -rm -f "$NCDATA"/*.log - -find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name 'results' -o -name '*.zip*' \) -delete -find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete -sed -i "s|instruction.sh|nextcloud.sh|g" "/home/$UNIXUSER/.bash_profile" - -truncate -s 0 \ - /root/.bash_history \ - "/home/$UNIXUSER/.bash_history" \ - /var/spool/mail/root \ - "/var/spool/mail/$UNIXUSER" \ - /var/log/apache2/access.log \ - /var/log/apache2/error.log \ - "$VMLOGS/nextcloud.log" - -sed -i "s|sudo -i||g" "$UNIXUSER_PROFILE" - -cat << ROOTNEWPROFILE > "$ROOT_PROFILE" -# ~/.profile: executed by Bourne-compatible login shells. - -if [ "/bin/bash" ] -then - if [ -f ~/.bashrc ] - then - . ~/.bashrc - fi -fi - -if [ -x /var/scripts/nextcloud-startup-script.sh ] -then - /var/scripts/nextcloud-startup-script.sh -fi - -if [ -x /var/scripts/history.sh ] -then - /var/scripts/history.sh -fi - -mesg n - -ROOTNEWPROFILE - -# Set trusted domains -run_script STATIC trusted_domains - -# Upgrade system -print_text_in_color "$ICyan" "System will now upgrade..." -bash $SCRIPTS/update.sh minor - -# Check if new major is out, and inform on how to update -nc_update -if version_gt "$NCMAJOR" "$CURRENTMAJOR" -then - msg_box "We noticed that there's a new major release of Nextcloud ($NCVERSION).\nIf you want to update to the latest release instantly, please check this:\n -https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration?currentPageId=W7D3quPiqQz3_MsE" -fi - -# Cleanup 2 -apt-get autoremove -y -apt-get autoclean - -# Remove preference for IPv4 -rm -f /etc/apt/apt.conf.d/99force-ipv4 -apt-get update - -# Success! -msg_box "The installation process is *almost* done. - -Please hit OK in all the following prompts and let the server reboot to complete the installation process." - -# Enterprise? -msg_box "ENTERPRISE? -Nextcloud Enterprise gives professional organizations software optimized and tested for mission critical environments. - -More info here: https://nextcloud.com/enterprise/ -Get your license here: https://shop.hanssonit.se/product/nextcloud-enterprise-license-100-users/" - -msg_box "TIPS & TRICKS: -1. Publish your server online: http://shortio.hanssonit.se/ffOQOXS6Kh -2. To login to PostgreSQL just type: sudo -u postgres psql nextcloud_db -3. To update this server just type: sudo bash /var/scripts/update.sh -4. Install apps, configure Nextcloud, and server: sudo bash $SCRIPTS/menu.sh" - -msg_box "SUPPORT: -Please ask for help in the forums, visit our shop to buy support: -- SUPPORT: https://shop.hanssonit.se/product/premium-support-per-30-minutes/ -- FORUM: https://help.nextcloud.com/ - -BUGS: -Please report any bugs here: https://github.com/nextcloud/vm/issues" - -msg_box "### PLEASE HIT OK TO REBOOT ### - -Congratulations! You have successfully installed Nextcloud! - -LOGIN: -Login to Nextcloud in your browser: -- IP: $ADDRESS -- Hostname: $(hostname -f) - -### PLEASE HIT OK TO REBOOT ###" - -# Reboot -print_text_in_color "$IGreen" "Installation done, system will now reboot..." -check_command rm -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times" -check_command rm -f "$SCRIPTS/nextcloud-startup-script.sh" -if ! reboot -then - shutdown -r now -fi diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh deleted file mode 100644 index bb02cb5fb1..0000000000 --- a/nextcloud_install_production.sh +++ /dev/null @@ -1,1110 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# GNU General Public License v3.0 -# https://github.com/nextcloud/vm/blob/main/LICENSE - -# Prefer IPv4 for apt -echo 'Acquire::ForceIPv4 "true";' >> /etc/apt/apt.conf.d/99force-ipv4 - -# Fix fancy progress bar for apt-get -# https://askubuntu.com/a/754653 -if [ -d /etc/apt/apt.conf.d ] -then - if ! [ -f /etc/apt/apt.conf.d/99progressbar ] - then - echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar - echo 'APT::Color "1";' >> /etc/apt/apt.conf.d/99progressbar - chmod 644 /etc/apt/apt.conf.d/99progressbar - fi -fi - -# Install curl if not existing -if [ "$(dpkg-query -W -f='${Status}' "curl" 2>/dev/null | grep -c "ok installed")" = "1" ] -then - echo "curl OK" -else - apt-get update -q4 - apt-get install curl -y -fi - -# Install whiptail if not existing -if [ "$(dpkg-query -W -f='${Status}' "whiptail" 2>/dev/null | grep -c "ok installed")" = "1" ] -then - echo "whiptail OK" -else - apt-get install whiptail -y -fi - -true -SCRIPT_NAME="Nextcloud Install Script" -SCRIPT_EXPLAINER="This script is installing all requirements that are needed for Nextcloud to run. -It's the first of two parts that are necessary to finish your customized Nextcloud installation." -# shellcheck source=lib.sh -source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Test RAM size (2GB min) + CPUs (min 1) -ram_check 2 Nextcloud -cpu_check 1 Nextcloud - -# Check if dpkg or apt is running -is_process_running apt -is_process_running dpkg - -# Check distribution and version -if ! version 24.04 "$DISTRO" 24.04.10 -then - msg_box "This script can only be run on Ubuntu 24.04 (server)." - exit 1 -fi - -# Automatically restart services -# Restart mode: (l)ist only, (i)nteractive or (a)utomatically. -sed -i "s|#\$nrconf{restart} = .*|\$nrconf{restart} = 'a';|g" /etc/needrestart/needrestart.conf - -# Check for flags -if [ "$1" = "" ] -then - print_text_in_color "$ICyan" "Running in normal mode..." - sleep 1 -elif [ "$1" = "--provisioning" ] || [ "$1" = "-p" ] -then - print_text_in_color "$ICyan" "Running in provisioning mode..." - export PROVISIONING=1 - sleep 1 -elif [ "$1" = "--not-latest" ] -then - NOT_LATEST=1 - print_text_in_color "$ICyan" "Running in not-latest mode..." - sleep 1 -else - msg_box "Failed to get the correct flag. Did you enter it correctly?" - exit 1 -fi - -# Show explainer -if [ -z "$PROVISIONING" ] -then - msg_box "$SCRIPT_EXPLAINER" -fi - -# Create a placeholder volume before modifying anything -if [ -z "$PROVISIONING" ] -then - if ! does_snapshot_exist "NcVM-installation" && yesno_box_no "Do you want to use LVM snapshots to be able to restore your root partition during upgrades and such? -Please note: this feature will not be used by this script but by other scripts later on. -For now we will only create a placeholder volume that will be used to let some space for snapshot volumes. -Be aware that you will not be able to use the built-in backup solution if you choose 'No'! -Enabling this will also force an automatic reboot after running the update script!" - then - check_free_space - if [ "$FREE_SPACE" -ge 50 ] - then - print_text_in_color "$ICyan" "Creating volume..." - sleep 1 - # Create a placeholder snapshot - check_command lvcreate --size 5G --name "NcVM-installation" ubuntu-vg - else - print_text_in_color "$IRed" "Could not create volume because of insufficient space..." - sleep 2 - fi - fi -fi - -# Fix LVM on BASE image -if grep -q "LVM" /etc/fstab -then - if [ -n "$PROVISIONING" ] || yesno_box_yes "Do you want to make all free space available to your root partition?" - then - # Resize LVM (live installer is &%¤%/! - # VM - print_text_in_color "$ICyan" "Extending LVM, this may take a long time..." - lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv - - # Run it again manually just to be sure it's done - while : - do - lvdisplay | grep "Size" | awk '{print $3}' - if ! lvextend -L +10G /dev/ubuntu-vg/ubuntu-lv >/dev/null 2>&1 - then - if ! lvextend -L +1G /dev/ubuntu-vg/ubuntu-lv >/dev/null 2>&1 - then - if ! lvextend -L +100M /dev/ubuntu-vg/ubuntu-lv >/dev/null 2>&1 - then - if ! lvextend -L +1M /dev/ubuntu-vg/ubuntu-lv >/dev/null 2>&1 - then - resize2fs /dev/ubuntu-vg/ubuntu-lv - break - fi - fi - fi - fi - done - fi -fi - -# Install needed dependencies -install_if_not lshw -install_if_not net-tools -install_if_not whiptail -install_if_not apt-utils -install_if_not keyboard-configuration - -# Nice to have dependencies -install_if_not bash-completion -install_if_not htop -install_if_not iputils-ping - -# Download needed libraries before execution of the first script -mkdir -p "$SCRIPTS" -download_script GITHUB_REPO lib -download_script STATIC fetch_lib - -# Set locales -run_script ADDONS locales - -# Create new current user -download_script STATIC adduser -bash "$SCRIPTS"/adduser.sh "nextcloud_install_production.sh" -rm -f "$SCRIPTS"/adduser.sh - -check_universe -check_multiverse - -# Check if key is available -if ! site_200 "$NCREPO" -then - msg_box "Nextcloud repo is not available, exiting..." - exit 1 -fi - -# Test Home/SME function -if home_sme_server -then - msg_box "This is the Home/SME server, function works!" -else - print_text_in_color "$ICyan" "Home/SME Server not detected. No worries, just testing the function." - sleep 3 -fi - -# Check if it's a clean server -stop_if_installed postgresql -stop_if_installed apache2 -stop_if_installed nginx -stop_if_installed php -stop_if_installed php-fpm -stop_if_installed php-common -stop_if_installed php"$PHPVER"-fpm -stop_if_installed php7.0-fpm -stop_if_installed php7.1-fpm -stop_if_installed php7.2-fpm -stop_if_installed php7.3-fpm -stop_if_installed php8.0-fpm -stop_if_installed php8.1-fpm -stop_if_installed php8.2-fpm -stop_if_installed mysql-common -stop_if_installed mariadb-server - -# We don't want automatic updates since they might fail (we use our own script) -if is_this_installed unattended-upgrades -then - apt-get purge unattended-upgrades -y - apt-get autoremove -y - rm -rf /var/log/unattended-upgrades -fi - -# Create $SCRIPTS dir -if [ ! -d "$SCRIPTS" ] -then - mkdir -p "$SCRIPTS" -fi - -# Create $VMLOGS dir -if [ ! -d "$VMLOGS" ] -then - mkdir -p "$VMLOGS" -fi - -# Install needed network -install_if_not netplan.io - -# APT over HTTPS -install_if_not apt-transport-https - -# Install build-essentials to get make -install_if_not build-essential - -# Install a decent text editor -install_if_not nano - -# Install package for crontab -install_if_not cron - -# Make sure sudo exists (needed in adduser.sh) -install_if_not sudo - -# Make sure add-apt-repository exists (needed in lib.sh) -install_if_not software-properties-common - -# Set dual or single drive setup -if [ -n "$PROVISIONING" ] -then - choice="2 Disks Auto" -else - msg_box "This server is designed to run with two disks, one for OS and one for DATA. \ -This will get you the best performance since the second disk is using ZFS which is a superior filesystem. - -Though not recommended, you can still choose to only run on one disk, \ -if for example it's your only option on the hypervisor you're running. - -You will now get the option to decide which disk you want to use for DATA, \ -or run the automatic script that will choose the available disk automatically." - - choice=$(whiptail --title "$TITLE - Choose disk format" --nocancel --menu \ -"How would you like to configure your disks? -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"2 Disks Auto" "(Automatically configured)" \ -"2 Disks Manual" "(Choose by yourself)" \ -"1 Disk" "(Only use one disk /mnt/ncdata - NO ZFS!)" 3>&1 1>&2 2>&3) -fi - -case "$choice" in - "2 Disks Auto") - run_script DISK format-sdb - # Change to zfs-mount-generator - run_script DISK change-to-zfs-mount-generator - # Create daily zfs prune script - run_script DISK create-daily-zfs-prune - - ;; - "2 Disks Manual") - run_script DISK format-chosen - # Change to zfs-mount-generator - run_script DISK change-to-zfs-mount-generator - # Create daily zfs prune script - run_script DISK create-daily-zfs-prune - ;; - "1 Disk") - print_text_in_color "$IRed" "1 Disk setup chosen." - sleep 2 - ;; - *) - ;; -esac - -# Set DNS resolver -# https://unix.stackexchange.com/questions/442598/how-to-configure-systemd-resolved-and-systemd-networkd-to-use-local-dns-server-f -while : -do - if [ -n "$PROVISIONING" ] - then - choice="Quad9" - else - choice=$(whiptail --title "$TITLE - Set DNS Resolver" --menu \ -"Which DNS provider should this Nextcloud box use? -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Quad9" "(https://www.quad9.net/)" \ -"Cloudflare" "(https://www.cloudflare.com/dns/)" \ -"Local" "($GATEWAY) - DNS on gateway" \ -"Expert" "If you really know what you're doing!" 3>&1 1>&2 2>&3) - fi - - case "$choice" in - "Quad9") - sed -i "s|^#\?DNS=.*$|DNS=9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9|g" /etc/systemd/resolved.conf - ;; - "Cloudflare") - sed -i "s|^#\?DNS=.*$|DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001|g" /etc/systemd/resolved.conf - ;; - "Local") - sed -i "s|^#\?DNS=.*$|DNS=$GATEWAY|g" /etc/systemd/resolved.conf - systemctl restart systemd-resolved.service - if network_ok - then - break - else - msg_box "Could not validate the local DNS server. Pick an Internet DNS server and try again." - continue - fi - ;; - "Expert") - OWNDNS=$(input_box_flow "Please choose your own DNS server(s) with a space in between, e.g: $GATEWAY 9.9.9.9 (NS1 NS2)") - sed -i "s|^#\?DNS=.*$|DNS=$OWNDNS|g" /etc/systemd/resolved.conf - systemctl restart systemd-resolved.service - if network_ok - then - break - unset OWNDNS - else - msg_box "Could not validate the local DNS server. Pick an Internet DNS server and try again." - continue - fi - ;; - *) - ;; - esac - if test_connection - then - break - else - msg_box "Could not validate the DNS server. Please try again." - fi -done - -# Install PostgreSQL -apt-get update -q4 & spinner_loading -install_if_not postgresql - -# Create DB -cd /tmp -sudo -u postgres psql <> /etc/apache2/apache2.conf - - check_command systemctl restart apache2.service -fi - -# Install PHP "$PHPVER" -install_if_not php"$PHPVER"-fpm -install_if_not php"$PHPVER"-intl -install_if_not php"$PHPVER"-ldap -install_if_not php"$PHPVER"-imap -install_if_not php"$PHPVER"-gd -install_if_not php"$PHPVER"-pgsql -install_if_not php"$PHPVER"-curl -install_if_not php"$PHPVER"-xml -install_if_not php"$PHPVER"-zip -install_if_not php"$PHPVER"-mbstring -install_if_not php"$PHPVER"-soap -install_if_not php"$PHPVER"-gmp -install_if_not php"$PHPVER"-bz2 -install_if_not php"$PHPVER"-bcmath -install_if_not php-pear - -# Enable php-fpm -a2enconf php"$PHPVER"-fpm - -# Enable HTTP/2 server wide -print_text_in_color "$ICyan" "Enabling HTTP/2 server wide..." -cat << HTTP2_ENABLE > "$HTTP2_CONF" - - Protocols h2 http/1.1 - -HTTP2_ENABLE -print_text_in_color "$IGreen" "$HTTP2_CONF was successfully created" -a2enmod http2 -restart_webserver - -# Set up a php-fpm pool with a unixsocket -cat << POOL_CONF > "$PHP_POOL_DIR"/nextcloud.conf -[Nextcloud] -user = www-data -group = www-data -listen = /run/php/php"$PHPVER"-fpm.nextcloud.sock -listen.owner = www-data -listen.group = www-data -pm = dynamic -; max_children is set dynamically with calculate_php_fpm() -pm.max_children = 8 -pm.start_servers = 3 -pm.min_spare_servers = 2 -pm.max_spare_servers = 3 -env[HOSTNAME] = $(hostname -f) -env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin -env[TMP] = /tmp -env[TMPDIR] = /tmp -env[TEMP] = /tmp -security.limit_extensions = .php -php_admin_value [cgi.fix_pathinfo] = 1 - -; Optional -; pm.max_requests = 2000 -POOL_CONF - -# Disable the idling example pool. -mv "$PHP_POOL_DIR"/www.conf "$PHP_POOL_DIR"/www.conf.backup - -# Enable the new php-fpm config -restart_webserver - -# Calculate the values of PHP-FPM based on the amount of RAM available (it's done in the startup script as well) -calculate_php_fpm - -# Install VM-tools -if [ "$SYSVENDOR" == "VMware, Inc." ]; -then - install_if_not open-vm-tools -elif [[ "$SYSVENDOR" == "QEMU" || "$SYSVENDOR" == "Red Hat" ]]; -then - install_if_not qemu-guest-agent - systemctl enable qemu-guest-agent - systemctl start qemu-guest-agent -fi - -# Get not-latest Nextcloud version -if [ -n "$NOT_LATEST" ] -then - while [ -z "$NCVERSION" ] - do - print_text_in_color "$ICyan" "Fetching the not-latest Nextcloud version..." - NCVERSION=$(curl -s -m 900 "$NCREPO"/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' \ -| sort --version-sort | grep -v "\.0$\|\.1$\|\.2$" | tail -1) - STABLEVERSION="nextcloud-$NCVERSION" - print_text_in_color "$IGreen" "$NCVERSION" - done -fi - -# Download and validate Nextcloud package -check_command download_verify_nextcloud_stable - -if [ ! -f "$HTML/$STABLEVERSION.tar.bz2" ] -then - msg_box "Aborting,something went wrong with the download of $STABLEVERSION.tar.bz2" - exit 1 -fi - -# Extract package -tar -xjf "$HTML/$STABLEVERSION.tar.bz2" -C "$HTML" & spinner_loading -rm "$HTML/$STABLEVERSION.tar.bz2" - -# Secure permissions -download_script STATIC setup_secure_permissions_nextcloud -bash "$SECURE" & spinner_loading - -# Ask to set a custom username -if yesno_box_no "Nextcloud is about to be installed.\nDo you want to change the standard GUI user '$GUIUSER' to something else?" -then - while : - do - GUIUSER=$(input_box_flow "Please type in the name of the Web Admin in Nextcloud. -\nThe only allowed characters for the username are: -'a-z', 'A-Z', '0-9', and '_.@-'") - if [[ "$GUIUSER" == *" "* ]] - then - msg_box "Please don't use spaces." - # - has to be escaped otherwise it won't work. - # Inspired by: https://unix.stackexchange.com/a/498731/433213 - elif [ "${GUIUSER//[A-Za-z0-9_.\-@]}" ] - then - msg_box "Allowed characters for the username are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again." - else - break - fi - done - while : - do - GUIPASS=$(input_box_flow "Please type in the new password for the new Web Admin ($GUIUSER) in Nextcloud.") - if [[ "$GUIPASS" == *" "* ]] - then - msg_box "Please don't use spaces." - fi - if [ "${GUIPASS//[A-Za-z0-9_.\-@]}" ] - then - msg_box "Allowed characters for the password are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again." - else - msg_box "The new Web Admin in Nextcloud is now: $GUIUSER\nThe password is set to: $GUIPASS -This is used when you login to Nextcloud itself, i.e. on the web." - break - fi - done - -fi - -# Install Nextcloud -print_text_in_color "$ICyan" "Installing Nextcloud, it might take a while..." -cd "$NCPATH" -# Don't use nextcloud_occ here as it takes alooong time. -# https://github.com/nextcloud/vm/issues/2542#issuecomment-1700406020 -check_command sudo -u www-data php "$NCPATH"/occ maintenance:install \ ---data-dir="$NCDATA" \ ---database=pgsql \ ---database-name=nextcloud_db \ ---database-user="$PGDB_USER" \ ---database-pass="$PGDB_PASS" \ ---admin-user="$GUIUSER" \ ---admin-pass="$GUIPASS" -print_text_in_color "$ICyan" "Nextcloud version:" -nextcloud_occ status -sleep 3 - -# Install PECL dependencies -install_if_not php"$PHPVER"-dev - -# Install Redis (distributed cache) -run_script ADDONS redis-server-ubuntu - -# Install smbclient -# php"$PHPVER"-smbclient does not yet work in PHP 7.4 -install_if_not libsmbclient-dev -yes no | pecl install smbclient -if [ ! -f "$PHP_MODS_DIR"/smbclient.ini ] -then - touch "$PHP_MODS_DIR"/smbclient.ini -fi -if ! grep -qFx extension=smbclient.so "$PHP_MODS_DIR"/smbclient.ini -then - echo "# PECL smbclient" > "$PHP_MODS_DIR"/smbclient.ini - echo "extension=smbclient.so" >> "$PHP_MODS_DIR"/smbclient.ini - check_command phpenmod -v ALL smbclient -fi - -# Enable igbinary for PHP -# https://github.com/igbinary/igbinary -if is_this_installed "php$PHPVER"-dev -then - if ! yes no | pecl install -Z igbinary - then - msg_box "igbinary PHP module installation failed" - exit - else - print_text_in_color "$IGreen" "igbinary PHP module installation OK!" - fi -{ -echo "# igbinary for PHP" -echo "session.serialize_handler=igbinary" -echo "igbinary.compact_strings=On" -} >> "$PHP_INI" - if [ ! -f "$PHP_MODS_DIR"/igbinary.ini ] - then - touch "$PHP_MODS_DIR"/igbinary.ini - fi - if ! grep -qFx extension=igbinary.so "$PHP_MODS_DIR"/igbinary.ini - then - echo "# PECL igbinary" > "$PHP_MODS_DIR"/igbinary.ini - echo "extension=igbinary.so" >> "$PHP_MODS_DIR"/igbinary.ini - check_command phpenmod -v ALL igbinary - fi -restart_webserver -fi - -# Prepare cron.php to be run every 5 minutes -crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NCPATH/cron.php > /dev/null 2>&1"; } | crontab -u www-data - - -# Run the updatenotification on a schedule -nextcloud_occ config:system:set upgrade.disable-web --type=bool --value=true -nextcloud_occ config:app:set updatenotification notify_groups --value="[]" -print_text_in_color "$ICyan" "Configuring update notifications specific for this server..." -download_script STATIC updatenotification -check_command chmod +x "$SCRIPTS"/updatenotification.sh -crontab -u root -l | { cat; echo "59 $AUT_UPDATES_TIME * * * $SCRIPTS/updatenotification.sh > /dev/null 2>&1"; } | crontab -u root - - -# Change values in php.ini (increase max file size) -# max_execution_time -sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI" -# max_input_time -sed -i "s|max_input_time =.*|max_input_time = 3600|g" "$PHP_INI" -# memory_limit -sed -i "s|memory_limit =.*|memory_limit = 512M|g" "$PHP_INI" -# post_max -sed -i "s|post_max_size =.*|post_max_size = 1100M|g" "$PHP_INI" -# upload_max -sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1000M|g" "$PHP_INI" - -# Set logging -nextcloud_occ config:system:set log_type --value=file -nextcloud_occ config:system:set logfile --value="$VMLOGS/nextcloud.log" -rm -f "$NCDATA/nextcloud.log" -nextcloud_occ config:system:set loglevel --value=2 -install_and_enable_app admin_audit -nextcloud_occ config:app:set admin_audit logfile --value="$VMLOGS/audit.log" -nextcloud_occ config:system:set log.condition apps 0 --value admin_audit - -# Set SMTP mail -nextcloud_occ config:system:set mail_smtpmode --value="smtp" - -# Forget login/session after 30 minutes -nextcloud_occ config:system:set remember_login_cookie_lifetime --value="1800" - -# Set logrotate (max 10 MB) -nextcloud_occ config:system:set log_rotate_size --value="10485760" - -# Set trashbin retention obligation (save it in trashbin for 60 days or delete when space is needed) -nextcloud_occ config:system:set trashbin_retention_obligation --value="auto, 60" - -# Set versions retention obligation (save versions for 180 days or delete when space is needed) -nextcloud_occ config:system:set versions_retention_obligation --value="auto, 180" - -# Set activity retention obligation (save activity feed for 120 days, defaults to 365 days otherwise) -nextcloud_occ config:system:set activity_expire_days --value="120" - -# Remove simple signup -nextcloud_occ config:system:set simpleSignUpLink.shown --type=bool --value=false - -# Set chunk_size for files app to 100MB (defaults to 10MB) -nextcloud_occ config:app:set files max_chunk_size --value="104857600" - -# Set product name -if home_sme_server -then - PRODUCTNAME="Nextcloud HanssonIT Server" -else - PRODUCTNAME="Nextcloud HanssonIT VM" -fi -if is_app_installed theming -then - if [ "$(nextcloud_occ config:app:get theming productName)" != "$PRODUCTNAME" ] - then - nextcloud_occ config:app:set theming productName --value "$PRODUCTNAME" - fi -fi - -# Enable OPCache for PHP -# https://docs.nextcloud.com/server/14/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -phpenmod opcache -{ -echo "# OPcache settings for Nextcloud" -echo "opcache.enable=1" -echo "opcache.enable_cli=1" -echo "opcache.interned_strings_buffer=$opcache_interned_strings_buffer_value" -echo "opcache.max_accelerated_files=10000" -echo "opcache.memory_consumption=256" -echo "opcache.save_comments=1" -echo "opcache.revalidate_freq=1" -echo "opcache.validate_timestamps=1" -} >> "$PHP_INI" - -# PHP-FPM optimization -# https://geekflare.com/php-fpm-optimization/ -sed -i "s|;emergency_restart_threshold.*|emergency_restart_threshold = 10|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf -sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf -sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf - -# PostgreSQL values for PHP (https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html#postgresql-database) -{ -echo "" -echo "[PostgresSQL]" -echo "pgsql.allow_persistent = On" -echo "pgsql.auto_reset_persistent = Off" -echo "pgsql.max_persistent = -1" -echo "pgsql.max_links = -1" -echo "pgsql.ignore_notice = 0" -echo "pgsql.log_notice = 0" -} >> "$PHP_FPM_DIR"/conf.d/20-pdo_pgsql.ini - -# Fix https://github.com/nextcloud/vm/issues/714 -print_text_in_color "$ICyan" "Optimizing Nextcloud..." -yes | nextcloud_occ db:convert-filecache-bigint -nextcloud_occ db:add-missing-indices -while [ -z "$CURRENTVERSION" ] -do - CURRENTVERSION=$(sudo -u www-data php "$NCPATH"/occ status | grep "versionstring" | awk '{print $3}') -done -if [ "${CURRENTVERSION%%.*}" -ge "19" ] -then - nextcloud_occ db:add-missing-columns -fi -if [ "${CURRENTVERSION%%.*}" -ge "20" ] -then - nextcloud_occ db:add-missing-primary-keys -fi - -# Install Figlet -install_if_not figlet - -# To be able to use snakeoil certs -install_if_not ssl-cert - -# Generate $HTTP_CONF -if [ ! -f "$SITES_AVAILABLE"/"$HTTP_CONF" ] -then - touch "$SITES_AVAILABLE/$HTTP_CONF" - cat << HTTP_CREATE > "$SITES_AVAILABLE/$HTTP_CONF" - - -### YOUR SERVER ADDRESS ### -# ServerAdmin admin@example.com -# ServerName cloud.example.com - -### SETTINGS ### - - SetHandler "proxy:unix:/run/php/php$PHPVER-fpm.nextcloud.sock|fcgi://localhost" - - - # Logs - LogLevel warn - CustomLog \${APACHE_LOG_DIR}/access.log combined - ErrorLog \${APACHE_LOG_DIR}/error.log - - # Document root folder - DocumentRoot $NCPATH - - # The Nextcloud folder - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - Satisfy Any - # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read - Include $NCPATH/.htaccess - - - # Deny access to your data directory - - Require all denied - - - # Deny access to the Nextcloud config folder - - Require all denied - - - - Dav off - - - # The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients. - - Require all denied - - - SetEnv HOME $NCPATH - SetEnv HTTP_HOME $NCPATH - - # Disable HTTP TRACE method. - TraceEnable off - # Disable HTTP TRACK method. - RewriteEngine On - RewriteCond %{REQUEST_METHOD} ^TRACK - RewriteRule .* - [R=405,L] - - # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX" - - RequestReadTimeout body=0 - - -HTTP_CREATE - print_text_in_color "$IGreen" "$SITES_AVAILABLE/$HTTP_CONF was successfully created." -fi - -# Generate $TLS_CONF -if [ ! -f "$SITES_AVAILABLE"/"$TLS_CONF" ] -then - touch "$SITES_AVAILABLE/$TLS_CONF" - cat << TLS_CREATE > "$SITES_AVAILABLE/$TLS_CONF" -# -# RewriteEngine On -# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] -# - - - Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains" - -### YOUR SERVER ADDRESS ### -# ServerAdmin admin@example.com -# ServerName cloud.example.com - -### SETTINGS ### - - SetHandler "proxy:unix:/run/php/php$PHPVER-fpm.nextcloud.sock|fcgi://localhost" - - - # Intermediate configuration - SSLEngine on - SSLCompression off - SSLProtocol -all +TLSv1.2 +TLSv1.3 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - ServerSignature off - - # Logs - LogLevel warn - CustomLog \${APACHE_LOG_DIR}/access.log combined - ErrorLog \${APACHE_LOG_DIR}/error.log - - # Document root folder - DocumentRoot $NCPATH - - # The Nextcloud folder - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - Satisfy Any - # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read - Include $NCPATH/.htaccess - - - # Deny access to your data directory - - Require all denied - - - # Deny access to the Nextcloud config folder - - Require all denied - - - - Dav off - - - # The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients. - - Require all denied - - - SetEnv HOME $NCPATH - SetEnv HTTP_HOME $NCPATH - - # Disable HTTP TRACE method. - TraceEnable off - # Disable HTTP TRACK method. - RewriteEngine On - RewriteCond %{REQUEST_METHOD} ^TRACK - RewriteRule .* - [R=405,L] - - # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX" - - RequestReadTimeout body=0 - - - # Avoid zero byte files (only works in Ubuntu 24.04 -->>) - # See https://github.com/nextcloud/server/issues/3056 - SetEnv proxy-sendcl 1 - -### LOCATION OF CERT FILES ### - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - -TLS_CREATE - print_text_in_color "$IGreen" "$SITES_AVAILABLE/$TLS_CONF was successfully created." -fi - -# Enable new config -a2ensite "$TLS_CONF" -a2ensite "$HTTP_CONF" -a2dissite default-ssl -restart_webserver - -if [ -n "$PROVISIONING" ] -then - choice="Calendar Contacts IssueTemplate PDFViewer Extract Text Mail Deck Group-Folders" -else - choice=$(whiptail --title "$TITLE - Install apps or software" --checklist \ -"Automatically configure and install selected apps or software -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Calendar" "" ON \ -"Contacts" "" ON \ -"PDFViewer" "" ON \ -"Extract" "" ON \ -"Text" "" ON \ -"Mail" "" ON \ -"Deck" "" ON \ -"Collectives" "" ON \ -"Suspicious Login detection" "" ON \ -"IssueTemplate" "" OFF \ -"Group-Folders" "" OFF 3>&1 1>&2 2>&3) -fi - -case "$choice" in - *"Calendar"*) - install_and_enable_app calendar - ;;& - *"Contacts"*) - install_and_enable_app contacts - ;;& - *"IssueTemplate"*) - # install_and_enable_app issuetemplate - rm -rf "$NCPATH"apps/issuetemplate - nextcloud_occ app:install --force --keep-disabled issuetemplate - sed -i "s|20|${CURRENTVERSION%%.*}|g" "$NCPATH"/apps/issuetemplate/appinfo/info.xml - nextcloud_occ_no_check app:enable issuetemplate - ;;& - *"PDFViewer"*) - install_and_enable_app files_pdfviewer - ;;& - *"Extract"*) - if install_and_enable_app extract - then - install_if_not unrar - install_if_not p7zip - install_if_not p7zip-full - fi - ;;& - *"Text"*) - install_and_enable_app text - ;;& - *"Mail"*) - install_and_enable_app mail - ;;& - *"Deck"*) - install_and_enable_app deck - ;;& - *"Collectives"*) - install_and_enable_app collectives - install_if_not php"$PHPVER"-sqlite3 - ;;& - *"Suspicious Login detection"*) - install_and_enable_app suspicios_login - ;;& - *"Group-Folders"*) - install_and_enable_app groupfolders - ;;& - *) - ;; -esac - -# Cleanup -apt-get autoremove -y -apt-get autoclean -find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name '*.zip*' \) -delete - -# Install virtual kernels for Hyper-V, (and extra for UTF8 kernel module + Collabora and OnlyOffice) -# Kernel 5.4 -if ! home_sme_server -then - if [ "$SYSVENDOR" == "Microsoft Corporation" ] - then - # Hyper-V - install_if_not linux-virtual - install_if_not linux-image-virtual - install_if_not linux-tools-virtual - install_if_not linux-cloud-tools-virtual - install_if_not linux-azure - # linux-image-extra-virtual only needed for AUFS driver with Docker - fi -fi - -# Add aliases -if [ -f /root/.bash_aliases ] -then - if ! grep -q "nextcloud" /root/.bash_aliases - then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} >> /root/.bash_aliases - fi -elif [ ! -f /root/.bash_aliases ] -then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} > /root/.bash_aliases -fi - -# Fix GRUB defaults -if grep -q 'GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity"' /etc/default/grub -then - sed -i "s|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=|g" /etc/default/grub -fi - -# Set secure permissions final (./data/.htaccess has wrong permissions otherwise) -bash "$SECURE" & spinner_loading - -# Put IP address in /etc/issue (shown before the login) -if [ -f /etc/issue ] -then - printf '%s\n' "\4" >> /etc/issue -fi - -# Fix Realtek on PN51 -if asuspn51 -then - if ! version 24.04 "$DISTRO" 24.04.10 - then - # Upgrade Realtek drivers - print_text_in_color "$ICyan" "Upgrading Realtek firmware..." - curl_to_dir https://raw.githubusercontent.com/nextcloud/vm/main/network/asusnuc pn51.sh "$SCRIPTS" - bash "$SCRIPTS"/pn51.sh - fi -fi - -# Update if it's the Home/SME Server -if home_sme_server -then - # Upgrade system - print_text_in_color "$ICyan" "System will now upgrade..." - run_script STATIC update -fi - -# Force MOTD to show correct number of updates -if is_this_installed update-notifier-common -then - sudo /usr/lib/update-notifier/update-motd-updates-available --force -fi - -# It has to be this order: -# Download scripts -# chmod +x -# Set permissions for ncadmin in the change scripts - -print_text_in_color "$ICyan" "Getting scripts from GitHub to be able to run the first setup..." - -# Get needed scripts for first bootup -download_script GITHUB_REPO nextcloud-startup-script -download_script STATIC instruction -download_script STATIC history -download_script NETWORK static_ip -# Moved from the startup script 2021-01-04 -download_script LETS_ENC activate-tls -download_script STATIC update -download_script STATIC setup_secure_permissions_nextcloud -download_script STATIC change_db_pass -download_script STATIC nextcloud -download_script MENU menu -download_script MENU server_configuration -download_script MENU nextcloud_configuration -download_script MENU additional_apps -download_script MENU desec_menu - -# Make $SCRIPTS excutable -chmod +x -R "$SCRIPTS" -chown root:root -R "$SCRIPTS" - -# Prepare first bootup -check_command run_script STATIC change-ncadmin-profile -check_command run_script STATIC change-root-profile - -# Disable hibernation -print_text_in_color "$ICyan" "Disable hibernation..." -systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target - -# Reboot -if [ -z "$PROVISIONING" ] -then - msg_box "Installation almost done, system will reboot when you hit OK. - -After reboot, please login to run the setup script." -fi -reboot diff --git a/nextcloud_update.sh b/nextcloud_update.sh index 25dabc797f..b4afc9a440 100644 --- a/nextcloud_update.sh +++ b/nextcloud_update.sh @@ -1,1326 +1,19 @@ #!/bin/bash -################################################################################################################# -# DO NOT USE THIS SCRIPT WHEN UPDATING NEXTCLOUD / YOUR SERVER! RUN `sudo bash /var/scripts/update.sh` INSTEAD. # -################################################################################################################# - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# GNU General Public License v3.0 -# https://github.com/nextcloud/vm/blob/main/LICENSE - +# shellcheck disable=2034,2059 true -SCRIPT_NAME="Nextcloud Update Script" # shellcheck source=lib.sh -source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) - -# Get all needed variables from the library -ncdb -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin - -# Must be root -root_check - -# Check if dpkg or apt is running -is_process_running apt -is_process_running dpkg - -# Automatically restart services (Ubuntu 24.04) -if ! version 16.04.10 "$DISTRO" 22.04.10 -then - if [ ! -f /etc/needrestart/needrestart.conf ] - then - install_if_not needrestart - fi - if ! grep -rq "{restart} = 'a'" /etc/needrestart/needrestart.conf - then - # Restart mode: (l)ist only, (i)nteractive or (a)utomatically. - sed -i "s|#\$nrconf{restart} =.*|\$nrconf{restart} = 'a'\;|g" /etc/needrestart/needrestart.conf - fi -fi - -# Check for pending-snapshot -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "Cannot proceed with the update currently because NcVM-snapshot-pending exists.\n -It is possible that a backup is currently running or an update wasn't successful.\n -Advice: don't restart your system now if that is the case!\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - # Kill all "$SCRIPTS/update.sh" processes to make sure that no automatic restart happens after exiting this script - # shellcheck disable=2009 - PROCESS_IDS=$(ps aux | grep "$SCRIPTS/update.sh" | grep -v grep | awk '{print $2}') - if [ -n "$PROCESS_IDS" ] - then - mapfile -t PROCESS_IDS <<< "$PROCESS_IDS" - for process in "${PROCESS_IDS[@]}" - do - print_text_in_color "$ICyan" "Killing the process with PID $process to prevent a potential automatic restart..." - if ! kill "$process" - then - print_text_in_color "$IRed" "Couldn't kill the process with PID $process..." - fi - done - fi - exit 1 -fi - -# Change from APCu to Redis for local cache -# https://github.com/nextcloud/vm/pull/2040 -if pecl list | grep apcu >/dev/null 2>&1 -then - sed -i "/memcache.local/d" "$NCPATH"/config/config.php - if pecl list | grep redis >/dev/null 2>&1 - then - nextcloud_occ config:system:set memcache.local --value='\OC\Memcache\Redis' - else - nextcloud_occ config:system:delete memcache.local - fi -fi - -# Set product name -if home_sme_server -then - PRODUCTNAME="Nextcloud HanssonIT Server" -else - PRODUCTNAME="Nextcloud HanssonIT VM" -fi -if is_app_installed theming -then - if [ "$(nextcloud_occ config:app:get theming productName)" != "$PRODUCTNAME" ] - then - nextcloud_occ config:app:set theming productName --value "$PRODUCTNAME" - fi -fi - -# Add aliases -if [ -f /root/.bash_aliases ] -then - if ! grep -q "nextcloud" /root/.bash_aliases - then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} >> /root/.bash_aliases - fi -elif [ ! -f /root/.bash_aliases ] -then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} > /root/.bash_aliases -fi - -# Inform about started update -notify_admin_gui \ -"Update script started!" \ -"The update script in the Nextcloud VM has been executed. -You will be notified when the update is done. -Please don't shutdown or restart your server until then." - -# Create a snapshot before doing anything else -check_free_space -if ! [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] && (does_snapshot_exist "NcVM-startup" \ -|| does_snapshot_exist "NcVM-snapshot" || [ "$FREE_SPACE" -ge 50 ] ) -then - # Create backup first - if [ -f "$SCRIPTS/daily-borg-backup.sh" ] && does_snapshot_exist "NcVM-snapshot" - then - rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL - export SKIP_DAILY_BACKUP_CHECK=1 - bash "$SCRIPTS/daily-borg-backup.sh" - if ! [ -f "/tmp/DAILY_BACKUP_CREATION_SUCCESSFUL" ] - then - notify_admin_gui "Update failed because backup could not be created!" \ - "Could not create a backup! $(date +%T)" - exit 1 - fi - fi - # Add automatical unlock upon reboot - crontab -u root -l | grep -v "lvrename /dev/ubuntu-vg/NcVM-snapshot-pending" | crontab -u root - - crontab -u root -l | { cat; echo "@reboot /usr/sbin/lvrename /dev/ubuntu-vg/NcVM-snapshot-pending \ -/dev/ubuntu-vg/NcVM-snapshot &>/dev/null" ; } | crontab -u root - - SNAPSHOT_EXISTS=1 - if is_docker_running - then - check_command systemctl stop docker - fi - sudo -u www-data php "$NCPATH"/occ maintenance:mode --on - if does_snapshot_exist "NcVM-startup" - then - check_command lvremove /dev/ubuntu-vg/NcVM-startup -y - elif does_snapshot_exist "NcVM-snapshot" - then - if ! lvremove /dev/ubuntu-vg/NcVM-snapshot -y - then - sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - start_if_stopped docker - notify_admin_gui "Update failed!" \ -"Could not remove NcVM-snapshot - Please reboot your server! $(date +%T)" - msg_box "It seems like the old snapshot could not get removed. -This should work again after a reboot of your server." - exit 1 - fi - fi - if ! lvcreate --size 5G --snapshot --name "NcVM-snapshot" /dev/ubuntu-vg/ubuntu-lv - then - sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - start_if_stopped docker - notify_admin_gui "Update failed!" \ -"Could not create NcVM-snapshot - Please reboot your server! $(date +%T)" - msg_box "The creation of a snapshot failed. -If you just merged and old one, please reboot your server again. -It should then start working again." - exit 1 - fi - if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending - then - sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - start_if_stopped docker - msg_box "Could not rename the snapshot before starting the update. Please reboot your system!" - exit 1 - fi - sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - start_if_stopped docker -fi - -# Check if /boot is filled more than 90% and exit the script if that's -# the case since we don't want to end up with a broken system -if [ -d /boot ] -then - if [[ "$(df -h | grep -m 1 /boot | awk '{print $5}' | cut -d "%" -f1)" -gt 90 ]] - then - msg_box "It seems like your boot drive is more than 90% full. \ -You can't proceed to upgrade, as it would likely break your system. - -To be able to proceed with the update you need to delete some old Linux kernels. If you need support, please visit: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" - exit - fi -fi - -# Remove leftovers -rm -f /root/php-upgrade.sh -rm -f /tmp/php-upgrade.sh -rm -f /root/db-migration.sh -rm -f /root/migrate-between-psql-versions.sh -rm -f "$SCRIPTS"/php-upgrade.sh -rm -f "$SCRIPTS"/db-migration.sh -rm -f "$SCRIPTS"/migrate-between-psql-versions.sh - -# Fix bug in nextcloud.sh -CURRUSR="$(getent group sudo | cut -d: -f4 | cut -d, -f1)" -if [ -f "$SCRIPTS/techandme.sh" ] -then - rm -f "$SCRIPTS/techandme.sh" - download_script STATIC nextcloud - chown "$CURRUSR":"$CURRUSR" "$SCRIPTS/nextcloud.sh" - chmod +x "$SCRIPTS/nextcloud.sh" - if [ -f /home/"$CURRUSR"/.bash_profile ] - then - sed -i "s|techandme|nextcloud|g" /home/"$CURRUSR"/.bash_profile - elif [ -f /home/"$CURRUSR"/.profile ] - then - sed -i "s|techandme|nextcloud|g" /home/"$CURRUSR"/.profile - fi -else - # Only update if it's older than 60 days (60 seconds * 60 minutes * 24 hours * 60 days) - if [ -f "$SCRIPTS"/nextcloud.sh ] - then - if [ "$(stat --format=%Y "$SCRIPTS"/nextcloud.sh)" -le "$(( $(date +%s) - (60*60*24*60) ))" ] - then - download_script STATIC nextcloud - chown "$CURRUSR":"$CURRUSR" "$SCRIPTS"/nextcloud.sh - fi - fi -fi - -# Fix fancy progress bar for apt-get -# https://askubuntu.com/a/754653 -if [ -d /etc/apt/apt.conf.d ] -then - if ! [ -f /etc/apt/apt.conf.d/99progressbar ] - then - echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar - echo 'APT::Color "1";' >> /etc/apt/apt.conf.d/99progressbar - chmod 644 /etc/apt/apt.conf.d/99progressbar - fi -fi - -# Ubuntu 16.04 is deprecated -check_distro_version - -# Hold PHP if Ondrejs PPA is used -print_text_in_color "$ICyan" "Fetching latest packages with apt..." -apt-get clean all -apt-get update -q4 & spinner_loading -if apt-cache policy | grep "ondrej" >/dev/null 2>&1 -then - print_text_in_color "$ICyan" "Ondrejs PPA is installed. \ -Holding PHP to avoid upgrading to a newer version without migration..." - apt-mark hold php* >/dev/null 2>&1 -fi - -# Don't allow MySQL/MariaDB -if [[ $NCDBTYPE = mysql ]] -then - msg_box "MySQL/MariaDB is not supported in this script anymore. Please contact us to get support \ -for upgrading your server: https://shop.hanssonit.se/product/premium-support-per-30-minutes/" - exit 0 -fi - -# Check if the log DIR actually is a file -if [ -f /var/log/nextcloud ] -then - rm -f /var/log/nextcloud -fi - -# Set secure permissions -if [ ! -f "$SECURE" ] -then - mkdir -p "$SCRIPTS" - download_script STATIC setup_secure_permissions_nextcloud - chmod +x "$SECURE" -else - rm "$SECURE" - download_script STATIC setup_secure_permissions_nextcloud - chmod +x "$SECURE" -fi - -# Remove the local lib.sh since it's causing issues with new functions (2020-06-01) -if [ -f "$SCRIPTS"/lib.sh ] -then - rm -f "$SCRIPTS"/lib.sh -fi - -# Make sure everyone gets access to menu.sh -download_script MENU menu - -# Make sure fetch_lib.sh is available -download_script STATIC fetch_lib - -# Update docker-ce to overlay2 since devicemapper is deprecated -if [ -f /etc/systemd/system/docker.service ] -then - if grep -q "devicemapper" /etc/systemd/system/docker.service - then - print_text_in_color "$ICyan" "Changing to Overlay2 for Docker CE..." - print_text_in_color "$ICyan" "Please report any issues to $ISSUES." - run_script STATIC docker_overlay2 - elif grep -q "aufs" /etc/default/docker - then - apt-mark hold docker-ce - run_script STATIC docker_overlay2 - fi -fi - -if is_this_installed veracrypt -then - # Hold veracrypt if installed since unmounting all drives, updating and mounting them again is not feasible - # If you desperately need the update, you can do so manually - apt-mark hold veracrypt -fi - -# Enter maintenance:mode -print_text_in_color "$IGreen" "Enabling maintenance:mode..." -sudo -u www-data php "$NCPATH"/occ maintenance:mode --on - -# Upgrade Talk repositrory if Talk is installed (2022-12-26) -if is_this_installed nextcloud-spreed-signaling -then - print_text_in_color "$ICyan" "Upgrading dependencies for Talk..." - apt-get update -q4 --allow-releaseinfo-change & spinner_loading -fi - -# Upgrade OS dependencies -export DEBIAN_FRONTEND=noninteractive ; apt-get dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" - -# Temporary fix for PHP 2024-08-27 -# There's a bug in PHP 8.1.21 which causes server to crash -# If you're on Ondrejs PPA, PHP isn't updated, so do that here instead -apt-mark unhold php* >/dev/null 2>&1 -apt-get update -q4 -export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -apt-mark hold php* >/dev/null 2>&1 - -# Improve Apache for PHP-FPM -if is_this_installed php"$PHPVER"-fpm -then - if [ -d "$PHP_FPM_DIR" ] - then - # Just make sure that MPM_EVENT is default - a2dismod mpm_prefork - a2enmod mpm_event - restart_webserver - fi -fi - -# Fix Realtek on PN51 -if asuspn51 -then - if ! version 24.04 "$DISTRO" 24.04.10 - then - # Upgrade Realtek drivers - print_text_in_color "$ICyan" "Upgrading Realtek firmware..." - curl_to_dir https://raw.githubusercontent.com/nextcloud/vm/main/network/asusnuc pn51.sh "$SCRIPTS" - bash "$SCRIPTS"/pn51.sh - fi -fi - -# Update Netdata -if [ -d /etc/netdata ] -then - print_text_in_color "$ICyan" "Updating Netdata..." - install_if_not cmake # Needed for Netdata in newer versions - install_if_not libuv1-dev # Needed for Netdata in newer versions - NETDATA_UPDATER_PATH="$(find /usr -name 'netdata-updater.sh')" - if [ -n "$NETDATA_UPDATER_PATH" ] - then - bash "$NETDATA_UPDATER_PATH" - else - curl_to_dir https://raw.githubusercontent.com/netdata/netdata/main/packaging/installer/ netdata-updater.sh "$SCRIPTS" - bash "$SCRIPTS"/netdata-updater.sh - rm -f "$SCRIPTS"/netdata-updater.sh - fi -fi - -# Reinstall certbot (use snap instead of package) -# https://askubuntu.com/a/1271565 -if dpkg -l | grep certbot >/dev/null 2>&1 -then - # certbot will be removed, but still listed, so we need to check if the snap is installed as well so that this doesn't run every time - if ! snap list certbot >/dev/null 2>&1 - then - print_text_in_color "$ICyan" "Reinstalling certbot (Let's Encrypt) as a snap instead..." - apt-get remove certbot -y - apt-get autoremove -y - install_if_not snapd - snap install core - snap install certbot --classic - # Update $PATH in current session (login and logout is required otherwise) - check_command hash -r - fi -fi - -# Fix PHP error message -mkdir -p /tmp/pear/cache - -# Just in case PECLs XML are bad -if ! pecl channel-update pecl.php.net -then - curl_to_dir http://pecl.php.net channel.xml /tmp - pear channel-update /tmp/channel.xml - rm -f /tmp/channel.xml -fi - -# Update Redis PHP extension (18.04 -->, since 16.04 already is deprecated in the top of this script) -print_text_in_color "$ICyan" "Trying to upgrade the Redis PECL extension..." - -# Check current PHP version -check_php - -# Do the upgrade -if pecl list | grep redis >/dev/null 2>&1 -then - if is_this_installed php"$PHPVER"-common - then - install_if_not php"$PHPVER"-dev - fi - - yes no | pecl upgrade redis - systemctl restart redis-server.service -fi -# Remove old redis -if grep -qFx extension=redis.so "$PHP_INI" -then - sed -i "/extension=redis.so/d" "$PHP_INI" -fi -# Check if redis is enabled and create the file if not -if [ ! -f "$PHP_MODS_DIR"/redis.ini ] -then - touch "$PHP_MODS_DIR"/redis.ini -fi -# Enable new redis -if ! grep -qFx extension=redis.so "$PHP_MODS_DIR"/redis.ini -then - echo "# PECL redis" > "$PHP_MODS_DIR"/redis.ini - echo "extension=redis.so" >> "$PHP_MODS_DIR"/redis.ini - check_command phpenmod -v ALL redis -fi - -# Remove APCu https://github.com/nextcloud/vm/issues/2039 -if is_this_installed "php$PHPVER"-dev -then - # Delete PECL APCu - if pecl list | grep -q apcu - then - if ! yes no | pecl uninstall apcu - then - msg_box "APCu PHP module removal failed! Please report this to $ISSUES" - else - print_text_in_color "$IGreen" "APCu PHP module removal OK!" - fi - # Delete everything else - check_command phpdismod -v ALL apcu - rm -f "$PHP_MODS_DIR"/apcu.ini - rm -f "$PHP_MODS_DIR"/apcu_bc.ini - sed -i "/extension=apcu.so/d" "$PHP_INI" - sed -i "/APCu/d" "$PHP_INI" - sed -i "/apc./d" "$PHP_INI" - fi -fi - -# Also remove php-acpu if installed -if is_this_installed php-acpu -then - apt-get purge php-apcu - apt-get autoremove -y -fi -if is_this_installed php"$PHPVER"-apcu -then - apt-get purge php"$PHPVER"-apcu - apt-get autoremove -y -fi - -# Upgrade other PECL dependencies -if [ "${CURRENTVERSION%%.*}" -ge "17" ] -then - if [ -f "$PHP_INI" ] - then - print_text_in_color "$ICyan" "Trying to upgrade igbinary, and smbclient..." - if pecl list | grep igbinary >/dev/null 2>&1 - then - yes no | pecl upgrade igbinary - # Remove old igbinary - if grep -qFx extension=igbinary.so "$PHP_INI" - then - sed -i "/extension=igbinary.so/d" "$PHP_INI" - fi - # Check if igbinary is enabled and create the file if not - if [ ! -f "$PHP_MODS_DIR"/igbinary.ini ] - then - touch "$PHP_MODS_DIR"/igbinary.ini - fi - # Enable new igbinary - if ! grep -qFx extension=igbinary.so "$PHP_MODS_DIR"/igbinary.ini - then - echo "# PECL igbinary" > "$PHP_MODS_DIR"/igbinary.ini - echo "extension=igbinary.so" >> "$PHP_MODS_DIR"/igbinary.ini - check_command phpenmod -v ALL igbinary - fi - fi - if pecl list | grep -q smbclient - then - yes no | pecl upgrade smbclient - # Check if smbclient is enabled and create the file if not - if [ ! -f "$PHP_MODS_DIR"/smbclient.ini ] - then - touch "$PHP_MODS_DIR"/smbclient.ini - fi - # Enable new smbclient - if ! grep -qFx extension=smbclient.so "$PHP_MODS_DIR"/smbclient.ini - then - echo "# PECL smbclient" > "$PHP_MODS_DIR"/smbclient.ini - echo "extension=smbclient.so" >> "$PHP_MODS_DIR"/smbclient.ini - check_command phpenmod -v ALL smbclient - fi - # Remove old smbclient - if grep -qFx extension=smbclient.so "$PHP_INI" - then - sed -i "/extension=smbclient.so/d" "$PHP_INI" - fi - fi - if pecl list | grep -q inotify - then - # Remove old inotify - if grep -qFx extension=inotify.so "$PHP_INI" - then - sed -i "/extension=inotify.so/d" "$PHP_INI" - fi - yes no | pecl upgrade inotify - if [ ! -f "$PHP_MODS_DIR"/inotify.ini ] - then - touch "$PHP_MODS_DIR"/inotify.ini - fi - if ! grep -qFx extension=inotify.so "$PHP_MODS_DIR"/inotify.ini - then - echo "# PECL inotify" > "$PHP_MODS_DIR"/inotify.ini - echo "extension=inotify.so" >> "$PHP_MODS_DIR"/inotify.ini - check_command phpenmod -v ALL inotify - fi - fi - fi -fi - -# Make sure services are restarted -restart_webserver - -# Update adminer -if [ -d "$ADMINERDIR" ] -then - print_text_in_color "$ICyan" "Updating Adminer..." - rm -f "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php - curl_to_dir "http://www.adminer.org" "latest.php" "$ADMINERDIR" - ln -s "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php -fi - -# Get newest dat files for geoblock.sh -if grep -q "^#Geoip-block" /etc/apache2/apache2.conf -then - get_newest_dat_files - check_command systemctl restart apache2 -fi - -# Update docker containers and remove Watchtower if Bitwarden is present due to compatibility issue -# If Watchtower is installed, but Bitwarden is missing, then let watchtower do its thing -# If Watchtower is installed together with Bitwarden, then remove Watchtower and run updates -# individually depending on which docker containers that exist. -if is_docker_running -then - # To fix https://github.com/nextcloud/vm/issues/1459 we need to remove Watchtower - # to avoid updating Bitwarden again, and only update the specified docker images above - if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden"; - then - if [ -d /root/bwdata ] || [ -d "$BITWARDEN_HOME"/bwdata ] - then - if does_this_docker_exist 'containrrr/watchtower' - then - docker stop watchtower - WATCHTOWER=1 - elif does_this_docker_exist 'v2tec/watchtower' - then - docker stop watchtower - WATCHTOWER=1 - fi - docker container prune -f - docker image prune -a -f - docker volume prune -f - if [ -n "$WATCHTOWER" ] - then - notify_admin_gui "Watchtower removed" "Due to compatibility issues with Bitwarden and Watchtower, \ -we have removed Watchtower from this server. Updates will now happen for each container separately." - fi - fi - fi - # Update selected images - # Vaultwarden - docker_update_specific 'vaultwarden' "Vaultwarden" - # Bitwarden RS - if is_docker_running && docker ps -a --format '{{.Image}}' | grep -Eq "bitwardenrs/server:latest"; - then - print_text_in_color "$ICyan" "Updating Bitwarden RS. This can take a while..." - docker pull assaflavie/runlike &>/dev/null - echo '#/bin/bash' > /tmp/bitwarden-conf - chmod 700 /tmp/bitwarden-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p bitwarden_rs >> /tmp/bitwarden-conf - sed -i 's|bitwardenrs/server:latest|vaultwarden/server:latest|' /tmp/bitwarden-conf - docker stop bitwarden_rs - docker rm bitwarden_rs - if ! DOCKER_RUN_OUTPUT=$(bash /tmp/bitwarden-conf 2>&1) - then - check_command cp /tmp/bitwarden-conf "$SCRIPTS" - chmod 700 "$SCRIPTS/bitwarden-conf" - notify_admin_gui "Could not update Bitwarden RS." "Please recreate the docker container yourself. -You can find its config here: $SCRIPTS/bitwarden-conf -See the debug log below: -$DOCKER_RUN_OUTPUT" - msg_box "Could not update Bitwarden RS. Please recreate the docker container yourself. -You can find its config here: $SCRIPTS/bitwarden-conf -See the debug log below: -$DOCKER_RUN_OUTPUT" - else - docker image prune -a -f - fi - rm -f /tmp/bitwarden-conf - else - docker_update_specific 'bitwarden_rs' "Bitwarden RS" - fi - # Collabora CODE - docker_update_specific 'code' 'Collabora' - # OnlyOffice - ## Don't upgrade to community if EE is installed - if ! does_this_docker_exist onlyoffice-ee - then - if does_this_docker_exist 'onlyoffice/documentserver' - then - docker_update_specific 'onlyoffice' 'OnlyOffice' - fi - fi - # Full Text Search - if [ "${CURRENTVERSION%%.*}" -ge "25" ] - then - fulltextsearch_install - if does_this_docker_exist "$nc_fts" && does_this_docker_exist "$opens_fts" - then - msg_box "Please consider reinstalling FullTextSearch since you seem to have the old (and not working) implemantation by issuing the uninstall script: sudo bash $SCRIPTS/menu.sh --> Additional Apps --> FullTextSearch" - elif [ -d "$FULLTEXTSEARCH_DIR" ] - then - # Check if new name standard is set, and only update if it is (since it contains the latest tag) - if grep -rq "$FULLTEXTSEARCH_IMAGE_NAME" "$FULLTEXTSEARCH_DIR/docker-compose.yaml" - then - if [ -n "$FULLTEXTSEARCH_IMAGE_NAME_LATEST_TAG" ] - then - sed -i "s|image: docker.elastic.co/elasticsearch/elasticsearch:.*|image: docker.elastic.co/elasticsearch/elasticsearch:$FULLTEXTSEARCH_IMAGE_NAME_LATEST_TAG|g" "$FULLTEXTSEARCH_DIR/docker-compose.yaml" - docker-compose_update "$FULLTEXTSEARCH_IMAGE_NAME" 'Full Text Search' "$FULLTEXTSEARCH_DIR" - fi - else - print_text_in_color "$ICyan" "Full Text Search is version based, to upgrade it, please change the version in $FULLTEXTSEARCH_DIR and run 'docker compose pull && docker compose up -d'. Latest tags are here: https://www.docker.elastic.co/r/elasticsearch and release notes here: https://www.elastic.co/guide/en/elasticsearch/reference/current/release-highlights.html" - fi - fi - fi - # Talk Recording - docker_update_specific 'talk-recording' "Talk Recording" - # Plex - docker_update_specific 'plex' "Plex Media Server" - # Imaginary - docker_update_specific 'imaginary' "Imaginary" -fi - -# Fix Collabora change too coolwsd -if grep -r loolwsd "$SITES_AVAILABLE"/*.conf -then - print_text_in_color "$ICyan" "Updating Collabora Engine..." - LOOLWSDCONF=$(grep -r loolwsd "$SITES_AVAILABLE"/*.conf | awk '{print $1}' | cut -d ":" -f1) - mapfile -t LOOLWSDCONF <<< "$LOOLWSDCONF" - for apacheconf in "${LOOLWSDCONF[@]}" - do - sed -i "s|/loleaflet|/browser|g" "${apacheconf}" - sed -i "s|loleaflet is the|browser is the|g" "${apacheconf}" - sed -i "s|loolwsd|coolwsd|g" "${apacheconf}" - sed -i "s|/lool|/cool|g" "${apacheconf}" - done - check_command restart_webserver -fi - -# Cleanup un-used packages -apt-get autoremove -y -apt-get autoclean - -# Update GRUB, just in case -update-grub - -# Free some space (ZFS snapshots) -if is_this_installed libzfs4linux -then - if grep -rq ncdata /etc/mtab - then - run_script DISK prune_zfs_snaphots - fi -fi - -# Update updatenotification.sh (gets updated after each nextcloud update as well; see down below the script) -if [ -f "$SCRIPTS"/updatenotification.sh ] && ! grep -q "Check for supported Nextcloud version" "$SCRIPTS/updatenotification.sh" -then - download_script STATIC updatenotification - chmod +x "$SCRIPTS"/updatenotification.sh -fi - -# Disable maintenance:mode -print_text_in_color "$IGreen" "Disabling maintenance:mode..." -sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - -# Make all previous files executable -print_text_in_color "$ICyan" "Finding all executable files in $NC_APPS_PATH" -find_executables="$(find $NC_APPS_PATH -type f -executable)" - -# Update all Nextcloud apps -if [ "${CURRENTVERSION%%.*}" -ge "15" ] -then - # Check for upgrades - print_text_in_color "$ICyan" "Trying to automatically update all Nextcloud apps..." - UPDATED_APPS="$(nextcloud_occ_no_check app:update --all)" - # Update pdfannotate - if [ -d "$NC_APPS_PATH/pdfannotate" ] - then - INFO_XML="$(curl -s https://gitlab.com/nextcloud-other/nextcloud-annotate/-/raw/master/appinfo/info.xml)" - if [ "$(echo "$INFO_XML" | grep -oP 'min-version="[0-9]+"' | grep -oP '[0-9]+')" -le "${CURRENTVERSION%%.*}" ] \ -&& [ "$(echo "$INFO_XML" | grep -oP 'max-version="[0-9]+"' | grep -oP '[0-9]+')" -ge "${CURRENTVERSION%%.*}" ] - then - print_text_in_color "$ICyan" "Updating the pdfannotate app..." - cd "$NC_APPS_PATH/pdfannotate" - git pull - chown -R www-data:www-data ./ - chmod -R 770 ./ - fi - fi -fi - -# Check which apps got updated -if [ -n "$UPDATED_APPS" ] -then - print_text_in_color "$IGreen" "$UPDATED_APPS" - notify_admin_gui \ - "Your apps just got updated!" \ - "$UPDATED_APPS" - # Just make sure everything is updated (sometimes app requires occ upgrade to be run) - nextcloud_occ upgrade -else - print_text_in_color "$IGreen" "Your apps are already up to date!" -fi - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Restart notify push if existing -if [ -f "$NOTIFY_PUSH_SERVICE_PATH" ] -then - chmod +x "$NC_APPS_PATH"/notify_push/bin/x86_64/notify_push - systemctl restart notify_push.service -fi - -if [ -f /tmp/minor.version ] -then - NCBAD=$(cat /tmp/minor.version) - NCVERSION=$(curl -s -m 900 "$NCREPO"/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | grep "${CURRENTVERSION%%.*}" | tail -1) - export NCVERSION - export STABLEVERSION="nextcloud-$NCVERSION" - rm -f /tmp/minor.version -elif [ -f /tmp/nextmajor.version ] -then - NCBAD=$(cat /tmp/nextmajor.version) - if [ "$NCNEXT" -lt "15" ] - then - NCVERSION=$(curl -s -m 900 "$NCREPO"/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | grep "$NCNEXT" | head -1) - else - NCVERSION=$(curl -s -m 900 "$NCREPO"/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | grep "$NCNEXT" | tail -1) - fi - if [ -z "$NCVERSION" ] - then - msg_box "The version that you are trying to upgrade to doesn't exist." - exit 1 - fi - export NCVERSION - export STABLEVERSION="nextcloud-$NCVERSION" - rm -f /tmp/nextmajor.version -elif [ -f /tmp/prerelease.version ] -then - PRERELEASE_VERSION=yes - msg_box "WARNING! You are about to update to a Beta/RC version of Nextcloud.\nThere's no turning back, \ -as it's not currently possible to downgrade.\n\nPlease only continue if you have made a backup, or took a snapshot." - if ! yesno_box_no "Are you sure you would like to proceed?" - then - rm -f /tmp/prerelease.version - unset PRERELEASE_VERSION - else - if grep -q beta /tmp/prerelease.version - then - NCREPO="https://download.nextcloud.com/server/prereleases" - NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1) - STABLEVERSION="nextcloud-$NCVERSION" - rm -f /tmp/prerelease.version - elif grep -q "rc" /tmp/prerelease.version - then - NCREPO="https://download.nextcloud.com/server/prereleases" - NCVERSION=$(cat /tmp/prerelease.version) - STABLEVERSION="nextcloud-$NCVERSION" - rm -f /tmp/prerelease.version - fi - fi -fi - -# Rename snapshot -if [ -n "$SNAPSHOT_EXISTS" ] -then - check_command lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot -fi - -# We can't jump between major versions -major_versions_unsupported - -# Check if new version is larger than current version installed. Skip version check if you want to upgrade to a prerelease. -if [ -z "$PRERELEASE_VERSION" ] -then - print_text_in_color "$ICyan" "Checking for new Nextcloud version..." - if version_gt "$NCVERSION" "$CURRENTVERSION" - then - print_text_in_color "$ICyan" "Latest release is: $NCVERSION. Current version is: $CURRENTVERSION." - print_text_in_color "$IGreen" "New version available, upgrade continues!" - else - print_text_in_color "$IGreen" "You already run the latest version! ($CURRENTVERSION)" - notify_admin_gui \ - "Update successful!" \ - "The update script finished successfully! No new Nextcloud update was found." - exit 0 - fi -fi - -# Update updatenotification.sh -if [ -f "$SCRIPTS"/updatenotification.sh ] -then - download_script STATIC updatenotification - chmod +x "$SCRIPTS"/updatenotification.sh - crontab -u root -l | grep -v "$SCRIPTS/updatenotification.sh" | crontab -u root - - crontab -u root -l | { cat; echo "59 $AUT_UPDATES_TIME * * * $SCRIPTS/updatenotification.sh > /dev/null 2>&1"; } | crontab -u root - -fi - -############# Don't upgrade to specific version -DONOTUPDATETO='23.0.0' -if [[ "$NCVERSION" == "$DONOTUPDATETO" ]] -then - msg_box "Due to major bugs with Nextcloud $DONOTUPDATETO we won't upgrade to that version since it's a risk it will break your server. Please try to upgrade again when the next maintenance release is out." - exit -fi - -# Check if PHP version is compatible with $NCVERSION -PHP_VER=71 -NC_VER=16 -if [ "${NCVERSION%%.*}" -ge "$NC_VER" ] -then - if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ] - then - msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again. - -If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit - fi -fi - -# Check if PHP version is compatible with $NCVERSION -PHP_VER=72 -NC_VER=20 -if [ "${NCVERSION%%.*}" -ge "$NC_VER" ] -then - if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ] - then - msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again. - -If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit - fi -fi - -# Check if PHP version is compatible with $NCVERSION -PHP_VER=73 -NC_VER=21 -if [ "${NCVERSION%%.*}" -ge "$NC_VER" ] -then - if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ] - then -msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again. - -If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit - fi -fi - -# Check if PHP version is compatible with $NCVERSION -# https://github.com/nextcloud/server/issues/29258 -PHP_VER=74 -NC_VER=24 -if [ "${NCVERSION%%.*}" -ge "$NC_VER" ] -then - if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ] - then -msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again. - -If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit - fi -fi - -# Check if PHP version is compatible with $NCVERSION -# https://github.com/nextcloud/server/issues/29258 -PHP_VER=80 -NC_VER=26 -if [ "${NCVERSION%%.*}" -ge "$NC_VER" ] -then - if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ] - then -msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again. - -If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit - fi -fi - -# Upgrade Nextcloud -if ! site_200 "$NCREPO" -then - msg_box "$NCREPO seems to be down, or temporarily not reachable. Please try again in a few minutes." - exit 1 -fi - -countdown "Backing up files and upgrading to Nextcloud $NCVERSION in 10 seconds... Press CTRL+C to abort." "10" - -# Rename snapshot -if [ -n "$SNAPSHOT_EXISTS" ] -then - check_command lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending -fi - -# Stop Apache2 -print_text_in_color "$ICyan" "Stopping Apache2..." -check_command systemctl stop apache2.service - -# Create backup dir (/mnt/NCBACKUP/) -if [ ! -d "$BACKUP" ] -then - mkdir -p "$BACKUP" -fi - -# Backup PostgreSQL -if is_this_installed postgresql-common -then - cd /tmp - # Test connection to PostgreSQL - if ! sudo -u postgres psql -w -c "\q" - then - # If it fails, trust the 'postgres' user to be able to perform backup - rsync -a /etc/postgresql/*/main/pg_hba.conf "$BACKUP"/pg_hba.conf_BACKUP - sed -i "s|local all postgres .*|local all postgres trust|g" /etc/postgresql/*/main/pg_hba.conf - systemctl restart postgresql.service - if sudo -u postgres psql -c "SELECT 1 AS result FROM pg_database WHERE datname='$NCDB'" | grep "1 row" > /dev/null - then - print_text_in_color "$ICyan" "Doing pgdump of $NCDB..." - check_command sudo -u postgres pg_dump -Fc "$NCDB" > "$BACKUP"/nextclouddb.dump - # Import: - # sudo -u postgres pg_restore --verbose --clean --no-acl --no-owner -h localhost -U ncadmin -d nextcloud_db "$BACKUP"/nextclouddb.dump - else - print_text_in_color "$ICyan" "Doing pgdump of all databases..." - check_command sudo -u postgres pg_dumpall > "$BACKUP"/alldatabases.dump - fi - else - # If there's no issues, then continue as normal - if sudo -u postgres psql -c "SELECT 1 AS result FROM pg_database WHERE datname='$NCDB'" | grep "1 row" > /dev/null - then - print_text_in_color "$ICyan" "Doing pgdump of $NCDB..." - check_command sudo -u postgres pg_dump -Fc "$NCDB" > "$BACKUP"/nextclouddb.dump - # Import: - # sudo -u postgres pg_restore --verbose --clean --no-acl --no-owner -h localhost -U ncadmin -d nextcloud_db "$BACKUP"/nextclouddb.dump - else - print_text_in_color "$ICyan" "Doing pgdump of all databases..." - check_command sudo -u postgres pg_dumpall > "$BACKUP"/alldatabases.dump - fi - fi -fi - -# Prevent apps from breaking the update due to incompatibility -# Fixes errors like https://github.com/nextcloud/vm/issues/1834 -# Needs to be executed before backing up the config directory -if [ "${CURRENTVERSION%%.*}" -lt "${NCVERSION%%.*}" ] -then - print_text_in_color "$ICyan" "Deleting 'app_install_overwrite array' to prevent app breakage..." - nextcloud_occ config:system:delete app_install_overwrite -fi - -# Move backups to location according to $VAR -if [ -d /var/NCBACKUP/ ] -then - mv /var/NCBACKUP "$BACKUP" - mv /var/NCBACKUP-OLD "$BACKUP"-OLD/ -fi - -# Check if backup exists and move to old -print_text_in_color "$ICyan" "Backing up data..." -if [ -d "$BACKUP" ] -then - install_if_not rsync - mkdir -p "$BACKUP"-OLD/"$(date +%Y-%m-%d-%H%M%S)" - rsync -Aaxz "$BACKUP"/* "$BACKUP"-OLD/"$(date +%Y-%m-%d-%H%M%S)" - rm -rf "$BACKUP"-OLD/"$(date --date='1 year ago' +%Y)"* - rm -rf "$BACKUP" - mkdir -p "$BACKUP" -fi - -# Do a backup of the ZFS mount -if is_this_installed zfs-auto-snapshot -then - if grep -rq ncdata /etc/mtab - then - check_multiverse - sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot - check_command zfs-auto-snapshot -r ncdata - fi -fi - -# Backup data -for folders in config apps -do - if [[ "$(rsync -Aaxz "$NCPATH"/$folders "$BACKUP")" -eq 0 ]] - then - BACKUP_OK=1 - else - unset BACKUP_OK - fi -done - -if [ -z "$BACKUP_OK" ] -then - msg_box "Backup was not OK. Please check $BACKUP and see if the folders are backed up properly" - exit 1 -else - print_text_in_color "$IGreen" "Backup OK!" -fi - -# Download and validate Nextcloud package -check_command download_verify_nextcloud_stable - -if [ -f "$HTML/$STABLEVERSION.tar.bz2" ] -then - print_text_in_color "$ICyan" "$HTML/$STABLEVERSION.tar.bz2 exists" -else - msg_box "Aborting, something went wrong with the download" - exit 1 -fi - -if [ -d "$BACKUP"/config/ ] -then - print_text_in_color "$ICyan" "$BACKUP/config/ exists" -else - msg_box "Something went wrong with backing up your old Nextcloud instance -Please check in $BACKUP if config/ folder exist." - exit 1 -fi - -if [ -d "$BACKUP"/apps/ ] -then - print_text_in_color "$ICyan" "$BACKUP/apps/ exists" - echo - print_text_in_color "$IGreen" "All files are backed up." - send_mail \ - "New Nextcloud version found!" \ - "We will now start the update to Nextcloud $NCVERSION. $(date +%T)" - countdown "Removing old Nextcloud instance in 5 seconds..." "5" - rm -rf "$NCPATH" - print_text_in_color "$IGreen" "Extracting new package...." - check_command tar -xjf "$HTML/$STABLEVERSION.tar.bz2" -C "$HTML" - rm "$HTML/$STABLEVERSION.tar.bz2" - print_text_in_color "$IGreen" "Restoring config to Nextcloud..." - rsync -Aaxz "$BACKUP"/config "$NCPATH"/ - bash "$SECURE" & spinner_loading - # Don't execute the update before all cronjobs are finished - check_running_cronjobs - # Execute the update - nextcloud_occ upgrade - # Optimize - print_text_in_color "$ICyan" "Optimizing Nextcloud..." - yes | nextcloud_occ db:convert-filecache-bigint - nextcloud_occ db:add-missing-indices - CURRENTVERSION=$(sudo -u www-data php "$NCPATH"/occ status | grep "versionstring" | awk '{print $3}') - if [ "${CURRENTVERSION%%.*}" -ge "19" ] - then - check_php - nextcloud_occ db:add-missing-columns - install_if_not php"$PHPVER"-bcmath - fi - if [ "${CURRENTVERSION%%.*}" -ge "20" ] - then - nextcloud_occ db:add-missing-primary-keys - fi - if [ "${CURRENTVERSION%%.*}" -ge "21" ] - then - # Set phone region - if [ -n "$KEYBOARD_LAYOUT" ] - then - nextcloud_occ config:system:set default_phone_region --value="$KEYBOARD_LAYOUT" - fi - fi - if [ "${CURRENTVERSION%%.*}" -ge "23" ] - then - # Update opcache.interned_strings_buffer - if ! grep -rq opcache.interned_strings_buffer="$opcache_interned_strings_buffer_value" "$PHP_INI" - then - sed -i "s|opcache.interned_strings_buffer=.*|opcache.interned_strings_buffer=$opcache_interned_strings_buffer_value|g" "$PHP_INI" - restart_webserver - fi - fi - if [ "${CURRENTVERSION%%.*}" -ge "27" ] - then - nextcloud_occ dav:sync-system-addressbook - fi -else - msg_box "Something went wrong with backing up your old Nextcloud instance -Please check in $BACKUP if the folders exist." - exit 1 -fi - -# Repair -nextcloud_occ maintenance:repair - -# Update Bitwarden -if is_docker_running -then - if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden"; - then - if is_this_installed apache2 - then - if [ -d /root/bwdata ] - then - curl_to_dir "https://raw.githubusercontent.com/bitwarden/server/master/scripts" "bitwarden.sh" "/root" - chmod +x /root/bitwarden.sh - if [ -f /root/bitwarden.sh ] - then - print_text_in_color "$IGreen" "Upgrading Bitwarden..." - sleep 2 - yes no | bash /root/bitwarden.sh updateself - yes no | bash /root/bitwarden.sh update - fi - elif [ -d "$BITWARDEN_HOME"/bwdata ] - then - curl_to_dir "https://raw.githubusercontent.com/bitwarden/server/master/scripts" "bitwarden.sh" "$BITWARDEN_HOME" - chown "$BITWARDEN_USER":"$BITWARDEN_USER" "$BITWARDEN_HOME"/bitwarden.sh - chmod +x "$BITWARDEN_HOME"/bitwarden.sh - if [ -f "$BITWARDEN_HOME"/bitwarden.sh ] - then - print_text_in_color "$IGreen" "Upgrading Bitwarden..." - sleep 2 - yes no | sudo -u "$BITWARDEN_USER" bash "$BITWARDEN_HOME"/bitwarden.sh updateself - yes no | sudo -u "$BITWARDEN_USER" bash "$BITWARDEN_HOME"/bitwarden.sh update - fi - fi - fi - fi -fi - -# Start Apache2 -start_if_stopped apache2 - -# Just double check if the DB is started as well -if is_this_installed postgresql-common -then - if ! pgrep postgres >/dev/null 2>&1 - then - print_text_in_color "$ICyan" "Starting PostgreSQL..." - systemctl start postgresql.service - fi -fi - -# If the app isn't installed (maybe because it's incompatible), then at least restore from backup and make sure it's disabled -BACKUP_APPS="$(find "$BACKUP/apps" -maxdepth 1 -mindepth 1 -type d)" -mapfile -t BACKUP_APPS <<< "$BACKUP_APPS" -for app in "${BACKUP_APPS[@]}" -do - app="${app##"$BACKUP/apps/"}" - if ! [ -d "$NC_APPS_PATH/$app" ] && [ -d "$BACKUP/apps/$app" ] - then - print_text_in_color "$ICyan" "Restoring $app from $BACKUP/apps..." - rsync -Aaxz "$BACKUP/apps/$app" "$NC_APPS_PATH/" - bash "$SECURE" - nextcloud_occ_no_check app:disable "$app" - # Don't execute the update before all cronjobs are finished - check_running_cronjobs - # Execute the update - nextcloud_occ upgrade - fi -done - -# Update all Nextcloud apps a second time (if the old backup was outdated) -if [ "${CURRENTVERSION%%.*}" -ge "15" ] -then - # Check for upgrades - print_text_in_color "$ICyan" "Trying to automatically update all Nextcloud apps again..." - nextcloud_occ_no_check app:update --all -fi - -# Remove header for Nextcloud 14 (already in .htaccess) -if [ -f /etc/apache2/sites-available/"$(hostname -f)".conf ] -then - if grep -q 'Header always set Referrer-Policy' /etc/apache2/sites-available/"$(hostname -f)".conf - then - sed -i '/Header always set Referrer-Policy/d' /etc/apache2/sites-available/"$(hostname -f)".conf - restart_webserver - fi -fi - -# Fix crontab every 5 minutes instead of 15 -if crontab -u www-data -l | grep -q "\*/15 \* \* \* \* php -f $NCPATH/cron.php" -then - crontab -u www-data -l | grep -v "php -f $NCPATH/cron.php" | crontab -u www-data - - crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NCPATH/cron.php > /dev/null 2>&1"; } | crontab -u www-data - - print_text_in_color "$ICyan" "Nextcloud crontab updated to run every 5 minutes." -fi - -# Change owner of $BACKUP folder to root -chown -R root:root "$BACKUP" - -# Pretty URLs -print_text_in_color "$ICyan" "Setting RewriteBase to \"/\" in config.php..." -chown -R www-data:www-data "$NCPATH" -nextcloud_occ config:system:set htaccess.RewriteBase --value="/" -nextcloud_occ maintenance:update:htaccess -bash "$SECURE" & spinner_loading - -# Create $VMLOGS dir -if [ ! -d "$VMLOGS" ] -then - mkdir -p "$VMLOGS" -fi - -# Make all files in executable again -for executable in $find_executables -do - chmod +x "$executable" -done - -CURRENTVERSION_after=$(nextcloud_occ status | grep "versionstring" | awk '{print $3}') -if [[ "$NCVERSION" == "$CURRENTVERSION_after" ]] || [ -n "$PRERELEASE_VERSION" ] -then - msg_box "Latest version is: $NCVERSION. Current version is: $CURRENTVERSION_after. - -||| UPGRADE SUCCESS! ||| +. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) -If you notice that some apps are disabled, it's because they are not compatible with the new Nextcloud version. -To recover your old apps, please check $BACKUP/apps and copy them to $NCPATH/apps manually. +# Tech and Me © - 2018, https://www.techandme.se/ -Thank you for using T&M Hansson IT's updater!" - nextcloud_occ status - # Restart notify push if existing - if [ -f "$NOTIFY_PUSH_SERVICE_PATH" ] - then - systemctl restart notify_push - fi - print_text_in_color "$ICyan" "Sending notification about the successful update to all admins..." - notify_admin_gui \ - "Nextcloud is now updated!" \ - "Your Nextcloud is updated to $CURRENTVERSION_after with the update script in the Nextcloud VM." - mkdir -p "$VMLOGS"/updates - rm -f "$VMLOGS"/update.log # old place - echo "NEXTCLOUD UPDATE success-$(date +"%Y%m%d")" >> "$VMLOGS"/updates/update.log - # Remove logs from last year to save space - rm -f "$VMLOGS"/updates/update-"$(date --date='1 year ago' +%Y)"* - if [ -n "$SNAPSHOT_EXISTS" ] - then - check_command lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot - countdown "Automatically restarting your server in 1 minute since LVM-snapshots are present." "60" - shutdown -r - fi - exit 0 -else - msg_box "Latest version is: $NCVERSION. Current version is: $CURRENTVERSION_after. +msg_box "Since we migrated the 'master' branch to 'main' on Github the update script from the 'master' branch will be removed soon. -||| UPGRADE FAILED! ||| +When you hit OK we will replace the current update script with the new one and then run the updater again. +This means that you don't have to change anything by yourself, but it could be a good idea to check that our migration worked anyway. -No worries, your files are still backed up at $BACKUP! -Please report this issue to $ISSUES +If you experience any bugs, please report them to $ISSUES." -Maintenance mode is kept on." - notify_admin_gui \ - "Nextcloud update failed!" \ - "Your Nextcloud update failed, please check the logs at $VMLOGS/update.log" - nextcloud_occ status - if [ -n "$SNAPSHOT_EXISTS" ] - then - # Kill all "$SCRIPTS/update.sh" processes to make sure that no automatic restart happens after exiting this script - # shellcheck disable=2009 - PROCESS_IDS_NEW=$(ps aux | grep "$SCRIPTS/update.sh" | grep -v grep | awk '{print $2}') - if [ -n "$PROCESS_IDS_NEW" ] - then - mapfile -t PROCESS_IDS_NEW <<< "$PROCESS_IDS_NEW" - for process in "${PROCESS_IDS_NEW[@]}" - do - print_text_in_color "$ICyan" "Killing the process with PID $process to prevent a potential automatic restart..." - if ! kill "$process" - then - print_text_in_color "$IRed" "Couldn't kill the process with PID $process..." - fi - done - fi - fi - exit 1 -fi +download_script STATIC update +chmod +x $SCRIPTS/update.sh +bash $SCRIPTS/update.sh diff --git a/not-supported/README.md b/not-supported/README.md deleted file mode 100644 index 2fe24c048b..0000000000 --- a/not-supported/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# What is this subfolder about? -This subdirectory of the Nextcloud VM contains scripts that probably *never* will get merged into the released version, but we keep them here so that users can test, and enjoy the befnefits of having an easy way set up the different software offered in this sub-folder. Freedom of choice basically. - -## Can I help? -Yes, of course! :)
-Although mostof the scripts might not be 100% ready, we would love to hear your feedback anyway. -Feedback is especially welcome, if you would like to add some features that these scripts bring in the released version of the NcVM.
-So, please report back! 🚀 - -## How to run this inside my NcVM? -We have prepared a menu for you to choose from available options. You can download the menu with the following command:
-`sudo wget https://raw.githubusercontent.com/nextcloud/vm/main/not-supported/not-supported.sh -P /var/scripts`
-After downloading the menu, you just run it with the following command:
-`sudo bash /var/scripts/not-supported.sh`
-Running the not-supported script will show the menu with the latest options to choose from. diff --git a/not-supported/backup-viewer.sh b/not-supported/backup-viewer.sh deleted file mode 100644 index 807eb9a345..0000000000 --- a/not-supported/backup-viewer.sh +++ /dev/null @@ -1,340 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Backup Viewer" -SCRIPT_EXPLAINER="This script shows the content of daily and/or off-shore backups." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh" -OFFSHORE_BACKUP_FILE="$SCRIPTS/off-shore-rsync-backup.sh" - -# Ask for execution -msg_box "$SCRIPT_EXPLAINER" -if ! yesno_box_yes "Do you want to view the content of your backups?" -then - exit -fi - -# Check if restore is possible -if ! [ -f "$DAILY_BACKUP_FILE" ] -then - msg_box "It seems like you haven't set up daily borg backups. -Please do that before you can view backups." - exit 1 -fi -# Get needed variables -ENCRYPTION_KEY="$(grep "ENCRYPTION_KEY=" "$DAILY_BACKUP_FILE" | sed "s|.*ENCRYPTION_KEY=||;s|'||g;s|\"||g")" -DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')" -DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')" -if [ -z "$ENCRYPTION_KEY" ] || [ -z "$DAILY_BACKUP_FILE" ] || [ -z "$DAILY_BACKUP_FILE" ] -then - msg_box "Some daily backup variables are empty. This is wrong." - exit 1 -fi -# Also get variables from the offshore backup file -if [ -f "$OFFSHORE_BACKUP_FILE" ] -then - OFFSHORE_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')" - OFFSHORE_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')" - if [ -z "$OFFSHORE_BACKUP_MOUNTPOINT" ] ||[ -z "$OFFSHORE_BACKUP_TARGET" ] - then - msg_box "Some off-shore backup variables are empty. This is wrong." - exit 1 - fi -fi -# Check if pending snapshot is existing and cancel the viewing in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "The snapshot pending does exist. Can currently not show the backup. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -fi -# Check if startup snapshot is existing and cancel the viewing in this case. -if does_snapshot_exist "NcVM-startup" -then - msg_box "The snapshot startup does exist. -Please run the update script first." - exit 1 -fi -# Check if snapshot can get renamed -if ! does_snapshot_exist "NcVM-snapshot" -then - msg_box "The NcVM-snapshot doesn't exist. This isn't allowed." - exit 1 -fi - -# Select your way of showing the backups -choice=$(whiptail --title "$TITLE" --menu \ -"Which way do you prefer of showing your backups? -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Midnight Commander" "(Only for viewing your backups, no easy way to copy and move files)" \ -"Webmin" "(Copy and move files via webpage but has bad mimetype support)" \ -"Remotedesktop" "(Best way to copy and move files but needs xrdp to be installed)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Midnight Commander") - if ! is_this_installed mc - then - msg_box "It seems like Midnight Commander isn't installed, yet." - if yesno_box_yes "Do you want to install it now?" - then - run_script APP midnight-commander - else - exit 1 - fi - if ! is_this_installed mc - then - msg_box "It seems like Midnight Commander stil isn't installed. Cannot proceed!" - exit 1 - fi - fi - ;; - "Webmin") - if ! is_this_installed webmin - then - msg_box "It seems like Webmin isn't installed, yet." - if yesno_box_yes "Do you want to install it now?" - then - run_script APP webmin - else - exit 1 - fi - if ! is_this_installed webmin - then - msg_box "It seems like Webmin stil isn't installed. Cannot proceed!" - exit 1 - fi - fi - ;; - "Remotedesktop") - if ! is_this_installed xrdp - then - msg_box "It seems like Remotedesktop isn't installed, yet. -You need to install it on your server before you can use it. -To do that, you need to manually download and execute the following script on your server: -$NOT_SUPPORTED_FOLDER/remotedesktop.sh" - exit 1 - fi - ;; - "") - msg_box "No option chosen. Exiting!" - exit 1 - ;; - *) - ;; -esac - -# Safe the choice in a new variable -PROGRAM_CHOICE="$choice" - -# View backup repository menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup repository that you want to view. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -print_text_in_color "$ICyan" "Looking for connected Backup drives. This can take a while..." - -# Check if at least one drive is connected -DAILY=1 -if ! [ -d "$DAILY_BACKUP_TARGET" ] -then - mount "$DAILY_BACKUP_MOUNTPOINT" - if ! [ -d "$DAILY_BACKUP_TARGET" ] - then - DAILY="" - fi - umount "$DAILY_BACKUP_MOUNTPOINT" -fi -if [ -f "$OFFSHORE_BACKUP_FILE" ] -then - OFFSHORE=1 - if ! [ -d "$OFFSHORE_BACKUP_TARGET" ] - then - mount "$OFFSHORE_BACKUP_MOUNTPOINT" - if ! [ -d "$OFFSHORE_BACKUP_TARGET" ] - then - OFFSHORE="" - fi - fi - umount "$OFFSHORE_BACKUP_MOUNTPOINT" -fi -if [ -z "$DAILY" ] && [ -z "$OFFSHORE" ] -then - msg_box "Not even one backup drive is connected. -You must connect one if you want to view a backup." - exit 1 -fi - -# Get which one is connected -if [ -n "$DAILY" ] -then - args+=("$DAILY_BACKUP_TARGET" " Daily Backup Repository") -fi -if [ -n "$OFFSHORE" ] -then - args+=("$OFFSHORE_BACKUP_TARGET" " Off-Shore Backup Repository") -fi - -# Show the menu -choice=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$choice" ] -then - msg_box "No target selected. Exiting." - exit 1 -fi - -# Check the mountpoint -if mountpoint -q /tmp/borg -then - umount /tmp/borg - if mountpoint -q /tmp/borg - then - msg_box "There is still something mounted on /tmp/borg. Cannot proceed." - exit 1 - fi -fi - -# Check if pending snapshot is existing a second time and cancel the viewing in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "The snapshot pending does exist. Can currently not show the backup. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -fi - -# Rename the snapshot to represent that the backup is locked -if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending -then - msg_box "Could not rename the snapshot. Please reboot your server!" - exit 1 -fi - -# Find out which one was mounted -if [ "$choice" = "$DAILY_BACKUP_TARGET" ] -then - BACKUP_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT" -elif [ "$choice" = "$OFFSHORE_BACKUP_TARGET" ] -then - BACKUP_MOUNTPOINT="$OFFSHORE_BACKUP_MOUNTPOINT" - # Work around issue with borg - # https://github.com/borgbackup/borg/issues/3428#issuecomment-380399036 - mv /root/.config/borg/security/ /root/.config/borg/security.bak - mv /root/.cache/borg/ /root/.cache/borg.bak -fi - -# Mount the drive -mount "$BACKUP_MOUNTPOINT" - -# Break the borg lock if it exists because we have the snapshot that prevents such situations -if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ] -then - print_text_in_color "$ICyan" "Breaking the borg lock..." - borg break-lock "$BACKUP_TARGET_DIRECTORY" -fi - -# Mount the repository -export BORG_PASSPHRASE="$ENCRYPTION_KEY" -mkdir -p /tmp/borg -borg mount "$choice" /tmp/borg -unset BORG_PASSPHRASE -unset ENCRYPTION_KEY - -case "$PROGRAM_CHOICE" in - "Midnight Commander") - while : - do - msg_box "We will now open Midnight Commander so that you can view the content of your backup repository.\n -Please remember a few things for Midnight Commander: -1. You can simply navigate with the [ARROW] keys and [ENTER] -2. When you are done, please close Midnight Commander completely by pressing [F10]. \ -Otherwise we will not be able to unmount the backup repository again and there will \ -most likely be problems during the next regular backup." - if yesno_box_no "Do you remember all two points?" - then - break - fi - done - # Set the needed settings for mc - mkdir -p "/root/.config/mc" - cat << MC_INI > "/root/.config/mc/panels.ini" -[New Left Panel] -list_format=user -user_format=full name | mtime:15 | size:15 | owner:12 | group:12 | perm:12 -MC_INI - # Show Midnight commander - mc /tmp/borg - - # Revert panel settings to MC - echo "" > "/root/.config/mc/panels.ini" - ;; - "Webmin") - msg_box "For showing your backups with Webmin, you should be able to access them by visiting in a Browser: -https://$ADDRESS:10000/filemin/index.cgi?path=/tmp/borg \n -If you haven't been logged in to Webmin, yet, you might need to log in first and open the link after you've done that.\n -After you are done, just press [ENTER] here to unmount the backup again." - ;; - "Remotedesktop") - msg_box "For showing your backups with Remotedesktop, you need to connect to your server using an RDP client. -After you are connected, open a terminal in the session and execute the following command \ -which should open the file manager with the correct location:\n -xhost +si:localuser:root && sudo nautilus /tmp/borg \n -After you are done, just press [ENTER] here to unmount the backup again." - ;; - *) - ;; -esac - -# Restore original cache and security folder -if [ "$BACKUP_MOUNTPOINT" = "$OFFSHORE_BACKUP_MOUNTPOINT" ] -then - rm -r /root/.config/borg/security - mv /root/.config/borg/security.bak/ /root/.config/borg/security - rm -r /root/.cache/borg - mv /root/.cache/borg.bak/ /root/.cache/borg -fi - -# Re-rename the snapshot to represent that it is done -if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot -then - msg_box "Could not re-rename the snapshot. Please reboot your server!" - exit 1 -fi - -# Unmount borg backup -if ! umount /tmp/borg -then - msg_box "Could not unmount the backup archives." -fi - -# Unmount the backup drive -sleep 1 -if ! umount "$BACKUP_MOUNTPOINT" -then - msg_box "Could not unmount the backup drive." - exit 1 -fi - -# End message -msg_box "Just unmounted the backup repository and drive again." - -# Adjust permissions -if [ -f "$SCRIPTS/adjust-startup-permissions.sh" ] -then - nohup bash "$SCRIPTS/adjust-startup-permissions.sh" &>/dev/null & -fi diff --git a/not-supported/bitlocker-mount.sh b/not-supported/bitlocker-mount.sh deleted file mode 100644 index c7343d03a6..0000000000 --- a/not-supported/bitlocker-mount.sh +++ /dev/null @@ -1,196 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Bitlocker Mount" -SCRIPT_EXPLAINER="This script automates mounting Bitlocker encrypted drives locally in your system. -Currently supported are only Bitlocker encrypted NTFS (Windows) drives. -You need a password to mount the drive. Recovery keys are not supported." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show install_popup -if ! is_this_installed dislocker -then - # Ask for installing - install_popup "$SCRIPT_NAME" -fi - -# Test if one drive is already mounted/created -if grep -q "/media/bitlocker/1" /etc/fstab || mountpoint -q /media/bitlocker/1 -then - msg_box "This script currently only supports mounting one Bitlocker encrypted drive. -Please unmount the current one and remove it from /etc/fstab if you want to mount a different one. - -The easiest way to do so is to run the following two commands: -sudo sed -i '/\/media\/bitlocker\/1/d' /etc/fstab -sudo reboot" - exit -fi - -# Install needed packet -install_if_not dislocker - -# Secure fstab -chown root:root /etc/fstab -chmod 600 /etc/fstab - -# Connect Bitlocker drive -msg_box "Please connect your Bitlocker encrypted NTFS (Windows) drive now if you haven't already done this. -After you hit OK, we wil scan for Bitlocker drives." -print_text_in_color "$ICyan" "Please connect your Bitlocker encrypted drive now." -count=0 -while [ "$count" -lt 60 ] -do - PARTUUID=$(lsblk -o FSTYPE,PARTUUID | grep BitLocker | awk '{print $2}' | head -1) - if [ -z "$PARTUUID" ] - then - print_text_in_color "$ICyan" "No Bitlocker drive found. Please connect your drive now." - sleep 5 & spinner_loading - echo "" - count=$((count+5)) - else - break - fi -done - -# Exit after 60 seconds -if [ "$count" -ge 60 ] -then - msg_box "No drive found within 60 seconds. -Please run this script again if you want to try again." - msg_box "We will now remove dislocker so that you keep a clean system." - apt-get purge dislocker -y - apt-get autoremove -y - exit -fi - -# Inform the user -msg_box "A Bitlocker encrypted drive was found! -Please leave it connected. We will now continue with the mounting process." - -# Enter the password -while : -do - PASSWORD=$(input_box_flow "Please enter your password for the Bitlocker encrypted drive now! -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$PASSWORD" = "exit" ] - then - msg_box "We will now remove dislocker so that you keep a clean system." - apt-get purge dislocker -y - apt-get autoremove -y - exit 1 - fi - mkdir -p /media/bitlocker/1 - echo "PARTUUID=$PARTUUID /media/bitlocker/1 fuse.dislocker \ -user-password=$PASSWORD,nofail 0 0" >> /etc/fstab - if ! mount /media/bitlocker/1 - then - msg_box "The password seems to be false. Please try again." - sed -i '/fuse.dislocker/d' /etc/fstab - else - break - fi -done - -# Inform the user -msg_box "The password is correct." - -# Enter the mountpoint -while : -do - MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the Bitlocker encrypted drive. -One example is: '/mnt/data' -The directory has to start with '/mnt/' -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$MOUNT_PATH" = "exit" ] - then - umount /media/bitlocker/1 - sed -i '/fuse.dislocker/d' /etc/fstab - msg_box "We will now remove dislocker so that you keep a clean system." - apt-get purge dislocker -y - apt-get autoremove -y - exit 1 - elif echo "$MOUNT_PATH" | grep -q " " - then - msg_box "Please don't use spaces!" - elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/" - then - msg_box "The directory has to stat with '/mnt/'" - elif grep -q " $MOUNT_PATH " /etc/fstab - then - msg_box "The mountpoint already exists in fstab. Please try a different one." - elif mountpoint -q "$MOUNT_PATH" - then - msg_box "The mountpoint is already mounted. Please try a different one." - elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata" - then - msg_box "The directory isn't allowed to start with '/mnt/ncdata'" - elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares" - then - msg_box "The directory isn't allowed to start with '/mnt/smbshares'" - else - echo "/media/bitlocker/1/dislocker-file $MOUNT_PATH ntfs-3g \ -windows_names,uid=www-data,gid=www-data,umask=007,nofail 0 0" >> /etc/fstab - mkdir -p "$MOUNT_PATH" - if ! mount "$MOUNT_PATH" - then - msg_box "The mount wasn't successful. Please try again. -Most likely it fails because the Bitlocker encrypted drive is no NTFS (Windows) drive." - sed -i '/\/media\/bitlocker\/1\/dislocker-file /d' /etc/fstab - else - break - fi - fi -done - -# Inform the user -msg_box "Congratulations! The mount was successful. -You can now access the Bitlocker drive here: -$MOUNT_PATH" - -# Test if Plex is installed -if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" -then - # Reconfiguring Plex - msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive. -This can take a while. Please be patient!" - print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..." - docker pull assaflavie/runlike - echo '#/bin/bash' > /tmp/pms-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf - if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf - then - MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}" - sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf - docker stop plex - if ! docker rm plex - then - msg_box "Something failed while removing the old container." - exit 1 - fi - if ! bash /tmp/pms-conf - then - msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'" - exit 1 - fi - rm /tmp/pms-conf - msg_box "Plex was adjusted!" - else - rm /tmp/pms-conf - msg_box "No need to update Plex, since the drive is already mounted to Plex." - fi -fi - -exit diff --git a/not-supported/borgbackup.sh b/not-supported/borgbackup.sh deleted file mode 100644 index 9594364578..0000000000 --- a/not-supported/borgbackup.sh +++ /dev/null @@ -1,727 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -# shellcheck disable=2024 -true -SCRIPT_NAME="Borg Backup" -SCRIPT_EXPLAINER="This script creates the Borg backup of your server." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -LVM_MOUNT="/system" -ZFS_MOUNT="/ncdata" -START_TIME=$(date +%s) -CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S") -CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S") -LOG_FILE="$VMLOGS/borgbackup-$CURRENT_DATE.log" -# This is needed for running via cron -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin - -# Functions -inform_user() { - echo -e "\n\n# $2" - print_text_in_color "$1" "$2" -} -start_services() { - inform_user "$ICyan" "Starting services..." - systemctl start postgresql - if [ -z "$MAINTENANCE_MODE_ON" ] - then - sudo -u www-data php "$NCPATH"/occ maintenance:mode --off - fi - start_if_stopped docker - # Restart notify push if existing - if [ -f "$NOTIFY_PUSH_SERVICE_PATH" ] - then - systemctl restart notify_push - fi -} -paste_log_file() { - cat "$LOG_FILE" >> "$BORGBACKUP_LOG" - echo -e "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" >> "$BORGBACKUP_LOG" -} -remove_log_file() { - rm "$LOG_FILE" -} -show_drive_usage() { - inform_user "$ICyan" "Showing drive usage..." - lsblk -o FSUSE%,SIZE,MOUNTPOINT,NAME | grep -v "loop[0-9]" | grep "%" | sed 's|`-||;s/|-//;s/ | //' - echo "" - df -h | grep -v "loop[0-9]" | grep -v "tmpfs" | grep -v "^udev" | grep -v "^overlay" -} -send_error_mail() { - if [ -n "$ZFS_PART_EXISTS" ] - then - if mountpoint -q "$ZFS_MOUNT" - then - umount "$ZFS_MOUNT" - fi - fi - if [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - if [ -z "$DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE" ] - then - inform_user "$ICyan" "Unmounting the backup drive..." - umount "$BACKUP_MOUNTPOINT" - fi - fi - get_expiration_time - MAIL_TITLE="$2" - if [ -z "$2" ] - then - MAIL_TITLE="Daily backup" - fi - inform_user "$IRed" "$MAIL_TITLE sent error on $END_DATE_READABLE ($DURATION_READABLE)" - inform_user "$IRed" "$MAIL_TITLE failed! $1" - if ! send_mail "$MAIL_TITLE failed! $1" "$(cat "$LOG_FILE")" - then - notify_admin_gui \ - "$MAIL_TITLE failed! Though mail sending didn't work!" \ - "Please look at the log file $LOG_FILE if you want to find out more." - paste_log_file - else - paste_log_file - remove_log_file - fi - exit 1 -} -re_rename_snapshot() { - if mountpoint -q "$LVM_MOUNT" - then - umount "$LVM_MOUNT" - fi - inform_user "$ICyan" "Re-renaming the snapshot..." - if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot - then - return 1 - else - return 0 - fi -} -get_expiration_time() { - END_TIME=$(date +%s) - END_DATE_READABLE=$(date --date @"$END_TIME" +"%d.%m.%Y - %H:%M:%S") - DURATION=$((END_TIME-START_TIME)) - DURATION_SEC=$((DURATION % 60)) - DURATION_MIN=$(((DURATION / 60) % 60)) - DURATION_HOUR=$((DURATION / 3600)) - DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC) -} -check_snapshot_pending() { - if does_snapshot_exist "NcVM-snapshot-pending" - then - DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1 - msg_box "The snapshot pending does exist. Can currently not proceed. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - send_error_mail "NcVM-snapshot-pending exists. Please try again later!" "$1" - fi -} - -# Secure the backup file -chown root:root "$SCRIPTS/daily-borg-backup.sh" -chmod 700 "$SCRIPTS/daily-borg-backup.sh" - -# Skip daily backup creation if needed -if [ -z "$SKIP_DAILY_BACKUP_CREATION" ] -then - - # Add automatical unlock upon reboot - crontab -u root -l | grep -v "lvrename /dev/ubuntu-vg/NcVM-snapshot-pending" | crontab -u root - - crontab -u root -l | { cat; echo "@reboot /usr/sbin/lvrename /dev/ubuntu-vg/NcVM-snapshot-pending \ - /dev/ubuntu-vg/NcVM-snapshot &>/dev/null" ; } | crontab -u root - - - # Write output to logfile. - exec > >(tee -i "$LOG_FILE") - exec 2>&1 - - # Check if dpkg or apt is running - is_process_running apt - is_process_running dpkg - - # Start backup - inform_user "$IGreen" "Daily backup started! $CURRENT_DATE_READABLE" - - # Check if the file exists - if ! [ -f "$SCRIPTS/daily-borg-backup.sh" ] - then - send_error_mail "The daily-borg-backup.sh doesn't exist." - fi - - # Check if /mnt/ncdata is mounted - if grep -q " /mnt/ncdata " /etc/mtab && ! grep " /mnt/ncdata " /etc/mtab | grep -q zfs - then - msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive." - exit 1 - fi - # The home directory must exist on the root drive - if grep -q " /home " /etc/mtab - then - send_error_mail "The '/home' directory is mounted and not existing on the root drive." - fi -fi - -# Check if all needed variables are there (they get exported by the local daily-backup-script.sh) -if [ -z "$ENCRYPTION_KEY" ] || [ -z "$BACKUP_TARGET_DIRECTORY" ] || [ -z "$BORGBACKUP_LOG" ] || [ -z "$BACKUP_MOUNTPOINT" ] \ -|| [ -z "$CHECK_BACKUP_INTERVAL_DAYS" ] || [ -z "$DAYS_SINCE_LAST_BACKUP_CHECK" ] -then - send_error_mail "Didn't get all needed variables." -elif [ -n "$ADDITIONAL_BACKUP_DIRECTORIES" ] -# ADDITIONAL_BACKUP_DIRECTORIES is optional -then - mapfile -t ADDITIONAL_BACKUP_DIRECTORIES <<< "$ADDITIONAL_BACKUP_DIRECTORIES" - for directory in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}" - do - DIRECTORY="${directory%%/}" - if ! [ -d "$directory" ] - then - send_error_mail "$directory doesn't exist. Drive not connected?" - else - if ! test "$(timeout 5 ls -A "$directory")" - then - mount "$directory" &>/dev/null - if ! test "$(timeout 5 ls -A "$directory")" - then - send_error_mail "$directory doesn't exist. Drive not connected?" - fi - fi - fi - done -fi - -# Export default values -export BORG_PASSPHRASE="$ENCRYPTION_KEY" -export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes -export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes - -# Skip daily backup creation if needed -if [ -z "$SKIP_DAILY_BACKUP_CREATION" ] -then - # Check if backup shall get checked - if [ "$DAYS_SINCE_LAST_BACKUP_CHECK" -ge "$CHECK_BACKUP_INTERVAL_DAYS" ] - then - CHECK_BACKUP=1 - else - DAYS_SINCE_LAST_BACKUP_CHECK=$((DAYS_SINCE_LAST_BACKUP_CHECK+1)) - sed -i "s|^export DAYS_SINCE_LAST_BACKUP_CHECK.*|export DAYS_SINCE_LAST_BACKUP_CHECK=$DAYS_SINCE_LAST_BACKUP_CHECK|" "$SCRIPTS/daily-borg-backup.sh" - fi - # Check if pending snapshot is existing and cancel the backup in this case. - check_snapshot_pending - - # Check if snapshot can get created - check_free_space - if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ] - then - send_error_mail "Not enough free space on your vgs." - fi - - # Prepare backup repository - inform_user "$ICyan" "Mounting the backup drive..." - if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - mount "$BACKUP_MOUNTPOINT" &>/dev/null - if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - send_error_mail "Could not mount the backup drive. Is it connected?" - fi - fi - - # Test if btrfs volume - if grep " $BACKUP_MOUNTPOINT " /etc/mtab | grep -q btrfs - then - IS_BTRFS_PART=1 - mkdir -p "$BACKUP_MOUNTPOINT/.snapshots" - btrfs subvolume snapshot -r "$BACKUP_MOUNTPOINT" "$BACKUP_MOUNTPOINT/.snapshots/@$CURRENT_DATE" - while [ "$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt 14 ] - do - DELETE_SNAP="$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)" - btrfs subvolume delete "$DELETE_SNAP" - done - fi - - # Send mail that backup was started - if ! send_mail "Daily backup started!" "You will be notified again when the backup is finished! -Please don't restart or shutdown your server until then!" - then - notify_admin_gui "Daily backup started!" "You will be notified again when the backup is finished! -Please don't restart or shutdown your server until then!" - fi - - # Check if pending snapshot is existing and cancel the backup in this case. - check_snapshot_pending - - # Fix too large Borg cache - # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do - find /root/.cache/borg/ -maxdepth 2 -name chunks.archive.d -type d -exec rm -r {} \; -exec touch {} \; - - # Stop services - inform_user "$ICyan" "Stopping services..." - if is_docker_running - then - systemctl stop docker - fi - if [ "$(sudo -u www-data php "$NCPATH"/occ config:system:get maintenance)" = "true" ] - then - MAINTENANCE_MODE_ON=1 - fi - sudo -u www-data php "$NCPATH"/occ maintenance:mode --on - # Database export - # Not really necessary since the root partition gets backed up but easier to restore on new systems - ncdb # get NCDB - rm -f "$SCRIPTS"/nextclouddb.sql "$SCRIPTS"/nextclouddb.dump - rm -f "$SCRIPTS"/alldatabases.sql "$SCRIPTS"/alldatabases.dump - if sudo -Hiu postgres psql -c "SELECT 1 AS result FROM pg_database WHERE datname='$NCDB'" | grep -q "1 row" - then - inform_user "$ICyan" "Doing pgdump of $NCDB..." - sudo -Hiu postgres pg_dump "$NCDB" > "$SCRIPTS"/nextclouddb.dump - chown root:root "$SCRIPTS"/nextclouddb.dump - chmod 600 "$SCRIPTS"/nextclouddb.dump - else - inform_user "$ICyan" "Doing pgdump of all databases..." - sudo -Hiu postgres pg_dumpall > "$SCRIPTS"/alldatabases.dump - chown root:root "$SCRIPTS"/alldatabases.dump - chmod 600 "$SCRIPTS"/alldatabases.dump - fi - systemctl stop postgresql - - # Check if pending snapshot is existing and cancel the backup in this case. - check_snapshot_pending - - # Create LVM snapshot & Co. - inform_user "$ICyan" "Creating LVM snapshot..." - if does_snapshot_exist "NcVM-snapshot" - then - if ! lvremove /dev/ubuntu-vg/NcVM-snapshot -y - then - start_services - send_error_mail "Could not remove old NcVM-snapshot - Please reboot your server!" - fi - fi - if ! lvcreate --size 5G --snapshot --name "NcVM-snapshot" /dev/ubuntu-vg/ubuntu-lv - then - start_services - send_error_mail "Could not create NcVM-snapshot - Please reboot your server!" - else - inform_user "$IGreen" "Snapshot successfully created!" - fi - start_services - - # Cover zfs snapshots - if grep " /mnt/ncdata " /etc/mtab | grep -q zfs - then - ZFS_PART_EXISTS=1 - sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot - if ! zfs-auto-snapshot -r ncdata - then - send_error_mail "Could not create ZFS snapshot!" - fi - inform_user "$IGreen" "ZFS snapshot successfully created!" - ZFS_SNAP_NAME="$(zfs list -t snapshot | grep ncdata | grep snap-202 | sort -r | head -1 | awk '{print $1}')" - # Mount zfs snapshot - if mountpoint -q "$ZFS_MOUNT" - then - if ! umount "$ZFS_MOUNT" - then - send_error_mail "Could not unmount '$ZFS_MOUNT'!" - fi - fi - mkdir -p "$ZFS_MOUNT" - inform_user "$ICyan" "Mounting the ZFS snapshot..." - if ! mount --read-only --types zfs "$ZFS_SNAP_NAME" "$ZFS_MOUNT" - then - send_error_mail "Could not mount the ZFS snapshot!" - fi - fi - - # Check if pending snapshot is existing and cancel the backup in this case. - check_snapshot_pending - - # Rename the snapshot to represent that the backup is pending - inform_user "$ICyan" "Renaming the snapshot..." - if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending - then - send_error_mail "Could not rename the snapshot to snapshot-pending." - fi - - # Mount the snapshot - if mountpoint -q "$LVM_MOUNT" - then - if ! umount "$LVM_MOUNT" - then - re_rename_snapshot - send_error_mail "Could not unmount '$LVM_MOUNT'!" - fi - fi - mkdir -p "$LVM_MOUNT" - inform_user "$ICyan" "Mounting the snapshot..." - if ! mount --read-only /dev/ubuntu-vg/NcVM-snapshot-pending "$LVM_MOUNT" - then - re_rename_snapshot - send_error_mail "Could not mount the LVM snapshot!" - fi - - # Borg backup based on this - # https://borgbackup.readthedocs.io/en/stable/deployment/automated-local.html?highlight=files%20cache#configuring-the-system - # https://iwalton.com/wiki/#[[Backup%20Script]] - # https://decatec.de/linux/backup-strategie-fuer-linux-server-mit-borg-backup/ - - # Log Borg version - borg --version - - # Break the borg lock if it exists because we have the snapshot that prevents such situations - if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ] - then - inform_user "$ICyan" "Breaking the borg lock..." - if ! borg break-lock "$BACKUP_TARGET_DIRECTORY" - then - re_rename_snapshot - send_error_mail "Some errors were reported while breaking the borg lock!" - fi - fi - - # Borg options - # auto,zstd compression seems to has the best ratio based on: - # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6 - BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400) - - # System backup - EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache home/plex/transcode var/cache lost+found \ - run var/run dev tmp "home/plex/config/Library/Application Support/Plex Media Server/Cache") - # mnt, media, sys, prob don't need to be excluded because of the usage of lvm-snapshots and the --one-file-system flag - for directory in "${EXCLUDED_DIRECTORIES[@]}" - do - EXCLUDE_DIRS+=(--exclude "$LVM_MOUNT/$directory/") - done - - # Create system backup - inform_user "$ICyan" "Creating system partition backup..." - if ! borg create "${BORG_OPTS[@]}" --one-file-system "${EXCLUDE_DIRS[@]}" \ - "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition" "$LVM_MOUNT/" - then - inform_user "$ICyan" "Deleting the failed system backup archive..." - borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition" - show_drive_usage - re_rename_snapshot - send_error_mail "Some errors were reported during the system partition backup!" - fi - - # Check Snapshot size - inform_user "$ICyan" "Testing how full the snapshot is..." - SNAPSHOT_USED=$(lvs -o name,data_percent | grep "NcVM-snapshot-pending" | awk '{print $2}' | sed 's|\..*||' | sed 's|,.*||') - if [ "$SNAPSHOT_USED" -lt 100 ] - then - inform_user "$IGreen" "Backup ok: Snapshot is not full ($SNAPSHOT_USED%)" - else - inform_user "$IRed" "Backup corrupt: Snapshot is full ($SNAPSHOT_USED%)" - inform_user "$ICyan" "Deleting the corrupt system backup archive..." - borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition" - show_drive_usage - re_rename_snapshot - send_error_mail "The backup archive was corrupt because the snapshot is full and has been deleted." - fi - - # Unmount LVM_snapshot - inform_user "$ICyan" "Unmounting the snapshot..." - if ! umount "$LVM_MOUNT" - then - send_error_mail "Could not unmount the LVM snapshot." - fi - rm -r "$LVM_MOUNT" - - # Prune options - BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BACKUP_TARGET_DIRECTORY") - - # Prune system archives - inform_user "$ICyan" "Pruning the system archives..." - if ! borg prune --prefix '*_*-NcVM-system-partition' "${BORG_PRUNE_OPTS[@]}" - then - re_rename_snapshot - send_error_mail "Some errors were reported by the prune system command." - fi - - # Boot partition backup - inform_user "$ICyan" "Creating boot partition backup..." - if ! borg create "${BORG_OPTS[@]}" "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-boot-partition" "/boot/" - then - inform_user "$ICyan" "Deleting the failed boot partition backup archive..." - borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-boot-partition" - show_drive_usage - re_rename_snapshot - send_error_mail "Some errors were reported during the boot partition backup!" - fi - - # Prune boot archives - inform_user "$ICyan" "Pruning the boot archives..." - if ! borg prune --prefix '*_*-NcVM-boot-partition' "${BORG_PRUNE_OPTS[@]}" - then - re_rename_snapshot - send_error_mail "Some errors were reported by the prune boot command." - fi - - # Create ZFS backup - if [ -n "$ZFS_PART_EXISTS" ] - then - inform_user "$ICyan" "Creating ncdata partition backup..." - if ! borg create "${BORG_OPTS[@]}" --one-file-system \ - "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-ncdata-partition" "$ZFS_MOUNT/" - then - inform_user "$ICyan" "Deleting the failed ncdata backup archive..." - borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-ncdata-partition" - show_drive_usage - re_rename_snapshot - send_error_mail "Some errors were reported during the ncdata partition backup!" - fi - # Prune ncdata archives - inform_user "$ICyan" "Pruning the ncdata archives..." - if ! borg prune --prefix '*_*-NcVM-ncdata-partition' "${BORG_PRUNE_OPTS[@]}" - then - re_rename_snapshot - send_error_mail "Some errors were reported by the prune ncdata command." - fi - # Unmount ZFS snapshot - inform_user "$ICyan" "Unmounting the ZFS snapshot..." - if ! umount "$ZFS_MOUNT" - then - re_rename_snapshot - send_error_mail "Could not unmount the ZFS snapshot." - fi - rm -r "$ZFS_MOUNT" - fi - - # Backup additional locations - for directory in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}" - do - if [ -z "$directory" ] - then - continue - fi - DIRECTORY="${directory%%/}" - DIRECTORY_NAME=$(echo "$DIRECTORY" | sed 's|^/||;s|/|-|;s| |_|') - - # Wait for the drive to spin up (else it is possible that some subdirectories are not backed up) - inform_user "$ICyan" "Waiting 15s for the $DIRECTORY_NAME directory..." - timeout 0.1s ls -l "$DIRECTORY/" &>/dev/null - if ! sleep 15 - then - # In case someone cancels with ctrl+c here - re_rename_snapshot - send_error_mail "Something failed while waiting for the $DIRECTORY_NAME directory." - fi - - # Create backup - inform_user "$ICyan" "Creating $DIRECTORY_NAME backup..." - if ! borg create "${BORG_OPTS[@]}" --one-file-system --exclude "$DIRECTORY/.snapshots/" \ -"$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-$DIRECTORY_NAME-directory" "$DIRECTORY/" - then - inform_user "$ICyan" "Deleting the failed $DIRECTORY_NAME backup archive..." - borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-$DIRECTORY_NAME-directory" - show_drive_usage - re_rename_snapshot - send_error_mail "Some errors were reported during the $DIRECTORY_NAME backup!" - fi - - # Prune archives - inform_user "$ICyan" "Pruning the $DIRECTORY_NAME archives..." - if ! borg prune --prefix "*_*-NcVM-$DIRECTORY_NAME-directory" "${BORG_PRUNE_OPTS[@]}" - then - re_rename_snapshot - send_error_mail "Some errors were reported by the prune $DIRECTORY_NAME command." - fi - done - - # Run a borg compact which is required with borg 1.2.0 and higher - if borg compact -h &>/dev/null - then - inform_user "$ICyan" "Starting borg compact which will clean up not needed commits and free space..." - if ! borg compact "$BACKUP_TARGET_DIRECTORY" - then - re_rename_snapshot - send_error_mail "Some errors were reported during borg compact!" - fi - fi - - # Rename the snapshot back to normal - if ! re_rename_snapshot - then - send_error_mail "Could not rename the snapshot-pending to snapshot." - fi - - # Print usage of drives into log - show_drive_usage - - # Adjust permissions and scrub volume - if [ -n "$IS_BTRFS_PART" ] - then - inform_user "$ICyan" "Adjusting permissions..." - find "$BACKUP_MOUNTPOINT/" -not -path "$BACKUP_MOUNTPOINT/.snapshots/*" \ - \( ! -perm 600 -o ! -group root -o ! -user root \) -exec chmod 600 {} \; -exec chown root:root {} \; - fi - - # Unmount the backup drive - inform_user "$ICyan" "Unmounting the backup drive..." - if ! umount "$BACKUP_MOUNTPOINT" - then - send_error_mail "Could not unmount the backup drive!" - fi - - # Show expiration time - get_expiration_time - inform_user "$IGreen" "Backup finished on $END_DATE_READABLE ($DURATION_READABLE)" - - # Send mail about successful backup - if ! send_mail "Daily backup successful!" "$(cat "$LOG_FILE")" - then - notify_admin_gui \ - "Daily backup successful! Though mail sending didn't work!" \ - "Please look at the log file $LOG_FILE if you want to find out more." - if [ -z "$CHECK_BACKUP" ] - then - paste_log_file - fi - else - paste_log_file - remove_log_file - fi - - # Create a file that can be checked for - rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL - touch /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL - - # Exit here if the backup doesn't shall get checked - if [ -z "$CHECK_BACKUP" ] - then - exit - fi - - # Exit here if we want to skip the backup check - if [ -n "$SKIP_DAILY_BACKUP_CHECK" ] - then - exit - fi -fi - -# Recreate logfile -if ! [ -f "$LOG_FILE" ] -then - touch "$LOG_FILE" - # Write output to logfile. - exec > >(tee -i "$LOG_FILE") - exec 2>&1 -fi - -# New start time -START_TIME=$(date +%s) -CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S") -CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S") - -# Inform user -inform_user "$IGreen" "Backup integrity check started! $CURRENT_DATE_READABLE" - -# Check if pending snapshot is existing and cancel the backup check in this case. -check_snapshot_pending "Backup integrity check" - -# Prepare backup repository -inform_user "$ICyan" "Mounting the backup drive..." -if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] -then - mount "$BACKUP_MOUNTPOINT" &>/dev/null - if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - send_error_mail "Could not mount the backup drive. Is it connected?" "Backup integrity check" - fi -fi - -# Send mail that backup was started -if ! send_mail "Weekly backup check started!" "You will be notified again when the check is finished! -Please don't restart or shutdown your server until then!" -then - notify_admin_gui "Weekly backup check started!" "You will be notified again when the check is finished! -Please don't restart or shutdown your server until then!" -fi - -# Check if pending snapshot is existing and cancel the backup check in this case. -check_snapshot_pending "Backup integrity check" - -# Rename the snapshot to represent that the backup is pending -inform_user "$ICyan" "Renaming the snapshot..." -if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending -then - send_error_mail "Could not rename the snapshot to snapshot-pending." "Backup integrity check" -fi - -# Check the backup -inform_user "$ICyan" "Checking the backup integrity..." -# TODO: check how long this takes. If too long, remove the --verifa-data flag -if ! borg check --verify-data "$BACKUP_TARGET_DIRECTORY" -then - re_rename_snapshot - send_error_mail "Some errors were reported during the backup integrity check!" "Backup integrity check" -fi - -# Adjust permissions and scrub volume -if [ -n "$IS_BTRFS_PART" ] && [ "$BTRFS_SCRUB_BACKUP_DRIVE" = "yes" ] -then - inform_user "$ICyan" "Scrubbing BTRFS partition..." - if ! btrfs scrub start -B "$BACKUP_MOUNTPOINT" - then - re_rename_snapshot - send_error_mail "Some errors were reported while scrubbing the BTRFS partition." - fi -fi - -# Rename the snapshot back to normal -if ! re_rename_snapshot -then - send_error_mail "Could not rename the snapshot-pending to snapshot." "Backup integrity check" -fi - -# Print usage of drives into log -show_drive_usage - -# Unmount the backup drive -if [ -z "$SKIP_DAILY_BACKUP_CREATION" ] -then - inform_user "$ICyan" "Unmounting the backup drive..." - if mountpoint -q "$BACKUP_MOUNTPOINT" && ! umount "$BACKUP_MOUNTPOINT" - then - send_error_mail "Could not unmount the backup drive!" "Backup integrity check" - fi -fi - -# Resetting the integrity Check -inform_user "$ICyan" "Resetting the backup check timer..." -sed -i "s|^export DAYS_SINCE_LAST_BACKUP_CHECK.*|export DAYS_SINCE_LAST_BACKUP_CHECK=0|" "$SCRIPTS/daily-borg-backup.sh" - -# Show expiration time -get_expiration_time -inform_user "$IGreen" "Backup integrity check finished on $END_DATE_READABLE ($DURATION_READABLE)" - -# Send mail about successful backup -if ! send_mail "Backup integrity check successful!" "$(cat "$LOG_FILE")" -then - notify_admin_gui \ - "Backup integrity check successful! Though mail sending didn't work!" \ - "Please look at the log file $LOG_FILE if you want to find out more." - paste_log_file -else - paste_log_file - remove_log_file -fi - -# Create a file that can be checked for -rm -f /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL -touch /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL - -exit diff --git a/not-supported/btrfs-format.sh b/not-supported/btrfs-format.sh deleted file mode 100644 index 7c698aa42c..0000000000 --- a/not-supported/btrfs-format.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="BTRFS Mount" -SCRIPT_EXPLAINER="This script automates formatting drives to BTRFS." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -# Mount drive -format_drive() { -local UUID -local LABEL -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - return 1 -fi - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the drive that you would like to format to BTRFS. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}') - args+=("/dev/$drive" " $DRIVE_DESCRIPTION") -done - -# Show the drive menu -DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$DEVICE" ] -then - return 1 -fi - -# Enter partition label -while : -do - LABEL="$(input_box_flow "Please enter the partition label that the drive shall get. -If you want to cancel, type in 'exit' and press [ENTER].")" - if [ "$LABEL" = exit ] - then - return 1 - else - break - fi -done - -# Last info box -if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' to BTRFS? -All current files on the drive will be erased! -Select 'Yes' to continue with the process. Select 'No' to cancel." -then - exit 1 -fi - -# Inform user -msg_box "We will now format the drive '$DEVICE' to BTRFS. Please be patient!" - -# Wipe drive -dd if=/dev/urandom of="$DEVICE" bs=1M count=2 -parted "$DEVICE" mklabel gpt --script -parted "$DEVICE" mkpart primary 0% 100% --script - -# Wait because mkfs fails otherwise -sleep 1 - -# Format drive -if ! mkfs.btrfs "${DEVICE}1" --quiet --label "$LABEL" -then - msg_box "Something failed while formatting the drive to BTRFS." - exit 1 -fi - -# Inform user -msg_box "Formatting $DEVICE to BTRFS was successful! - -You can now use the 'BTRFS Mount' script from the Not-Supported Menu to mount the drive to your system." -} - -# Show main_menu -while : -do - choice=$(whiptail --title "$TITLE" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Format a drive" "(Interactively format a drive to BTRFS)" \ -"Exit" "(Exit this script)" 3>&1 1>&2 2>&3) - case "$choice" in - "Format a drive") - format_drive - ;; - "Exit") - break - ;; - "") - break - ;; - *) - ;; - esac -done -exit diff --git a/not-supported/btrfs-mount.sh b/not-supported/btrfs-mount.sh deleted file mode 100644 index ffacad188a..0000000000 --- a/not-supported/btrfs-mount.sh +++ /dev/null @@ -1,345 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="BTRFS Mount" -SCRIPT_EXPLAINER="This script automates mounting BTRFS drives locally in your system." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -# Mount drive -mount_drive() { -local UUIDS -local UUID -local LABEL -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - return 1 -fi - -# Wait until the drive has spin up -countdown "Waiting for the drive to spin up..." 15 - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the partition that you would like to mount. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important to show the partition menu -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}') - PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ") - unset PARTITIONS - mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')" - for partition in "${PARTITIONS[@]}" - do - STATS=$(echo "$PARTITION_STATS" | grep "^$partition ") - FSTYPE=$(echo "$STATS" | awk '{print $2}') - if [ "$FSTYPE" != "btrfs" ] - then - continue - fi - SIZE=$(echo "$STATS" | awk '{print $3}') - UUID=$(echo "$STATS" | awk '{print $4}') - if [ -z "$UUID" ] - then - continue - fi - LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||') - if ! grep -q "$UUID" /etc/fstab - then - args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE") - UUIDS+="$UUID" - else - msg_box "The partition -$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE -is already existing.\n -If you want to remove it, run the following two commands: -sudo sed -i '/$UUID/d' /etc/fstab -sudo reboot" - fi - done -done - -# Check if at least one drive was found -if [ -z "$UUIDS" ] -then - msg_box "No drive found that can get mounted. -Most likely none is BTRFS formatted." - return 1 -fi - -# Show the partition menu -UUID=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$UUID" ] -then - return 1 -fi - -# Get the label of the partition -LABEL=$(lsblk -o UUID,LABEL | grep "^$UUID " | awk '{print $2,$3,$4,$5,$6,$7,$8,$9}' | sed 's| |_|g' | sed -r 's|[_]+$||') -if [ -z "$LABEL" ] -then - LABEL="partition-label" -fi - -# Create plex user -if ! id plex &>/dev/null -then - check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex" -fi - -# Enter the mountpoint -while : -do - MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition. -One example is: '/mnt/$LABEL' -The directory has to start with '/mnt/' -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$MOUNT_PATH" = "exit" ] - then - exit 1 - elif echo "$MOUNT_PATH" | grep -q " " - then - msg_box "Please don't use spaces!" - elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/" - then - msg_box "The directory has to stat with '/mnt/'" - elif grep -q " $MOUNT_PATH " /etc/fstab - then - msg_box "The mountpoint already exists in fstab. Please try a different one." - elif mountpoint -q "$MOUNT_PATH" - then - msg_box "The mountpoint is already mounted. Please try a different one." - elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata" - then - msg_box "The directory isn't allowed to start with '/mnt/ncdata'" - elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares" - then - msg_box "The directory isn't allowed to start with '/mnt/smbshares'" - else - echo "UUID=$UUID $MOUNT_PATH btrfs defaults,nofail 0 0" >> /etc/fstab - mkdir -p "$MOUNT_PATH" - if ! mount "$MOUNT_PATH" - then - msg_box "The mount wasn't successful. Please try again." - sed -i "/$UUID/d" /etc/fstab - else - break - fi - fi -done - -# Inform the user -msg_box "Congratulations! The mount was successful. -You can now access the partition here: -$MOUNT_PATH" - -# Ask if this is a backup drive -if ! yesno_box_no "Is this drive meant to be a backup drive? -If you choose yes, it will only get mounted by a backup script \ -and will restrict the read/write permissions to the root user." -then - print_text_in_color "$ICyan" "Adjusting permissions..." - chown -R plex:plex "$MOUNT_PATH" &>/dev/null - chmod -R 770 "$MOUNT_PATH" &>/dev/null - - # Adjust permissions at start up - if ! [ -f "$SCRIPTS/adjust-startup-permissions.sh" ] - then - cat << PERMISSIONS > "$SCRIPTS/adjust-startup-permissions.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/adjust-startup-permissions.sh" -chmod 700 "$SCRIPTS/adjust-startup-permissions.sh" - -# Entries -PERMISSIONS - fi - cat << PERMISSIONS >> "$SCRIPTS/adjust-startup-permissions.sh" -find "$MOUNT_PATH/" -not -path "$MOUNT_PATH/.snapshots/*" \\( ! -perm 770 -o ! -group plex \ --o ! -user plex \\) -exec chmod 770 {} \\; -exec chown plex:plex {} \\; -PERMISSIONS - chown root:root "$SCRIPTS/adjust-startup-permissions.sh" - chmod 700 "$SCRIPTS/adjust-startup-permissions.sh" - crontab -u root -l | grep -v "$SCRIPTS/adjust-startup-permissions.sh" | crontab -u root - - crontab -u root -l | { cat; echo "@reboot $SCRIPTS/adjust-startup-permissions.sh"; } | crontab -u root - - - # Automatically create snapshots - mkdir -p "$MOUNT_PATH/.snapshots" - if ! [ -f "$SCRIPTS/create-daily-btrfs-snapshots.sh" ] - then - cat << SNAPSHOT > "$SCRIPTS/create-daily-btrfs-snapshots.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/create-daily-btrfs-snapshots.sh" -chmod 700 "$SCRIPTS/create-daily-btrfs-snapshots.sh" - -# Variables -MAX_SNAPSHOTS=14 -CURRENT_DATE=\$(date --date @"\$(date +%s)" +"%Y%m%d_%H%M%S") -SNAPSHOT - fi - cat << SNAPSHOT >> "$SCRIPTS/create-daily-btrfs-snapshots.sh" - -# $MOUNT_PATH -btrfs subvolume snapshot -r "$MOUNT_PATH/" "$MOUNT_PATH/.snapshots/@\$CURRENT_DATE" -while [ "\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt "\$MAX_SNAPSHOTS" ] -do - DELETE="\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)" - btrfs subvolume delete "\$DELETE" -done -SNAPSHOT - chown root:root "$SCRIPTS/create-daily-btrfs-snapshots.sh" - chmod 700 "$SCRIPTS/create-daily-btrfs-snapshots.sh" - crontab -u root -l | grep -v "$SCRIPTS/create-daily-btrfs-snapshots.sh" | crontab -u root - - crontab -u root -l | { cat; echo "@daily $SCRIPTS/create-daily-btrfs-snapshots.sh >/dev/null"; } | crontab -u root - - - # Execute monthly scrubs - if ! [ -f "$SCRIPTS/scrub-btrfs-monthly.sh" ] - then - cat << SNAPSHOT > "$SCRIPTS/scrub-btrfs-monthly.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/scrub-btrfs-monthly.sh" -chmod 700 "$SCRIPTS/scrub-btrfs-monthly.sh" - -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh -SNAPSHOT - fi - cat << SNAPSHOT >> "$SCRIPTS/scrub-btrfs-monthly.sh" - -# $MOUNT_PATH -notify_admin_gui "Starting monthly BTRFS check of $MOUNT_PATH" "Starting BTRFS-scrub of $MOUNT_PATH. -You will be notified again when the scrub is done" -if ! btrfs scrub start -B "$MOUNT_PATH" -then - notify_admin_gui "Error while performing monthly BTRFS scrub of $MOUNT_PATH!" \ - "Error on $MOUNT_PATH\nPlease look at $VMLOGS/monthly-btrfs-scrub.log for further info!" -else - notify_admin_gui "Monthly BTRFS scrub successful of $MOUNT_PATH!" \ - "$MOUNT_PATH was successfully tested!\nPlease look at $VMLOGS/monthly-btrfs-scrub.log for further info!" -fi -SNAPSHOT - chown root:root "$SCRIPTS/scrub-btrfs-monthly.sh" - chmod 700 "$SCRIPTS/scrub-btrfs-monthly.sh" - crontab -u root -l | grep -v "$SCRIPTS/scrub-btrfs-monthly.sh" | crontab -u root - - crontab -u root -l | { cat; echo "@monthly $SCRIPTS/scrub-btrfs-monthly.sh >> $VMLOGS/monthly-btrfs-scrub.log 2>&1"; } | crontab -u root - - - # Test if Plex is installed - if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" - then - # Reconfiguring Plex - msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive. -This can take a while. Please be patient!" - print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..." - docker pull assaflavie/runlike - echo '#/bin/bash' > /tmp/pms-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf - if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf - then - MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}" - sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf - docker stop plex - if ! docker rm plex - then - msg_box "Something failed while removing the old container." - return - fi - if ! bash /tmp/pms-conf - then - msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'" - return - fi - rm /tmp/pms-conf - msg_box "Plex was adjusted!" - else - rm /tmp/pms-conf - msg_box "No need to update Plex, since the drive is already mounted to Plex." - fi - fi - return -fi - -# Execute the change to a backup drive -print_text_in_color "$ICyan" "Adjusting permissions..." -sed -i "/$UUID/s/defaults,nofail/defaults,noauto/" /etc/fstab -chown -R root:root "$MOUNT_PATH" -chmod -R 600 "$MOUNT_PATH" -umount "$MOUNT_PATH" -msg_box "Your Backup drive is ready." -} - -# Show main_menu -while : -do - choice=$(whiptail --title "$TITLE" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Mount a drive" "(Interactively mount a BTRFS drive)" \ -"Exit" "(Exit this script)" 3>&1 1>&2 2>&3) - case "$choice" in - "Mount a drive") - mount_drive - ;; - "Exit") - break - ;; - "") - break - ;; - *) - ;; - esac -done -exit diff --git a/not-supported/daily-backup-wizard.sh b/not-supported/daily-backup-wizard.sh deleted file mode 100644 index c42319608b..0000000000 --- a/not-supported/daily-backup-wizard.sh +++ /dev/null @@ -1,489 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Daily Backup Wizard" -SCRIPT_EXPLAINER="This script helps creating a daily backup script for your server." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -BACKUP_SCRIPT_NAME="$SCRIPTS/daily-borg-backup.sh" - -# Functions -mount_if_connected() { - umount "$1" &>/dev/null - mount "$1" &>/dev/null - if ! mountpoint -q "$1" - then - return 1 - fi - return 0 -} -get_backup_mounts() { - BACKUP_MOUNTS="" - BACKUP_MOUNTS="$(grep "ntfs-3g" /etc/fstab | grep "windows_names" | grep "uid=root" \ -| grep "gid=root" | grep "umask=177" | grep "noauto" | awk '{print $2}')" - BACKUP_MOUNTS+="\n" - BACKUP_MOUNTS+="$(grep cifs /etc/fstab | grep "uid=root" | grep "gid=root" \ -| grep "file_mode=0600" | grep "dir_mode=0600" | grep "noauto" | awk '{print $2}')" - BACKUP_MOUNTS+="\n" - BACKUP_MOUNTS+="$(grep btrfs /etc/fstab | grep ",noauto" | awk '{print $2}')" -} - -# Ask for execution -msg_box "$SCRIPT_EXPLAINER" -if ! yesno_box_yes "Do you want to create a daily backup script?" -then - exit -fi - -# Before starting check if the requirements are met -if [ -f "$BACKUP_SCRIPT_NAME" ] -then - msg_box "The daily backup script already exists. -Please rename or delete $BACKUP_SCRIPT_NAME if you want to reconfigure the backup." - exit 1 -fi -# Check if pending snapshot is existing and cancel the setup in this case. -if does_snapshot_exist "NcVM-startup" -then - # Cannot get executed during the startup script - if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] - then - msg_box "The daily backup cannot get configured during the startup script. -Please try again after it is finished by running: -'sudo bash $SCRIPTS/menu.sh' -> 'Server Configuration' -> 'Daily Backup Wizard'." - exit - fi - msg_box "You need to run the update script once before you can continue with creating the backup script." - if yesno_box_yes "Do you want to do this now?" - then - bash "$SCRIPTS"/update.sh minor - else - exit 1 - fi - if does_snapshot_exist "NcVM-startup" - then - msg_box "It seems like the statup script wasn't correctly removed. Cannot proceed." - exit 1 - fi -fi -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "It seems to be currently running a backup or update. -Cannot set up the daily backup now. Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -fi - -# Check if snapshot/free space exists -check_free_space -if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ] -then - msg_box "Unfortunately you have not enough free space on your vgs to \ -create a LVM-snapshot which is a requirement to create a backup script. - -If you are running the script in a VM and not on barebones, you can increase your root partition manually by following these steps: -1. Shut down the VM and create a snapshot/copy of it (in order to be able to restore the current state) -2. Now increase the size of the virtual disk1 in your hypervisor by at least 5 GB (e.g. in VMWare Virtualplayer) -3. Power the VM back on -4. Log in via SSH and run the following command: -'sudo pvresize \$(sudo pvs | grep ubuntu-vg | grep -oP \"/dev/sda[0-9]\")' -5. Now you can run this script again: -'sudo bash $SCRIPTS/menu.sh' -> 'Server Configuration' -> 'Daily Backup Wizard'" - exit 1 -fi - -# Check if backup drives existing -get_backup_mounts -if [ "$BACKUP_MOUNTS" = "\n\n" ] -then - msg_box "No backup mount found that can be used as daily backup target. -Please mount one with the SMB Mount script from the Additional Apps Menu \ -or with the BTRFS Mount script or NTFS Mount script from the Not-Supported Menu." - if yesno_box_yes "Do you want to mount a SMB-share that can be used as backup target with the SMB Mount script? -(This requires a SMB-server in your network.)" - then - run_script APP smbmount - else - exit 1 - fi - get_backup_mounts - if [ "$BACKUP_MOUNTS" = "\n\n" ] - then - msg_box "Still haven't found any backup mount that can be used as daily backup target. Cannot proceed!" - exit 1 - fi -fi -BACKUP_MOUNTS="$(echo -e "$BACKUP_MOUNTS")" -mapfile -t BACKUP_MOUNTS <<< "$BACKUP_MOUNTS" -for drive in "${BACKUP_MOUNTS[@]}" -do - if ! mount_if_connected "$drive" - then - continue - fi - BACKUP_DRIVES+=("$drive") - umount "$drive" -done -if [ -z "${BACKUP_DRIVES[*]}" ] -then - msg_box "No backup drive found that is currently connected. -Please connect it to your server before you can continue." - exit 1 -else - msg_box "At least one backup mount found. Please leave it connected." -fi -# Check if /mnt/ncdata is mounted -if grep -q " /mnt/ncdata " /etc/mtab && ! grep " /mnt/ncdata " /etc/mtab | grep -q zfs -then - msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive. -This is currently not supported." - exit 1 -fi -# The same with the /home directory -if grep -q " /home " /etc/mtab -then - msg_box "The '/home' directory is mounted and not existing on the root drive. -This is currently not supported." - exit 1 -fi -# Test sending of mails -if ! send_mail "Testmail" \ -"This is a testmail to test if the server can send mails which is needed for the 'Daily Backup Wizard'." -then - msg_box "The server is not configured to send mails." - if yesno_box_yes "Do you want to do this now?" - then - run_script ADDONS smtp-mail - else - exit 1 - fi - if ! send_mail "Testmail" \ -"This is a testmail to test if the server can send mails which is needed for the 'Daily Backup Wizard'." - then - msg_box "The server still cannot send mails. Cannot proceed!" - exit 1 - fi -fi - -# Drive Menu -args=(whiptail --title "$TITLE" --separate-output --checklist \ -"Please select the drives/mountpoints that you want to backup. -Always included is a full system backup (aka '/') and the '/mnt/ncdata' directory/drive. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get mountpoints -DRIVE_MOUNTS=$(find /mnt/ -mindepth 1 -maxdepth 2 -type d | grep -v "/mnt/ncdata") -mapfile -t DRIVE_MOUNTS <<< "$DRIVE_MOUNTS" - -# Check if drives are connected -if [ -n "${DRIVE_MOUNTS[*]}" ] -then - for mountpoint in "${DRIVE_MOUNTS[@]}" - do - if mountpoint -q "$mountpoint" && [ "$(stat -c '%a' "$mountpoint")" = "770" ] \ -&& [ "$(stat -c '%U' "$mountpoint")" = "www-data" ] && [ "$(stat -c '%G' "$mountpoint")" = "www-data" ] - then - args+=("$mountpoint" "" OFF) - RESULTS+="$mountpoint" - fi - done - - # Only show menu if at least one additional drive is connected - if [ -n "$RESULTS" ] - then - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - else - msg_box "No connected drive found that can get backed up. -Always included is a full system backup (aka '/') and the '/mnt/ncdata' directory/drive." - fi - - # Let the user select directories on the found drives - if [ -n "$selected_options" ] - then - mapfile -t SELECTED_DRIVES <<< "$selected_options" - for mountpoint in "${SELECTED_DRIVES[@]}" - do - if yesno_box_yes "Do you want to backup the whole drive that is mounted at '$mountpoint'?" - then - ADDITIONAL_BACKUP_DIRECTORIES+=("$mountpoint") - continue - fi - DIRECTORIES=$(find "$mountpoint" -maxdepth 2 -type d | grep "$mountpoint/") - while : - do - msg_box "Those are existing directories on that drive. Please remember one.\n\n$mountpoint/\n$DIRECTORIES" - SELECTION=$(input_box_flow "Please type in one \ -directory that you would like to backup on this drive '$mountpoint'. -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$SELECTION" = "exit" ] - then - exit 1 - elif ! echo "$SELECTION" | grep -q "^$mountpoint/" - then - msg_box "It has to be a directory in '$mountpoint'. Please try again." - elif ! [ -d "$SELECTION" ] - then - msg_box "The directory doesn't exist. Please try again." - else - ADDITIONAL_BACKUP_DIRECTORIES+=("$SELECTION") - break - fi - done - done - fi -fi - -# Backup drive menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup drive that you want to use. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get all backup drives -for drive in "${BACKUP_DRIVES[@]}" -do - if ! mount_if_connected "$drive" - then - continue - fi - args+=("$drive" "") - CONNECTED_DRIVES+="$drive" - umount "$drive" -done - -# Show backup drive menu -if [ -n "$CONNECTED_DRIVES" ] -then - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) -else - msg_box "No backup drive connected. -Hence, unable to continue." - exit 1 -fi - -# Cancel if nothing chosen -if [ -z "$selected_options" ] -then - msg_box "No backup drive chosen. Hence exiting." - exit 1 -else - BACKUP_TARGET_DIRECTORY="${selected_options%%/}" - # Mount the backup drive - check_command mount "$BACKUP_TARGET_DIRECTORY" - BACKUP_MOUNT="$BACKUP_TARGET_DIRECTORY" -fi - -# Ask if default directory shall get used -if yesno_box_yes "Do you want to use the recommended backup directory which is: -'$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM'?" -then - if [ -d "$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM" ] && ! rm -d "$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM" &>/dev/null - then - msg_box "The directory '$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM' exists and cannot be used. -Please choose a custom one." - CUSTOM_DIRECTORY=1 - else - BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM" - fi -else - CUSTOM_DIRECTORY=1 -fi - -# Choose custom backup directory -if [ -n "$CUSTOM_DIRECTORY" ] -then - while : - do - SELECTED_DIRECTORY=$(input_box_flow "Please type in the directory that you want to use as backup directory. -It has to start with '$BACKUP_TARGET_DIRECTORY/'. -Recommended is '$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM' -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$SELECTED_DIRECTORY" = "exit" ] - then - exit 1 - elif echo "$SELECTED_DIRECTORY" | grep -q " " - then - msg_box "Please don't use spaces." - elif ! echo "$SELECTED_DIRECTORY" | grep -q "^$BACKUP_TARGET_DIRECTORY/" - then - msg_box "The backup directory has to start with '$BACKUP_TARGET_DIRECTORY/'. Please try again." - elif [ -d "$SELECTED_DIRECTORY" ] && ! rm -d "$SELECTED_DIRECTORY" &>/dev/null - then - msg_box "This directory already exists. Please try again." - else - if ! mkdir -p "$SELECTED_DIRECTORY" - then - msg_box "Couldn't create the directory. Please try again." - rm -d "$SELECTED_DIRECTORY" &>/dev/null - else - rm -d "$SELECTED_DIRECTORY" &>/dev/null - BACKUP_TARGET_DIRECTORY="$SELECTED_DIRECTORY" - break - fi - fi - done -fi - -# Ask for an Encryption key -while : -do - ENCRYPTION_KEY=$(input_box_flow "Please enter the encryption key that shall get used for Borg backups. -Please remember to store this key at a save place. You will not be able to restore your backup if you lose the key. -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$ENCRYPTION_KEY" = "exit" ] - then - exit 1 - elif yesno_box_no "Have you saved the encryption key for your backup?" - then - break - fi -done - -# Ask when the daily backup shall run -if yesno_box_yes "Do you want to run the daily backup at the recommended time 4.00 am?" -then - BACKUP_TIME="00 04" -else - while : - do - BACKUP_TIME=$(input_box_flow "Please enter the time when the backup shall get executed daily in this format: -'mm hh' (minutes first, hours second) -Recommended is: '00 04' (Backups will be executed at 4.00 am) -Please enter it in 24h format. (No am and pm). -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$BACKUP_TIME" = "exit" ] - then - exit 1 - elif ! echo "$BACKUP_TIME" | grep -q "^[0-5][0-9] [0-1][0-9]$" && ! echo "$BACKUP_TIME" | grep -q "^[0-5][0-9] 2[0-3]$" - then - msg_box "Please enter the time in this format: -'mm hh' (minutes first, hours second) -Recommended is: '00 04' (Backups will be executed at 4.00 am)" - else - break - fi - done -fi - -# Install needed tools -msg_box "We will now install all needed tools, initialize the Borg backup repository and create the daily backup script now." -install_if_not borgbackup - -# Initialize the borg backup repository -export BORG_PASSPHRASE="$ENCRYPTION_KEY" -mkdir -p "$BACKUP_TARGET_DIRECTORY" -check_command borg init --encryption=repokey-blake2 "$BACKUP_TARGET_DIRECTORY" -borg config "$BACKUP_TARGET_DIRECTORY" additional_free_space 2G -unset BORG_PASSPHRASE - -# Fix too large Borg cache -# https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do -BORG_ID="$(borg config "$BACKUP_TARGET_DIRECTORY" id)" -check_command rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d" -check_command touch "/root/.cache/borg/$BORG_ID/chunks.archive.d" - -# Make a backup from the borg config file -if ! [ -f "$BACKUP_TARGET_DIRECTORY/config" ] -then - msg_box "The borg config file wasn't created. Something is wrong." - exit 1 -else - if ! send_mail "Your daily backup config file! Please save/archive it!" "$(cat "$BACKUP_TARGET_DIRECTORY/config")" - then - msg_box "Could not send the daily backup config file. This is wrong." - exit 1 - fi -fi - -# Unmount the backup drive -check_command umount "$BACKUP_MOUNT" - -# Write beginning of the script -cat << WRITE_BACKUP_SCRIPT > "$BACKUP_SCRIPT_NAME" -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Daily Borg Backup" -SCRIPT_EXPLAINER="This script executes the daily Borg backup." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Export Variables -export ENCRYPTION_KEY='$ENCRYPTION_KEY' -export BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY" -export BACKUP_MOUNTPOINT="$BACKUP_MOUNT" -export BORGBACKUP_LOG="$VMLOGS/borgbackup.log" -export CHECK_BACKUP_INTERVAL_DAYS=14 -export DAYS_SINCE_LAST_BACKUP_CHECK=14 -WRITE_BACKUP_SCRIPT -unset ENCRYPTION_KEY - -# Secure the file -chown root:root "$BACKUP_SCRIPT_NAME" -chmod 700 "$BACKUP_SCRIPT_NAME" - -# Add a variable for enabling/disabling btrfs scrub for the backup drive -if grep "$BACKUP_MOUNT" /etc/fstab | grep -q btrfs -then - echo 'export BTRFS_SCRUB_BACKUP_DRIVE="yes"' >> "$BACKUP_SCRIPT_NAME" -fi - -# Write additional backup sources to the script -SOURCES='export ADDITIONAL_BACKUP_DIRECTORIES="' -for source in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}" -do - SOURCES+="$source\n" -done -SOURCES="${SOURCES%%\\n}" -SOURCES+='"' -echo -e "$SOURCES" >> "$BACKUP_SCRIPT_NAME" - -# Write end of the script -cat << WRITE_BACKUP_SCRIPT >> "$BACKUP_SCRIPT_NAME" - -# Execute backup -if network_ok -then - echo "Executing \$SCRIPT_NAME. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$BORGBACKUP_LOG" - run_script NOT_SUPPORTED_FOLDER borgbackup -else - echo "Unable to execute \$SCRIPT_NAME. No network connection. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$BORGBACKUP_LOG" - notify_admin_gui "Unable to execute \$SCRIPT_NAME." "No network connection." -fi -WRITE_BACKUP_SCRIPT - -# Create fstab entry -crontab -u root -l | grep -v "$BACKUP_SCRIPT_NAME" | crontab -u root - -crontab -u root -l | { cat; echo "$BACKUP_TIME * * * $BACKUP_SCRIPT_NAME > /dev/null 2>&1" ; } | crontab -u root - - -# Inform user -msg_box "The Borg backup script was successfully created! -It is located here: '$BACKUP_SCRIPT_NAME'\n -The first backup will run automatically at your chosen time." - -exit diff --git a/not-supported/firewall.sh b/not-supported/firewall.sh deleted file mode 100644 index b410609f5c..0000000000 --- a/not-supported/firewall.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Firewall" -SCRIPT_EXPLAINER="This script helps setting up a firewall for your NcVM." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if firewall is already enabled -if ! ufw status | grep -q " active" -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Ask for removal or reinstallation - reinstall_remove_menu "$SCRIPT_NAME" - # Removal - ufw disable - ufw --force reset - # Show successful uninstall if applicable - removal_popup "$SCRIPT_NAME" -fi - -# Install and enable firewall -if ! is_this_installed ufw -then - DEBIAN_FRONTEND=noninteractive apt-get install ufw -y --no-install-recommends - systemctl enable ufw &>/dev/null - systemctl start ufw &>/dev/null -fi - -# SSH -print_text_in_color "$ICyan" "Allow SSH" -ufw allow ssh comment SSH - -# Web server -print_text_in_color "$ICyan" "Web server" -ufw allow http comment http -ufw allow https comment https - -# UPnP -print_text_in_color "$ICyan" "UPnP" -ufw allow proto udp from 192.168.0.0/16 comment UPnP - -# Adminer -print_text_in_color "$ICyan" "Allow Adminer" -ufw allow 9443/tcp comment Adminer - -# Netdata -print_text_in_color "$ICyan" "Allow Netdata" -ufw allow 19999/tcp comment 'Netdata TCP' -ufw allow 19999/udp comment 'Netdata UDP' - -# Talk (no custom port possible) -print_text_in_color "$ICyan" "Allow Talk" -ufw allow 3478/tcp comment 'Talk TCP' -ufw allow 3478/udp comment 'Talk UDP' - -# Webmin -print_text_in_color "$ICyan" "Allow Webmin" -ufw allow 10000/tcp comment Webmin - -# RDP -if is_this_installed xrdp -then - print_text_in_color "$ICyan" "Allow RDP" - ufw allow 3389/tcp comment Remotedesktop -fi - -# Samba -if is_this_installed samba -then - print_text_in_color "$ICyan" "Allow Samba" - ufw allow samba comment Samba -fi - -# Pi-hole -if pihole &>/dev/null -then - print_text_in_color "$ICyan" "Allow Pi-hole" - ufw allow 53/tcp comment 'Pi-hole TCP' - ufw allow 53/udp comment 'Pi-hole UDP' - ufw allow 8094/tcp comment 'Pi-hole Web' -fi - -# PiVPN -if pivpn &>/dev/null -then - print_text_in_color "$ICyan" "Allow PiVPN" - ufw allow 51820/udp comment 'PiVPN' -fi - -# Plex -if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" -then - print_text_in_color "$ICyan" "Allow Plex" - for port in 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp - do - ufw allow "$port" comment "Plex $port" - done -fi - -# Enable firewall -print_text_in_color "$ICyan" "Enable Firewall" -ufw --force enable - -msg_box "The Firewall was configured successfully!" diff --git a/not-supported/monitor-link-shares.sh b/not-supported/monitor-link-shares.sh deleted file mode 100644 index 76bb22eada..0000000000 --- a/not-supported/monitor-link-shares.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Monitor Link Shares" -SCRIPT_EXPLAINER="This script creates a script which monitors link shares and sends a mail or notification if new link shares were created in Nextcloud." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if the script is already installed -if ! [ -f "$SCRIPTS/audit-link-shares.sh" ] -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Ask for removal or reinstallation - reinstall_remove_menu "$SCRIPT_NAME" - # Removal - rm "$SCRIPTS/audit-link-shares.sh" - crontab -u root -l | grep -v "$SCRIPTS/audit-link-shares.sh" | crontab -u root - - # Show successful uninstall if applicable - removal_popup "$SCRIPT_NAME" -fi - -# Create script -cat << MONITOR_LINK_SHARES > "$SCRIPTS/audit-link-shares.sh" -#!/bin/bash - -LINK_SHARE="\$(timeout 30m tail -n0 -f "$VMLOGS/audit.log" | grep "has been shared via link")" -if [ -z "\$LINK_SHARE" ] -then - exit -fi - -source "$SCRIPTS/fetch_lib.sh" -LINK_SHARE="\$(prettify_json "\$LINK_SHARE")" -FILES_FOLDERS="\$(echo "\$LINK_SHARE" | grep '"message":' | sed 's|.*"message": "||;s| with ID ".*||' | sort | uniq)" -if ! send_mail "Link share was created" "The following files/folders have been shared via link: -\$FILES_FOLDERS\n -See the full log below: -\$LINK_SHARE" -then - notify_admin_gui "Link share was created" "The following files/folders have been shared via link: -\$FILES_FOLDERS" -fi -MONITOR_LINK_SHARES - -# Adjust rights -chown root:root "$SCRIPTS/audit-link-shares.sh" -chmod 700 "$SCRIPTS/audit-link-shares.sh" - -# Create cronjob -crontab -u root -l | grep -v "$SCRIPTS/audit-link-shares.sh" | crontab -u root - -crontab -u root -l | { cat; echo "*/30 * * * * $SCRIPTS/audit-link-shares.sh >/dev/null" ; } | crontab -u root - - -# enable admin_audit app -install_and_enable_app admin_audit - -msg_box "$SCRIPT_NAME was successfully configured! -You will get a mail if new link shares were created." diff --git a/not-supported/not-supported.sh b/not-supported/not-supported.sh deleted file mode 100644 index 779ccaf825..0000000000 --- a/not-supported/not-supported.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Not-supported Menu" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -print_text_in_color "$ICyan" "Running the Not-supported Menu script..." - -if network_ok -then - # Delete, download, run - run_script NOT_SUPPORTED_FOLDER not-supported_menu -fi - -exit diff --git a/not-supported/not-supported_menu.sh b/not-supported/not-supported_menu.sh deleted file mode 100644 index 38e82cada7..0000000000 --- a/not-supported/not-supported_menu.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Not-supported Menu" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Main menu -choice=$(whiptail --title "$TITLE" --checklist \ -"This is the Not-supported Menu of the Nextcloud VM! - -Please note that all options that get offered to you are not part of the released version and thus not 100% ready. -So please run them on your own risk. Feedback is more than welcome, though and can get reported here: $ISSUES - -Choose which one you want to execute. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"BTRFS Format" "(Format drives to BTRFS)" OFF \ -"BTRFS Mount" "(Mount BTRFS drives)" OFF \ -"BTRFS Veracrypt" "(Format, encrypt and mount Veracrypt BTRFS drives)" OFF \ -"NTFS Format" "(Format drives to NTFS)" OFF \ -"NTFS Mount" "(Mount NTFS drives)" OFF \ -"NTFS Veracrypt" "(Format, encrypt and mount Veracrypt NTFS drives)" OFF \ -"Backup Viewer" "(View your Backups)" OFF \ -"Daily Backup Wizard" "(Create a Daily Backup script)" OFF \ -"Firewall" "(Setting up a firewall)" OFF \ -"Harden SSH" "(Harden SSH configuration)" OFF \ -"Monitor Link Shares" "(Monitors the creation of link shares)" OFF \ -"Off-Shore Backup Wizard" "(Create an Off-Shore Backup script)" OFF \ -"Pi-hole" "(Network wide ads- and tracker blocking)" OFF \ -"PiVPN" "(Install a Wireguard VPN server with PiVPN)" OFF \ -"PLEX Media Server" "(Multimedia server application)" OFF \ -"Remotedesktop" "(Install a remotedesktop based on xrdp)" OFF \ -"SMB-server" "(Create and manage a SMB-server on OS level)" OFF \ -"System Restore" "(Restore the system partition from a backup)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"BTRFS Format"*) - print_text_in_color "$ICyan" "Downloading the BTRFS Format script..." - run_script NOT_SUPPORTED_FOLDER btrfs-format - ;;& - *"BTRFS Mount"*) - print_text_in_color "$ICyan" "Downloading the BTRFS Mount script..." - run_script NOT_SUPPORTED_FOLDER btrfs-mount - ;;& - *"BTRFS Veracrypt"*) - print_text_in_color "$ICyan" "Downloading the Veracrypt script..." - run_script NOT_SUPPORTED_FOLDER veracrypt-btrfs - ;;& - *"NTFS Format"*) - print_text_in_color "$ICyan" "Downloading the NTFS Format script..." - run_script NOT_SUPPORTED_FOLDER ntfs-format - ;;& - *"NTFS Mount"*) - print_text_in_color "$ICyan" "Downloading the NTFS Mount script..." - run_script NOT_SUPPORTED_FOLDER ntfs-mount - ;;& - *"NTFS Veracrypt"*) - print_text_in_color "$ICyan" "Downloading the Veracrypt script..." - run_script NOT_SUPPORTED_FOLDER veracrypt-ntfs - ;;& - *"Backup Viewer"*) - print_text_in_color "$ICyan" "Downloading the Daily Backup Viewer script..." - run_script NOT_SUPPORTED_FOLDER backup-viewer - ;;& - *"Daily Backup Wizard"*) - print_text_in_color "$ICyan" "Downloading the Daily Backup Wizard script..." - run_script NOT_SUPPORTED_FOLDER daily-backup-wizard - ;;& - *"Firewall"*) - print_text_in_color "$ICyan" "Downloading the Firewall script..." - run_script NOT_SUPPORTED_FOLDER firewall - ;;& - *"Harden SSH"*) - print_text_in_color "$ICyan" "Downloading the Harden SSH script..." - run_script ADDONS harden-ssh - ;;& - *"Monitor Link Shares"*) - print_text_in_color "$ICyan" "Monitor Link Shares..." - run_script NOT_SUPPORTED_FOLDER monitor-link-shares - ;;& - *"Off-Shore Backup Wizard"*) - print_text_in_color "$ICyan" "Downloading the Off-Shore Backup Wizard script..." - run_script NOT_SUPPORTED_FOLDER offshore-backup-wizard - ;;& - *"Pi-hole"*) - print_text_in_color "$ICyan" "Downloading the Pi-hole script..." - run_script NOT_SUPPORTED_FOLDER pi-hole - ;;& - *"PiVPN"*) - print_text_in_color "$ICyan" "Downloading the PiVPN script..." - run_script NOT_SUPPORTED_FOLDER pivpn - ;;& - *"PLEX Media Server"*) - print_text_in_color "$ICyan" "Downloading the PLEX Media Server script..." - run_script NOT_SUPPORTED_FOLDER plexmediaserver - ;;& - *"Remotedesktop"*) - print_text_in_color "$ICyan" "Downloading the Remotedesktop script..." - run_script NOT_SUPPORTED_FOLDER remotedesktop - ;;& - *"SMB-server"*) - print_text_in_color "$ICyan" "Downloading the SMB Server script..." - run_script NOT_SUPPORTED_FOLDER smbserver - ;;& - *"System Restore"*) - print_text_in_color "$ICyan" "Downloading the System Restore script..." - run_script NOT_SUPPORTED_FOLDER system-restore - ;;& - *) - ;; -esac -exit diff --git a/not-supported/ntfs-format.sh b/not-supported/ntfs-format.sh deleted file mode 100644 index e2b30d5bd1..0000000000 --- a/not-supported/ntfs-format.sh +++ /dev/null @@ -1,151 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="NTFS Mount" -SCRIPT_EXPLAINER="This script automates formatting drives to NTFS." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -# Mount drive -format_drive() { -local UUID -local LABEL -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - return 1 -fi - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the drive that you would like to format to NTFS. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}') - args+=("/dev/$drive" " $DRIVE_DESCRIPTION") -done - -# Show the drive menu -DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$DEVICE" ] -then - return 1 -fi - -# Enter partition label -while : -do - LABEL="$(input_box_flow "Please enter the partition label that the drive shall get. -If you want to cancel, type in 'exit' and press [ENTER].")" - if [ "$LABEL" = exit ] - then - return 1 - else - break - fi -done - -# Last info box -if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' to NTFS? -All current files on the drive will be erased! -Select 'Yes' to continue with the process. Select 'No' to cancel." -then - exit 1 -fi - -# Inform user -msg_box "We will now format the drive '$DEVICE' to NTFS. Please be patient!" - -# Wipe drive -dd if=/dev/urandom of="$DEVICE" bs=1M count=2 -parted "$DEVICE" mklabel gpt --script -parted "$DEVICE" mkpart primary 0% 100% --script -parted "$DEVICE" set 1 msftdata on --script - -# Wait because mkfs fails otherwise -sleep 1 - -# Format drive -if ! mkfs.ntfs --quick "${DEVICE}1" --label "$LABEL" -then - msg_box "Something failed while formatting the drive to NTFS." - exit 1 -fi - -# Inform user -msg_box "Formatting $DEVICE to NTFS was successful! - -You can now use the 'NTFS Mount' script from the Not-Supported Menu to mount the drive to your system." -} - -# Show main_menu -while : -do - choice=$(whiptail --title "$TITLE" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Format a drive" "(Interactively format a drive to NTFS)" \ -"Exit" "(Exit this script)" 3>&1 1>&2 2>&3) - case "$choice" in - "Format a drive") - format_drive - ;; - "Exit") - break - ;; - "") - break - ;; - *) - ;; - esac -done -exit diff --git a/not-supported/ntfs-mount.sh b/not-supported/ntfs-mount.sh deleted file mode 100644 index 4c9cf5e6c9..0000000000 --- a/not-supported/ntfs-mount.sh +++ /dev/null @@ -1,254 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="NTFS Mount" -SCRIPT_EXPLAINER="This script automates mounting NTFS drives locally in your system." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -# Mount drive -mount_drive() { -local UUIDS -local UUID -local LABEL -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - return 1 -fi - -# Wait until the drive has spin up -countdown "Waiting for the drive to spin up..." 15 - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the partition that you would like to mount. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important to show the partition menu -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}') - PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ") - unset PARTITIONS - mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')" - for partition in "${PARTITIONS[@]}" - do - STATS=$(echo "$PARTITION_STATS" | grep "^$partition ") - FSTYPE=$(echo "$STATS" | awk '{print $2}') - if [ "$FSTYPE" != "ntfs" ] - then - continue - fi - SIZE=$(echo "$STATS" | awk '{print $3}') - UUID=$(echo "$STATS" | awk '{print $4}') - if [ -z "$UUID" ] - then - continue - fi - LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||') - if ! grep -q "$UUID" /etc/fstab - then - args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE") - UUIDS+="$UUID" - else - msg_box "The partition -$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE -is already existing.\n -If you want to remove it, run the following two commands: -sudo sed -i '/$UUID/d' /etc/fstab -sudo reboot" - fi - done -done - -# Check if at least one drive was found -if [ -z "$UUIDS" ] -then - msg_box "No drive found that can get mounted. -Most likely none is NTFS formatted." - return 1 -fi - -# Show the partition menu -UUID=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$UUID" ] -then - return 1 -fi - -# Get the label of the partition -LABEL=$(lsblk -o UUID,LABEL | grep "^$UUID " | awk '{print $2,$3,$4,$5,$6,$7,$8,$9}' | sed 's| |_|g' | sed -r 's|[_]+$||') -if [ -z "$LABEL" ] -then - LABEL="partition-label" -fi - -# Create plex user -if ! id plex &>/dev/null -then - check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex" -fi - -# Enter the mountpoint -while : -do - MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition. -One example is: '/mnt/$LABEL' -The directory has to start with '/mnt/' -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$MOUNT_PATH" = "exit" ] - then - exit 1 - elif echo "$MOUNT_PATH" | grep -q " " - then - msg_box "Please don't use spaces!" - elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/" - then - msg_box "The directory has to stat with '/mnt/'" - elif grep -q " $MOUNT_PATH " /etc/fstab - then - msg_box "The mountpoint already exists in fstab. Please try a different one." - elif mountpoint -q "$MOUNT_PATH" - then - msg_box "The mountpoint is already mounted. Please try a different one." - elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata" - then - msg_box "The directory isn't allowed to start with '/mnt/ncdata'" - elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares" - then - msg_box "The directory isn't allowed to start with '/mnt/smbshares'" - else - echo "UUID=$UUID $MOUNT_PATH ntfs-3g \ -windows_names,uid=plex,gid=plex,umask=007,nofail 0 0" >> /etc/fstab - mkdir -p "$MOUNT_PATH" - if ! mount "$MOUNT_PATH" - then - msg_box "The mount wasn't successful. Please try again." - sed -i "/$UUID/d" /etc/fstab - else - break - fi - fi -done - -# Inform the user -msg_box "Congratulations! The mount was successful. -You can now access the partition here: -$MOUNT_PATH" - -# Ask if this is a backup drive -if ! yesno_box_no "Is this drive meant to be a backup drive? -If you choose yes, it will only get mounted by a backup script \ -and will restrict the read/write permissions to the root user." -then - # Test if Plex is installed - if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" - then - # Reconfiguring Plex - msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive. -This can take a while. Please be patient!" - print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..." - docker pull assaflavie/runlike - echo '#/bin/bash' > /tmp/pms-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf - if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf - then - MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}" - sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf - docker stop plex - if ! docker rm plex - then - msg_box "Something failed while removing the old container." - return - fi - if ! bash /tmp/pms-conf - then - msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'" - return - fi - rm /tmp/pms-conf - msg_box "Plex was adjusted!" - else - rm /tmp/pms-conf - msg_box "No need to update Plex, since the drive is already mounted to Plex." - fi - fi - return -fi - -# Execute the change to a backup drive -umount "$MOUNT_PATH" -sed -i "/$UUID/d" /etc/fstab -echo "UUID=$UUID $MOUNT_PATH ntfs-3g windows_names,uid=root,gid=root,umask=177,nofail,noauto 0 0" >> /etc/fstab -msg_box "Your Backup drive is ready." -} - -# Show main_menu -while : -do - choice=$(whiptail --title "$TITLE" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Mount a drive" "(Interactively mount a NTFS drive)" \ -"Exit" "(Exit this script)" 3>&1 1>&2 2>&3) - case "$choice" in - "Mount a drive") - mount_drive - ;; - "Exit") - break - ;; - "") - break - ;; - *) - ;; - esac -done -exit diff --git a/not-supported/offshore-backup-wizard.sh b/not-supported/offshore-backup-wizard.sh deleted file mode 100644 index cacad0a6d2..0000000000 --- a/not-supported/offshore-backup-wizard.sh +++ /dev/null @@ -1,344 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Off-Shore Backup Wizard" -SCRIPT_EXPLAINER="This script helps creating an off-shore backup script for your server." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -BACKUP_SCRIPT_NAME="$SCRIPTS/off-shore-rsync-backup.sh" -DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh" - -# Functions -mount_if_connected() { - umount "$1" &>/dev/null - mount "$1" &>/dev/null - if ! mountpoint -q "$1" - then - return 1 - fi - return 0 -} - -# Ask for execution -msg_box "$SCRIPT_EXPLAINER" -if ! yesno_box_yes "Do you want to create an off-shore backup script?" -then - exit -fi - -# Before starting check if the requirements are met -if [ -f "$BACKUP_SCRIPT_NAME" ] -then - msg_box "The off-shore backup script already exists. -Please rename or delete $BACKUP_SCRIPT_NAME if you want to reconfigure the backup." - exit 1 -fi -# Before starting check if the requirements are met -if ! [ -f "$DAILY_BACKUP_FILE" ] -then - msg_box "The daily backup doesn't exist. -Please create the daily backup script first by running the 'Daily Backup Wizard' from the 'Not-Supported Menu'" - exit 1 -fi -# Check if pending snapshot is existing and cancel the setup in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "It seems to be currently running a backup or update. -Cannot set up the off-shore backup now. Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -elif does_snapshot_exist "NcVM-startup" -then - msg_box "Please run the update script once before you can continue." - exit 1 -fi -# Check if snapshot/free space exists -check_free_space -if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ] -then - msg_box "Unfortunately you have not enough free space on your vgs to \ -create a LVM-snapshot which is a requirement to create a backup script." - exit 1 -fi -# Get backup mountpoint from daily-borg-backup.sh -DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"$||')" -DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"$||')" -DAILY_BACKUP_DIFFERENCE="${DAILY_BACKUP_TARGET##"$DAILY_BACKUP_MOUNTPOINT"}" -if [ -z "$DAILY_BACKUP_MOUNTPOINT" ] || [ -z "$DAILY_BACKUP_TARGET" ] || [ -z "$DAILY_BACKUP_DIFFERENCE" ] -then - msg_box "One needed variable from daily-borg-backup.sh is empty. -This is false." - exit 1 -fi -if [ "$DAILY_BACKUP_MOUNTPOINT" = "$DAILY_BACKUP_TARGET" ] -then - msg_box "Daily backup mountpoint and target are the same which is wrong." - exit 1 -fi -if ! grep -q " $DAILY_BACKUP_MOUNTPOINT " /etc/fstab -then - msg_box "Couldn't find the daily backup drive in fstab. This is wrong." - exit 1 -fi -# Check if backup drives existing -BACKUP_MOUNTS="$(grep "ntfs-3g" /etc/fstab | grep "windows_names" | grep "uid=root" \ -| grep "gid=root" | grep "umask=177" | grep "noauto" | awk '{print $2}')" -BACKUP_MOUNTS+="\n" -BACKUP_MOUNTS+="$(grep cifs /etc/fstab | grep "uid=root" | grep "gid=root" \ -| grep "file_mode=0600" | grep "dir_mode=0600" | grep "noauto" | awk '{print $2}')" -BACKUP_MOUNTS+="\n" -BACKUP_MOUNTS+="$(grep btrfs /etc/fstab | grep ",noauto" | awk '{print $2}')" -if [ "$BACKUP_MOUNTS" = "\n\n" ] -then - msg_box "No backup drive found that can be used as off-shore backup target. -Please mount one with the SMB Mount script from the Additional Apps Menu \ -or with the BTRFS Mount script or NTFS Mount script from the Not-Supported Menu." - exit 1 -fi -BACKUP_MOUNTS="$(echo -e "$BACKUP_MOUNTS" | grep -v "$DAILY_BACKUP_MOUNTPOINT")" -mapfile -t BACKUP_MOUNTS <<< "$BACKUP_MOUNTS" -for drive in "${BACKUP_MOUNTS[@]}" -do - if ! mount_if_connected "$drive" - then - continue - fi - BACKUP_DRIVES+=("$drive") - umount "$drive" -done -if [ -z "${BACKUP_DRIVES[*]}" ] -then - msg_box "No backup drive found that is currently connected. -Please connect it to your server before you can continue." - exit 1 -else - msg_box "At least one backup drive found. Please leave it connected." -fi -# Test sending of mails -if ! send_mail "Testmail" \ -"This is a testmail to test if the server can send mails which is needed for the 'Off-Shore Backup Wizard'." -then - msg_box "The server is not configured to send mails. -Please do that first by running the SMTP-Mail script from the Server Configuration Menu." - exit 1 -fi - -# Backup drive menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup drive that you want to use. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get all backup drives -for drive in "${BACKUP_DRIVES[@]}" -do - if ! mount_if_connected "$drive" - then - continue - fi - args+=("$drive" "") - CONNECTED_DRIVES+="$drive" - umount "$drive" -done - -# Show backup drive menu -if [ -n "$CONNECTED_DRIVES" ] -then - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) -else - msg_box "No backup drive connected. -Hence, unable to continue." - exit 1 -fi - -# Cancel if nothing chosen -if [ -z "$selected_options" ] -then - msg_box "No backup drive chosen. Hence exiting." - exit 1 -else - BACKUP_TARGET_DIRECTORY="${selected_options%%/}" - # Mount the backup drive - check_command mount "$BACKUP_TARGET_DIRECTORY" - BACKUP_MOUNT="$BACKUP_TARGET_DIRECTORY" -fi - -# Ask if default directory shall get used -if yesno_box_yes "Do you want to use the recommended backup directory which is: -'$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE'?" -then - if [ -d "$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE" ] && ! rm -d "$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE" - then - msg_box "The directory '$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE' exists and cannot be used. -Please choose a custom one." - CUSTOM_DIRECTORY=1 - else - BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE" - fi -else - CUSTOM_DIRECTORY=1 -fi - -# Choose custom backup directory -if [ -n "$CUSTOM_DIRECTORY" ] -then - while : - do - SELECTED_DIRECTORY=$(input_box_flow "Please type in the directory that you want to use as backup directory. -It has to start with '$BACKUP_TARGET_DIRECTORY/'. -Recommended is '$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE' -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$SELECTED_DIRECTORY" = "exit" ] - then - exit 1 - elif echo "$SELECTED_DIRECTORY" | grep -q " " - then - msg_box "Please don't use spaces." - elif ! echo "$SELECTED_DIRECTORY" | grep -q "^$BACKUP_TARGET_DIRECTORY/" - then - msg_box "The backup directory has to start with '$BACKUP_TARGET_DIRECTORY/'. Please try again." - elif [ -d "$SELECTED_DIRECTORY" ] && ! rm -d "$SELECTED_DIRECTORY" - then - msg_box "This directory already exists. Please try again." - else - if ! mkdir -p "$SELECTED_DIRECTORY" - then - msg_box "Couldn't create the directory. Please try again." - rm -d "$SELECTED_DIRECTORY" - else - rm -d "$SELECTED_DIRECTORY" - BACKUP_TARGET_DIRECTORY="$SELECTED_DIRECTORY" - break - fi - fi - done -fi - -# Create the folder and unmount the backup drive since no longer needed -mkdir -p "$BACKUP_TARGET_DIRECTORY" -check_command umount "$BACKUP_MOUNT" - -# Ask when the daily backup shall run -if yesno_box_yes "Do you want to run the off-shore backup every 90 days, which is recommended?" -then - BACKUP_DAYS="90" -else - while : - do - BACKUP_DAYS=$(input_box_flow "Please enter how many days shall pass until the next off-shore backup shall get created. -Recommended are 90 days. -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$BACKUP_DAYS" = "exit" ] - then - exit 1 - elif ! check_if_number "$BACKUP_DAYS" - then - msg_box "The value you entered doesn't seem to be a number, please enter a valid number." - elif ! [ "$BACKUP_DAYS" -gt 1 ] - then - msg_box "The number of days has to be at least equal or more than 2 days." - else - break - fi - done -fi - -# Install needed tools -msg_box "We will create the off-shore backup script now." - -# Write beginning of the script -cat << WRITE_BACKUP_SCRIPT > "$BACKUP_SCRIPT_NAME" -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Off-Shore Rsync Backup" -SCRIPT_EXPLAINER="This script executes the off-shore rsync backup." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Local Variables -BACKUP_INTERVAL_DAYS=$BACKUP_DAYS -DAYS_SINCE_LAST_BACKUP=$BACKUP_DAYS - -# Export Variables -export BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY" -export BACKUP_MOUNTPOINT="$BACKUP_MOUNT" -export RSYNC_BACKUP_LOG="$VMLOGS/rsyncbackup.log" -export BACKUP_SOURCE_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT" -export BACKUP_SOURCE_DIRECTORY="$DAILY_BACKUP_TARGET" - -# Test if backup shall run -if [ "\$DAYS_SINCE_LAST_BACKUP" -lt "\$BACKUP_INTERVAL_DAYS" ] -then - DAYS_SINCE_LAST_BACKUP=\$((DAYS_SINCE_LAST_BACKUP+1)) - sed -i "s|^DAYS_SINCE_LAST_BACKUP.*|DAYS_SINCE_LAST_BACKUP=\$DAYS_SINCE_LAST_BACKUP|" "\$BASH_SOURCE" - echo "Not yet enough days over to make the next off-shore backup \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG" - print_text_in_color "\$ICyan" "Not yet enough days over to make the next off-shore backup" - # Test if backup drive is still connected - umount "\$BACKUP_MOUNTPOINT" &>/dev/null - mount "\$BACKUP_MOUNTPOINT" &>/dev/null - if mountpoint -q "\$BACKUP_MOUNTPOINT" && ! grep "\$BACKUP_MOUNTPOINT" /etc/fstab | grep -q " cifs " - then - if ! send_mail "Off-shore Backup drive still connected!" \ -"It seems like the Off-shore Backup drive ist still connected. -Please disconnect it from your server and store it somewhere safe outside your home!" - then - notify_admin_gui "Off-shore Backup drive still connected!" \ -"It seems like the Off-shore Backup drive ist still connected. -Please disconnect it from your server and store it somewhere safe outside your home!" - fi - fi - umount "\$BACKUP_MOUNTPOINT" &>/dev/null - exit -fi - -# Execute backup -if network_ok -then - echo "Executing \$SCRIPT_NAME. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG" - run_script NOT_SUPPORTED_FOLDER rsyncbackup -else - echo "Unable to execute \$SCRIPT_NAME. No network connection. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG" - notify_admin_gui "Unable to execute \$SCRIPT_NAME." "No network connection." -fi -WRITE_BACKUP_SCRIPT - -# Secure the file -chown root:root "$BACKUP_SCRIPT_NAME" -chmod 700 "$BACKUP_SCRIPT_NAME" - -# Create fstab entry -crontab -u root -l | grep -v "$BACKUP_SCRIPT_NAME" | crontab -u root - -crontab -u root -l | { cat; echo "0 20 * * * $BACKUP_SCRIPT_NAME > /dev/null 2>&1" ; } | crontab -u root - - -# Inform user -msg_box "The off-shore backup script was successfully created! -It is located here: '$BACKUP_SCRIPT_NAME'\n -The first backup will run at 20.00h, if the first daily backup has been created until then." - -exit diff --git a/not-supported/pi-hole.sh b/not-supported/pi-hole.sh deleted file mode 100644 index 20f9afa09e..0000000000 --- a/not-supported/pi-hole.sh +++ /dev/null @@ -1,499 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -# shellcheck disable=2016,2034,2059,2178 -true -SCRIPT_NAME="Pi-hole" -SCRIPT_EXPLAINER="The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, \ -without installing any client-side software. -This is their official website: https://pi-hole.net" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if already installed -if ! pihole &>/dev/null -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Choose to uninstall - if ! yesno_box_no "It seems like Pi-hole is already installed. -Do you want to uninstall Pi-hole and reset all its settings?" - then - exit 1 - fi - - # Check if PiVPN is installed - if pivpn &>/dev/null - then - msg_box "It seems like PiVPN is installed. -We recommend urgently to uninstall PiVPN before uninstalling Pi-hole \ -because it could happen, that PiVPN doesn't work anymore after uninstalling Pi-hole." - exit 1 - fi - - # Warning - msg_box "Warning! -Uninstalling Pi-hole will reset all its config and will reboot your NcVM afterwards automatically." - - # Last choice - if ! yesno_box_no "Do you want to continue nonetheless?" - then - exit 1 - fi - - # Get initially installed programs from pihole-update.sh - INSTALLED=$(grep "Pi-hole installed programs=" "$SCRIPTS/pihole-update.sh") - INSTALLED="${INSTALLED##*programs=}" - - # Inform the user - if ! yesno_box_yes "These are all packets that where installed during your initial Pi-hole installation: -$INSTALLED - -Do they look correct to you? If not, you can press 'no' and we will not remove anything. -If you press 'yes', we will remove Pi-hole, its settings and all those listed programs." - then - exit 1 - fi - - # Make an array from installed applications - read -r -a INSTALLED <<< "$INSTALLED" - - UNINSTALL="/etc/.pihole/automated install/uninstall.sh" - # Uninstall pihole; we need to modify it, else it is not unattended - if ! [ -f "$UNINSTALL" ] || ! grep -q "######### SCRIPT ###########" "$UNINSTALL" || ! grep -q "removeNoPurge()" "$UNINSTALL" - then - msg_box "It seems like some uninstall functions changed. -Please report this to $ISSUES" - exit 1 - fi - - # Continue with preparation - check_command cp "/etc/.pihole/automated install/uninstall.sh" "$SCRIPTS"/pihole-uninstall.sh - check_command sed -i '/######### SCRIPT ###########/q' "$SCRIPTS"/pihole-uninstall.sh - check_command echo "removeNoPurge" >> "$SCRIPTS"/pihole-uninstall.sh - - # Uninstall Pi-hole - check_command yes | bash "$SCRIPTS"/pihole-uninstall.sh - - # Remove the file and crontab - crontab -u root -l | grep -v "pihole-update.sh" | crontab -u root - - check_command rm "$SCRIPTS"/pihole-uninstall.sh - - # Delete the pihole user - if id pihole &>/dev/null - then - check_command killall -u pihole - check_command deluser pihole &>/dev/null - check_command groupdel pihole - fi - - # Delete all its config data - rm -rf /etc/.pihole - rm -rf /etc/pihole - rm -rf /opt/pihole - rm -rf /usr/bin/pihole-FTL - rm -rf /usr/local/bin/pihole - rm -rf /var/www/html/admin - rm -f /var/www/html/pihole - - # Delete unbound config - crontab -u root -l | grep -v "systemctl restart unbound" | crontab -u root - - rm /etc/unbound/unbound.conf.d/pi-hole.conf - - # Remove update script - rm -f "$SCRIPTS/pihole-update.sh" - - # Remove all initially installed applications - for program in "${INSTALLED[@]}" - do - apt-get purge "$program" -y - done - - # Remove unbound - if is_this_installed unbound - then - apt-get purge unbound -y - fi - - # Remove not needed dependencies - apt-get autoremove -y - - # Delete other files - rm -f /var/www/html/index.lighttpd.orig - rm -rf /etc/lighttpd - - # Remove apache conf - a2dissite pihole.conf &>/dev/null - rm -f "$SITES_AVAILABLE/pihole.conf" - restart_webserver - - # Delete firewall entry - ufw delete allow 53/tcp &>/dev/null - ufw delete allow 53/udp &>/dev/null - ufw delete allow 8094/tcp &>/dev/null - - # Inform the user - msg_box "Pi-hole was successfully uninstalled! -Please reset the DNS on your router/clients to restore internet connectivity" - msg_box "After you hit OK, your NcVM will get restarted." - rm -f "$SCRIPTS/pi-hole.sh" - # Reboot the NcVM because it would cause problems if not - reboot -fi - -# Inform the user -msg_box "Before installing the Pi-hole, please make sure that you have a backup of your NcVM. -The reason is, that to install the Pi-hole we will need to run a 3rd party script on your NcVM. -Something could go wrong. So please keep backups!" - -# Ask if backups are ready -if ! yesno_box_no "Have you made a backup of your NcVM? -This is the last possibility to quit! -If you choose 'yes' we will continue with the installtion." -then - exit 1 -fi - -# Inform the user -print_text_in_color "$ICyan" "Installing Pi-hole..." - -# Download the script -mkdir -p "$SCRIPTS" -check_command curl -sfL https://install.pi-hole.net -o "$SCRIPTS"/pihole-install.sh - -# Check that all patterns match -if ! grep -q 'displayFinalMessage "${pw}"' "$SCRIPTS"/pihole-install.sh || ! grep -q "setAdminFlag$" "$SCRIPTS"/pihole-install.sh \ -|| ! grep -q "chooseInterface$" "$SCRIPTS"/pihole-install.sh || ! grep -q "getStaticIPv4Settings$" "$SCRIPTS"/pihole-install.sh -then - msg_box "It seems like some functions in pihole-install.sh have changed. -Please report this to $ISSUES" - exit 1 -fi - -# Continue with the process -sed -i 's|displayFinalMessage "${pw}"|echo displayFinalMessage|' "$SCRIPTS"/pihole-install.sh # We don't want to display the final message -sed -i "s|setAdminFlag$|echo setAdminFlag|" "$SCRIPTS"/pihole-install.sh # We want to install the web-interface and lighttpd -sed -i "s|chooseInterface$|echo chooseInterface|" "$SCRIPTS"/pihole-install.sh # We don't want the user choose the interface -sed -i "s|getStaticIPv4Settings$|echo getStaticIPv4Settings|" "$SCRIPTS"/pihole-install.sh # We don't want to set a static ip4 - -# Export default values -PIHOLE_INTERFACE="$IFACE" -export PIHOLE_INTERFACE - -# Fix php versions getting hold for pi-hole install script -apt-mark unhold php"$PHPVER"* - -# Run the script -bash "$SCRIPTS"/pihole-install.sh | tee "$SCRIPTS"/pihole-install.report - -# Get all installed and remove pihole-install.sh -unset INSTALLED -INSTALLED=$(grep "Checking for" "$SCRIPTS"/pihole-install.report | grep "will be installed" | awk '{print $8}') -check_command rm "$SCRIPTS"/pihole-install.sh -check_command rm "$SCRIPTS"/pihole-install.report - -# Check if at least one app got installed -if [ -z "${INSTALLED[*]}" ] -then - msg_bos "Something is wrong. Didn't expect that no requirement get installed. -Please report this to $ISSUES" -fi - -# Make an array from installed applications -mapfile -t INSTALLED <<< "${INSTALLED[@]}" - -# Create update script -mkdir -p "$SCRIPTS" - -# Insert the new lines into pihole-update.sh -cat << PIHOLE_UPDATE > "$SCRIPTS/pihole-update.sh" -#!/bin/bash -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin -notify_admin_gui "Starting the Pi-hole update." "You will be notified when it is done." -# Create backup first -if [ -f "\$SCRIPTS/daily-borg-backup.sh" ] -then - rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL - export SKIP_DAILY_BACKUP_CHECK=1 - bash "\$SCRIPTS/daily-borg-backup.sh" - if ! [ -f "/tmp/DAILY_BACKUP_CREATION_SUCCESSFUL" ] - then - notify_admin_gui "Pi-hole update failed because backup could not be created!" \ - "Could not create a backup! \$(date +%T)" - exit 1 - fi -fi -check_command pihole -up -systemctl stop lighttpd -check_command sed -i 's|^server\.port.*|server\.port = 8093|' /etc/lighttpd/lighttpd.conf -sleep 10 # Wait for lighttpd -check_command systemctl start lighttpd -# Please don't remove or change this line! Pi-hole installed programs=${INSTALLED[@]} -notify_admin_gui "Pi-hole update successful!" "" -PIHOLE_UPDATE - -# Secure the file -chown root:root "$SCRIPTS/pihole-update.sh" -chmod 700 "$SCRIPTS/pihole-update.sh" - -# Check if Pi-hole was successfully installed -if ! pihole &>/dev/null -then - msg_box "Something got wrong during pihole-install.sh -Please report this to $ISSUES" - exit 1 -fi - -# Set up REV_SERVER for local DNS entries because Pi-hole isn't the DHCP server and some other settings -if [ -f /etc/pihole/setupVars.conf ] && ! grep -q "REV_SERVER" /etc/pihole/setupVars.conf -then - cat << PIHOLE_CONF >> /etc/pihole/setupVars.conf -REV_SERVER=true -REV_SERVER_CIDR=$(ip route | grep -v "default via" | grep "$IFACE" | awk '{print $1}' | grep "/") -REV_SERVER_TARGET=$GATEWAY -REV_SERVER_DOMAIN= -PIHOLE_CONF -fi - -# Make sure that local DNS entries work -if [ -f /etc/pihole/setupVars.conf ] && ! grep -q "DNS_FQDN_REQUIRED" /etc/pihole/setupVars.conf && ! grep -q "DNS_BOGUS_PRIV" /etc/pihole/setupVars.conf -then - cat << PIHOLE_CONF >> /etc/pihole/setupVars.conf -DNS_FQDN_REQUIRED=false -DNS_BOGUS_PRIV=false -PIHOLE_CONF -fi - -# Wait for pihole to restart -print_text_in_color "$ICyan" "Restarting pihole..." -sleep 5 - -# Try to restart Pi-hole to apply the new settings -if ! pihole restartdns -then - msg_box "Something got wrong during the Pi-hole restart. -Please report this to $ISSUES" - exit 1 -fi - -# Change the port to 8093 -check_command sudo sed -i '/^server.port/s/80/8093/' /etc/lighttpd/lighttpd.conf - -# Wait for lighttpd to startup -print_text_in_color "$ICyan" "Restarting lighttpd..." -sleep 5 - -# Restart lighttpd -if ! systemctl restart lighttpd -then - msg_box "Couldn't restart lighttpd. -Please report this to $ISSUES" - exit 1 -fi - -# Install Apache2 -print_text_in_color "$ICyan" "Configuring Apache..." -install_if_not apache2 -a2enmod headers -a2enmod rewrite -a2enmod ssl -a2enmod proxy -a2enmod proxy_http - -# Only add TLS 1.3 on Ubuntu later than 22.04 -if version 22.04 "$DISTRO" 24.04.10 -then - TLS13="+TLSv1.3" -fi - -cat << PIHOLE_CONF > "$SITES_AVAILABLE/pihole.conf" -Listen 8094 - - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - - # Intermediate configuration - SSLEngine on - SSLCompression off - SSLProtocol -all +TLSv1.2 $TLS13 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - ServerSignature off - - # Logs - LogLevel warn - CustomLog \${APACHE_LOG_DIR}/access.log combined - ErrorLog \${APACHE_LOG_DIR}/error.log - - # Just in case - see below - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - - # This is needed to redirect access on http://$ADDRESS:8094/ to https://$ADDRESS:8094/ - ErrorDocument 400 https://$ADDRESS:8094/admin/ - - # basic proxy settings - ProxyRequests off - ProxyPass / "http://127.0.0.1:8093/" - ProxyPassReverse / "http://127.0.0.1:8093/" - ProxyPreserveHost On - -### LOCATION OF CERT FILES ### - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - -PIHOLE_CONF - -# Enable config -check_command a2ensite pihole.conf - -# Restart webserver -if ! restart_webserver -then - msg_box "Apache2 could not restart... -The script will exit." - exit 1 -fi - -# Generate new Pi-hole password -PASSWORD=$(gen_passwd 12 "a-zA-Z0-9") - -# Set a new admin password -check_command pihole -a -p "$PASSWORD" - -# Get the ipv6-address from the config file -IPV6_ADDRESS=$(grep "IPV6_ADDRESS=" /etc/pihole/setupVars.conf) -IPV6_ADDRESS="${IPV6_ADDRESS##*IPV6_ADDRESS=}" - -# Create contab entry -crontab -u root -l | grep -v "pihole-update.sh" | crontab -u root - -crontab -u root -l | { cat; echo "30 19 * * 6 $SCRIPTS/pihole-update.sh >/dev/null" ; } | crontab -u root - - -# Add firewall entry -ufw allow 53/tcp comment 'Pi-hole TCP' &>/dev/null -ufw allow 53/udp comment 'Pi-hole UDP' &>/dev/null -ufw allow 8094/tcp comment 'Pi-hole Web' &>/dev/null - -# Show that everything was set up correctly -msg_box "Congratulations, your Pi-hole was set up correctly! -It is now reachable on: -https://$ADDRESS:8094/admin - -Your password is: $PASSWORD" - -# Show the address -msg_box "You can now configure your devices to use the Pi-hole as their DNS server using: -IPv4: $ADDRESS -IPv6: ${IPV6_ADDRESS:-Not Configured}" - -# Show how to use pihole in the command line -msg_box "How to use Pi-hole on the command line: - -You can reset the Pi-hole admin password by running: -'pihole -a -p' - -A list of available options is shown by running: -'pihole -h'" - -# Inform about updates -msg_box "Concerning updates: -We have created an update script that you can use to update your Pi-hole by running: -'bash $SCRIPTS/pihole-update.sh' - -Updates will automatically be executed every saturday at 19:30" - -# Ask if the user wants to install unbound -if ! yesno_box_yes "Do you want to enables your Pi-hole to be a recursive DNS server? -If you press 'yes', we will install unbound and configure your Pi-hole to use that." -then - exit -fi - -# Install needed tools -install_if_not unbound - -cat << UNBOUND_CONF > /etc/unbound/unbound.conf.d/pi-hole.conf -server: - # To see what those variables do, look here: - # https://docs.pi-hole.net/guides/unbound/ - verbosity: 0 - interface: 127.0.0.1 - port: 5335 - do-ip4: yes - do-udp: yes - do-tcp: yes - do-ip6: no - prefer-ip6: no - harden-glue: yes - harden-dnssec-stripped: yes - use-caps-for-id: no - edns-buffer-size: 1472 - prefetch: yes - num-threads: 1 - so-rcvbuf: 1m - private-address: 192.168.0.0/16 - private-address: 169.254.0.0/16 - private-address: 172.16.0.0/12 - private-address: 10.0.0.0/8 - private-address: fd00::/8 - private-address: fe80::/10 -UNBOUND_CONF - -# Wait for unbound to restart -print_text_in_color "$ICyan" "Restarting unbound..." -sleep 10 & spinner_loading - -# Restart unbound -check_command service unbound restart - -# Testing DNSSEC -if ! dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 | grep -q "SERVFAIL" -then - msg_box "Something got wrong while testing SERVFAIL. -Please report this to $ISSUES" -elif ! dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335 | grep -q "NOERROR" -then - msg_box "Something got wrong while testing NOERROR. -Please report this to $ISSUES" -fi - -# Set up Pi-hole -sed -i 's|^PIHOLE_DNS_1=.*|PIHOLE_DNS_1=127.0.0.1#5335|' /etc/pihole/setupVars.conf -sed -i '/^PIHOLE_DNS_2=.*/d' /etc/pihole/setupVars.conf - -# Wait for pihole to restart -print_text_in_color "$ICyan" "Restarting pihole..." -sleep 5 - -# Try to restart Pi-hole to apply the new settings -if ! pihole restartdns -then - msg_box "Something got wrong during the Pi-hole unbound restart. -Please report this to $ISSUES" - exit 1 -fi - -# Fix dns disconnections -crontab -u root -l | grep -v "systemctl restart unbound" | crontab -u root - -crontab -u root -l | { cat; echo "@hourly systemctl restart unbound" ; } | crontab -u root - - -# Inform the user -msg_box "Congratulations! -Unbound was successfully installed and Pi-hole was successfully configured as recursive DNS server." - -exit diff --git a/not-supported/pivpn.sh b/not-supported/pivpn.sh deleted file mode 100644 index eadc1dcd43..0000000000 --- a/not-supported/pivpn.sh +++ /dev/null @@ -1,280 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="PiVPN" -SCRIPT_EXPLAINER="PiVPN is one of the fastest and most user friendly ways to get a running Wireguard VPN server. -This script will set up a Wireguard VPN server to connect devices to your home net from everywhere. -Wireguard is a relatively new VPN protocol, that is much faster and better then e.g. OpenVPN." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if already installed -if ! pivpn &>/dev/null -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Choose to uninstall - if ! yesno_box_no "It seems like PiVPN is already installed. -Do you want to uninstall PiVPN and reset all its settings? -This will also remove all clients that have currently home network access via Wireguard." - then - exit 1 - fi - - # Get installed applications - INSTALLED=$(grep "INSTALLED_PACKAGES=" /etc/pivpn/wireguard/setupVars.conf) - INSTALLED="${INSTALLED##*INSTALLED_PACKAGES=}" - INSTALLED=$(echo "$INSTALLED" | sed 's|(||;s|)||') - - # Warning - msg_box "Warning! Continuing in the next step will reboot your server after completion automatically!" - - # Inform about possible problems - msg_box "Attention! - -It could happen that the automatic reboot after uninstalling PiVPN fails (it doesn't finish with shutdown). -In this case, you will need to power off your device by hand. -Also it might happen that it will not remove pivpn successfully in this case. -If this is the case, just run the uninstallation again." - if ! yesno_box_yes "Do you want to continue?" - then - exit 1 - fi - - # Last chance to cancel - if ! yesno_box_yes "The following packets will get uninstalled, too: -$INSTALLED - -Do they look correct to you? If not, you can press 'no' and we will not remove anything. -If you press 'yes', we will remove PiVPN, its settings and all those listed programs \ -and automatically reboot your server afterwards." - then - exit 1 - fi - - # Last msg_box - msg_box "After you hit okay, we will remove PiVPN, all its settings and all listed programs \ -and reboot your server automatically." - - # Remove firewall rule - ufw delete allow 51820/udp &>/dev/null - - # Remove PiVPN and reboot - yes | pivpn uninstall - - # Remove some leftovers - rm -r /etc/wireguard* - ip link set down wg0 - ip link del dev wg0 - rm -f "$SCRIPTS/pivpn.sh" - - # Just to make sure - reboot -fi - -# Check if Pi-hole is already installed -if ! pihole &>/dev/null -then - # Inform the user - msg_box "It seems like Pi-hole is not installed. -It is recommended to install it first if you want to use it, \ -because you will have the chance to use it as the DNS-server for Wireguard \ -if it is installed before installing Wireguard." - - # Ask if the user wants to continue - if ! yesno_box_no "Do you want to continue nonetheless?" - then - exit 1 - fi -fi - -# Test if the user is okay -if [ -z "$UNIXUSER" ] || ! find /home -maxdepth 1 -mindepth 1 | grep -q "$UNIXUSER" -then - msg_box "It seems like you run this script as pure root \ -or your user doesn't have a home directory. This is not supported." - exit 1 -fi - -# Inform the user -msg_box "Before installing PiVPN please make sure that you have a backup of your NcVM. -The reason is, that to install the the PiVPN we will need to run a 3rd party script on your NcVM. -Something could go wrong. So please keep backups!" - -# Automatically get the domain -if [ -f "$NCPATH/occ" ] -then - # Get the NCDOMAIN - NCDOMAIN=$(nextcloud_occ_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||') - - # Check if Nextcloud is installed - if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true' || [ "$NCDOMAIN" = "nextcloud" ] - then - msg_box "It seems like Nextcloud is not installed or that you don't use https on: -$NCDOMAIN. - -Please install Nextcloud and make sure your domain is reachable, or activate TLS -on your domain to be able to run this script. - -We need this to make sure that the domain works for connections over Wireguard." - exit 1 - fi -fi - -# Ask if backups are ready -if ! yesno_box_no "Have you made a backup of your NcVM? -This is the last possibility to quit! -If you choose 'yes' we will continue with the installation." -then - exit 1 -fi - -# Ask for the domain -if ! [ -f "$NCPATH/occ" ] -then - # Enter the NCDOMAIN yourself - NCDOMAIN=$(input_box_flow "Please enter the domain that you want to use for Wireguard. -It should most likely point to your home ip address via DDNS.") -fi - -# Inform user to open Port -msg_box "To make Wireguard work, you will need to open port 51820 UDP. - -You will have the option to automatically open this port by using UPNP in the next step." -if yesno_box_no "Do you want to use UPNP to open port 51820 UDP?" -then - unset FAIL - open_port 51820 UDP - cleanup_open_port -fi - -# Check the port -if ! yesno_box_yes "Unfortunately we are not able to check automatically if port 51820 UDP is open. So please make sure to open it correctly!\nDo you still want to continue?" -then - exit 1 -fi - -# Inform the user about PIVPN -msg_box "Just so that you don't wonder: -We will use the scripts from the PiVPN project. -They are made for the Raspberry Pi but work on Ubuntu without any problem. -This is why we decided to use this project as foundation for Wireguard. -The next popups are from the PiVPN script. -This is their official website: https://pivpn.io/" - -# Inform the user -print_text_in_color "$ICyan" "Installing PiVPN..." - -# Download the script -check_command curl -sfL https://install.pivpn.io -o "$SCRIPTS"/pivpn-install.sh - -# Check that all patterns match -if ! grep -q "maybeOSSupport$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "askWhichVPN$" "$SCRIPTS"/pivpn-install.sh \ -|| ! grep -q "askPublicIPOrDNS$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "askCustomPort$" "$SCRIPTS"/pivpn-install.sh \ -|| ! grep -q "askUnattendedUpgrades$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "displayFinalMessage$" "$SCRIPTS"/pivpn-install.sh \ -|| ! grep -q "chooseUser$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "welcomeDialogs$" "$SCRIPTS"/pivpn-install.sh -then - msg_box "It seems like some functions in pivpn-install.sh have changed. -Please report this to $ISSUES" - exit 1 -fi - -# Continue with the process -sed -i 's|maybeOSSupport$|# maybeOSSupport|' "$SCRIPTS"/pivpn-install.sh # We don't need to check the OS since Ubuntu is supported -sed -i 's|askWhichVPN$|# askWhichVPN|' "$SCRIPTS"/pivpn-install.sh # We always want to use Wireguard -sed -i 's|askPublicIPOrDNS$|# askPublicIPOrDNS|' "$SCRIPTS"/pivpn-install.sh # We will set the hostname automatically -sed -i 's|askCustomPort$|# askCustomPort|' "$SCRIPTS"/pivpn-install.sh # We always use port 51820 -sed -i 's|askUnattendedUpgrades$|# askUnattendedUpgrades|' "$SCRIPTS"/pivpn-install.sh # We don't want to enable unattended upgrades -sed -i 's|displayFinalMessage$|# displayFinalMessage|' "$SCRIPTS"/pivpn-install.sh # We don't want to show the final message -sed -i 's|chooseUser$|# chooseUser|' "$SCRIPTS"/pivpn-install.sh # We want to use the UNIXUSER -sed -i 's|welcomeDialogs$|# welcomeDialogs|' "$SCRIPTS"/pivpn-install.sh # We don't want to display the welcoem dialog - -# Set and export defaults -pivpnPORT=51820 && export pivpnPORT -VPN="wireguard" && export VPN -UNATTUPG=0 && export UNATTUPG - -# Run the script -bash "$SCRIPTS"/pivpn-install.sh - -# Remove the script since it is no longer needed -check_command rm "$SCRIPTS"/pivpn-install.sh - -# Check if PiVPN was successfully installed -if ! pivpn &>/dev/null -then - msg_box "Something got wrong during pivpn-install.sh -Please report this to $ISSUES" - exit 1 -fi - -PIVPN_CONF="/etc/pivpn/wireguard/setupVars.conf" -if [ -f "$PIVPN_CONF" ] && ! grep -q "pivpnHOST" "$PIVPN_CONF" \ -&& ! grep -q "UNATTUPG" "$PIVPN_CONF" && ! grep -q "pivpnPORT" "$PIVPN_CONF" \ -&& ! grep -q "install_user" "$PIVPN_CONF" && ! grep -q "install_home" "$PIVPN_CONF" -then - # Write values to setupVars.conf - cat << PIVPN_CONF >> /etc/pivpn/wireguard/setupVars.conf -pivpnHOST=$NCDOMAIN -UNATTUPG=0 -pivpnPORT=51820 -install_user=$UNIXUSER -install_home=/home/$UNIXUSER -PIVPN_CONF -else - msg_box "Couldn't write configuration to setupVars.conf. -Please report this to $ISSUES" - exit 1 -fi - -# Add firewall rule -ufw allow 51820/udp comment 'PiVPN' &>/dev/null - -# Inform the user about successfully installing PiVPN -msg_box "Congratulations, your PiVPN was set up correctly! - -You can now generate new client profiles for your devices by running: -'pivpn -a' - -Adding the new profile to a mobile phone (using the Wireguard app) can get afterwards done by running: -'pivpn -qr' - -Attention! Every device needs its own profile! - -A list of available options is shown by running: -'pivpn -h'" - -msg_box "Have you secure boot enabled? -If you had to configure a secure boot key during the PiVPN scripts, \ -it is recommended to reboot your server now and follow those instructions: - -1. select to reboot -2. On the next startup you will see now the MOK-management-console. -3. select 'Enroll MOK' -4. select 'Yes' when asked 'Enroll the Key(s)?' -5. Enter the password -6. reboot - -Afterwards the startup should work automatically again." - -if yesno_box_yes "Do you want to reboot now? -This is only needed, if you have secure boot enabled and \ -needed to enter a secure boot key during the PiVPN script." -then - reboot -fi - -exit diff --git a/not-supported/plexmediaserver.sh b/not-supported/plexmediaserver.sh deleted file mode 100644 index 9ec7a37e04..0000000000 --- a/not-supported/plexmediaserver.sh +++ /dev/null @@ -1,164 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="PLEX Media Server" -SCRIPT_EXPLAINER="PLEX Media Server is a server application that let's \ -you enjoy all your photos, music, videos, and movies in one place." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if already installed -if is_this_installed plexmediaserver -then - msg_box "It seems like PLEX Media Server is already installed. - -If you want to delete PLEX Media Server and it's data to be able \ -to start from scratch, run the following two commands: -'sudo apt-get purge plexmediaserver' -'sudo deluser plex' - -Attention! This will delete the user-data: -'sudo rm -r /var/lib/plexmediaserver'" - exit 1 -fi -if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" -then - msg_box "It seems like PLEX Media Server is already installed. - -If you want to delete PLEX Media Server and it's data to be able \ -to start from scratch, run the following two commands: -'sudo docker stop plex' -'sudo docker rm plex' - -Attention! This will delete the user-data: -'sudo rm -r /home/plex'" - exit 1 -fi - -# Ask for installing -install_popup "$SCRIPT_NAME" - -# Test Hardware transcoding -DRI_DEVICE=(--device=/dev/dri:/dev/dri -d) -if lspci -v -s "$(lspci | grep VGA | cut -d" " -f 1)" | grep -q "Kernel driver in use: i915" -then - msg_box "Hardware transcoding is available. It is recommended to activate this in Plex later \ -but requires a Plex Pass. You can learn more about Plex Pass here: 'www.plex.tv/plex-pass'" -else - msg_box "Hardware transcoding is NOT available. It is not recommended to continue." - if ! yesno_box_no "Do you want to continue nonetheless?" - then - exit 1 - fi - # -d is here since the docker run command would fail if DRI_DEVICE is empty - DRI_DEVICE=(-d) -fi - -# Find mounts -DIRECTORIES=$(find /mnt/ -mindepth 1 -maxdepth 2 -type d | grep -v "/mnt/ncdata") -mapfile -t DIRECTORIES <<< "$DIRECTORIES" -for directory in "${DIRECTORIES[@]}" -do - if mountpoint -q "$directory" && [ "$(stat -c '%a' "$directory")" = "770" ] - then - if [ "$(stat -c '%U' "$directory")" = "www-data" ] && [ "$(stat -c '%G' "$directory")" = "www-data" ] - then - MOUNTS+=(-v "$directory:$directory:ro") - elif [ "$(stat -c '%U' "$directory")" = "plex" ] && [ "$(stat -c '%G' "$directory")" = "plex" ] - then - MOUNTS+=(-v "$directory:$directory:ro") - fi - fi -done -if [ -z "${MOUNTS[*]}" ] -then - msg_box "No usable drive found. You have to mount a new drive in /mnt." - exit 1 -fi - -# Install Docker -install_docker - -# Create plex user -if ! id plex &>/dev/null -then - check_command adduser --no-create-home --quiet --disabled-login --uid 1005 --gid 1006 --force-badname --gecos "" "plex" -fi - -PLEX_UID="$(id -u plex)" -PLEX_GID="$(id -g www-data)" - -# Create home directory -mkdir -p /home/plex/config -mkdir -p /home/plex/transcode -chown -R plex:plex /home/plex -chmod -R 770 /home/plex - -# Get docker container -print_text_in_color "$ICyan" "Getting Plex Media Server..." -docker pull plexinc/pms-docker - -# Create Plex -# Plex needs ports: 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp -print_text_in_color "$ICyan" "Installing Plex Media Server..." -docker run \ ---name plex \ ---restart always \ ---network=host \ --e PLEX_UID="$PLEX_UID" \ --e PLEX_GID="$PLEX_GID" \ --v /etc/timezone:/etc/timezone:ro \ --v /etc/localtime:/etc/localtime:ro \ --v /home/plex/config:/config \ --v /home/plex/transcode:/transcode \ -"${MOUNTS[@]}" \ -"${DRI_DEVICE[@]}" \ -plexinc/pms-docker - -# Add prune command -add_dockerprune - -# Crontab entry no longer needed -crontab -u root -l | grep -v "docker restart plex" | crontab -u root - - -# Add firewall rules -for port in 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp -do - ufw allow "$port" comment "Plex $port" &>/dev/null -done - -# Inform the user -msg_box "PLEX Media Server was successfully installed. -This script is not at the end yet so please continue." - -# Ask if external acces shall get activated -if yesno_box_yes "Do you want to enable access for PLEX from outside of your LAN?" -then - msg_box "You will have to open port 32400 TCP to make this work. -You will have the option to automatically open this port by using UPNP in the next step." - if yesno_box_no "Do you want to use UPNP to open port 32400 TCP?" - then - unset FAIL - open_port 32400 TCP - cleanup_open_port - fi - msg_box "After you hit okay, we will check if port 32400 TCP is open." - check_open_port 32400 "$WANIP4" -fi - -msg_box "You should visit 'http://$ADDRESS:32400/web' to set up your PLEX Media Server next. -Advice: All your drives should be mounted in a subfolder of '/mnt'" - -exit diff --git a/not-supported/remotedesktop.sh b/not-supported/remotedesktop.sh deleted file mode 100644 index f6606dcc93..0000000000 --- a/not-supported/remotedesktop.sh +++ /dev/null @@ -1,379 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Remotedesktop" -SCRIPT_EXPLAINER="This script simplifies the installation of XRDP which allows you to connect via RDP from other devices \ -and offers some additional applications that you can choose to install." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if xrdp is installed -if ! is_this_installed xrdp -then - # Ask for installing - install_popup "$SCRIPT_NAME" - XRDP_INSTALL=1 - - # Don't run this script as root user, because we will need the account - if [ -z "$UNIXUSER" ] - then - msg_box "Please don't run this script as pure root user!" - exit 1 - fi - - # Check if gnome-session is installed - if ! is_this_installed gnome-session - then - msg_box "To make xrdp work, you will need to install a desktop environment. -We've chosen the Gnome desktop in a minimal install. -If you have already installed a desktop environment, you will not need to install it." - if yesno_box_yes "Do you want to install the Gnome desktop?" - then - # Install gnome-session - print_text_in_color "$ICyan" "Installing gnome-session..." - apt-get update -q4 & spinner_loading - apt-get install gnome-session --no-install-recommends -y - sudo -u "$UNIXUSER" dbus-launch gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,maximize,close" - sudo -u "$UNIXUSER" dbus-launch gsettings set org.gnome.desktop.interface enable-animations false - fi - fi - - # Install xrdp - print_text_in_color "$ICyan" "Installing xrdp..." - install_if_not xrdp - adduser xrdp ssl-cert - - # Make sure that you don't get prompted with a password request after login - cat << DESKTOP_CONF > /etc/polkit-1/localauthority/50-local.d/allow-update-repo.pkla -[Allow Package Management all Users] -Identity=unix-user:* -Action=org.freedesktop.packagekit.system-sources-refresh -ResultAny=yes -ResultInactive=yes -ResultActive=yes -DESKTOP_CONF - cat << DESKTOP_CONF > /etc/polkit-1/localauthority/50-local.d/color.pkla -[Allow colord for all users] -Identity=unix-user:* -Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile -ResultAny=yes -ResultInactive=yes -ResultActive=yes -DESKTOP_CONF - - print_text_in_color "$ICyan" "Waiting for xrdp to restart..." - sleep 5 - check_command systemctl restart xrdp - - # Allow to power off by pressing the power button - install_if_not acpid - mkdir -p /etc/acpi/events - cat << POWER > /etc/acpi/events/power -event=button/power -action=/sbin/poweroff -POWER - print_text_in_color "$ICyan" "Waiting for acpid to restart..." - sleep 5 - check_command systemctl restart acpid - - # Create plex user - if ! id plex &>/dev/null - then - check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex" - fi - - # Add the user to the www-data and plex group to be able to write to all disks - usermod --append --groups www-data,plex "$UNIXUSER" - - # Add firewall rule - ufw allow 3389/tcp comment Remotedesktop &>/dev/null - - # Inform the user - msg_box "XRDP was successfully installed. -You should be able to connect via an RDP client with your server \ -using the credentials of $UNIXUSER and the server ip-address $ADDRESS" -fi - -# Needed to be able to access Nextcloud via localhost directly -nextcloud_occ_no_check config:system:delete trusted_proxies "11" - -# Eye of Gnome -if is_this_installed eog -then - EOG_SWITCH=OFF -else - EOG_SWITCH=ON -fi - -# Firefox -if is_this_installed firefox -then - FIREFOX_SWITCH=OFF -else - FIREFOX_SWITCH=ON -fi - -# Gedit -if is_this_installed gedit -then - GEDIT_SWITCH=OFF -else - GEDIT_SWITCH=ON -fi - -# grsync -if is_this_installed grsync -then - GRSYNC_SWITCH=OFF -else - GRSYNC_SWITCH=ON -fi - -# MakeMKV -if is_this_installed makemkv-oss || is_this_installed makemkv-bin -then - MAKEMKV_SWITCH=OFF -else - MAKEMKV_SWITCH=ON -fi - -# OnlyOffice -if is_this_installed onlyoffice-desktopeditors -then - ONLYOFFICE_SWITCH=OFF -else - ONLYOFFICE_SWITCH=ON -fi - -# Picard -if is_this_installed picard -then - PICARD_SWITCH=OFF -else - PICARD_SWITCH=ON -fi - -# File manager nautilus -if is_this_installed nautilus -then - NAUTILUS_SWITCH=OFF -else - NAUTILUS_SWITCH=ON -fi - -# Sound Juicer -if is_this_installed sound-juicer -then - SJ_SWITCH=OFF -else - SJ_SWITCH=ON -fi - -# VLC -if is_this_installed vlc -then - VLC_SWITCH=OFF -else - VLC_SWITCH=ON -fi - -# Create a menu with desktop apps -choice=$(whiptail --title "$TITLE" --checklist \ -"This menu lets you install pre-chosen desktop apps. -It is smart and has selected only options that are not yet installed. -Choose which ones you want to install. -If you select apps that are already installed you will have the choice to uninstall them. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Eye of Gnome" "(Image Viewer)" "$EOG_SWITCH" \ -"Firefox" "(Internet Browser)" "$FIREFOX_SWITCH" \ -"Gedit" "(Text Editor)" "$GEDIT_SWITCH" \ -"Grsync" "(File sync)" "$GRSYNC_SWITCH" \ -"MakeMKV" "(Rip DVDs and Blu-rays)" "$MAKEMKV_SWITCH" \ -"Nautilus" "(File Manager)" "$NAUTILUS_SWITCH" \ -"OnlyOffice" "(Open Source Office Suite)" "$ONLYOFFICE_SWITCH" \ -"Picard" "(Music tagger)" "$PICARD_SWITCH" \ -"Sound Juicer" "(Rip CDs)" "$SJ_SWITCH" \ -"VLC" "(Play Videos and Audio)" "$VLC_SWITCH" \ -"XRDP" "(Uninstall XRDP and all listed desktop apps)" OFF 3>&1 1>&2 2>&3) - -# Function for installing or removing packets -install_remove_packet() { - if is_this_installed "$1" - then - print_text_in_color "$ICyan" "Uninstalling $2" - apt-get purge "$1" -y - if [ "$1" = "grsync" ] - then - apt-get purge gnome-themes-extra -y - fi - apt-get autoremove -y - if [ "$1" = "nautilus" ] - then - rm -f /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop - rm -f /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks - fi - print_text_in_color "$ICyan" "$2 was successfully uninstalled." - else - print_text_in_color "$ICyan" "Installing $2" - install_if_not "$1" - # Settings for nautilus - if [ "$1" = "nautilus" ] - then - mkdir -p /home/"$UNIXUSER"/.local/share/applications/ - cp /usr/share/applications/org.gnome.Nautilus.desktop /home/"$UNIXUSER"/.local/share/applications/ - sed -i 's|^Exec=nautilus.*|Exec=nautilus --new-window /mnt|' /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop - sed -i 's|DBusActivatable=true|# DBusActivatable=true|' /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop - chmod +x /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop - mkdir -p /home/"$UNIXUSER"/.config/gtk-3.0 - echo "file:///mnt" > /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks - chmod 664 /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks - chown -R "$UNIXUSER":"$UNIXUSER" /home/"$UNIXUSER" - elif [ "$1" = "vlc" ] - then - sudo sed -i 's|geteuid|getppid|' /usr/bin/vlc - elif [ "$1" = "grsync" ] - then - install_if_not gnome-themes-extra - fi - print_text_in_color "$ICyan" "$2 was successfully installed" - fi -} - -case "$choice" in - *"XRDP"*) - SUBTITLE="XRDP" - msg_box "This option will uninstall XRDP and all other desktop applications from this list \ -as well as the gnome desktop." "$SUBTITLE" - if yesno_box_no "Do you want to do this?" "$SUBTITLE" - then - APPS=(evince eog firefox gedit grsync gnome-themes-extra makemkv-oss makemkv-bin nautilus onlyoffice-desktopeditors \ -picard sound-juicer vlc acpid gnome-shell-extension-dash-to-panel gnome-shell-extension-arc-menu gnome-session xrdp) - for app in "${APPS[@]}" - do - if is_this_installed "$app" - then - apt-get purge "$app" -y - fi - done - apt-get autoremove -y - systemctl set-default multi-user - add-apt-repository --remove ppa:heyarje/makemkv-beta -y - apt-get update -q4 & spinner_loading - rm -f /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla - rm -f /etc/polkit-1/localauthority/50-local.d/allow-update-repo.pkla - rm -f /etc/polkit-1/localauthority/50-local.d/color.pkla - rm -f /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop - rm -f /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks - ufw delete allow 3389/tcp &>/dev/null - msg_box "XRDP and all desktop applications were successfully uninstalled." "$SUBTITLE" - exit - fi - ;;& - *"Eye of Gnome"*) - install_remove_packet eog "Eye of Gnome" - ;;& - *"Firefox"*) - install_remove_packet firefox Firefox - ;;& - *"Gedit"*) - install_remove_packet gedit Gedit - ;;& - *"Grsync"*) - install_remove_packet grsync Grsync - ;;& - *"MakeMKV"*) - SUBTITLE="MakeMKV" - if is_this_installed makemkv-oss || is_this_installed makemkv-bin - then - print_text_in_color "$ICyan" "Uninstalling $SUBTITLE" - apt-get purge makemkv-oss -y - apt-get purge makemkv-bin -y - apt-get autoremove -y - add-apt-repository --remove ppa:heyarje/makemkv-beta -y - apt-get update -q4 & spinner_loading - print_text_in_color "$ICyan" "$SUBTITLE was successfully uninstalled." - else - msg_box "MakeMKV is not open source. This is their official website: makemkv.com -We will need to add a 3rd party repository to install it which can set your server under risk." "$SUBTITLE" - if yesno_box_yes "Do you want to install MakeMKV nonetheless?" "$SUBTITLE" - then - print_text_in_color "$ICyan" "Installing $SUBTITLE" - if add-apt-repository ppa:heyarje/makemkv-beta -y - then - apt-get update -q4 & spinner_loading - apt-get install makemkv-oss makemkv-bin -y - print_text_in_color "$ICyan" "$SUBTITLE was successfully installed" - else - msg_box "Something failed while trying to add the new repository" "$SUBTITLE" - fi - fi - fi - unset SUBTITLE - ;;& - *"Nautilus"*) - install_remove_packet nautilus Nautilus - ;;& - *"OnlyOffice"*) - SUBTITLE="OnlyOffice" - if is_this_installed onlyoffice-desktopeditors - then - print_text_in_color "$ICyan" "Uninstalling $SUBTITLE" - apt-get purge onlyoffice-desktopeditors -y - apt-get autoremove -y - rm -f /etc/apt/sources.list.d/onlyoffice-desktopeditors.list - apt-get update -q4 & spinner_loading - print_text_in_color "$ICyan" "$SUBTITLE was successfully uninstalled." - else - msg_box "OnlyOffice Desktop Editors are open source but not existing in the Ubuntu repositories. -Hence, we will add a 3rd-party repository to your server \ -to be able to install and update OnlyOffice Desktop Editors using the apt packet manager. -This can set your server under risk, though!" "$SUBTITLE" - if yesno_box_yes "Do you want to install OnlyOffice Desktop Editors nonetheless?" "$SUBTITLE" - then - print_text_in_color "$ICyan" "Installing $SUBTITLE" - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5 - echo "deb https://download.onlyoffice.com/repo/debian squeeze main" \ -> /etc/apt/sources.list.d/onlyoffice-desktopeditors.list - apt-get update -q4 & spinner_loading - install_if_not onlyoffice-desktopeditors - print_text_in_color "$ICyan" "$SUBTITLE was successfully installed" - fi - fi - unset SUBTITLE - ;;& - *"Picard"*) - install_remove_packet picard Picard - ;;& - *"Sound Juicer"*) - install_remove_packet sound-juicer "Sound Juicer" - ;;& - *"VLC"*) - install_remove_packet vlc VLC - ;;& - *) - ;; -esac - -# Allow to reboot if xrdp was just installed because otherwise the usermod won't apply -if [ -n "$XRDP_INSTALL" ] -then - if yesno_box_yes "Do you want to reboot your server now? -After the initial installation of XRDP it is recommended to reboot the server to apply all settings." - then - reboot - fi -fi - -exit diff --git a/not-supported/restore-backup.sh b/not-supported/restore-backup.sh deleted file mode 100644 index 115169735f..0000000000 --- a/not-supported/restore-backup.sh +++ /dev/null @@ -1,724 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -# shellcheck disable=SC2024 -true -SCRIPT_NAME="Restore Backup" -SCRIPT_EXPLAINER="This script allows to restore Nextcloud and other important data that are \ -stored on the system partition on different installations than the borg-backup was initially made." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check prerequisites -# install whiptail if not already installed -install_if_not whiptail -print_text_in_color "$ICyan" "Checking prerequisites..." -# Check if Restoring is possible -# Check if daily-borg-backup exists -if ! nextcloud_occ_no_check -V || [ -f "$SCRIPTS/daily-borg-backup.sh" ] -then - SNAPSHOT_USED=$(lvs -o name,data_percent | grep "NcVM-reserved" | awk '{print $2}' | sed 's|\..*||' | sed 's|,.*||') - if [ -n "$SNAPSHOT_USED" ] && [ "$SNAPSHOT_USED" -lt 100 ] - then - if yesno_box_no "A usable snapshot was found! \ -Do you want to reset your system to the state before a backup restore was attempted?" - then - lvconvert --merge /dev/ubuntu-vg/NcVM-reserved -y - sleep 1 - msg_box "We will now reboot your system to finalize the merging of the snapshot." - reboot - fi - fi - msg_box "It seems like the daily-borg-backup.sh exists.\nThis is not supported. Please start all over again with a new NcVM." - exit 1 -fi -if [ ! -f "$NCPATH/occ" ] -then - msg_box "It seems like the default Nextcloud is not installed in $NCPATH.\nThis is not supported." - exit 1 -fi -# Check webserveruser -if [ "$(stat -c '%G' "$NCPATH"/occ)" != "www-data" ] -then - msg_box "It seems like the webserveruser is not www-data.\nThis is not supported." - exit 1 -fi -# Check OS_ID -if [ "$(lsb_release -is)" != "Ubuntu" ] -then - msg_box "This script is only meant to run on Ubuntu.\nThis is not supported" - exit 1 -fi -# Check if datadirectory is mnt-ncdata -if [ "$(nextcloud_occ config:system:get datadirectory)" != "$NCDATA" ] -then - msg_box "It seems like the default NCDATA-path is not /mnt/ncdata.\nThis is not supported." - exit 1 -fi -# Check if dbtype is pgsql -if [ "$(nextcloud_occ config:system:get dbtype)" != "pgsql" ] -then - msg_box "It seems like the default dbtype is not postgresql.\nThis is not supported." - exit 1 -fi -# Check if dbname is nextcloud_db -if [ "$(nextcloud_occ config:system:get dbname)" != "nextcloud_db" ] -then - msg_box "It seems like the default dbname is not nextcloud_db.\nThis is not supported." - exit 1 -fi -# Check if dbuser is ncadmin -if [ "$(nextcloud_occ config:system:get dbuser)" != "$PGDB_USER" ] -then - msg_box "It seems like the default dbuser is not $PGDB_USER.\nThis is not supported." - exit 1 -fi -# Check if apache2 is installed -if ! is_this_installed apache2 -then - msg_box "It seems like your webserver is not apache2.\nThis is not supported." - exit 1 -fi -# Check if pending snapshot is existing and cancel the setup in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "It seems to be currently running a backup or update. -Cannot restore the backup now. Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -elif does_snapshot_exist "NcVM-startup" -then - msg_box "Please run the update script once before you can continue." - exit 1 -fi -# Check if snapshot exists -if ! does_snapshot_exist "NcVM-snapshot" -then - msg_box "Unfortunately NcVM-snapshot doesn't exist, hence you are not able to restore the system." - exit 1 -elif ! does_snapshot_exist "NcVM-reserved" -then - lvchange --refresh ubuntu-vg - check_free_space - if [ "$FREE_SPACE" -lt 30 ] - then - msg_box "Unfortunately NcVM-reserved doesn't exist, hence you are not able to restore the system. -If you just restored and merged the snapshot, you might need to reboot the system another time with 'sudo reboot'." - exit 1 - else - if ! lvcreate --size 30G --name "NcVM-reserved" ubuntu-vg - then - msg_box "Could not create NcVM-reserved snapshot! Please reboot your server and try again!" - exit 1 - fi - fi -fi - -# Check if /mnt/ncdata is mounted -if grep -q " /mnt/ncdata " /etc/mtab -then - msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive. -This is currently not supported by this script." - exit 1 -fi -# The same with the /home directory -if grep -q " /home " /etc/mtab -then - msg_box "The '/home' directory is mounted and not existing on the root drive. -This is currently not supported." - exit 1 -fi - -# Ask for execution -msg_box "$SCRIPT_EXPLAINER" -if ! yesno_box_yes "Do you want to restore your server from backup?" -then - exit 1 -fi - -# Mount drive -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - exit 1 -fi - -# Wait until the drive has spin up -countdown "Waiting for the drive to spin up..." 15 - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the partition that you would like to mount. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important to show the partition menu -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}') - PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ") - unset PARTITIONS - mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')" - for partition in "${PARTITIONS[@]}" - do - STATS=$(echo "$PARTITION_STATS" | grep "^$partition ") - FSTYPE=$(echo "$STATS" | awk '{print $2}') - if [ "$FSTYPE" != "ntfs" ] && [ "$FSTYPE" != "btrfs" ] - then - continue - fi - SIZE=$(echo "$STATS" | awk '{print $3}') - UUID=$(echo "$STATS" | awk '{print $4}') - if [ -z "$UUID" ] - then - continue - fi - LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||') - if ! grep -q "$UUID" /etc/fstab - then - args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE") - UUIDS+="$UUID" - else - msg_box "The partition -$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE -is already existing.\n -If you want to remove it, run the following two commands: -sudo sed -i '/$UUID/d' /etc/fstab -sudo reboot" - fi - done -done - -# Check if at least one drive was found -if [ -z "$UUIDS" ] -then - msg_box "No drive found that can get mounted. -Most likely none is NTFS or BTRFS formatted." - exit 1 -fi - -# Show the partition menu -UUID=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$UUID" ] -then - exit 1 -fi - -# Mount the drive -DRIVE_MOUNT="/tmp/backupdrive" -mkdir -p "$DRIVE_MOUNT" -if mountpoint -q "$DRIVE_MOUNT" -then - umount "$DRIVE_MOUNT" -fi -if ! mount UUID="$UUID" "$DRIVE_MOUNT" -then - msg_box "Could not mount the selected drive. Something is wrong." - exit 1 -fi - -# Find borg repository -print_text_in_color "$ICyan" "Searching for the borg repository. Please be patient!\n(This will take max 60s)" -BORG_REPOS=$(timeout 60 find "$DRIVE_MOUNT/" -type f -name config) -if [ -z "$BORG_REPOS" ] -then - msg_box "No borg repository found. Are you sure that drive contains one?\nCannot proceed!" - umount "$DRIVE_MOUNT" - exit 1 -fi -print_text_in_color "$IGreen" "Found:\n$BORG_REPOS" -print_text_in_color "$ICyan" "Checking if the found borg repositories are valid..." -sleep 2 -mapfile -t BORG_REPOS <<< "$BORG_REPOS" -for repository in "${BORG_REPOS[@]}" -do - if grep -q "\[repository\]" "$repository" - then - if ! echo "$repository" | grep -q "/.snapshots/" - then - VALID_REPOS+=("${repository%/config}") - fi - fi -done -if [ -z "${VALID_REPOS[*]}" ] -then - msg_box "No valid borg repository found.\nCannot proceed!" - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Repo menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the borg repository that you would like to use. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -for repository in "${VALID_REPOS[@]}" -do - args+=("$repository" "") -done - -# Show the repo menu -BORG_REPO=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$BORG_REPO" ] -then - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Install borg -print_text_in_color "$ICyan" "Installing borgbackup..." -install_if_not borgbackup - -# Enter password -while : -do - PASSPHRASE=$(input_box_flow "Please enter the passphrase that was used to encrypt your borg backup. - If you want to cancel, type in 'exit' and press '[ENTER]'.") - if [ "$PASSPHRASE" = "exit" ] - then - umount "$DRIVE_MOUNT" - exit 1 - fi - export BORG_PASSPHRASE="$PASSPHRASE" - if ! borg list "$BORG_REPO" >/dev/null - then - msg_box "It seems like the passphrase was wrong. Please try again!" - else - break - fi -done - -# Break the borg lock if it exists because we have the snapshot that prevents such situations -if [ -f "$BORG_REPO/lock.roster" ] -then - print_text_in_color "$ICyan" "Breaking the borg lock..." - borg break-lock "$BORG_REPO" -fi - -# Find available archives -ALL_ARCHIVES=$(borg list "$BORG_REPO") -SYSTEM_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-system-partition" | awk -F "-" '{print $1}' | sort -r) -# Test if at least one valid archive was found -if [ -z "$SYSTEM_ARCHIVES" ] -then - msg_box "Not even one valid archive found. Cannot continue." - restore_original_state - exit 1 -fi -mapfile -t SYSTEM_ARCHIVES <<< "$SYSTEM_ARCHIVES" - -# Create menu to select from available archives -unset args -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup archive that you want to restore. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -for archive in "${SYSTEM_ARCHIVES[@]}" -do - HUMAN_DATE=$(echo "$ALL_ARCHIVES" | grep "$archive" | head -1 | awk '{print $3}') - HUMAN_TIME=$(echo "$ALL_ARCHIVES" | grep "$archive" | head -1 | awk '{print $4}') - args+=("$archive" "The backup was made on $HUMAN_DATE $HUMAN_TIME") -done - -# Show the menu -choice=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$choice" ] -then - msg_box "No archive selected. Exiting." - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Get archive -BORG_ARCHIVE="$choice-NcVM-system-partition" -print_text_in_color "$ICyan" "Using the borg archive $BORG_ARCHIVE..." - -# Test borg archive -msg_box "We've implemented the option to test the extraction of the backup before we start the restore process. -This can take a lot of time though and is because of that not the default." -if yesno_box_no "Do you want to test the extraction of the backup nonetheless?" -then - mkdir -p /tmp/borgextract - cd /tmp/borgextract - if ! borg extract --dry-run --list "$BORG_REPO::$BORG_ARCHIVE" - then - msg_box "Some errors were reported while checking the archive extracting.\nCannot proceed." - umount "$DRIVE_MOUNT" - exit 1 - fi -fi - -# Ask if proceed -if ! yesno_box_no "Do you want to restore your backup? -This is the last step where you can cancel!" -then - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Create snapshot to be able to restore the system to previous state -if ! lvremove /dev/ubuntu-vg/NcVM-reserved -y -then - msg_box "Could not remove NcVM-reserved snapshot. Please reboot your system!" - umount "$DRIVE_MOUNT" - exit 1 -fi -if ! lvcreate --size 30G --snapshot --name "NcVM-reserved" /dev/ubuntu-vg/ubuntu-lv -then - msg_box "Could not create NcVM-reserved snapshot. Please reboot your system!" - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Mount borg backup -BORG_MOUNT=/tmp/borg -SYSTEM_DIR="$BORG_MOUNT/system" -mkdir -p "$BORG_MOUNT" -if ! borg mount "$BORG_REPO::$BORG_ARCHIVE" "$BORG_MOUNT" -then - msg_box "Could not mount the borg archive.\nCannot proceed." - umount "$DRIVE_MOUNT" - exit 1 -fi - -if ! [ -f "$SYSTEM_DIR/$SCRIPTS/nextclouddb.sql" ] && ! [ -f "$SYSTEM_DIR/$SCRIPTS/nextclouddb.dump" ] -then - msg_box "Could not find database dump. this is not supported." - umount "$BORG_MOUNT" - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Maintenance mode -nextcloud_occ_no_check maintenance:mode --on - -# Stop apache -systemctl stop apache2 - -# Delete ncdata and ncpath before restoring -rm -rf "$NCPATH" -rm -rf "$NCDATA" - -# Important folders -# manually include -IMPORTANT_FOLDERS=(home/plex home/bitwarden_rs home/bitwarden home/vaultwarden "$SCRIPTS" mnt media "$NCPATH" root/.smbcredentials) -for directory in "${IMPORTANT_FOLDERS[@]}" -do - directory="${directory#/*}" - if echo "$directory" | grep -q '/' - then - PARENT3="${directory%/*}" - PARENT2="${PARENT3%/*}" - PARENT1="${PARENT2%/*}" - for parent in "$PARENT1" "$PARENT2" "$PARENT3" - do - if [ -n "$parent" ] - then - INCLUDE_DIRS+=(--include="$parent") - fi - done - fi - INCLUDE_DIRS+=(--include="$directory/***") -done - -# Important files -IMPORTANT_FILES=(var/lib/samba/private/passdb.tdb var/lib/samba/private/secrets.tdb etc/samba/smb.conf) -for file in "${IMPORTANT_FILES[@]}" -do - if echo "$file" | grep -q '/' - then - PARENT4="${file%/*}" - PARENT3="${PARENT4%/*}" - PARENT2="${PARENT3%/*}" - PARENT1="${PARENT2%/*}" - for parent in "$PARENT1" "$PARENT2" "$PARENT3" "$PARENT4" - do - if [ -n "$parent" ] - then - INCLUDE_DIRS+=(--include="$parent") - fi - done - fi - INCLUDE_FILES+=(--include="$file") -done - -# Exclude some dirs -EXCLUDE_DIRECTORIES=("home/plex/config/Library/Application Support/Plex Media Server/Cache" "$NCDATA"/appdata_*/preview "$NCDATA"/*/files_trashbin "$NCDATA"/*/files_versions mnt/NCBACKUP mnt/NCBACKUP-OLD "$NCDATA"/*/uploads) -for directory in "${EXCLUDE_DIRECTORIES[@]}" -do - directory="${directory#/*}" - EXCLUDE_DIRS+=(--exclude "$directory/*") -done - -# Restore files -# Rsync include/exclude patterns: https://stackoverflow.com/a/48010623 -if ! rsync --archive --delete --human-readable --one-file-system -vv \ -"${EXCLUDE_DIRS[@]}" "${INCLUDE_DIRS[@]}" "${INCLUDE_FILES[@]}" --exclude='*' "$SYSTEM_DIR/" / -then - msg_box "An issue was reported while restoring all needed files." - umount "$BORG_MOUNT" - umount "$DRIVE_MOUNT" - exit 1 -fi - -# Database -print_text_in_color "$ICyan" "Restoring the database..." -DB_PASSWORD=$(grep "dbpassword" "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g") -OLD_DB_USER=$(grep "dbuser" "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g") -set -e -sudo -Hiu postgres psql -c "ALTER USER $PGDB_USER WITH PASSWORD '$DB_PASSWORD'" -sudo -Hiu postgres psql -c "DROP DATABASE nextcloud_db;" -sudo -Hiu postgres psql -c "CREATE DATABASE nextcloud_db WITH OWNER $PGDB_USER TEMPLATE template0 ENCODING \"UTF8\";" -if [ "$OLD_DB_USER" != "$PGDB_USER" ] -then - sudo -Hiu postgres psql -c "CREATE USER $OLD_DB_USER WITH PASSWORD '$PGDB_PASS'"; -fi -set +e - -if [ -f "$SCRIPTS/nextclouddb.dump" ] -then - if ! sudo -Hiu postgres psql nextcloud_db < "$SCRIPTS/nextclouddb.dump" - then - msg_box "An issue was reported while restoring the database." - umount "$BORG_MOUNT" - umount "$DRIVE_MOUNT" - exit 1 - fi -else - msg_box "Did not find database dump. Cannot continue." - umount "$BORG_MOUNT" - umount "$DRIVE_MOUNT" - exit 1 -fi - -set -e -if [ "$OLD_DB_USER" != "$PGDB_USER" ] -then - sudo -Hiu postgres psql -c "ALTER DATABASE nextcloud_db OWNER TO \"$PGDB_USER\""; - sudo -Hiu postgres psql nextcloud_db -c "REASSIGN OWNED BY \"$OLD_DB_USER\" TO \"$PGDB_USER\""; - sudo -Hiu postgres psql -c "DROP USER \"$OLD_DB_USER\""; -fi -set +e - -# Change dbuser to new one -sed -i "s|'dbuser' =>.*,|'dbuser' => '$PGDB_USER',|" "$NCPATH/config/config.php" - -# NTFS -if grep -q " ntfs-3g " "$SYSTEM_DIR/etc/fstab" -then - grep " ntfs-3g " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab -fi - -# BTRFS -if grep -q " btrfs " "$SYSTEM_DIR/etc/fstab" -then - grep " btrfs " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab -fi - -# Dislocker -if grep -q " fuse.dislocker " "$SYSTEM_DIR/etc/fstab" -then - print_text_in_color "$ICyan" "Installing dislocker..." - install_if_not dislocker - grep " fuse.dislocker " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab -fi - -# Cifs-utils -if grep -q " cifs " "$SYSTEM_DIR/etc/fstab" -then - # Install all tools - print_text_in_color "$ICyan" "Installing cifs-utils..." - install_if_not keyutils - install_if_not cifs-utils - install_if_not winbind - if [ "$(grep "^hosts:" /etc/nsswitch.conf | grep wins)" == "" ] - then - sed -i '/^hosts/ s/$/ wins/' /etc/nsswitch.conf - fi - grep " cifs " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab -fi - -# Veracrypt -if [ -f "$SYSTEM_DIR/$SCRIPTS/veracrypt-automount.sh" ] -then - print_text_in_color "$ICyan" "Installing veracrypt... This can take a long time!" - add-apt-repository ppa:unit193/encryption -y - apt-get update -q4 & spinner_loading - apt-get install veracrypt --no-install-recommends -y - # No need to copy the file since it is already synced via rsync - # Create startup service - cat << SERVICE > /etc/systemd/system/veracrypt-automount.service -[Unit] -Description=Mount Veracrypt Devices -After=boot.mount -Before=network.target - -[Service] -Type=forking -ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh -TimeoutStopSec=1 - -[Install] -WantedBy=multi-user.target -SERVICE - systemctl enable veracrypt-automount -fi - -# SMB-server -if grep -q "^smb-users:" "$SYSTEM_DIR/etc/group" -then - SMB_USERS=$(grep "^smb-users:" "$SYSTEM_DIR/etc/group" | cut -d ":" -f 4 | sed 's|,| |g') - read -r -a SMB_USERS <<< "$SMB_USERS" - groupadd "smb-users" - for user in "${SMB_USERS[@]}" - do - adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "$user" &>/dev/null - usermod --append --groups smb-users,www-data "$user" - done - DEBIAN_FRONTEND=noninteractive apt-get install samba -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" - # No need to sync files since they are already synced via rsync -fi - -# Previewgenerator -if grep -q 'Movie' "$SYSTEM_DIR/$NCPATH/config/config.php" -then - install_if_not ffmpeg -fi -if grep -q 'Photoshop\|SVG\|TIFF' "$SYSTEM_DIR/$NCPATH/config/config.php" -then - install_if_not php-imagick - install_if_not libmagickcore-6.q16-3-extra -fi - -# Restore old redis password -REDIS_PASS=$(grep \'password\' "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g") -sed -i "s|^requirepass.*|requirepass $REDIS_PASS|g" /etc/redis/redis.conf -# Restart redis -systemctl restart redis -# Flush redis -redis-cli -s /var/run/redis/redis-server.sock -c FLUSHALL - -# Start web server -systemctl start apache2 - -# Import old crontabs -grep -v '^#' "$SYSTEM_DIR/var/spool/cron/crontabs/root" | crontab -u root - -grep -v '^#' "$SYSTEM_DIR/var/spool/cron/crontabs/www-data" | crontab -u www-data - - -# Umount the backup drive -umount "$BORG_MOUNT" -umount "$DRIVE_MOUNT" - -# Connect all drives -while : -do - msg_box "Restore completed! -Nextcloud and the the most important files and configurations were restored!\n -Please connect all external drives that were connected to the old server now!" - if yesno_box_no "Did you connect all drives?" - then - break - fi -done -# Mount all drives -print_text_in_color "$ICyan" "Mounting all drives..." -mount -a -v -if [ -f "$SCRIPTS/veracrypt-automount.sh" ] -then - bash "$SCRIPTS/veracrypt-automount.sh" -fi - -# Show info -msg_box "We will now adjust a few last things." - -# Disable maintenance mode -nextcloud_occ_no_check maintenance:mode --off - -# Update the system data-fingerprint -nextcloud_occ_no_check maintenance:data-fingerprint - -# repairing the Database, if it got corupted -nextcloud_occ_no_check maintenance:repair - -# Appending the new ip to trusted domains -add_to_trusted_domains "$ADDRESS" - -# Cleanup trashbin and files_versions because we removed them -nextcloud_occ_no_check trashbin:cleanup --all-users -vvv -nextcloud_occ_no_check versions:cleanup -vvv - -# Rescan appdata because we removed all previews -nextcloud_occ_no_check files:scan-app-data -vvv - -# Test Nextcloud automatically -if ! nextcloud_occ_no_check -V -then - msg_box "Something failed while restoring Nextcloud.\nPlease try again!" - exit 1 -fi - -# Restart samba -if is_this_installed samba -then - print_text_in_color "$ICyan" "Restarting Samba..." - update-rc.d smbd defaults - update-rc.d smbd enable - service smbd restart - update-rc.d nmbd enable - service nmbd restart -fi - -# Test Nextcloud manually -msg_box "The time has come to login to your Nextcloud in a Browser \ -by opening 'https://$ADDRESS' to check if Nextcloud works as expected. -(e.g. check the Nextcloud logs and try out all installed apps). -If yes, just press '[ENTER]'." - -# Last popup -msg_box "Restore completed!\n -You can now simply reinstall all apps and addons that were installed on your server before!\n -Those need to get installed (if they were installed on the old server before): -Geoblocking, Disk Monitoring, Fail2Ban, ClamAV, SMTP Mail, DDclient, Activate TLS, OnlyOffice, Push Notifications for Nextcloud, \ -High-Performance backend for Nextcloud Talk, Whiteboard for Nextcloud, Extract for Nextcloud, Vaultwarden, Pi-hole, PiVPN, \ -Plex Media Server, Previewgenerator, Remotedesktop and Midnight Commander.\n -Note: -Vaultwarden and Plex Media Server files were restored (if they were installed before) but the containers need to get \ -installed again to make them run with the restored files." diff --git a/not-supported/rsyncbackup.sh b/not-supported/rsyncbackup.sh deleted file mode 100644 index 1f68e00b03..0000000000 --- a/not-supported/rsyncbackup.sh +++ /dev/null @@ -1,284 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Rsync Backup" -SCRIPT_EXPLAINER="This script creates the off-shore backup of your server." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -LVM_MOUNT="/system" -START_TIME=$(date +%s) -CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S") -CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S") -LOG_FILE="$VMLOGS/rsyncbackup-$CURRENT_DATE.log" -# This is needed for running via cron -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin - -# Functions -inform_user() { - echo -e "\n\n# $2" - print_text_in_color "$1" "$2" -} -paste_log_file() { - cat "$LOG_FILE" >> "$RSYNC_BACKUP_LOG" - echo -e "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" >> "$RSYNC_BACKUP_LOG" -} -remove_log_file() { - rm "$LOG_FILE" -} -show_drive_usage() { - inform_user "$ICyan" "Showing drive usage..." - lsblk -o FSUSE%,SIZE,MOUNTPOINT,NAME | grep -v "loop[0-9]" | grep "%" | sed 's|`-||;s/|-//;s/ | //' - echo "" - df -h | grep -v "loop[0-9]" | grep -v "tmpfs" | grep -v "^udev" | grep -v "^overlay" -} -send_error_mail() { - if [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - inform_user "$ICyan" "Unmounting the off-shore backup drive..." - umount "$BACKUP_MOUNTPOINT" - fi - if [ -d "$BACKUP_SOURCE_DIRECTORY" ] - then - if [ -z "$DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE" ] - then - inform_user "$ICyan" "Unmounting the backup drive..." - umount "$BACKUP_SOURCE_MOUNTPOINT" - fi - fi - get_expiration_time - inform_user "$IRed" "Off-shore backup sent error on $END_DATE_READABLE ($DURATION_READABLE)" - inform_user "$IRed" "Off-shore backup failed! $1" - if ! send_mail "Off-shore backup failed! $1" "$(cat "$LOG_FILE")" - then - notify_admin_gui \ - "Off-shore backup failed! Though mail sending didn't work!" \ - "Please look at the log file $LOG_FILE if you want to find out more." - paste_log_file - else - paste_log_file - remove_log_file - fi - exit 1 -} -re_rename_snapshot() { - inform_user "$ICyan" "Re-renaming the snapshot..." - if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot - then - return 1 - else - return 0 - fi -} -get_expiration_time() { - END_TIME=$(date +%s) - END_DATE_READABLE=$(date --date @"$END_TIME" +"%d.%m.%Y - %H:%M:%S") - DURATION=$((END_TIME-START_TIME)) - DURATION_SEC=$((DURATION % 60)) - DURATION_MIN=$(((DURATION / 60) % 60)) - DURATION_HOUR=$((DURATION / 3600)) - DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC) -} - -# Write output to logfile. -exec > >(tee -i "$LOG_FILE") -exec 2>&1 - -# Send mail that backup was started -if ! send_mail "Off-shore backup started!" "You will be notified again when the backup is finished! -Please don't restart or shutdown your server until then!" -then - notify_admin_gui "Off-shore backup started!" "You will be notified again when the backup is finished! -Please don't restart or shutdown your server until then!" -fi - -# Start backup -inform_user "$IGreen" "Off-shore backup started! $CURRENT_DATE_READABLE" - -# Check if the file exists -if ! [ -f "$SCRIPTS/off-shore-rsync-backup.sh" ] -then - send_error_mail "The off-shore-rsync-backup.sh doesn't exist." -fi - -# Check if all needed variables are there (they get exported by the local off-shore-rsync-backup.sh) -if [ -z "$BACKUP_TARGET_DIRECTORY" ] || [ -z "$BACKUP_MOUNTPOINT" ] || [ -z "$RSYNC_BACKUP_LOG" ] \ -|| [ -z "$BACKUP_SOURCE_MOUNTPOINT" ] || [ -z "$BACKUP_SOURCE_DIRECTORY" ] -then - send_error_mail "Didn't get all needed variables." -fi - -# Check if pending snapshot is existing and cancel the backup in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1 - msg_box "The snapshot pending does exist. Can currently not proceed. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - send_error_mail "NcVM-snapshot-pending exists. Please try again later!" -fi - -# Check if snapshot can get created -if ! does_snapshot_exist "NcVM-snapshot" -then - send_error_mail "NcVM-snapshot doesn't exists." -fi - -# Check if at least one daily backup drive has run -BORGBACKUP_LOG="$(grep "^export BORGBACKUP_LOG" "$SCRIPTS/daily-borg-backup.sh" \ -| sed 's|.*BORGBACKUP_LOG="||' | sed 's|"$||')" -if [ -z "$BORGBACKUP_LOG" ] || ! [ -f "$BORGBACKUP_LOG" ] || ! grep -q "Backup finished on" "$BORGBACKUP_LOG" -then - send_error_mail "Not even one daily backup was successfully created. Please wait for that first." -fi - -# Prepare backup repository -inform_user "$ICyan" "Mounting the daily backup drive..." -if ! [ -d "$BACKUP_SOURCE_DIRECTORY" ] -then - mount "$BACKUP_SOURCE_MOUNTPOINT" &>/dev/null - if ! [ -d "$BACKUP_SOURCE_DIRECTORY" ] - then - send_error_mail "Could not mount the daily backup drive. Is it connected?" - fi -fi - -# Prepare backup repository -inform_user "$ICyan" "Mounting the off-shore backup drive..." -if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] -then - mount "$BACKUP_MOUNTPOINT" &>/dev/null - if ! [ -d "$BACKUP_TARGET_DIRECTORY" ] - then - send_error_mail "Could not mount the off-shore backup drive. Please connect it!" - fi -fi - -# Check daily backup -rm -f /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL -export SKIP_DAILY_BACKUP_CREATION=1 -bash "$SCRIPTS/daily-borg-backup.sh" -if ! [ -f "/tmp/DAILY_BACKUP_CHECK_SUCCESSFUL" ] -then - send_error_mail "Daily backup check failed!" \ - "Backup check was unsuccessful! $(date +%T)" -fi - -# Test if btrfs volume -if grep " $BACKUP_MOUNTPOINT " /etc/mtab | grep -q btrfs -then - IS_BTRFS_PART=1 - mkdir -p "$BACKUP_MOUNTPOINT/.snapshots" - btrfs subvolume snapshot -r "$BACKUP_MOUNTPOINT" "$BACKUP_MOUNTPOINT/.snapshots/@$CURRENT_DATE" - while [ "$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt 4 ] - do - DELETE_SNAP="$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)" - btrfs subvolume delete "$DELETE_SNAP" - done -fi - -# Check if pending snapshot is existing and cancel the backup in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1 - msg_box "The snapshot pending does exist. Can currently not proceed. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - send_error_mail "NcVM-snapshot-pending exists. Please try again later!" -fi - -# Rename the snapshot to represent that the backup is pending -inform_user "$ICyan" "Renaming the snapshot..." -if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending -then - send_error_mail "Could not rename the snapshot to snapshot-pending." -fi - -# Create the backup -inform_user "$ICyan" "Creating the off-shore backup..." -if ! rsync --archive --human-readable --delete --stats "$BACKUP_SOURCE_DIRECTORY/" "$BACKUP_TARGET_DIRECTORY" -then - show_drive_usage - re_rename_snapshot - send_error_mail "Something failed during the rsync job." -fi - -# Adjust permissions and scrub volume -if [ -n "$IS_BTRFS_PART" ] -then - inform_user "$ICyan" "Adjusting permissions..." - find "$BACKUP_MOUNTPOINT/" -not -path "$BACKUP_MOUNTPOINT/.snapshots/*" \ -\( ! -perm 600 -o ! -group root -o ! -user root \) -exec chmod 600 {} \; -exec chown root:root {} \; - inform_user "$ICyan" "Making sure that all data is written out correctly by waiting 10 min..." - # This fixes an issue where checksums are not yet created before the scrub command runs which then reports checksum errors - if ! sleep 10m - then - re_rename_snapshot - send_error_mail "Some errors were reported while waiting for the data to get written out." - fi - inform_user "$ICyan" "Scrubbing BTRFS partition..." - if ! btrfs scrub start -B "$BACKUP_MOUNTPOINT" - then - re_rename_snapshot - send_error_mail "Some errors were reported while scrubbing the BTRFS partition." - fi -fi - -# Rename the snapshot back to normal -if ! re_rename_snapshot -then - send_error_mail "Could not rename the snapshot-pending to snapshot." -fi - -# Print usage of drives into log -show_drive_usage - -# Unmount the backup drive -inform_user "$ICyan" "Unmounting the off-shore backup drive..." -if mountpoint -q "$BACKUP_MOUNTPOINT" && ! umount "$BACKUP_MOUNTPOINT" -then - send_error_mail "Could not unmount the off-shore backup drive!" -fi - -# Unmount the backup drive -inform_user "$ICyan" "Unmounting the daily backup drive..." -if mountpoint -q "$BACKUP_SOURCE_MOUNTPOINT" && ! umount "$BACKUP_SOURCE_MOUNTPOINT" -then - send_error_mail "Could not unmount the daily backup drive!" -fi - -# Resetting the timer for off-shore backups -inform_user "$ICyan" "Resetting the timer for off-shore backups..." -sed -i 's|^DAYS_SINCE_LAST_BACKUP.*|DAYS_SINCE_LAST_BACKUP=0|' "$SCRIPTS/off-shore-rsync-backup.sh" - -# Show expiration time -get_expiration_time -inform_user "$IGreen" "Off-shore backup finished on $END_DATE_READABLE ($DURATION_READABLE)" - -# Send mail about successful backup -if ! send_mail "Off-shore backup successful! You can now disconnect the off-shore backup drive!" "$(cat "$LOG_FILE")" -then - notify_admin_gui \ - "Off-shore backup successful! Though mail sending didn't work!" \ - "You can now disconnect the off-shore backup drive! \ -Please look at the log file $LOG_FILE if you want to find out more." - paste_log_file -else - paste_log_file - remove_log_file -fi - -exit \ No newline at end of file diff --git a/not-supported/smbserver.sh b/not-supported/smbserver.sh deleted file mode 100644 index 4d8fb83d7f..0000000000 --- a/not-supported/smbserver.sh +++ /dev/null @@ -1,1513 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="SMB Server" -SCRIPT_EXPLAINER="This script allows you to create a SMB-server from your Nextcloud-VM. -It helps you manage all SMB-users and SMB-shares. -As bonus feature you can automatically mount the chosen directories to Nextcloud and \ -create Nextcloud users with the same credentials like your SMB-users." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -SMB_CONF="/etc/samba/smb.conf" -SMB_GROUP="smb-users" -PROHIBITED_NAMES=(global homes netlogon profiles printers print$ root ncadmin "$SMB_GROUP" plex pi-hole placeholder_for_last_space) -WEB_GROUP="www-data" -WEB_USER="www-data" -MAX_COUNT=16 - -# Install whiptail if not already -install_if_not whiptail - -# Check MAX_COUNT -if ! [ $MAX_COUNT -gt 0 ] -then - msg_box "The MAX_COUNT variable has to be a positive integer, greater than 0. Please change it accordingly. \ - Recommended is MAX_COUNT=16, because not all menus work reliably with a higher count." - exit -fi - -# Show install_popup -if ! is_this_installed samba -then - # Ask for installing - install_popup "$SCRIPT_NAME" -fi - -# Find mounts -print_text_in_color "$ICyan" "Getting all valid mounts. This can take a while..." -DIRECTORIES=$(find /mnt/ -mindepth 1 -maxdepth 2 -type d | grep -v "/mnt/ncdata") -mapfile -t DIRECTORIES <<< "$DIRECTORIES" -for directory in "${DIRECTORIES[@]}" -do - if mountpoint -q "$directory" && [ "$(stat -c '%a' "$directory")" = "770" ] \ -&& [ "$(stat -c '%U' "$directory")" = "$WEB_USER" ] && [ "$(stat -c '%G' "$directory")" = "$WEB_GROUP" ] - then - MOUNTS+=("$directory/") - fi -done -if [ -z "${MOUNTS[*]}" ] -then - msg_box "No usable drive found. You have to mount a new drive in /mnt." - exit 1 -fi - -# Install all needed tools -install_if_not samba - -# Add firewall rules -ufw allow samba comment Samba &>/dev/null - -# Use SMB3 -if ! grep -q "^protocol" "$SMB_CONF" -then - sed -i '/\[global\]/a protocol = SMB3' "$SMB_CONF" -else - sed -i 's|^protocol =.*|protocol = SMB3|' "$SMB_CONF" -fi - -# Hide SMB-shares from SMB-users that have no read permission -if ! grep -q "access based share enum" "$SMB_CONF" -then - sed -i '/\[global\]/a access based share enum = yes' "$SMB_CONF" -else - sed -i 's|.*access based share enum =.*|access based share enum = yes|' "$SMB_CONF" -fi - -# Activate encrypted transfer if AES-NI is enabled (passwords are encrypted by default) -install_if_not cpuid -if cpuid | grep " AES" | grep -q true -then - if ! grep -q "^smb encrypt =" "$SMB_CONF" - then - sed -i '/\[global\]/a smb encrypt = desired' "$SMB_CONF" - else - sed -i 's|^smb encrypt =.*|smb encrypt = desired|' "$SMB_CONF" - fi -fi - -# Set netbios name to a fixed name to reach the server always by using nextcloud -if ! grep -q "netbios name =" "$SMB_CONF" -then - sed -i '/\[global\]/a netbios name = nextcloud' "$SMB_CONF" -else - sed -i 's|.*netbios name =.*|netbios name = nextcloud|' "$SMB_CONF" -fi - -# Disable the [homes] share by default only if active -if grep -q "^\[homes\]" "$SMB_CONF" -then - msg_box "We will disable the SMB-users home-shares since they are not existing." - sed -i 's|^\[homes\]|\;\[homes\]|' "$SMB_CONF" -fi - -# Samba stop function -samba_stop() { - print_text_in_color "$ICyan" "Stopping the SMB-server..." - systemctl stop smbd -} - -# Samba start function -samba_start() { - print_text_in_color "$ICyan" "Starting the SMB-server..." - systemctl start smbd -} - -# Get SMB users -get_users() { - grep "^$1:" /etc/group | cut -d ":" -f 4 | sed 's|,| |g' -} - -# Choose from a list of SMB-user -smb_user_menu() { - args=(whiptail --title "$TITLE - $2" --checklist \ -"$1 -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - USERS=$(get_users "$SMB_GROUP") - read -r -a USERS <<< "$USERS" - for user in "${USERS[@]}" - do - args+=("$user " "" OFF) - done - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) -} - -# Choose a correct password -choose_password() { -while : -do - PASSWORD=$(input_box_flow "$1 -You can cancel by typing in 'exit' and pressing [ENTER]." "$2") - if [ "$PASSWORD" = "exit" ] - then - return 1 - elif [[ "$PASSWORD" = *" "* ]] - then - msg_box "Please don't use spaces." "$2" - elif [[ "$PASSWORD" = *"\\"* ]] - then - msg_box "Please don't use backslashes." "$2" - else - break - fi -done -} - -# Choose a correct username -choose_username() { -local NEWNAME_TRANSLATED -while : -do - NEWNAME=$(input_box_flow "$1\nAllowed characters are only 'a-z' 'A-Z' '-' and '0-9'. -Also, the username needs to start with a letter to be valid. -If you want to cancel, just type in 'exit' and press [ENTER]." "$2") - if [[ "$NEWNAME" == *" "* ]] - then - msg_box "Please don't use spaces." "$2" - elif ! [[ "$NEWNAME" =~ ^[a-zA-Z][-a-zA-Z0-9]+$ ]] - then - msg_box "Allowed characters are only 'a-z' 'A-Z '-' and '0-9'. -Also, the username needs to start with a letter to be valid." "$2" - elif [ "$NEWNAME" = "exit" ] - then - return 1 - elif id "$NEWNAME" &>/dev/null - then - msg_box "The user already exists. Please try again." "$2" - elif grep -q "^$NEWNAME:" /etc/group - then - msg_box "There is already a group with this name. Please try another one." "$2" - elif echo "${PROHIBITED_NAMES[@]}" | grep -q "$NEWNAME " - then - msg_box "Please don't use this name." "$2" - else - break - fi -done -} - -# Add a SMB-user -add_user() { - local NEWNAME_TRANSLATED - local NEXTCLOUD_USERS - local HASH - local SUBTITLE="Add a SMB-user" - - # Add the SMB-group as soon as trying to create a SMB-user - if ! grep -q "^$SMB_GROUP:" /etc/group - then - groupadd "$SMB_GROUP" - fi - - # Choose the username - if ! choose_username "Please enter the name of the new SMB-user." "$SUBTITLE" - then - return - fi - - # Choose the password - if ! choose_password "Please type in the password for the new smb-user $NEWNAME" "$SUBTITLE" - then - return - fi - - # Create the user if everything is correct - check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "$NEWNAME" - check_command echo -e "$PASSWORD\n$PASSWORD" | smbpasswd -s -a "$NEWNAME" - - # Modify the groups of the SMB-user - check_command usermod --append --groups "$SMB_GROUP","$WEB_GROUP" "$NEWNAME" - - # Inform the user - msg_box "The smb-user $NEWNAME was successfully created. - -If this is the first SMB-user, that you have created, you should be able to create a new SMB-share now by \ -returning to the Main Menu of this script and choosing from there 'SMB-share Menu' -> 'create a SMB-share'. -Suggested is though, creating all needed SMB-users first." "$SUBTITLE" - - # Test if NC exists - if ! [ -f $NCPATH/occ ] - then - unset PASSWORD - return - # If NC exists, offer to create a NC user - elif ! yesno_box_no "Do you want to create a Nextcloud user with the same credentials? -Please note that this option could be a security risk, if the chosen password was too simple." "$SUBTITLE" - then - return - fi - - # Check if the user already exists - NEWNAME_TRANSLATED=$(echo "$NEWNAME" | tr "[:upper:]" "[:lower:]") - NEXTCLOUD_USERS=$(nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||' | tr "[:upper:]" "[:lower:]") - if echo "$NEXTCLOUD_USERS" | grep -q "^$NEWNAME_TRANSLATED$" - then - msg_box "This Nextcloud user already exists. No chance to add it as a user to Nextcloud." "$SUBTITLE" - return - fi - - # Create the NC user, if it not already exists - OC_PASS="$PASSWORD" - unset PASSWORD - export OC_PASS - check_command su -s /bin/sh "$WEB_USER" -c "php $NCPATH/occ user:add $NEWNAME --password-from-env" - unset OC_PASS - - # Create files directory for that user - if ! [ -d "$NCDATA" ] - then - msg_box "Something is wrong: $NCDATA does not exist." "$SUBTITLE" - return - fi - mkdir -p "$NCDATA/$NEWNAME/files" - chown -R "$WEB_USER":"$WEB_GROUP" "$NCDATA/$NEWNAME" - chmod -R 770 "$NCDATA/$NEWNAME" - - # Inform the user - msg_box "The new Nextcloud user $NEWNAME was successfully created." "$SUBTITLE" - - # Configure mail address - msg_box "It is recommended to set a mail address for every Nextcloud user \ -so that Nextcloud is able to send mails to them." - if ! yesno_box_yes "Do you want to add a mail address to this user?" - then - return - fi - while : - do - MAIL_ADDRESS="$(input_box_flow "Please type in the mail-address of the new Nextcloud user $NEWNAME! -This mail-address needs to be valid. Otherwise Nextcloud won't be able to send mails to that user. -If you want to cancel, just type in 'exit' and press [ENTER]." "$SUBTITLE")" - if [ "$MAIL_ADDRESS" = "exit" ] - then - return - elif ! echo "$MAIL_ADDRESS" | grep -q "@" || echo "$MAIL_ADDRESS" | grep -q " " \ -|| echo "$MAIL_ADDRESS" | grep -q "^@" || echo "$MAIL_ADDRESS" | grep -q "@$" - then - msg_box "The mail-address isn't valid. Please try again!" - else - nextcloud_occ user:setting "$NEWNAME" settings email "$MAIL_ADDRESS" - msg_box "Congratulations!\nThe mail-address of $NEWNAME was successfully set to $MAIL_ADDRESS!" - break - fi - done -} - -# Show all SMB-shares from a SMB-user -show_user() { - local CACHE - local USERS - local selected_options="" - local SELECTED_USER - local count - local RESULT="" - local SMB_NAME - local SMB_PATH - local TEST="" - local args - unset args - USERS=$(get_users "$SMB_GROUP") - read -r -a USERS <<< "$USERS" - local SUBTITLE="Show all SMB-shares from a SMB-user" - - # Choose from a list of SMB-users - args=(whiptail --title "$TITLE - $SUBTITLE" --menu \ -"Please choose for which SMB-user you want to show all SMB-shares. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - for user in "${USERS[@]}" - do - args+=("$user " "") - done - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - for user in "${USERS[@]}" - do - if [[ "$selected_options" == *"$user "* ]] - then - SELECTED_USER="$user" - break - fi - done - - # Return if none chosen - if [ -z "$SELECTED_USER" ] - then - return - fi - - # Show if list with SMB-shares of the chosen SMB-user - count=1 - args=(whiptail --title "$TITLE - $SUBTITLE" --separate-output --checklist \ -"Please choose which shares of $SELECTED_USER you want to show. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF" | grep -v "^#SMB$count-start" | grep -v "^#SMB$count-end" ) - if echo "$CACHE" | grep "valid users = " | grep -q "$SELECTED_USER, " - then - SMB_NAME=$(echo "$CACHE" | grep "^\[.*\]$" | tr -d "[]") - SMB_PATH=$(echo "$CACHE" | grep "path") - args+=("$SMB_NAME" "$SMB_PATH" OFF) - TEST+="$SMB_NAME" - fi - count=$((count+1)) - done - - # Return if no share for that user created - if [ -z "$TEST" ] - then - msg_box "No share for $SELECTED_USER created. Please create a share first." "$SUBTITLE" - return - fi - - # Show a msg_box with each SMB-share that was selected - unset selected_options - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - mapfile -t selected_options <<< "$selected_options" - for element in "${selected_options[@]}" - do - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF" | grep -v "^#SMB$count-start" | grep -v "^#SMB$count-end") - if echo "$CACHE" | grep -q "\[$element\]" - then - msg_box "The shares of $SELECTED_USER:\n\n$CACHE" "$SUBTITLE" - fi - count=$((count+1)) - done - done -} - -# Change the password of SMB-users -change_password() { -local NEXTCLOUD_USERS -local HASH -local SUBTITLE="Change the password of SMB-users" - -# Show a list with SMB-users -smb_user_menu "Please choose for which user you want to change the password." "$SUBTITLE" -for user in "${USERS[@]}" -do - if [[ "${selected_options[*]}" == *"$user "* ]] - then - # Type in the new password of the chosen SMB-user - if ! choose_password "Please type in the new password for $user" "$SUBTITLE" - then - continue - fi - - # Change it to the new one if correct - check_command echo -e "$PASSWORD\n$PASSWORD" | smbpasswd -s -a "$user" - - # Inform the user - msg_box "The password for $user was successfully changed." "$SUBTITLE" - if ! [ -f $NCPATH/occ ] - then - unset PASSWORD - continue - # Offer the possibility to change the password of the same NC user, if existing, too - elif yesno_box_no "Do you want to change the password of a Nextcloud account with the same name $user \ -to the same password?\nThis most likely only applies, if you created your Nextcloud users with this script. -Please not that this will forcefully log out all devices from this user, so it should only be used in case." "$SUBTITLE" - then - # Warn about consequences - if ! yesno_box_no "Do you really want to do this? It will \ -forcefully log out all devices from this Nextcloud user $user" "$SUBTITLE" - then - continue - fi - else - continue - fi - - # Check if a NC account with the same name exists - NEXTCLOUD_USERS=$(nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||') - if ! echo "$NEXTCLOUD_USERS" | grep -q "^$user$" - then - msg_box "There doesn't exist any user with this name $user in Nextcloud. \ -No chance to change the password of the Nextcloud account." "$SUBTITLE" - continue - fi - - # Change the password of the NC account if existing - OC_PASS="$PASSWORD" - unset PASSWORD - export OC_PASS - check_command su -s /bin/sh "$WEB_USER" -c "php $NCPATH/occ user:resetpassword $user --password-from-env" - unset OC_PASS - - # Inform the user - msg_box "The password for the Nextcloud account $user was successful changed." "$SUBTITLE" - fi -done -} - -# Change the username of a SMB-user -change_username() { -local SUBTITLE="Change the username of a SMB-user" -# Show a list with SMB-user -smb_user_menu "Please choose for which SMB-user you want to change the username." "$SUBTITLE" -for user in "${USERS[@]}" -do - if [[ "${selected_options[*]}" == *"$user "* ]] - then - # Ask for a new username for the chosen SMB-user - if ! choose_username "Please enter the new username for $user" "$SUBTITLE" - then - continue - fi - - # Apply it if everything correct - samba_stop - check_command usermod -l "$NEWNAME" "$user" - check_command groupmod -n "$NEWNAME" "$user" - check_command sed -i "/valid users = /s/$user, /$NEWNAME, /" "$SMB_CONF" - samba_start - - # Inform the user - msg_box "The username for $user was successfully changed to $NEWNAME." "$SUBTITLE" - continue - fi -done -} - -# Delete SMB-users -delete_user() { -local SUBTITLE="Delete SMB-users" -# Show a list with SMB-user -smb_user_menu "Please choose which SMB-users you want to delete." "$SUBTITLE" -for user in "${USERS[@]}" -do - if [[ "${selected_options[*]}" == *"$user "* ]] - then - # Delete all chosen SMB-user - samba_stop - check_command deluser --quiet "$user" - check_command sed -i "/valid users = /s/$user, //" "$SMB_CONF" - samba_start - - # Inform the user - msg_box "$user was successfully deleted." "$SUBTITLE" - fi -done -} - -# User menu -user_menu() { -while : -do - choice=$(whiptail --title "$TITLE - SMB-user Menu" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Add a SMB-user" "" \ -"Show all SMB-shares from a SMB-user" "" \ -"Change the password of SMB-users" "" \ -"Change the username of SMB-users" "" \ -"Delete SMB-users" "" \ -"Return to the Main Menu" "" 3>&1 1>&2 2>&3) - - if [ -n "$choice" ] && [ "$choice" != "Add a SMB-user" ] && [ "$choice" != "Return to the Main Menu" ] && [ -z "$(get_users "$SMB_GROUP")" ] - then - msg_box "Please create at least one SMB-user before doing anything else." - else - case "$choice" in - "Add a SMB-user") - add_user - ;; - "Show all SMB-shares from a SMB-user") - show_user - ;; - "Change the password of SMB-users") - change_password - ;; - "Change the username of SMB-users") - change_username - ;; - "Delete SMB-users") - delete_user - ;; - "Return to the Main Menu") - break - ;; - "") - break - ;; - *) - ;; - esac - fi -done -} - -# Choose the path for a SMB-share -choose_path() { -local VALID_DIRS -local VALID -local mount -local LOCALDIRECTORIES - -# Find usable directories -for mount in "${MOUNTS[@]}" -do - LOCALDIRECTORIES=$(find "$mount" -maxdepth 2 -type d | grep -v '/.snapshots') - VALID_DIRS+="$(echo -e "$LOCALDIRECTORIES" | grep "^$mount")\n" -done -while : -do - msg_box "In the following step you will need to type in the directory that you want to use. -Here you can see a certain list of options that you can type in.\n\n$VALID_DIRS" "$2" - - # Type in the new path - NEWPATH=$(input_box_flow "$1.Please note, that the owner of the directory will be changed to the Web-user. -If you don't know any, and you want to cancel, just type in 'exit' and press [ENTER]." "$2") - unset VALID - for mount in "${MOUNTS[@]}" - do - if echo "$NEWPATH" | grep -q "^$mount" - then - VALID=1 - if grep " ${mount%/} " /etc/mtab | grep -q btrfs - then - BTRFS_ROOT_DIR="$mount" - else - BTRFS_ROOT_DIR="" - fi - break - fi - done - if [ "$NEWPATH" = "exit" ] - then - return 1 - elif [ -z "$VALID" ] - then - msg_box "This path isn't valid. Please try a different one. It has to be a directory on a mount." "$2" - elif ! [ -d "$NEWPATH" ] - then - if yesno_box_no "The path doesn't exist. Do you want to create it?" "$2" - then - check_command mkdir -p "$NEWPATH" - break - fi - else - break - fi -done -} - -# Define valid SMB-users -choose_users() { -VALID_USERS="" -unset VALID_USERS_AR -smb_user_menu "$1\nPlease select at least one SMB-user." "$2" -if [ -z "${selected_options[*]}" ] -then - return 1 -fi -for user in "${USERS[@]}" -do - if [[ "${selected_options[*]}" == *"$user "* ]] - then - VALID_USERS+="$user, " - VALID_USERS_AR+=("$user") - fi -done -} - -# Choose a sharename -choose_sharename() { -CACHE=$(grep "\[.*\]" "$SMB_CONF" | tr "[:upper:]" "[:lower:]") -while : -do - # Type in the new sharename - NEWNAME=$(input_box_flow "$1\nAllowed characters are only those three special characters \ -'.-_' and 'a-z' 'A-Z' '0-9'.\nAlso, the sharename needs to start with a letter 'a-z' or 'A-Z' to be valid. -If you want to cancel, just type in 'exit' and press [ENTER]." "$2") - NEWNAME_TRANSLATED=$(echo "$NEWNAME" | tr "[:upper:]" "[:lower:]") - if [[ "$NEWNAME" = *" "* ]] - then - msg_box "Please don't use spaces." "$2" - elif ! echo "$NEWNAME" | grep -q "^[a-zA-Z]" - then - msg_box "The sharename has to start with a letter 'a-z' or 'A-Z' to be valid." "$2" - elif [ "$NEWNAME" = "exit" ] - then - return 1 - elif ! [[ "$NEWNAME" =~ ^[-._a-zA-Z0-9]+$ ]] - then - msg_box "Allowed characters are only those three special characters '.-_' and 'a-z' 'A-Z' '0-9'." "$2" - elif echo "$CACHE" | grep -q "\[$NEWNAME_TRANSLATED\]" - then - msg_box "This sharename is already used. Please try another one." "$2" - elif echo "${PROHIBITED_NAMES[@]}" | grep -q "$NEWNAME_TRANSLATED " - then - msg_box "Please don't use this name." "$2" - else - break - fi -done -} - -# Choose if the share shall be writeable -choose_writeable() { -if yesno_box_yes "$1" "$2" -then - WRITEABLE="yes" -else - WRITEABLE="no" -fi -} - -# Create a SMB-share -create_share() { - local MOUNT_ID - local SHARING - local READONLY - local count - local selected_options - local args - local NC_USER - local SELECTED_USER - local SELECTED_GROUPS - local NC_GROUPS - local GROUP - local USER - local NEWNAME_BACKUP - local SUBTITLE="Create a SMB-share" - - # Choose the path - if ! choose_path "Please type in the path you want to create a SMB-share for." "$SUBTITLE" - then - return - fi - - # Choose a sharename - if ! choose_sharename "Please enter a name for the new SMB-share $NEWPATH." "$SUBTITLE" - then - return - fi - - # Choose the valid SMB-users - if ! choose_users "Please choose the SMB-users you want to share the new SMB-share $NEWNAME with." "$SUBTITLE" - then - return - fi - - # Choose if it shall be writeable - choose_writeable "Shall the new SMB-share $NEWNAME be writeable?" "$SUBTITLE" - - # Apply that setting for an empty space - count=1 - while [ $count -le $MAX_COUNT ] - do - if ! grep -q ^\#SMB"$count" "$SMB_CONF" - then - # Correct the ACL - chmod -R 770 "$NEWPATH" - if [ "$(stat -c %a "$NEWPATH")" != "770" ] - then - msg_box "Something went wrong. Couldn't set the correct mod permissions for the location." "$SUBTITLE" - return 1 - fi - chown -R "$WEB_USER":"$WEB_GROUP" "$NEWPATH" - if [ "$(stat -c %G "$NEWPATH")" != "$WEB_GROUP" ] || [ "$(stat -c %U "$NEWPATH")" != "$WEB_USER" ] - then - msg_box "Something went wrong. Couldn't set the correct own permissions for the location." "$SUBTITLE" - return 1 - fi - - # Write all settings to SMB-conf - samba_stop - cat >> "$SMB_CONF" <> "$SMB_CONF" <> "$SMB_CONF" - echo "#SMB$count-end - Please don't remove or change this line" >> "$SMB_CONF" - samba_start - break - else - count=$((count+1)) - fi - done - - # Test if all slots are used - if [ $count -gt $MAX_COUNT ] - then - msg_box "All slots are already used." "$SUBTITLE" - return - fi - - # Inform the user - msg_box "The SMB-share $NEWNAME for $NEWPATH was successfully created. - -You should be able to connect with the credentials of the chosen SMB-user(s) to the SMB-server now -to see all for the specific SMB-user available SMB-shares: -- On Linux in a file manager using this address: 'smb://nextcloud' -- On Windows in the Windows Explorer using this address: '\\\\ nextcloud' (without space) -- On macOS in the Finder (press '[CMD] + [K]') using this address: 'smb://nextcloud' - -If connecting using 'nextcloud' as server name doesn't work, \ -you can also connect using the IP-address: '$ADDRESS' instead of nextcloud." "$SUBTITLE" - - # Test if NC exists - if ! [ -f $NCPATH/occ ] - then - return - # Ask if the same directory shall get mounted as external storage to NC - elif ! yesno_box_yes "Do you want to mount the directory $NEWPATH to Nextcloud as local external storage?" "$SUBTITLE" - then - return - fi - - # Install and enable files_external - if ! is_app_enabled files_external - then - install_and_enable_app files_external - fi - - # Mount directory as root directory if only one user was chosen - if [ "${#VALID_USERS_AR[*]}" -eq 1 ] && [ "$WRITEABLE" = "yes" ] - then - if yesno_box_yes "Do you want to make $NEWPATH the root folder for ${VALID_USERS_AR[*]}?" - then - NEWNAME="/" - fi - fi - - # Choose if it shall be writeable in NC - if [ "$WRITEABLE" = "yes" ] - then - READONLY="false" - elif [ "$WRITEABLE" = "no" ] - then - READONLY="true" - fi - - # Find other attributes - SHARING="true" - SELECTED_USER="" - UNAVAILABLE_USER="" - # Choose from NC users - NC_USER=$(nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||') - for user in "${VALID_USERS_AR[@]}" - do - if echo "$NC_USER" | grep -q "^$user$" - then - SELECTED_USER+="$user " - else - UNAVAILABLE_USER+="$user " - fi - done - if [ -n "$UNAVAILABLE_USER" ] - then - msg_box "Some chosen SMB-users weren't available in Nextcloud:\n$UNAVAILABLE_USER" - if ! yesno_box_no "Do you want to continue nonetheless?" - then - return - fi - fi - - # Create and mount external storage - print_text_in_color "$ICyan" "Mounting the local storage to Nextcloud." - MOUNT_ID=$(nextcloud_occ files_external:create "$NEWNAME" local null::null -c datadir="$NEWPATH" ) - MOUNT_ID=${MOUNT_ID//[!0-9]/} - - # Mount it to the admin group if no group or user chosen - if [ -z "$SELECTED_USER" ] - then - if [ "$NEWNAME" != "/" ] - then - nextcloud_occ files_external:applicable --add-group=admin "$MOUNT_ID" -q - msg_box "No SMB-user available in Nextcloud, mounted the local storage to the admin group." - else - nextcloud_occ files_external:delete "$MOUNT_ID" -y - msg_box "No SMB-user available in Nextcloud, could not add the storage to Nextcloud!" - return - fi - else - nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||' | while read -r NC_USER - do - if [[ "$SELECTED_USER" = *"$NC_USER "* ]] - then - nextcloud_occ files_external:applicable --add-user="$NC_USER" "$MOUNT_ID" -q - fi - done - fi - - # Set up all other settings - nextcloud_occ files_external:option "$MOUNT_ID" filesystem_check_changes 1 - nextcloud_occ files_external:option "$MOUNT_ID" readonly "$READONLY" - nextcloud_occ files_external:option "$MOUNT_ID" enable_sharing "$SHARING" - - # Inform the user that mounting was successful - msg_box "Your mount was successful, congratulations! -You are now using the Nextcloud external storage app to access files there. -The Share has been mounted to the Nextcloud admin-group if not specifically changed to users or groups. -You can now access 'https://yourdomain-or-ipaddress/settings/admin/externalstorages' \ -to edit external storages in Nextcloud." "$SUBTITLE" - - # Inform the user that he can set up inotify for this external storage - if ! yesno_box_no "Do you want to enable inotify for this external storage in Nextcloud? -It is only recommended if the content can get changed externally and \ -will let Nextcloud track if this external storage was externally changed. -If you choose 'yes', we will install a needed PHP-plugin, the files_inotify app and create a cronjob for you." - then - return - fi - - # Warn a second time - if ! yesno_box_no "Are you sure, that you want to enable inotify for this external storage? -Please note, that this will need around 1 KB additional RAM per folder. -We will set the max folder variable to 524288 which will be around 500 MB \ -of additionally needed RAM if you have so many folders. -If you have more folders, you will need to raise this value manually inside '/etc/sysctl.conf'. -Please also note, that this max folder variable counts for all \ -external storages for which the inotify option gets activated. -We please you to do the math yourself if the number is high enough for your setup." - then - return - fi - - # Install the inotify PHP extension - # https://github.com/icewind1991/files_inotify/blob/main/README.md - if ! pecl list | grep -q inotify - then - print_text_in_color "$ICyan" "Installing the PHP inotify extension..." - yes no | pecl install inotify - local INOTIFY_INSTALL=1 - fi - if [ ! -f $PHP_MODS_DIR/inotify.ini ] - then - touch $PHP_MODS_DIR/inotify.ini - fi - if ! grep -qFx extension=inotify.so $PHP_MODS_DIR/inotify.ini - then - echo "# PECL inotify" > $PHP_MODS_DIR/inotify.ini - echo "extension=inotify.so" >> $PHP_MODS_DIR/inotify.ini - check_command phpenmod -v ALL inotify - fi - - # Set fs.inotify.max_user_watches to 524288 - # https://unix.stackexchange.com/questions/13751/kernel-inotify-watch-limit-reached - # https://github.com/guard/listen/wiki/Increasing-the-amount-of-inotify-watchers - if ! grep -q "fs.inotify.max_user_watches" /etc/sysctl.conf - then - print_text_in_color "$ICyan" "Setting the max folder variable to 524288..." - echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf - sudo sysctl -p - fi - - # Create syslog for files_inotify - touch "$VMLOGS"/files_inotify.log - chown "$WEB_USER":"$WEB_GROUP" "$VMLOGS"/files_inotify.log - - # Inform the user - if [ -n "$INOTIFY_INSTALL" ] - then - if ! yesno_box_yes "The inotify PHP extension was successfully installed, \ -the max folder variable was set to 524288 and $VMLOGS/files_inotify.log was created. -Just press [ENTER] (on the default 'yes') to install the needed \ -files_inotify app and set up the cronjob for this external storage." - then - return - fi - fi - - # Install files_inotify - if ! is_app_installed files_inotify - then - # This check is needed to check if the app is compatible with the current NC version - print_text_in_color "$ICyan" "Installing the files_inotify app..." - if ! nextcloud_occ_no_check app:install files_inotify - then - # Inform the user if the app couldn't get installed - msg_box "It seems like the files_inotify app isn't compatible with the current NC version. Cannot proceed." - # Remove the app to be able to install it again in another try - nextcloud_occ_no_check app:remove files_inotify - return - fi - fi - - # Make sure that the app is enabled, too - if ! is_app_enabled files_inotify - then - nextcloud_occ_no_check app:enable files_inotify - fi - - # Add crontab for this external storage - print_text_in_color "$ICyan" "Generating crontab..." - crontab -u "$WEB_USER" -l | { cat; echo "@reboot sleep 20 && php -f $NCPATH/occ files_external:notify -v $MOUNT_ID >> $VMLOGS/files_inotify.log"; } | crontab -u "$WEB_USER" - - - # Run the command in a subshell and don't exit if the smbmount script exits - nohup sudo -u "$WEB_USER" php "$NCPATH"/occ files_external:notify -v "$MOUNT_ID" >> $VMLOGS/files_inotify.log & - - # Inform the user - msg_box "Congratulations, everything was successfully installed and setup. - -Please note that there are some known issues with this inotify option. -It could happen that it doesn't work as expected. -Please look at this issue for further information: -https://github.com/icewind1991/files_inotify/issues/16" -} - -# Show SMB-shares -show_shares() { - local count - local selected_options - local args - local TEST="" - local SMB_NAME - local SMB_PATH - local SUBTITLE="Show SMB-shares" - - # Show a list with available SMB-shares - args=(whiptail --title "$TITLE - $SUBTITLE" --separate-output --checklist \ -"Please select which SMB-shares you want to show. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if [ -n "$CACHE" ] - then - SMB_NAME=$(echo "$CACHE" | grep "^\[.*\]$" | tr -d "[]") - SMB_PATH=$(echo "$CACHE" | grep "path") - args+=("$SMB_NAME" "$SMB_PATH" OFF) - TEST+="$SMB_NAME" - fi - count=$((count+1)) - done - - # Return if none created - if [ -z "$TEST" ] - then - msg_box "No SMB-share created. Please create a SMB-share first." "$SUBTITLE" - return - fi - - # Show selected shares - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - mapfile -t selected_options <<< "$selected_options" - for element in "${selected_options[@]}" - do - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF" | grep -v "^#SMB$count-start" | grep -v "^#SMB$count-end") - if echo "$CACHE" | grep -q "\[$element\]" - then - msg_box "$CACHE" "$SUBTITLE" - fi - count=$((count+1)) - done - done -} - -# Edit a SMB-share -edit_share() { - local count - local selected_options - local args - local TEST="" - local SMB_NAME - local SMB_PATH - local SELECTED_SHARE - local STORAGE="" - local CLEAN_STORAGE - local MOUNT_ID - local SUBTITLE="Edit a SMB-share" - - # Show a list of SMB-shares - args=(whiptail --title "$TITLE - $SUBTITLE" --menu \ -"Please select which SMB-share you want to change. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if [ -n "$CACHE" ] - then - SMB_NAME=$(echo "$CACHE" | grep "^\[.*\]$" | tr -d "[]") - SMB_PATH=$(echo "$CACHE" | grep "path") - args+=("$SMB_NAME" "$SMB_PATH") - TEST+="$SMB_NAME" - fi - count=$((count+1)) - done - - # Return if no share created - if [ -z "$TEST" ] - then - msg_box "No SMB-shares created. Please create a SMB-share first." "$SUBTITLE" - return - fi - - # Return if none selected - SELECTED_SHARE=$("${args[@]}" 3>&1 1>&2 2>&3) - if [ -z "$SELECTED_SHARE" ] - then - return - fi - - # Save the current settings of the selected share in a variable - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if echo "$CACHE" | grep -q "\[$SELECTED_SHARE\]" - then - STORAGE="$CACHE" - break - fi - count=$((count+1)) - done - - # Show the current settings - CLEAN_STORAGE=$(echo "$STORAGE" | grep -v "\#SMB") - msg_box "Those are the current values for that SMB-share. -In the next step you will be asked what you want to change.\n\n$CLEAN_STORAGE" "$SUBTITLE" - - # Show a list of options that can get changed for the selected SMB-share - choice=$(whiptail --title "$TITLE - $SUBTITLE" --checklist \ -"Please choose which options you want to change for $SELECTED_SHARE -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Change the sharename" "(Change the name of the SMB-share)" OFF \ -"Change the path" "(Change the path of the SMB-share)" OFF \ -"Change valid SMB-users" "(Change which users have access to the SMB-share)" OFF \ -"Change writeable mode" "(Change if the SMB-share is writeable)" OFF 3>&1 1>&2 2>&3) - - # Execute the chosen options - case "$choice" in - *"Change the sharename"*) - if ! choose_sharename "Please enter the new name of the share." "$SUBTITLE" - then - return - fi - STORAGE=$(echo "$STORAGE" | sed "/^\[.*\]$/s/^\[.*\]$/\[$NEWNAME\]/") - ;;& - *"Change the path"*) - if ! choose_path "Please type in the new directory that \ -you want to use for that SMB-share $SELECTED_SHARE." "$SUBTITLE" - then - return - fi - chmod -R 770 "$NEWPATH" - chown -R "$WEB_USER":"$WEB_GROUP" "$NEWPATH" - NEWPATH=${NEWPATH//\//\\/} - STORAGE=$(echo "$STORAGE" | sed "/path = /s/path.*/path = $NEWPATH/") - STORAGE=$(echo "$STORAGE" | grep -v "^ shadow:") - if [ -z "$BTRFS_ROOT_DIR" ] - then - STORAGE=$(echo "$STORAGE" | sed "/vfs objects = /s/vfs objects =.*/vfs objects = recycle/") - else - STORAGE=$(echo "$STORAGE" | sed "/vfs objects = /s/vfs objects =.*/vfs objects = recycle, shadow_copy2, btrfs/") - STORAGE=$(echo "$STORAGE" | sed '/vfs objects =/a\ \ \ \ shadow:format = @%Y%m%d_%H%M%S') - STORAGE=$(echo "$STORAGE" | sed '/vfs objects =/a\ \ \ \ shadow:sort = desc') - STORAGE=$(echo "$STORAGE" | sed "/vfs objects =/a\ \ \ \ shadow:snapdir = $BTRFS_ROOT_DIR.snapshots") - STORAGE=$(echo "$STORAGE" | sed '/vfs objects =/a\ \ \ \ shadow:localtime = yes') - fi - ;;& - *"Change valid SMB-users"*) - if ! choose_users "Please choose the SMB-users \ -that shall have access to the share $SELECTED_SHARE." "$SUBTITLE" - then - return - fi - STORAGE=$(echo "$STORAGE" | sed "/valid users = /s/valid users.*/valid users = $VALID_USERS/") - ;;& - *"Change writeable mode"*) - choose_writeable "Shall the SMB-share $SELECTED_SHARE be writeable?" "$SUBTITLE" - STORAGE=$(echo "$STORAGE" | sed "/writeable = /s/writeable.*/writeable = $WRITEABLE/") - ;;& - "") - return - ;; - *) - ;; - esac - - # Return if the STORAGE variable is empty now - if [ -z "$STORAGE" ] - then - msg_box "Something is wrong. Please try again." "$SUBTITLE" - return - fi - - # Show how the SMB-share will look after applying all changed options and let decide if the user wants to continue - CLEAN_STORAGE=$(echo "$STORAGE" | grep -v "\#SMB") - if ! yesno_box_yes "This is how the SMB-share $SELECTED_SHARE will look like from now on. -Is everything correct?\n\n$CLEAN_STORAGE" "$SUBTITLE" - then - return - fi - - # Apply the changed options to the SMB-share - samba_stop - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if echo "$CACHE" | grep -q "\[$SELECTED_SHARE\]" - then - sed -i "/^#SMB$count-start/,/^#SMB$count-end/d" "$SMB_CONF" - break - fi - count=$((count+1)) - done - echo -e "\n$STORAGE" >> "$SMB_CONF" - samba_start - - # Inform the user - msg_box "The SMB-share $SELECTED_SHARE was changed successfully." "$SUBTITLE" -} - -# Delete SMB-shares -delete_share() { - local args - local selected_options - local CACHE - local SMB_NAME - local SMB_PATH - local count - local TEST="" - local SUBTITLE="Delete SMB-shares" - - # Choose which SMB-share shall get deleted - args=(whiptail --title "$TITLE - $SUBTITLE" --separate-output --checklist \ -"Please select which SMB-shares you want to delete. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if echo "$CACHE" | grep -q "path = " - then - SMB_NAME=$(echo "$CACHE" | grep "^\[.*\]$" | tr -d "[]") - SMB_PATH=$(echo "$CACHE" | grep "path") - args+=("$SMB_NAME" "$SMB_PATH" OFF) - TEST+="$SMB_NAME" - fi - count=$((count+1)) - done - - # Return if no SMB-share was created - if [ -z "$TEST" ] - then - msg_box "No SMB-share created. Please create a SMB-share first." "$SUBTITLE" - return - fi - - # Deleted all selected SMB-shares - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - mapfile -t selected_options <<< "$selected_options" - for element in "${selected_options[@]}" - do - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if echo "$CACHE" | grep -q "\[$element\]" - then - samba_stop - sed -i "/^#SMB$count-start/,/^#SMB$count-end/d" "$SMB_CONF" - samba_start - msg_box "The SMB-share $element was successfully deleted." "$SUBTITLE" - break - fi - count=$((count+1)) - done - done -} - -# SMB-share Menu -share_menu() { -if [ -z "$(get_users "$SMB_GROUP")" ] -then - msg_box "Please create at least one SMB-user before creating a share." "SMB-share Menu" - return -fi -while : -do - choice=$(whiptail --title "$TITLE - SMB-share Menu" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Create a SMB-share" "" \ -"Show SMB-shares" "" \ -"Edit a SMB-share" "" \ -"Delete SMB-shares" "" \ -"Return to the Main Menu" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Create a SMB-share") - create_share - ;; - "Show SMB-shares") - show_shares - ;; - "Edit a SMB-share") - edit_share - ;; - "Delete SMB-shares") - delete_share - ;; - "Return to the Main Menu") - break - ;; - "") - break - ;; - *) - ;; - esac -done -} - -automatically_empty_recycle_bins() { - local SUBTITLE="Automatically empty recycle bins" - local count - local TEST="" - - # Ask for removal - if crontab -u root -l | grep -q "$SCRIPTS/recycle-bin-cleanup.sh" - then - if yesno_box_yes "It seems like automatic recycle bin cleanup is already configured. Do you want to disable it?" "$SUBTITLE" - then - crontab -u root -l | grep -v "$SCRIPTS/recycle-bin-cleanup.sh" | crontab -u root - - rm -rf "$SCRIPTS/recycle-bin-cleanup.sh" - msg_box "Automatic recycle bin cleanup was successfully disabled." "$SUBTITLE" - fi - return - fi - - # Ask for installation - msg_box "Automatic recycle bin cleanup does clean up all recycle bin folders automatically in the background. -It gets executed every day and cleans old files in the recycle bin folders that were deleted more than 2 days ago." "$SUBTITLE" - if ! yesno_box_yes "Do you want to enable automatic recycle bin cleanup?" "$SUBTITLE" - then - return - fi - - # Adjust some things - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if [ -n "$CACHE" ] - then - TEST+="SMB$count" - if ! echo "$CACHE" | grep -q 'recycle:touch' - then - CACHE=$(echo "$CACHE" | sed "/recycle:repository/a \ \ \ \ recycle:touch = true") - sed -i "/^#SMB$count-start/,/^#SMB$count-end/d" "$SMB_CONF" - echo -e "\n$CACHE" >> "$SMB_CONF" - fi - fi - count=$((count+1)) - done - - # Return if none created - if [ -z "$TEST" ] - then - msg_box "No SMB-share created. Please create a SMB-share first." "$SUBTITLE" - return - else - systemctl restart smbd - fi - - # Execute - cat << AUTOMATIC_CLEANUP > "$SCRIPTS/recycle-bin-cleanup.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/recycle-bin-cleanup.sh" -chmod 700 "$SCRIPTS/recycle-bin-cleanup.sh" - -count=1 -while [ \$count -le $MAX_COUNT ] -do - CACHE=\$(sed -n "/^#SMB\$count-start/,/^#SMB\$count-end/p" "$SMB_CONF") - if [ -n "\$CACHE" ] - then - SMB_PATH=\$(echo "\$CACHE" | grep "path =" | grep -oP '/.*') - if [ -d "\$SMB_PATH" ] && [ -d "\$SMB_PATH/.recycle/" ] - then - find "\$SMB_PATH/.recycle/" -type f -atime +2 -delete - find "\$SMB_PATH/.recycle/" -empty -delete - fi - fi - count=\$((count+1)) -done -AUTOMATIC_CLEANUP - - # Secure the file - chown root:root "$SCRIPTS/recycle-bin-cleanup.sh" - chmod 700 "$SCRIPTS/recycle-bin-cleanup.sh" - - # Add cronjob - crontab -u root -l | grep -v "$SCRIPTS/recycle-bin-cleanup.sh" | crontab -u root - - crontab -u root -l | { cat; echo "@daily $SCRIPTS/recycle-bin-cleanup.sh >/dev/null"; } | crontab -u root - - - # Show message - msg_box "Automatic recycle bin cleanup was successfully configured!" "$SUBTITLE" - - # Allow to adjust Nextcloud to do the same - if yesno_box_yes "Do you want Nextcloud to delete files in its trashbin that were deleted more than 4 days ago \ -and file versions that were created more than 4 days ago, too?" "$SUBTITLE" - then - nextcloud_occ config:system:set trashbin_retention_obligation --value="auto, 4" - nextcloud_occ config:system:set versions_retention_obligation --value="auto, 4" - msg_box "Nextcloud was successfully configured to delete files in its trashbin that were deleted more than 4 days ago \ -and file versions that were created more than 4 days ago!" "$SUBTITLE" - fi -} - -empty_recycle_bins() { - local count - local selected_options - local args - local TEST="" - local FOLDER_SIZE - local SMB_PATH - local SUBTITLE="Empty recycle bins" - - # Show a list with available SMB-shares - args=(whiptail --title "$TITLE - $SUBTITLE" --separate-output --checklist \ -"Please select which recycle folders you want to empty. -$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - count=1 - while [ $count -le $MAX_COUNT ] - do - CACHE=$(sed -n "/^#SMB$count-start/,/^#SMB$count-end/p" "$SMB_CONF") - if [ -n "$CACHE" ] - then - SMB_PATH="$(echo "$CACHE" | grep "path =" | grep -oP '/.*')/.recycle/" - if [ -d "$SMB_PATH" ] - then - FOLDER_SIZE="$(du -sh "$SMB_PATH" | awk '{print $1}')" - else - FOLDER_SIZE=0B - fi - args+=("$SMB_PATH" "$FOLDER_SIZE" ON) - TEST+="$SMB_PATH" - fi - count=$((count+1)) - done - - # Return if none created - if [ -z "$TEST" ] - then - msg_box "No SMB-share created. Please create a SMB-share first." "$SUBTITLE" - return - fi - - # Show selected shares - selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - if [ -z "$selected_options" ] - then - msg_box "No option selected." "$SUBTITLE" - return - fi - mapfile -t selected_options <<< "$selected_options" - for element in "${selected_options[@]}" - do - print_text_in_color "$ICyan" "Emptying $element" - if [ -d "$element" ] - then - rm -r "$element" - fi - done - msg_box "All selected recycle folders were emptied! -Please note: If you are using BTRFS as file system, it can take up to 54h until the space is released due to automatic snapshots." "$SUBTITLE" - - # Allow to clean up Nextclouds trashbin, too - if yesno_box_no "Do you want to clean up Nextclouds trashbin, too? -This will run the command 'occ trashbin:cleanup --all-users' for you if you select 'Yes'!" "$SUBTITLE" - then - nextcloud_occ trashbin:cleanup --all-users -vvv - msg_box "The cleanup of Nextclouds trashbin was successful!" "$SUBTITLE" - fi - - # Allow to clean up Nextclouds versions, too - if yesno_box_no "Do you want to clean up all file versions in Nextcloud? -This will run the command 'occ versions:cleanup' for you if you select 'Yes'!" "$SUBTITLE" - then - nextcloud_occ versions:cleanup -vvv - msg_box "The cleanup of all file versions in Nextcloud was successful!" "$SUBTITLE" - fi -} - -# SMB-server Main Menu -while : -do - choice=$(whiptail --title "$TITLE - Main Menu" --menu \ -"Choose what you want to do. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Open the SMB-user Menu" "(manage SMB-users)" \ -"Open the SMB-share Menu" "(manage SMB-shares)" \ -"Automatically empty recycle bins " "(Schedule cleanup of recycle folders)" \ -"Empty recycle bins" "(Clean up recycle folders)" \ -"Exit" "(exit this script)" 3>&1 1>&2 2>&3) - - case "$choice" in - "Open the SMB-user Menu") - user_menu - ;; - "Open the SMB-share Menu") - share_menu - ;; - "Automatically empty recycle bins ") - automatically_empty_recycle_bins - ;; - "Empty recycle bins") - empty_recycle_bins - ;; - "Exit") - break - ;; - "") - break - ;; - *) - ;; - esac -done - -exit diff --git a/not-supported/system-restore.sh b/not-supported/system-restore.sh deleted file mode 100644 index be31fadbfc..0000000000 --- a/not-supported/system-restore.sh +++ /dev/null @@ -1,553 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="System Restore" -SCRIPT_EXPLAINER="This script let's you restore your system- and boot-partition to a previous state." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh" -OFFSHORE_BACKUP_FILE="$SCRIPTS/off-shore-rsync-backup.sh" - -# Functions -restore_original_state() { - # Restore original cache and security folder - if [ "$BACKUP_MOUNTPOINT" = "$OFFSHORE_BACKUP_MOUNTPOINT" ] - then - rm -r /root/.config/borg/security - mv /root/.config/borg/security.bak/ /root/.config/borg/security - rm -r /root/.cache/borg - mv /root/.cache/borg.bak/ /root/.cache/borg - fi - - # Re-rename the snapshot to represent that it is done - if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot - then - msg_box "Could not re-rename the snapshot. Please reboot your server!" - exit 1 - fi - - # Unmount the backup drive - sleep 1 - if ! umount "$BACKUP_MOUNTPOINT" - then - msg_box "Something went wrong while unmounting the backup drive." - exit 1 - fi -} - -# Ask for execution -msg_box "$SCRIPT_EXPLAINER" -if ! yesno_box_yes "Do you want to restore your system to a previous state?" -then - exit -fi - -# Check if restore is possible -if ! [ -f "$DAILY_BACKUP_FILE" ] -then - msg_box "It seems like you haven't set up daily borg backups. -Please do that before you can view backups." - exit 1 -fi -# Get needed variables -ENCRYPTION_KEY="$(grep "ENCRYPTION_KEY=" "$DAILY_BACKUP_FILE" | sed "s|.*ENCRYPTION_KEY=||;s|'||g;s|\"||g")" -DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')" -DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')" -if [ -z "$ENCRYPTION_KEY" ] || [ -z "$DAILY_BACKUP_FILE" ] || [ -z "$DAILY_BACKUP_FILE" ] -then - msg_box "Some daily backup variables are empty. This is wrong." - exit 1 -fi -# Also get variables from the offshore backup file -if [ -f "$OFFSHORE_BACKUP_FILE" ] -then - OFFSHORE_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')" - OFFSHORE_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')" - if [ -z "$OFFSHORE_BACKUP_MOUNTPOINT" ] ||[ -z "$OFFSHORE_BACKUP_TARGET" ] - then - msg_box "Some off-shore backup variables are empty. This is wrong." - exit 1 - fi -fi -# Check if pending snapshot is existing and cancel the viewing in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "The snapshot pending does exist. Can currently not show the backup. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -fi -# Check if startup snapshot is existing and cancel the viewing in this case. -if does_snapshot_exist "NcVM-startup" -then - msg_box "The snapshot startup does exist. -Please run the update script first." - exit 1 -fi -# Check if snapshot can get renamed -if ! does_snapshot_exist "NcVM-snapshot" -then - msg_box "The NcVM-snapshot doesn't exist. This isn't allowed." - exit 1 -fi - -# Ask if a backup was created -msg_box "It is recommended to make a backup and/or snapshot of your NcVM before restoring the system." -if ! yesno_box_no "Have you made a backup of your NcVM?" -then - if ! yesno_box_yes "Do you want to run the backup now?" - then - exit 1 - fi - rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL - export SKIP_DAILY_BACKUP_CHECK=1 - bash "$DAILY_BACKUP_FILE" - if ! [ -f "/tmp/DAILY_BACKUP_CREATION_SUCCESSFUL" ] - then - if ! yesno_box_no "It seems like the backup was not successful. Do you want to continue nonetheless? (Not recommended!)" - then - exit 1 - fi - fi -fi - -print_text_in_color "$ICyan" "Checking which backup drives are connected. This can take a while..." - -# View backup repository menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup repository that you want to view. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Check if at least one drive is connected -DAILY=1 -if ! [ -d "$DAILY_BACKUP_TARGET" ] -then - mount "$DAILY_BACKUP_MOUNTPOINT" &>/dev/null - if ! [ -d "$DAILY_BACKUP_TARGET" ] - then - DAILY="" - fi - umount "$DAILY_BACKUP_MOUNTPOINT" &>/dev/null -fi -if [ -f "$OFFSHORE_BACKUP_FILE" ] -then - OFFSHORE=1 - if ! [ -d "$OFFSHORE_BACKUP_TARGET" ] - then - mount "$OFFSHORE_BACKUP_MOUNTPOINT" &>/dev/null - if ! [ -d "$OFFSHORE_BACKUP_TARGET" ] - then - OFFSHORE="" - fi - fi - umount "$OFFSHORE_BACKUP_MOUNTPOINT" &>/dev/null -fi -if [ -z "$DAILY" ] && [ -z "$OFFSHORE" ] -then - msg_box "Not even one backup drive is connected. -You must connect one if you want to view a backup." - exit 1 -fi - -# Get which one is connected -if [ -n "$DAILY" ] -then - args+=("$DAILY_BACKUP_TARGET" " Daily Backup Repository") -fi -if [ -n "$OFFSHORE" ] -then - args+=("$OFFSHORE_BACKUP_TARGET" " Off-Shore Backup Repository") -fi - -# Show the menu -choice=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$choice" ] -then - msg_box "No target selected. Exiting." - exit 1 -fi - -# Check the boot mountpoint -if mountpoint -q /tmp/borgboot -then - umount /tmp/borgboot - if mountpoint -q /tmp/borgboot - then - msg_box "There is still something mounted on /tmp/borgboot. Cannot proceed." - exit 1 - fi -fi - -# Check the system mountpoint -if mountpoint -q /tmp/borgsystem -then - umount /tmp/borgsystem - if mountpoint -q /tmp/borgsystem - then - msg_box "There is still something mounted on /tmp/borgsystem. Cannot proceed." - exit 1 - fi -fi - -# Check if /mnt/ncdata exists -if grep -q " /mnt/ncdata " /etc/mtab -then - NCDATA_PART_EXISTS=yes -fi - -# Check the ncdata mountpoint -if [ -n "$NCDATA_PART_EXISTS" ] -then - if mountpoint -q /tmp/borgncdata - then - umount /tmp/borgboot - if mountpoint -q /tmp/borgncdata - then - msg_box "There is still something mounted on /tmp/borgncdata. Cannot proceed." - exit 1 - fi - fi -fi - -# Check if pending snapshot is existing and cancel the restore process in this case. -if does_snapshot_exist "NcVM-snapshot-pending" -then - msg_box "The snapshot pending does exist. Can currently not restore the backup. -Please try again later.\n -If you are sure that no update or backup is currently running, you can fix this by rebooting your server." - exit 1 -fi - -# Rename the snapshot to represent that the backup is locked -if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending -then - msg_box "Could not rename the snapshot. Please reboot your server!" - exit 1 -fi - -# Find out which one was selected -BACKUP_TARGET_DIRECTORY="$choice" -if [ "$BACKUP_TARGET_DIRECTORY" = "$DAILY_BACKUP_TARGET" ] -then - BACKUP_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT" -elif [ "$BACKUP_TARGET_DIRECTORY" = "$OFFSHORE_BACKUP_TARGET" ] -then - BACKUP_MOUNTPOINT="$OFFSHORE_BACKUP_MOUNTPOINT" - # Work around issue with borg - # https://github.com/borgbackup/borg/issues/3428#issuecomment-380399036 - mv /root/.config/borg/security/ /root/.config/borg/security.bak - mv /root/.cache/borg/ /root/.cache/borg.bak -fi - -# Mount the backup drive -if ! mount "$BACKUP_MOUNTPOINT" -then - msg_box "Could not mount the backup drive." - restore_original_state - exit 1 -fi - -# Export passphrase -export BORG_PASSPHRASE="$ENCRYPTION_KEY" - -# Break the borg lock if it exists because we have the snapshot that prevents such situations -if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ] -then - print_text_in_color "$ICyan" "Breaking the borg lock..." - borg break-lock "$BACKUP_TARGET_DIRECTORY" -fi - -# Find available archives -ALL_ARCHIVES=$(borg list "$BACKUP_TARGET_DIRECTORY") -SYSTEM_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-system-partition" | awk -F "-" '{print $1}' | sort -r) -mapfile -t SYSTEM_ARCHIVES <<< "$SYSTEM_ARCHIVES" -BOOT_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-boot-partition" | awk -F "-" '{print $1}' | sort -r) -mapfile -t BOOT_ARCHIVES <<< "$BOOT_ARCHIVES" -NCDATA_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-ncdata-partition" | awk -F "-" '{print $1}' | sort -r) -if [ -n "$NCDATA_ARCHIVES" ] -then - NCDATA_ARCHIVE_EXISTS=yes -fi -mapfile -t NCDATA_ARCHIVES <<< "$NCDATA_ARCHIVES" - -# Check if the setup is correct -if [ "$NCDATA_PART_EXISTS" != "$NCDATA_ARCHIVE_EXISTS" ] -then - msg_box "Cannot restore the system since either the ncdata partition doesn't exist and is in the repository \ -or the partition exists and isn't in the repository." - restore_original_state - exit 1 -fi - -# Find valid archives -for system_archive in "${SYSTEM_ARCHIVES[@]}" -do - for boot_archive in "${BOOT_ARCHIVES[@]}" - do - if [ -n "$NCDATA_ARCHIVE_EXISTS" ] - then - for ncdata_archive in "${NCDATA_ARCHIVES[@]}" - do - if [ "$system_archive" = "$boot_archive" ] && [ "$system_archive" = "$ncdata_archive" ] - then - VALID_ARCHIVES+=("$system_archive") - continue - fi - done - elif [ "$system_archive" = "$boot_archive" ] - then - VALID_ARCHIVES+=("$system_archive") - continue - fi - done -done - -# Test if at least one valid archive was found -if [ -z "${VALID_ARCHIVES[*]}" ] -then - msg_box "Not even one valid archive found. Cannot continue." - restore_original_state - exit 1 -fi - -# Create menu to select from available archives -unset args -args=(whiptail --title "$TITLE" --menu \ -"Please select the backup archive that you want to restore. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -for valid_archive in "${VALID_ARCHIVES[@]}" -do - HUMAN_DATE=$(echo "$ALL_ARCHIVES" | grep "$valid_archive" | head -1 | awk '{print $3}') - HUMAN_TIME=$(echo "$ALL_ARCHIVES" | grep "$valid_archive" | head -1 | awk '{print $4}') - args+=("$valid_archive" "The backup was made on $HUMAN_DATE $HUMAN_TIME") -done - -# Show the menu -choice=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$choice" ] -then - msg_box "No archive selected. Exiting." - restore_original_state - exit 1 -else - SELECTED_ARCHIVE="$choice" -fi - -# Inform user -msg_box "We've implemented the option to test the extraction of the backup before we start the restore process. -This can take a lot of time though and is because of that not the default." -if yesno_box_no "Do you want to test the extraction of the backup nonetheless?" -then - print_text_in_color "$ICyan" "Checking the system partition archive integrity. Please be patient!" - mkdir -p /tmp/borgextract - cd /tmp/borgextract - if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-system-partition" - then - msg_box "Some errors were reported while checking the system partition archive integrity." - restore_original_state - exit 1 - fi - print_text_in_color "$ICyan" "Checking the boot partition archive integrity. Please be patient!" - if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-boot-partition" - then - msg_box "Some errors were reported while checking the boot partition archive integrity." - restore_original_state - exit 1 - fi - if [ -n "$NCDATA_ARCHIVE_EXISTS" ] - then - print_text_in_color "$ICyan" "Checking the ncdata partition archive integrity. Please be patient!" - if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-ncdata-partition" - then - msg_box "Some errors were reported while checking the ncdata partition archive integrity." - restore_original_state - exit 1 - fi - fi - msg_box "The extraction of the backup was tested successfully!" -fi - -print_text_in_color "$ICyan" "Mounting all needed directories from the backup now. This can take a while..." - -# Mount system archive -mkdir -p /tmp/borgsystem -if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-system-partition" /tmp/borgsystem -then - msg_box "Something failed while mounting the system partition archive. Please try again." - restore_original_state - exit 1 -fi - -# Mount boot archive -mkdir -p /tmp/borgboot -if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-boot-partition" /tmp/borgboot -then - msg_box "Something failed while mounting the boot partition archive. Please try again." - umount /tmp/borgsystem - restore_original_state - exit 1 -fi - -# Mount ncdata archive -if [ -n "$NCDATA_ARCHIVE_EXISTS" ] -then - mkdir -p /tmp/borgncdata - if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-ncdata-partition" /tmp/borgncdata - then - msg_box "Something failed while mounting the ncdata partition archive. Please try again." - umount /tmp/borgsystem - umount /tmp/borgboot - restore_original_state - exit 1 - fi -fi - -# Check if all system entries are there -SYS_DRIVES=$(grep "^/dev/disk/by-" /etc/fstab | grep defaults | awk '{print $1}') -mapfile -t SYS_DRIVES <<< "$SYS_DRIVES" -for drive in "${SYS_DRIVES[@]}" -do - if ! grep -q "$drive" /tmp/borgsystem/system/etc/fstab - then - msg_box "Cannot restore to this archive point since fstab entries are missing/not there. -This might be because the archive was created on a different Ubuntu installation." - umount /tmp/borgsystem - umount /tmp/borgboot - umount /tmp/borgncdata &>/dev/null - restore_original_state - exit 1 - fi -done - -# Exclude some dirs; mnt, media, sys, prob don't need to be excluded because of the usage of --one-file-system flag -EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache root/.config/borg var/cache \ -lost+found run var/run tmp var/tmp etc/lvm/archive snap "home/plex/config/Library/Application Support/Plex Media Server/Cache") - -# Allow to disable restoring of Previews -if ! yesno_box_yes "Do you want to restore Nextclouds previews? This might slow down the restore process by a lot. -If you select 'No', the preview folder will be excluded from the restore process which can lead to preview issues in Nextcloud." -then - PREVIEW_EXCLUDED=("--exclude=/appdata_"*/preview/) - EXCLUDED_DIRECTORIES+=("$NCDATA"/appdata_*/preview) -fi - -for directory in "${EXCLUDED_DIRECTORIES[@]}" -do - directory="${directory#/*}" - EXCLUDE_DIRS+=(--exclude="/$directory/") -done - -# Inform user -if ! yesno_box_no "Are you sure that you want to restore your system to the selected state? -Please note that this will also restore the Bitwarden RS/Vaultwarden/Bitwarden database so newly created passwords that were created in the meantime since this backup will get deleted. -If you select 'Yes', we will start the restore process!" -then - umount /tmp/borgsystem - umount /tmp/borgboot - umount /tmp/borgncdata &>/dev/null - restore_original_state - exit 1 -fi - -# Inform user -msg_box "We will now start the restore process. Please wait until you see the next popup! This can take a while!" - -# Start the restore -print_text_in_color "$ICyan" "Starting the restore process..." - -# Check if dpkg or apt is running -is_process_running apt -is_process_running dpkg - -# Stop services -print_text_in_color "$ICyan" "Stopping services..." -if is_docker_running -then - systemctl stop docker -fi -nextcloud_occ_no_check maintenance:mode --on -systemctl stop postgresql - -# Restore the system partition -print_text_in_color "$ICyan" "Restoring the files..." -if ! rsync --archive --human-readable --delete --one-file-system \ --vv "${EXCLUDE_DIRS[@]}" /tmp/borgsystem/system/ / -then - SYSTEM_RESTORE_FAILED=1 -fi - -# Restore the boot partition -if ! rsync --archive --human-readable -vv --delete /tmp/borgboot/boot/ /boot -then - if [ "$SYSTEM_RESTORE_FAILED" = 1 ] - then - msg_box "Something failed while restoring the system partition." - fi - msg_box "Something failed while restoring the boot partition." - umount /tmp/borgsystem - umount /tmp/borgboot - umount /tmp/borgncdata &>/dev/null - restore_original_state - exit 1 -fi - -if [ "$SYSTEM_RESTORE_FAILED" = 1 ] -then - msg_box "Something failed while restoring the system partition." - umount /tmp/borgsystem - umount /tmp/borgboot - umount /tmp/borgncdata &>/dev/null - restore_original_state - exit 1 -fi - -# Restore the ncdata partition -if [ -n "$NCDATA_ARCHIVE_EXISTS" ] -then - if ! rsync --archive --human-readable --delete --one-file-system \ --vv "${PREVIEW_EXCLUDED[*]}" /tmp/borgncdata/ncdata/ /mnt/ncdata - then - msg_box "Something failed while restoring the ncdata partition." - umount /tmp/borgsystem - umount /tmp/borgboot - umount /tmp/borgncdata - restore_original_state - exit 1 - fi -fi - -# Start services -print_text_in_color "$ICyan" "Starting services..." -systemctl start postgresql -nextcloud_occ_no_check maintenance:mode --off -start_if_stopped docker - -# Restore original state -umount /tmp/borgsystem -umount /tmp/borgboot -umount /tmp/borgncdata &>/dev/null -restore_original_state - -# Allow to reboot: recommended -msg_box "Congratulations, the restore was successful!\n -It is highly recommended to reboot your server now." -if yesno_box_yes "Do you want to reboot now?" -then - reboot -fi - -exit diff --git a/not-supported/tpm2-unlock.sh b/not-supported/tpm2-unlock.sh deleted file mode 100644 index a67bb7c293..0000000000 --- a/not-supported/tpm2-unlock.sh +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="TPM2 Unlock" -SCRIPT_EXPLAINER="This script helps automatically unlocking the root partition during boot \ -and securing your GRUB (bootloader)." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if already installed -if is_this_installed clevis-luks || is_this_installed clevis-tpm2 || is_this_installed clevis-initramfs -then - msg_box "It seems like clevis-luks is already installed.\nThis script can unfortunately not run twice." - exit 1 -else - # Ask for installation - install_popup "$SCRIPT_NAME" -fi - -# Make some pre-requirements -if lshw -quiet | grep -q "driver=nvme" && ! grep -q "nvme_core.default_ps_max_latency_us" /etc/default/grub -then - print_text_in_color "$ICyan" "Configuring necessary pre-requirements..." - # shellcheck disable=1091 - source /etc/default/grub - GRUB_CMDLINE_LINUX_DEFAULT+=" nvme_core.default_ps_max_latency_us=5500" - sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$GRUB_CMDLINE_LINUX_DEFAULT\"|" /etc/default/grub - if ! update-grub - then - msg_box "Something failed during update-grub. Please report this to $ISSUES" - fi -fi - -# Test if device is present -# https://github.com/noobient/noobuntu/wiki/Full-Disk-Encryption#tpm-2 -if ! dmesg | grep -i "tpm" | grep -q "2\.0" -then - msg_box "No TPM 2.0 device found." - exit 1 -fi -ENCRYPTED_DEVICE="$(lsblk -o KNAME,FSTYPE | grep "crypto_LUKS" | awk '{print $1}')" -if [ -z "$ENCRYPTED_DEVICE" ] -then - msg_box "No encrypted device found." - exit 1 -fi -mapfile -t ENCRYPTED_DEVICE <<< "$ENCRYPTED_DEVICE" -if [ "${#ENCRYPTED_DEVICE[@]}" -gt 1 ] -then - msg_box "More than one encrypted device found. This is not supported." - exit 1 -fi - -# Enter the password -PASSWORD="$(input_box_flow "Please enter the password for your root partition -If you want to cancel, just type in 'exit' and press [ENTER].")" -if [ "$PASSWORD" = 'exit' ] -then - exit 1 -fi - -# Install needed tools -apt-get install clevis-tpm2 clevis-luks clevis-initramfs -y - -# Execute the script -print_text_in_color "$ICyan" "Setting up automatic unlocking via TPM2..." -if ! echo "$PASSWORD" | clevis luks bind -k - -d "/dev/${ENCRYPTED_DEVICE[*]}" tpm2 '{"pcr_bank":"sha256","pcr_ids":"7"}' -then - msg_box "Something has failed while trying to configure clevis luks. -We will now uninstall all needed packets again, so that you are able to start over." - apt-get purge clevis-tpm2 clevis-luks clevis-initramfs -y - apt-get autoremove -y - msg_box "All installed packets were successfully removed." - exit 1 -fi -print_text_in_color "$ICyan" "Updating initramfs..." -if ! update-initramfs -u -k 'all' -then - msg_box "Errors during initramfs update" - exit 1 -fi - -PASSWORD=$(input_box_flow "Please enter a new password that will secure your GRUB (bootloader).") - -# Set grub password -# https://selivan.github.io/2017/12/21/grub2-password-for-all-but-default-menu-entries.html -GRUB_PASS="$(echo -e "$PASSWORD\n$PASSWORD" | grub-mkpasswd-pbkdf2 | grep -oP 'grub\.pbkdf2\.sha512\.10000\..*')" -if [ -n "${PASSWORD##grub.pbkdf2.sha512.10000.}" ] -then - cat << GRUB_CONF >> /etc/grub.d/40_custom - -# Password-protect GRUB -set superusers="grub" -password_pbkdf2 grub $GRUB_PASS -GRUB_CONF - # Allow to run the default grub options without requiring the grub password - if ! grep -q '^CLASS=.*--unrestricted"' /etc/grub.d/10_linux && grep -q '^CLASS=.*"$' /etc/grub.d/10_linux - then - sed -i '/^CLASS=/s/"$/ --unrestricted"/' /etc/grub.d/10_linux - fi -else - msg_box "Something went wrong while setting the grub password. \ -Please report this to $ISSUES" - exit 1 -fi - -# Adjust grub (https://github.com/nextcloud/vm/issues/1694) -if ! grep -q "GRUB_DISABLE_OS_PROBER" /etc/default/grub -then - echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub -fi - -# Update grub -print_text_in_color "$ICyan" "Updating grub..." -update-grub - -# Don't allow to update shim, otherwise the automatic unlocking might break -if ! apt-mark hold shim -then - msg_box "Could not hold shim. -Please report this to $ISSUES" -fi - -# Inform user -msg_box "TPM2 Unlock and securing your GRUB (bootloader) was set up successfully. -We will reboot after you hit okay.\n -Please check if it automatically unlocks the root partition. -If not something has failed." - -reboot diff --git a/not-supported/veracrypt-btrfs.sh b/not-supported/veracrypt-btrfs.sh deleted file mode 100644 index 40b08318ba..0000000000 --- a/not-supported/veracrypt-btrfs.sh +++ /dev/null @@ -1,434 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Veracrypt" -SCRIPT_EXPLAINER="This script automates formatting, encrypting and mounting drives with Veracrypt." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -if ! is_this_installed veracrypt -then - if ! yesno_box_yes "Do you want to install $SCRIPT_NAME?" - then - exit 1 - fi - msg_box "Please note that in order to install Veracrypt on your server, \ -we need to add a 3rd Party PPA, which theoretically could set your server under risk." - if ! yesno_box_yes "Do you want to continue nonetheless?" - then - exit 1 - fi - msg_box "We will now install Veracrypt. This can take a long time. Please be patient!" - add-apt-repository ppa:unit193/encryption -y - apt-get update -q4 & spinner_loading - apt-get install veracrypt --no-install-recommends -y -fi - -# Discover drive -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - exit 1 -fi - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the drive that you would like to format and encrypt with Veracrypt. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}') - args+=("/dev/$drive" " $DRIVE_DESCRIPTION") -done - -# Show the drive menu -DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$DEVICE" ] -then - exit 1 -fi - -# Ask for password -while : -do - PASSWORD=$(input_box_flow "Please enter the Password that you would like to use for encrypting your drive '$DEVICE' -It should be a strong password. -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$PASSWORD" = "exit" ] - then - exit 1 - fi - if yesno_box_no "Have you saved the password at a safe place?" - then - break - fi -done - -# Last info box -if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' and encrypt it? -All current files on the drive will be erased! -Select 'Yes' to continue with the process. Select 'No' to cancel." -then - exit 1 -fi - -# Inform user -msg_box "We will now format the drive '$DEVICE' and encrypt it with Veracrypt. Please be patient!" - -# Wipe drive -dd if=/dev/urandom of="$DEVICE" bs=1M count=2 -parted "$DEVICE" mklabel gpt --script -parted "$DEVICE" mkpart primary 0% 100% --script - -# Wait so that veracrypt doesn't fail -sleep 1 - -# Format drive -# https://relentlesscoding.com/posts/encrypt-device-with-veracrypt-from-the-command-line/ -if ! echo "$PASSWORD" \ -| veracrypt --text --quick \ ---non-interactive \ ---create "$DEVICE"1 \ ---volume-type=normal \ ---encryption=AES \ ---hash=SHA-512 \ ---filesystem=Btrfs \ ---stdin > /dev/null -then - msg_box "Something failed while encrypting with Veracrypt." - exit 1 -fi - -# Inform user -msg_box "Formatting and encryption with Veracrypt was successful!" - -# Mount it -if ! yesno_box_yes "Do you want to mount the encrypted partition to your server?" -then - exit 1 -fi - -# Get PARTUUID -PARTUUID=$(lsblk -o PATH,PARTUUID | grep "^$DEVICE"1 | awk '{print $2}') - -# Enter the mountpoint -while : -do - MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition. -One example is: '/mnt/data' -The directory has to start with '/mnt/' -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$MOUNT_PATH" = "exit" ] - then - exit 1 - elif echo "$MOUNT_PATH" | grep -q " " - then - msg_box "Please don't use spaces!" - elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/" - then - msg_box "The directory has to stat with '/mnt/'" - elif grep -q " $MOUNT_PATH " /etc/fstab - then - msg_box "The mountpoint already exists in fstab. Please try a different one." - elif mountpoint -q "$MOUNT_PATH" - then - msg_box "The mountpoint is already mounted. Please try a different one." - elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata" - then - msg_box "The directory isn't allowed to start with '/mnt/ncdata'" - elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares" - then - msg_box "The directory isn't allowed to start with '/mnt/smbshares'" - else - mkdir -p "$MOUNT_PATH" - if ! echo "$PASSWORD" | veracrypt -t -k "" --pim=0 --protect-hidden=no --fs-options=defaults \ -"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH" - then - msg_box "Something failed while trying to mount the Volume. Please try again." - else - break - fi - fi -done - -# Create automount script -# Unfortunately the automount via crypttab doesn't work (when using a passphrase-file) -if ! [ -f "$SCRIPTS/veracrypt-automount.sh" ] -then - cat << AUTOMOUNT > "$SCRIPTS/veracrypt-automount.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/veracrypt-automount.sh" -chmod 700 "$SCRIPTS/veracrypt-automount.sh" - -# Reset maintenance mode to disabled upon restart -sed -i "/'maintenance'/s/true/false/" "$NCPATH/config/config.php" - -# Veracrypt entries -AUTOMOUNT -fi - -# Write to file -cat << AUTOMOUNT >> "$SCRIPTS/veracrypt-automount.sh" -if ! echo '$PASSWORD' | veracrypt -t -k "" --pim=0 --protect-hidden=no --fs-options=defaults \ -"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH" -then - sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php" - source /var/scripts/fetch_lib.sh - nextcloud_occ_no_check maintenance:mode --on - send_mail "$MOUNT_PATH could not get mounted!" "Please connect the drive and reboot your server! \ -The maintenance mode was activated to prevent any issue with Nextcloud. \ -You can disable it after the drive is successfully mounted again!" -fi -AUTOMOUNT - -# Secure the file -chown root:root "$SCRIPTS/veracrypt-automount.sh" -chmod 700 "$SCRIPTS/veracrypt-automount.sh" - -# Test if drive is connected -cat << CONNECTED > "$SCRIPTS/is-drive-connected.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/is-drive-connected.sh" -chmod 700 "$SCRIPTS/is-drive-connected.sh" - -# Entries -PARTUUID="\$1" - -# Test if drive is connected -while lsblk "/dev/disk/by-partuuid/\$PARTUUID" &>/dev/null -do - sleep 1 -done - -# Continue if not -if grep -q "'maintenance'" "$NCPATH/config/config.php" -then - sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php" - source /var/scripts/fetch_lib.sh -else - source /var/scripts/fetch_lib.sh - nextcloud_occ_no_check maintenance:mode --on -fi -send_mail "One veracrypt drive is not connected anymore!" "Please connect the drive and reboot your server! -The maintenance mode was activated to prevent any issue with Nextcloud. -A reboot should fix the issue if the drive is successfully connected again." -CONNECTED - -# Secure the file -chown root:root "$SCRIPTS/is-drive-connected.sh" -chmod 700 "$SCRIPTS/is-drive-connected.sh" - -# Create crontab and start -crontab -u root -l | { cat; echo "@reboot $SCRIPTS/is-drive-connected.sh '$PARTUUID' >/dev/null"; } | crontab -u root - -nohup bash "$SCRIPTS/is-drive-connected.sh" "$PARTUUID" &>/dev/null & - -# Adjust permissions at start up -if ! [ -f "$SCRIPTS/adjust-startup-permissions.sh" ] -then - cat << PERMISSIONS > "$SCRIPTS/adjust-startup-permissions.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/adjust-startup-permissions.sh" -chmod 700 "$SCRIPTS/adjust-startup-permissions.sh" - -# Entries -PERMISSIONS -fi -cat << PERMISSIONS >> "$SCRIPTS/adjust-startup-permissions.sh" -find "$MOUNT_PATH/" -not -path "$MOUNT_PATH/.snapshots/*" \\( ! -perm 770 -o ! -group www-data \ --o ! -user www-data \\) -exec chmod 770 {} \\; \ --exec chown www-data:www-data {} \\; -PERMISSIONS - -chown root:root "$SCRIPTS/adjust-startup-permissions.sh" -chmod 700 "$SCRIPTS/adjust-startup-permissions.sh" -crontab -u root -l | grep -v "$SCRIPTS/adjust-startup-permissions.sh" | crontab -u root - -crontab -u root -l | { cat; echo "@reboot $SCRIPTS/adjust-startup-permissions.sh"; } | crontab -u root - - -# Delete crontab -crontab -u root -l | grep -v 'veracrypt-automount.sh' | crontab -u root - -# Create service instead -cat << SERVICE > /etc/systemd/system/veracrypt-automount.service -[Unit] -Description=Mount Veracrypt Devices -After=boot.mount -Before=network.target - -[Service] -Type=forking -ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh -TimeoutStopSec=1 - -[Install] -WantedBy=multi-user.target -SERVICE -systemctl disable veracrypt-automount &>/dev/null -systemctl enable veracrypt-automount - -# Adjust permissions -print_text_in_color "$ICyan" "Adjusting permissions..." -chown -R www-data:www-data "$MOUNT_PATH" -chmod -R 770 "$MOUNT_PATH" - -# Automatically create snapshots -mkdir -p "$MOUNT_PATH/.snapshots" -if ! [ -f "$SCRIPTS/create-hourly-btrfs-snapshots.sh" ] -then - cat << SNAPSHOT > "$SCRIPTS/create-hourly-btrfs-snapshots.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/create-hourly-btrfs-snapshots.sh" -chmod 700 "$SCRIPTS/create-hourly-btrfs-snapshots.sh" - -# Variables -MAX_SNAPSHOTS=54 -CURRENT_DATE=\$(date --date @"\$(date +%s)" +"%Y%m%d_%H%M%S") -SNAPSHOT -fi - cat << SNAPSHOT >> "$SCRIPTS/create-hourly-btrfs-snapshots.sh" - -# $MOUNT_PATH -btrfs subvolume snapshot -r "$MOUNT_PATH/" "$MOUNT_PATH/.snapshots/@\$CURRENT_DATE" -while [ "\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt "\$MAX_SNAPSHOTS" ] -do - DELETE="\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)" - btrfs subvolume delete "\$DELETE" -done -SNAPSHOT - chown root:root "$SCRIPTS/create-hourly-btrfs-snapshots.sh" - chmod 700 "$SCRIPTS/create-hourly-btrfs-snapshots.sh" - if yesno_box_yes "Do you want snapshots to get created every 15 min? (Recommended for SSDs!) -If at least one Veracrypt-BTRFS drive is a HDD, you should choose 'No' here to create snapshots every hour!" - then - crontab -u root -l | grep -v "$SCRIPTS/create-hourly-btrfs-snapshots.sh" | crontab -u root - - crontab -u root -l | { cat; echo "*/15 8-17 * * * $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root - - crontab -u root -l | { cat; echo "0 18-23,0-7 * * * $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root - - else - crontab -u root -l | grep -v "$SCRIPTS/create-hourly-btrfs-snapshots.sh" | crontab -u root - - crontab -u root -l | { cat; echo "@hourly $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root - - fi - # Execute monthly scrubs - if ! [ -f "$SCRIPTS/scrub-btrfs-weekly.sh" ] - then - cat << SNAPSHOT > "$SCRIPTS/scrub-btrfs-weekly.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/scrub-btrfs-weekly.sh" -chmod 700 "$SCRIPTS/scrub-btrfs-weekly.sh" - -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh -SNAPSHOT - fi - cat << SNAPSHOT >> "$SCRIPTS/scrub-btrfs-weekly.sh" - -# $MOUNT_PATH -notify_admin_gui "Starting weekly BTRFS check of $MOUNT_PATH" "Starting BTRFS-scrub of $MOUNT_PATH. -You will be notified again when the scrub is done" -if ! btrfs scrub start -B "$MOUNT_PATH" -then - notify_admin_gui "Error while performing weekly BTRFS scrub of $MOUNT_PATH!" \ - "Error on $MOUNT_PATH\nPlease look at $VMLOGS/weekly-btrfs-scrub.log for further info!" -else - notify_admin_gui "Weekly BTRFS scrub successful of $MOUNT_PATH!" \ - "$MOUNT_PATH was successfully tested!\nPlease look at $VMLOGS/weekly-btrfs-scrub.log for further info!" -fi -SNAPSHOT - chown root:root "$SCRIPTS/scrub-btrfs-weekly.sh" - chmod 700 "$SCRIPTS/scrub-btrfs-weekly.sh" - crontab -u root -l | grep -v "$SCRIPTS/scrub-btrfs-weekly.sh" | crontab -u root - - crontab -u root -l | { cat; echo "0 0 1,16 * * $SCRIPTS/scrub-btrfs-weekly.sh >> $VMLOGS/weekly-btrfs-scrub.log 2>&1"; } | crontab -u root - - -# Inform the user -msg_box "Congratulations! The mount was successful. -You can now access the partition here: -$MOUNT_PATH" - -# Test if Plex is installed -if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" -then - # Reconfiguring Plex - msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive. -This can take a while. Please be patient!" - print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..." - docker pull assaflavie/runlike - echo '#/bin/bash' > /tmp/pms-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf - if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf - then - MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}" - sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf - docker stop plex - if ! docker rm plex - then - msg_box "Something failed while removing the old container." - exit 1 - fi - if ! bash /tmp/pms-conf - then - msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'" - exit 1 - fi - rm /tmp/pms-conf - msg_box "Plex was adjusted!" - else - rm /tmp/pms-conf - msg_box "No need to update Plex, since the drive is already mounted to Plex." - fi -fi - -exit diff --git a/not-supported/veracrypt-ntfs.sh b/not-supported/veracrypt-ntfs.sh deleted file mode 100644 index 49fe065d3e..0000000000 --- a/not-supported/veracrypt-ntfs.sh +++ /dev/null @@ -1,336 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Veracrypt" -SCRIPT_EXPLAINER="This script automates formatting, encrypting and mounting drives with Veracrypt." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -msg_box "$SCRIPT_EXPLAINER" - -if ! is_this_installed veracrypt -then - if ! yesno_box_yes "Do you want to install $SCRIPT_NAME?" - then - exit 1 - fi - msg_box "Please note that in order to install Veracrypt on your server, \ -we need to add a 3rd Party PPA, which theoretically could set your server under risk." - if ! yesno_box_yes "Do you want to continue nonetheless?" - then - exit 1 - fi - msg_box "We will now install Veracrypt. This can take a long time. Please be patient!" - add-apt-repository ppa:unit193/encryption -y - apt-get update -q4 & spinner_loading - apt-get install veracrypt --no-install-recommends -y -fi - -# Discover drive -msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK. -Otherwise we will not be able to detect it." -CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') -count=0 -while [ "$count" -lt 60 ] -do - print_text_in_color "$ICyan" "Please connect your drive now." - sleep 5 & spinner_loading - echo "" - NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}') - if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ] - then - count=$((count+5)) - else - msg_box "A new drive was found. We will continue with the mounting now. -Please leave it connected." - break - fi -done - -# Exit if no new drive was found -if [ "$count" -ge 60 ] -then - msg_box "No new drive found within 60 seconds. -Please run this option again if you want to try again." - exit 1 -fi - -# Get all new drives -mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES" -for drive in "${CURRENT_DRIVES[@]}" -do - NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive") -done - -# Partition menu -args=(whiptail --title "$TITLE" --menu \ -"Please select the drive that you would like to format and encrypt with Veracrypt. -$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) - -# Get information that are important -mapfile -t NEW_DRIVES <<< "$NEW_DRIVES" -for drive in "${NEW_DRIVES[@]}" -do - DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}') - args+=("/dev/$drive" " $DRIVE_DESCRIPTION") -done - -# Show the drive menu -DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3) -if [ -z "$DEVICE" ] -then - exit 1 -fi - -# Ask for password -while : -do - PASSWORD=$(input_box_flow "Please enter the Password that you would like to use for encrypting your drive '$DEVICE' -It should be a strong password. -If you want to cancel, just type in 'exit' and press [ENTER].") - if [ "$PASSWORD" = "exit" ] - then - exit 1 - fi - if yesno_box_no "Have you saved the password at a safe place?" - then - break - fi -done - -# Last info box -if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' and encrypt it? -All current files on the drive will be erased! -Select 'Yes' to continue with the process. Select 'No' to cancel." -then - exit 1 -fi - -# Inform user -msg_box "We will now format the drive '$DEVICE' and encrypt it with Veracrypt. Please be patient!" - -# Wipe drive -dd if=/dev/urandom of="$DEVICE" bs=1M count=2 -parted "$DEVICE" mklabel gpt --script -parted "$DEVICE" mkpart primary 0% 100% --script - -# Wait so that veracrypt doesn't fail -sleep 1 - -# Format drive -# https://relentlesscoding.com/posts/encrypt-device-with-veracrypt-from-the-command-line/ -if ! echo "$PASSWORD" \ -| veracrypt --text --quick \ ---non-interactive \ ---create "$DEVICE"1 \ ---volume-type=normal \ ---encryption=AES \ ---hash=SHA-512 \ ---filesystem=NTFS \ ---stdin > /dev/null -then - msg_box "Something failed while encrypting with Veracrypt." - exit 1 -fi - -# Inform user -msg_box "Formatting and encryption with Veracrypt was successful!" - -# Mount it -if ! yesno_box_yes "Do you want to mount the encrypted partition to your server?" -then - exit 1 -fi - -# Get PARTUUID -PARTUUID=$(lsblk -o PATH,PARTUUID | grep "^$DEVICE"1 | awk '{print $2}') - -# Enter the mountpoint -while : -do - MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition. -One example is: '/mnt/data' -The directory has to start with '/mnt/' -If you want to cancel, type 'exit' and press [ENTER].") - if [ "$MOUNT_PATH" = "exit" ] - then - exit 1 - elif echo "$MOUNT_PATH" | grep -q " " - then - msg_box "Please don't use spaces!" - elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/" - then - msg_box "The directory has to stat with '/mnt/'" - elif grep -q " $MOUNT_PATH " /etc/fstab - then - msg_box "The mountpoint already exists in fstab. Please try a different one." - elif mountpoint -q "$MOUNT_PATH" - then - msg_box "The mountpoint is already mounted. Please try a different one." - elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata" - then - msg_box "The directory isn't allowed to start with '/mnt/ncdata'" - elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares" - then - msg_box "The directory isn't allowed to start with '/mnt/smbshares'" - else - mkdir -p "$MOUNT_PATH" - if ! echo "$PASSWORD" | veracrypt -t -k "" --pim=0 --protect-hidden=no \ ---fs-options=windows_names,uid=www-data,gid=www-data,umask=007 \ -"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH" - then - msg_box "Something failed while trying to mount the Volume. Please try again." - else - break - fi - fi -done - -# Create automount script -# Unfortunately the automount via crypttab doesn't work (when using a passphrase-file) -if ! [ -f "$SCRIPTS/veracrypt-automount.sh" ] -then - cat << AUTOMOUNT > "$SCRIPTS/veracrypt-automount.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/veracrypt-automount.sh" -chmod 700 "$SCRIPTS/veracrypt-automount.sh" - -# Reset maintenance mode to disabled upon restart -sed -i "/'maintenance'/s/true/false/" "$NCPATH/config/config.php" - -# Veracrypt entries -AUTOMOUNT -fi - -# Write to file -cat << AUTOMOUNT >> "$SCRIPTS/veracrypt-automount.sh" -if ! echo '$PASSWORD' | veracrypt -t -k "" --pim=0 --protect-hidden=no \ ---fs-options=windows_names,uid=www-data,gid=www-data,umask=007 \ -"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH" -then - sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php" - source /var/scripts/fetch_lib.sh - nextcloud_occ_no_check maintenance:mode --on - send_mail "$MOUNT_PATH could not get mounted!" "Please connect the drive and reboot your server! \ -The maintenance mode was activated to prevent any issue with Nextcloud. \ -A reboot should fix the issue if the drive is successfully connected again." -fi -AUTOMOUNT - -# Secure the file -chown root:root "$SCRIPTS/veracrypt-automount.sh" -chmod 700 "$SCRIPTS/veracrypt-automount.sh" - -# Test if drive is connected -cat << CONNECTED > "$SCRIPTS/is-drive-connected.sh" -#!/bin/bash - -# Secure the file -chown root:root "$SCRIPTS/is-drive-connected.sh" -chmod 700 "$SCRIPTS/is-drive-connected.sh" - -# Entries -PARTUUID="\$1" - -# Test if drive is connected -while lsblk "/dev/disk/by-partuuid/\$PARTUUID" &>/dev/null -do - sleep 1 -done - -# Continue if not -if grep -q "'maintenance'" "$NCPATH/config/config.php" -then - sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php" - source /var/scripts/fetch_lib.sh -else - source /var/scripts/fetch_lib.sh - nextcloud_occ_no_check maintenance:mode --on -fi -send_mail "One veracrypt drive is not connected anymore!" "Please connect the drive and reboot your server! -The maintenance mode was activated to prevent any issue with Nextcloud. -You can disable it after the drive is successfully mounted again!" -CONNECTED - -# Secure the file -chown root:root "$SCRIPTS/is-drive-connected.sh" -chmod 700 "$SCRIPTS/is-drive-connected.sh" - -# Create crontab and start -crontab -u root -l | { cat; echo "@reboot $SCRIPTS/is-drive-connected.sh '$PARTUUID' >/dev/null"; } | crontab -u root - -nohup bash "$SCRIPTS/is-drive-connected.sh" "$PARTUUID" &>/dev/null & - -# Delete crontab -crontab -u root -l | grep -v 'veracrypt-automount.sh' | crontab -u root - -# Create service instead -cat << SERVICE > /etc/systemd/system/veracrypt-automount.service -[Unit] -Description=Mount Veracrypt Devices -After=boot.mount -Before=network.target - -[Service] -Type=forking -ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh -TimeoutStopSec=1 - -[Install] -WantedBy=multi-user.target -SERVICE -systemctl disable veracrypt-automount &>/dev/null -systemctl enable veracrypt-automount - -# Inform the user -msg_box "Congratulations! The mount was successful. -You can now access the partition here: -$MOUNT_PATH" - -# Test if Plex is installed -if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$" -then - # Reconfiguring Plex - msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive. -This can take a while. Please be patient!" - print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..." - docker pull assaflavie/runlike - echo '#/bin/bash' > /tmp/pms-conf - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf - if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf - then - MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}" - sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf - docker stop plex - if ! docker rm plex - then - msg_box "Something failed while removing the old container." - exit 1 - fi - if ! bash /tmp/pms-conf - then - msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'" - exit 1 - fi - rm /tmp/pms-conf - msg_box "Plex was adjusted!" - else - rm /tmp/pms-conf - msg_box "No need to update Plex, since the drive is already mounted to Plex." - fi -fi - -exit diff --git a/old/face-recognition.sh b/old/face-recognition.sh deleted file mode 100644 index dd87133750..0000000000 --- a/old/face-recognition.sh +++ /dev/null @@ -1,184 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) - -true -SCRIPT_NAME="Face Recognition" -SCRIPT_EXPLAINER="The $SCRIPT_NAME app allows to automatically scan for faces inside your Nextcloud." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check compatibility -check_distro_version -check_php -if [[ "$PHPVER" != "8.1" ]] && [[ "$PHPVER" != "7.4" ]] -then - msg_box "Currently only PHP 7.4 and PHP 8.1 is supported by this script." - exit 1 -fi - -# Encryption may not be enabled -if is_app_enabled encryption || is_app_enabled end_to_end_encryption -then - msg_box "It seems like you have encryption enabled which is unsupported by the $SCRIPT_NAME app!" - exit 1 -fi - -# Compatible with NC21 and above -lowest_compatible_nc 21 - -# Hardware requirements -# https://github.com/matiasdelellis/facerecognition/wiki/Requirements-and-Limitations#hardware-requirements -# https://github.com/matiasdelellis/facerecognition/wiki/Models#model-3 -ram_check 2 -cpu_check 2 - -# Check if facerecognition is already installed -if ! is_app_installed facerecognition && ! is_this_installed php7.4-pdlib && ! is_this_installed php8.1-pdli -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Ask for removal or reinstallation - reinstall_remove_menu "$SCRIPT_NAME" - # Removal - if is_this_installed php7.4-pdlib - then - apt-get purge php7.4-pdlib -y - rm -f /etc/apt/sources.list.d/20-pdlib.list - apt-get update -q4 & spinner_loading - apt-get autoremove -y - rm -f /etc/apt/trusted.gpg.d/facerecognition.gpg - elif is_this_installed php8.1-pdlib - then - apt-get purge php8.1-pdlib -y - rm -f /etc/apt/sources.list.d/facerecognition-pdlib.list - apt-get update -q4 & spinner_loading - apt-get autoremove -y - rm -f /etc/apt/keyrings/repo.gpg.key - fi - crontab -u www-data -l | grep -v "face_background_job.log" | crontab -u www-data - - crontab -u www-data -l | grep -v "face:background_job" | crontab -u www-data - - if is_app_enabled facerecognition - then - if yesno_box_no "Do you want to reset all face data? -The background scanner will then have to rescan all files for faces when you install the app again." - then - echo y | nextcloud_occ face:reset --all - fi - nextcloud_occ config:app:set facerecognition handle_external_files --value false - nextcloud_occ config:app:set facerecognition handle_group_files --value false - nextcloud_occ config:app:set facerecognition handle_shared_files --value false - fi - if is_app_installed facerecognition - then - nextcloud_occ app:remove facerecognition - fi - rm -f "$VMLOGS"/face_background_job.log - # Show successful uninstall if applicable - removal_popup "$SCRIPT_NAME" -fi - -# Inform about dependencies -msg_box "Please note that the $SCRIPT_NAME app needs an additional PHP dependency \ -to work which will need to be installed from an external repository. -This can set your server under risk." -if ! yesno_box_yes "Do you want to install the required dependency? -If you choose 'No', the installation will be aborted." -then - exit 1 -fi - -# Install requirements -if version 22.04 "$DISTRO" 22.04.10 -then - # https://github.com/matiasdelellis/facerecognition/wiki/PDlib-Installation#ubuntu-jammy - add_trusted_key_and_repo "repo.gpg.key" \ - "https://repo.delellis.com.ar" \ - "https://repo.delellis.com.ar" \ - "focal focal" \ - "facerecognition-pdlib.list" - install_if_not php"$PHPVER"-pdlib -elif version 24.04 "$DISTRO" 24.04.10 -then - # https://github.com/matiasdelellis/facerecognition/wiki/PDlib-Installation#ubuntu-noble - add_trusted_key_and_repo "repo.gpg.key" \ - "https://repo.delellis.com.ar" \ - "https://repo.delellis.com.ar" \ - "$CODENAME $CODENAME" \ - "facerecognition-pdlib.list" - install_if_not php"$PHPVER"-pdlib -fi - -# Install the app -install_and_enable_app facerecognition -if ! is_app_enabled facerecognition -then - msg_box "Could not install the $SCRIPT_NAME app. Cannot proceed." - exit 1 -fi - -# Set up face model and max memory usage -# https://github.com/matiasdelellis/facerecognition/wiki/Models#comparison -# https://github.com/matiasdelellis/facerecognition/tree/master#initial-setup -nextcloud_occ face:setup --memory 2GB -nextcloud_occ face:setup --model 3 - -# Set temporary files size -nextcloud_occ config:app:set facerecognition analysis_image_area --value="4320000" - -# Additional settings -# https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings -if yesno_box_no "Do you want the $SCRIPT_NAME app to scan external storages? -This is currently highly inefficient since it will scan all external storges multiple times (once for each user) \ -and can produce a lot of network traffic. -(The scan will need to access all files, also if they are stored externally.) -Hence, you should only enable this option if you are only using local external storage \ -or if you don't use the external storage app at all." -then - nextcloud_occ config:app:set facerecognition handle_external_files --value true -fi -if yesno_box_no "Do you want the $SCRIPT_NAME app to scan groupfolders? -This is currently highly inefficient since it will scan all groupfolders multiple times (once for each user)." -then - nextcloud_occ config:app:set facerecognition handle_group_files --value true -fi -if yesno_box_no "Do you want the $SCRIPT_NAME app to scan shared folders/files? -This is currently highly inefficient since it will scan all shared folders/files multiple times (once for each user)." -then - nextcloud_occ config:app:set facerecognition handle_shared_files --value true -fi - -# Allow the background scanner to scan the files for each user again and enable face scanning for all users -# https://github.com/matiasdelellis/facerecognition/wiki/Settings#notes -NC_USERS_NEW=$(nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||') -mapfile -t NC_USERS_NEW <<< "$NC_USERS_NEW" -for user in "${NC_USERS_NEW[@]}" -do - nextcloud_occ user:setting "$user" facerecognition full_image_scan_done false - nextcloud_occ user:setting "$user" facerecognition enabled true -done - -# Make sure that the logfile doesn't get crazy big. -crontab -u www-data -l | grep -v "face_background_job.log" | crontab -u www-data - -crontab -u www-data -l | { cat; echo "@daily rm -f $VMLOGS/face_background_job.log"; } | crontab -u www-data - - -# Schedule background scan -# https://github.com/matiasdelellis/facerecognition/wiki/Schedule-Background-Task#cron -crontab -u www-data -l | grep -v "face:background_job" | crontab -u www-data - -crontab -u www-data -l | { cat; echo "*/30 * * * * php -f $NCPATH/occ \ -face:background_job -t 900 --defer-clustering >> $VMLOGS/face_background_job.log"; } | crontab -u www-data - - -msg_box "Congratulations, $SCRIPT_NAME was successfully installed! -You just need to wait now and let the background job do its work. -After a while, you should see more and more faces that were found in your Nextcloud." diff --git a/old/format-sda-nuc-server.sh b/old/format-sda-nuc-server.sh deleted file mode 100644 index f1099febf8..0000000000 --- a/old/format-sda-nuc-server.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Format sda NUC Server" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check if root -root_check - -# Needs to be Ubuntu 22.04 and Multiverse -check_distro_version -check_multiverse - -MOUNT_=/mnt/$POOLNAME - -# Needed for partprobe -install_if_not parted - -format() { -# umount if mounted -umount /mnt/* &> /dev/null - -# mkdir if not existing -mkdir -p "$MOUNT_" - -DEVTYPE=sda - -# Get the name of the drive -DISKTYPE=$(fdisk -l | grep $DEVTYPE | awk '{print $2}' | cut -d ":" -f1 | head -1) -if [ "$DISKTYPE" != "/dev/$DEVTYPE" ] -then - msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" - exit 1 -fi - -# Check if ZFS utils are installed -install_if_not zfsutils-linux - -# Check still not mounted -#These functions return exit codes: 0 = found, 1 = not found -isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device -isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only -isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only -isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device member of a zpool - -if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok. -then - msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevMounted "/dev/$DEVTYPE"; -then - msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -# Universal: -if isMounted "/mnt/ncdata"; -then - msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isMounted "/dev/${DEVTYPE}1"; -then - msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevPartOfZFS "$DEVTYPE"; -then - msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script." - exit 1 -fi - -if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null -then - msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK. - -*** WARNING: ALL YOUR DATA WILL BE ERASED! ***" - if zpool list | grep "$POOLNAME" > /dev/null - then - check_command zpool destroy "$POOLNAME" - fi - check_command wipefs -a -f "$DISKTYPE" - sleep 0.5 - check_command zpool create -f -o ashift=12 "$POOLNAME" "$DISKTYPE" - check_command zpool set failmode=continue "$POOLNAME" - check_command zfs set mountpoint="$MOUNT_" "$POOLNAME" - check_command zfs set compression=lz4 "$POOLNAME" - check_command zfs set sync=standard "$POOLNAME" - check_command zfs set xattr=sa "$POOLNAME" - check_command zfs set primarycache=all "$POOLNAME" - check_command zfs set atime=off "$POOLNAME" - check_command zfs set recordsize=128k "$POOLNAME" - check_command zfs set logbias=latency "$POOLNAME" - -else - msg_box "It seems like /dev/$DEVTYPE does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" - exit 1 -fi -} -format - -# Do a backup of the ZFS mount -if is_this_installed libzfs2linux -then - if grep -r $POOLNAME /etc/mtab - then - install_if_not zfs-auto-snapshot - sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot - fi -fi - -# Check if UUID is used -if zpool list -v | grep "$DEVTYPE" -then - # Get UUID - check_command partprobe -s - if fdisk -l /dev/"$DEVTYPE"1 >/dev/null 2>&1 - then - UUID_SDB1=$(blkid -o value -s UUID /dev/"DEVTYPE"1) - fi - # Export / import the correct way (based on UUID) - check_command zpool export "$POOLNAME" - check_command zpool import -d /dev/disk/by-uuid/"$UUID_SDB1" "$POOLNAME" -fi - -# Success! -if grep "$POOLNAME" /etc/mtab -then - msg_box "$MOUNT_ mounted successfully as a ZFS volume. - -Automatic scrubbing is done monthly via a cronjob that you can find here: -/etc/cron.d/zfsutils-linux - -Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with: -'sudo zfs list -t snapshot'. -Manpage is here: -http://manpages.ubuntu.com/manpages/focal/man8/zfs-auto-snapshot.8.html - -CURRENT STATUS: -$(zpool status $POOLNAME) - -$(zpool list)" -fi diff --git a/old/modsecurity.sh b/old/modsecurity.sh deleted file mode 100644 index ef391677b7..0000000000 --- a/old/modsecurity.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Modsecurity" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -print_text_in_color "$ICyan" "Installing ModSecurity..." - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Add modsecurity -apt-get update -q4 & spinner_loading -install_if_not libapache2-mod-security2 -install_if_not modsecurity-crs -mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf - -msg_box "WARNING WARNING WARNING WARNING WARNING WARNING: - -Do not enable active defense if you don't know what you're doing! -It will break OnlyOffice, and it may break other stuff as well in Nextcloud as it's -blocking access to files automatically. - -You can monitor the audit log by typing this command in your shell: -tail -f /var/log/apache2/modsec_audit.log - -You can disable it by typing this command in your shell: -sed -i 's/SecRuleEngine .*/SecRuleEngine DetectionOnly/g' /etc/modsecurity/modsecurity.conf - -YOU HAVE BEEN WARNED." -if yesno_box_yes "Do you want to enable active defense?" -then - sed -i 's|SecRuleEngine .*|SecRuleEngine on|g' /etc/modsecurity/modsecurity.conf -fi - -cat << MODSECWHITE > "/etc/modsecurity/whitelist.conf" - -# VIDEOS - SecRuleRemoveById 958291 # Range Header Checks - SecRuleRemoveById 981203 # Correlated Attack Attempt - - # PDF - SecRuleRemoveById 950109 # Check URL encodings - - # ADMIN (webdav) - SecRuleRemoveById 960024 # Repeatative Non-Word Chars (heuristic) - SecRuleRemoveById 981173 # SQL Injection Character Anomaly Usage - SecRuleRemoveById 981204 # Correlated Attack Attempt - SecRuleRemoveById 981243 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981245 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981246 # PHPIDS - Converted SQLI Filters - SecRuleRemoveById 981318 # String Termination/Statement Ending Injection Testing - SecRuleRemoveById 973332 # XSS Filters from IE - SecRuleRemoveById 973338 # XSS Filters - Category 3 - SecRuleRemoveById 981143 # CSRF Protections ( TODO edit LocationMatch filter ) - - # COMING BACK FROM OLD SESSION - SecRuleRemoveById 970903 # Microsoft Office document properties leakage - - # NOTES APP - SecRuleRemoveById 981401 # Content-Type Response Header is Missing and X-Content-Type-Options is either missing or not set to 'nosniff' - SecRuleRemoveById 200002 # Failed to parse request body - - # UPLOADS ( 20 MB max excluding file size ) - SecRequestBodyNoFilesLimit 20971520 - - # GENERAL - SecRuleRemoveById 960017 # Host header is a numeric IP address - - # SAMEORIGN - SecRuleRemoveById 911100 # fpm socket - - # REGISTERED WARNINGS, BUT DID NOT HAVE TO DISABLE THEM - #SecRuleRemoveById 981220 900046 981407 - #SecRuleRemoveById 981222 981405 981185 981184 - -MODSECWHITE - -# Don't log in Apache2 error.log, only in a separate log (/var/log/apache2/modsec_audit.log) -check_command sed -i 's|SecDefaultAction "phase:1,log,auditlog,pass"|# SecDefaultAction "phase:1,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check_command sed -i 's|SecDefaultAction "phase:2,log,auditlog,pass"|# SecDefaultAction "phase:2,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check_command sed -i 's|# SecDefaultAction "phase:1,nolog,auditlog,pass"|SecDefaultAction "phase:1,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check_command sed -i 's|# SecDefaultAction "phase:2,nolog,auditlog,pass"|SecDefaultAction "phase:2,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf - -if [ -f /etc/modsecurity/whitelist.conf ] -then - print_text_in_color "$IGreen" "ModSecurity activated!" - restart_webserver -fi diff --git a/old/ntpdate.sh b/old/ntpdate.sh deleted file mode 100644 index 0ba2ffd925..0000000000 --- a/old/ntpdate.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Ntpdate" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -if network_ok -then - if is_this_installed ntpdate - then - ntpdate -s 1.se.pool.ntp.org - fi -fi -exit diff --git a/old/previewgenerator.sh b/old/previewgenerator.sh deleted file mode 100644 index 0902c97b96..0000000000 --- a/old/previewgenerator.sh +++ /dev/null @@ -1,302 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Preview Generator" -SCRIPT_EXPLAINER="This script will install the Preview Generator. -It can speedup the loading of previews in Nextcloud a lot." -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# PHP 7.x is needed -if is_this_installed php5.6-common || is_this_installed php5.5-common -then - msg_box "At least PHP 7.X is required, please upgrade your PHP version: \ -https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit -fi - -# Encryption may not be enabled -if is_app_enabled encryption || is_app_enabled end_to_end_encryption -then - msg_box "It seems like you have encryption enabled which is unsupported when using the Preview Generator" - exit -fi - -# Check if previewgenerator is already installed -if ! is_app_installed previewgenerator -then - # Ask for installing - install_popup "$SCRIPT_NAME" -else - # Ask for removal or reinstallation - reinstall_remove_menu "$SCRIPT_NAME" - # Removal - nextcloud_occ app:remove previewgenerator - # reset the preview formats - nextcloud_occ_no_check config:system:delete "enabledPreviewProviders" - nextcloud_occ config:system:delete preview_max_x - nextcloud_occ config:system:delete preview_max_y - nextcloud_occ config:system:delete jpeg_quality - nextcloud_occ config:system:delete preview_max_memory - nextcloud_occ config:system:delete enable_previews - # reset the cronjob - crontab -u www-data -l | grep -v 'preview:pre-generate' | crontab -u www-data - - # Remove apps - APPS=(php-imagick libmagickcore-6.q16-3-extra imagemagick-6.q16-extra) - for app in "${APPS[@]}" - do - if is_this_installed "$app" - then - apt-get purge "$app" -y - fi - done - if is_this_installed ffmpeg && ! is_app_installed integration_whiteboard - then - apt-get purge ffmpeg -y - fi - apt-get autoremove -y - rm -rf /etc/ImageMagick-6 - if yesno_box_no "Do you want to remove all previews that were generated until now? -This will most likely clear a lot of space but your server will need to re-generate the previews \ -if you should opt to re-enable previews again." - then - countdown "Removing the preview folder. This can take a while..." "5" - rm -rfv "$NCDATA"/appdata_*/preview - print_text_in_color "$ICyan" "Scanning Nextclouds appdata directory after removing all previews. \ -This can take a while..." - nextcloud_occ files:scan-app-data -vvv - msg_box "All previews were successfully removed." - fi - # Show successful uninstall if applicable - removal_popup "$SCRIPT_NAME" -fi - -# Install preview generator -install_and_enable_app previewgenerator - -# check if the previewgenerator is installed and enabled -if is_app_enabled previewgenerator -then - # enable previews - nextcloud_occ config:system:set enable_previews --value=true --type=boolean - - # install needed dependency for movies - install_if_not ffmpeg -else - exit -fi - -msg_box "In the next step you can choose to install a package called imagick \ -to speed up the generation of previews and add support for more filetypes. - -The currently supported filetypes are: -* PNG -* JPEG -* GIF -* BMP -* MarkDown -* MP3 -* TXT -* Movie -* Photoshop (needs imagick) -* SVG (needs imagick) -* TIFF (needs imagick)" - -msg_box "IMPORTANT NOTE!! - -Imagick will put your server at risk as it's is known to have several flaws. -You can check this issue to understand why: https://github.com/nextcloud/vm/issues/743 - -Please note: If you choose not to install imagick, it will get removed now." -if yesno_box_no "Do you want to install imagick?" -then - check_php - # Install imagick - install_if_not php"$PHPVER"-imagick - if version 24.04 "$DISTRO" 24.04.10 - then - install_if_not libmagickcore-6.q16-6-extra - elif version 22.04 "$DISTRO" 22.04.10 - then - install_if_not libmagickcore-6.q16-3-extra - fi - # Memory tuning - sed -i 's|policy domain="resource" name="memory" value=.*|policy domain="resource" name="memory" value="512MiB"|g' /etc/ImageMagick-6/policy.xml - sed -i 's|policy domain="resource" name="map" value=.*|policy domain="resource" name="map" value="1024MiB"|g' /etc/ImageMagick-6/policy.xml - sed -i 's|policy domain="resource" name="area" value=.*|policy domain="resource" name="area" value="256MiB"|g' /etc/ImageMagick-6/policy.xml - sed -i 's|policy domain="resource" name="disk" value=.*|policy domain="resource" name="disk" value="8GiB"|g' /etc/ImageMagick-6/policy.xml - - # Choose file formats fo the case when imagick is installed. - # for additional previews please look at the Nextcloud documentation. But these probably won't work. - choice=$(whiptail --title "$TITLE - Choose file formats" --checklist \ -"Now you can choose for which file formats you would like to generate previews for -$CHECKLIST_GUIDE\n\n$RUN_LATER_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"PNG" "" ON \ -"JPEG" "" ON \ -"GIF" "" ON \ -"BMP" "" ON \ -"MarkDown" "" ON \ -"MP3" "" ON \ -"TXT" "" ON \ -"Movie" "" ON \ -"Photoshop" "" ON \ -"SVG" "" ON \ -"TIFF" "" ON 3>&1 1>&2 2>&3) - - case "$choice" in - *"PNG"*) - nextcloud_occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\PNG" - ;;& - *"JPEG"*) - nextcloud_occ config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\JPEG" - ;;& - *"GIF"*) - nextcloud_occ config:system:set enabledPreviewProviders 2 --value="OC\\Preview\\GIF" - ;;& - *"BMP"*) - nextcloud_occ config:system:set enabledPreviewProviders 3 --value="OC\\Preview\\BMP" - ;;& - *"MarkDown"*) - nextcloud_occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\MarkDown" - ;;& - *"MP3"*) - nextcloud_occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\MP3" - ;;& - *"TXT"*) - nextcloud_occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\TXT" - ;;& - *"Movie"*) - nextcloud_occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Movie" - ;;& - *"Photoshop"*) - nextcloud_occ config:system:set enabledPreviewProviders 8 --value="OC\\Preview\\Photoshop" - ;;& - *"SVG"*) - nextcloud_occ config:system:set enabledPreviewProviders 9 --value="OC\\Preview\\SVG" - ;;& - *"TIFF"*) - nextcloud_occ config:system:set enabledPreviewProviders 10 --value="OC\\Preview\\TIFF" - ;;& - *) - ;; - esac -else - # check if imagick is installed and remove it - if is_this_installed php-imagick - then - apt-get purge php-imagick -y - elif is_this_installed php"$PHPVER"-imagick - then - apt-get purge php"$PHPVER"-imagick -y - fi - # check if libmagickcore is installed and remove it - if is_this_installed libmagickcore-6.q16-3-extra - then - apt-get purge libmagickcore-6.q16-3-extra -y - fi - # Choose file formats fo the case when imagick is not installed. - # for additional previews please look at the Nextcloud documentation. But these probably won't work. - choice=$(whiptail --title "$TITLE - Choose file formats" --checklist \ -"Now you can choose for which file formats you would like to generate previews for -$CHECKLIST_GUIDE\n\n$RUN_LATER_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"PNG" "" ON \ -"JPEG" "" ON \ -"GIF" "" ON \ -"BMP" "" ON \ -"MarkDown" "" ON \ -"MP3" "" ON \ -"TXT" "" ON \ -"Movie" "" ON 3>&1 1>&2 2>&3) - - case "$choice" in - *"PNG"*) - nextcloud_occ config:system:set enabledPreviewProviders 11 --value="OC\\Preview\\PNG" - ;;& - *"JPEG"*) - nextcloud_occ config:system:set enabledPreviewProviders 12 --value="OC\\Preview\\JPEG" - ;;& - *"GIF"*) - nextcloud_occ config:system:set enabledPreviewProviders 13 --value="OC\\Preview\\GIF" - ;;& - *"BMP"*) - nextcloud_occ config:system:set enabledPreviewProviders 14 --value="OC\\Preview\\BMP" - ;;& - *"MarkDown"*) - nextcloud_occ config:system:set enabledPreviewProviders 15 --value="OC\\Preview\\MarkDown" - ;;& - *"MP3"*) - nextcloud_occ config:system:set enabledPreviewProviders 16 --value="OC\\Preview\\MP3" - ;;& - *"TXT"*) - nextcloud_occ config:system:set enabledPreviewProviders 17 --value="OC\\Preview\\TXT" - ;;& - *"Movie"*) - nextcloud_occ config:system:set enabledPreviewProviders 18 --value="OC\\Preview\\Movie" - ;;& - *) - ;; - esac -fi - -# Set aspect ratio -nextcloud_occ config:app:set previewgenerator squareSizes --value="32 256" -nextcloud_occ config:app:set previewgenerator widthSizes --value="256 384" -nextcloud_occ config:app:set previewgenerator heightSizes --value="256" -nextcloud_occ config:system:set preview_max_x --value="2048" -nextcloud_occ config:system:set preview_max_y --value="2048" -nextcloud_occ config:system:set jpeg_quality --value="60" -nextcloud_occ config:system:set preview_max_memory --value="128" -nextcloud_occ config:app:set preview jpeg_quality --value="60" - -# Add crontab for www-data -if ! crontab -u www-data -l | grep -q 'preview:pre-generate' -then - print_text_in_color "$ICyan" "Adding crontab for $SCRIPT_NAME" - crontab -u www-data -l | { cat; echo "*/10 * * * * php -f $NCPATH/occ preview:pre-generate >> $VMLOGS/previewgenerator.log"; } | crontab -u www-data - - touch "$VMLOGS"/previewgenerator.log - chown www-data:www-data "$VMLOGS"/previewgenerator.log -fi - -msg_box "In the last step you can define a specific Nextcloud user for \ -which will be the user that runs the Preview Generation. - -The default behavior (just hit [ENTER]) is to run with the \ -system user 'www-data' which will generate previews for all users. - -If you on the other hand choose to use a specific user, previews will ONLY be generated for that specific user." - -if ! yesno_box_no "Do you want to choose a specific Nextcloud user to generate previews?" -then - print_text_in_color "$ICyan" "Using www-data (all Nextcloud users) for generating previews..." - - # Pre generate everything - nextcloud_occ preview:generate-all -else - while : - do - PREVIEW_USER=$(input_box "Enter the Nextcloud user for \ -which you want to run the Preview Generation (as a scheduled task)") - if [ -z "$(nextcloud_occ user:list | grep "$PREVIEW_USER" | awk '{print $3}')" ] - then - msg_box "It seems like the user you entered ($PREVIEW_USER) doesn't exist, please try again." - else - break - fi - done - - # Pre generate everything - nextcloud_occ preview:generate-all "$PREVIEW_USER" -fi - -msg_box "Previewgenerator was successfully installed." diff --git a/old/recover_apps.py b/old/recover_apps.py deleted file mode 100644 index 8ff4f0f499..0000000000 --- a/old/recover_apps.py +++ /dev/null @@ -1,16 +0,0 @@ -import glob, json, os, subprocess, requests - -nc_path = '/var/www/nextcloud/apps/' -backup_path = '/var/NCBACKUP/apps/' -shipped_url = 'http://raw.githubusercontent.com/nextcloud/server/master/core/shipped.json' - -json_data = requests.get(shipped_url, timeout=60).json() -shipped_apps = json_data['shippedApps'] + json_data['alwaysEnabled'] - -installed_dirs = set(os.path.basename(path) for path in glob.glob(backup_path + '*')) -missing_dirs = installed_dirs.difference(shipped_apps) - -for d in missing_dirs: -# subprocess.call(['rsync', '-Aax', os.path.join(backup_path, d), nc_path]) -# subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:enable', d]) - subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:install', d]) diff --git a/old/spreedme.sh b/old/spreedme.sh deleted file mode 100644 index f0217d5608..0000000000 --- a/old/spreedme.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -true -SCRIPT_NAME="Spreedme" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# Get all needed variables from the library -nc_update - -print_text_in_color "$ICyan" "Installing Spreed.ME..." - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -if ! is_root -then - printf "\n${Red}Sorry, you are not root.\n${Color_Off}You must type: ${ICyan}sudo ${Color_Off}bash %s/nextcloud_install_production.sh\n" "$SCRIPTS" - exit 1 -fi - -# Check if Nextcloud exists -root_check - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Install if missing -install_if_not apache2 -install_if_not snapd - -# Install Nextcloud Spreed.ME Snap -if [ -d "$SNAPDIR" ] -then - print_text_in_color "$ICyan" "Spreed.ME Snap already seems to be installed and will now be re-installed..." - snap remove spreedme - rm -rf "$SNAPDIR" - snap install --edge spreedme -else - snap install --edge spreedme -fi - -# Install and activate the Spreed.ME app -if [ -d "$NC_APPS_PATH/spreedme" ] -then - # Remove - nextcloud_occ app:disable spreedme - print_text_in_color "$ICyan" "Spreed.ME app already seems to be installed and will now be re-installed..." - rm -R "$NC_APPS_PATH/spreedme" - # Reinstall - nextcloud_occ app:install spreedme -else - nextcloud_occ app:install spreedme -fi -nextcloud_occ app:enable spreedme -chown -R www-data:www-data "$NC_APPS_PATH" - -# Generate secret keys -SHAREDSECRET=$(openssl rand -hex 32) -TEMPLINK=$(openssl rand -hex 32) -sed -i "s|sharedsecret_secret = .*|sharedsecret_secret = $SHAREDSECRET|g" "$SNAPDIR/current/server.conf" - -# Populate the else empty config file (uses database for content by default) -cp "$NCPATH/apps/spreedme/config/config.php.in" "$NCPATH/apps/spreedme/config/config.php" - -# Place the key in the NC app config -sed -i "s|.*SPREED_WEBRTC_SHAREDSECRET.*| const SPREED_WEBRTC_SHAREDSECRET = '$SHAREDSECRET';|g" "$NCPATH/apps/spreedme/config/config.php" - -# Allow to create temporary links -sed -i "s|const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED.*|const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = true;|g" "$NCPATH/apps/spreedme/config/config.php" - -# Set temporary links hash -sed -i "s|const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY.*|const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY = '$TEMPLINK';|g" "$NCPATH/apps/spreedme/config/config.php" - - -# Enable Apache mods -a2enmod proxy \ - proxy_wstunnel \ - proxy_http \ - headers - -# Add config to vhost -VHOST=/etc/apache2/spreedme.conf -if [ ! -f $VHOST ] -then -cat << VHOST > "$VHOST" - - ProxyPass http://127.0.0.1:8080/webrtc - ProxyPassReverse /webrtc - - - - ProxyPass ws://127.0.0.1:8080/webrtc/ws - - - ProxyVia On - ProxyPreserveHost On - RequestHeader set X-Forwarded-Proto 'https' env=HTTPS - # RequestHeader set X-Forwarded-Proto 'https' # Use this if you are behind a (Nginx) reverse proxy with http backends -VHOST -fi - -if ! grep -Fxq "Include $VHOST" /etc/apache2/apache2.conf -then - sed -i "145i Include $VHOST" "/etc/apache2/apache2.conf" -fi - -# Restart services -restart_webserver -if ! systemctl restart snap.spreedme.spreed-webrtc.service -then - msg_box "Something is wrong, the installation did not finish correctly. - -Please report this to $ISSUES" - exit 1 -else - msg_box "Success! Spreed.ME is now installed and configured. - -You may have to change SPREED_WEBRTC_ORIGIN in: -(sudo nano) $NCPATH/apps/spreedme/config/config.php" - exit 0 -fi diff --git a/old/test_connection.sh b/old/test_connection.sh deleted file mode 100644 index 82565dc36c..0000000000 --- a/old/test_connection.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -true -SCRIPT_NAME="Test connection" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -curl_to_dir() { - check_command curl -sSL "$1"/"$2" -o "$3"/"$2" -} - -# Colors -Color_Off='\e[0m' -IRed='\e[0;91m' -IGreen='\e[0;92m' -ICyan='\e[0;96m' - -print_text_in_color() { - printf "%b%s%b\n" "$1" "$2" "$Color_Off" -} - -curl_to_dir google.com google.connectiontest /tmp -if [ ! -s /tmp/google.connectiontest ] -then - print_text_in_color "$IRed" "Not connected!" -else - print_text_in_color "$IGreen" "Connected!" -fi diff --git a/torrent/create.sh b/torrent/create.sh deleted file mode 100644 index 892deb103e..0000000000 --- a/torrent/create.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/ -# GNU General Public License v3.0 -# https://github.com/nextcloud/vm/blob/main/LICENSE - -######### - -## This doesn't seem to work in current state. -## Help is welcome! - -# shellcheck source=lib.sh -# shellcheck disable=SC2046 -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh) - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Install dependencies -install_if_not transmission-cli -install_if_not transmission-daemon - -# Download the VM -curl -fSLO --retry 3 https://download.kafit.se/s/dnkWptz8AK4JZDM/download -mv download NextcloudVM.zip -chown debian-transmission:debian-transmission NextcloudVM.zip - -# Set more memory to sysctl -echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf -echo "net.core.wmem_max = 4194304" >> /etc/sysctl.conf -sysctl -p - -# Create torrent -curl_to_dir "$GITHUB_REPO"/torrent trackers.txt /tmp -transmission-create -o nextcloudvmhanssonit.torrent -c "https://www.hanssonit.se/nextcloud-vm" -t $(cat /tmp/trackers.txt) NextcloudVM.zip - -# Seed it! -transmission-remote -n 'transmission:transmission' -a nextcloudvmhanssonit.torrent - -# Copy it to local NC account -install_if_not rsync -nextclouduser="$(input_box_flow "Please enter the Nextcloud user that you want to move the finished torrent file to:")" -rsync -av nextcloudvmhanssonit.torrent /mnt/ncdata/"$nextclouduser"/files/ -chown www-data:www-data /mnt/ncdata/"$nextclouduser"/files/nextcloudvmhanssonit.torrent -nextcloud_occ files:scan "$nextclouduser" -unset nextclouduser diff --git a/torrent/trackers.txt b/torrent/trackers.txt deleted file mode 100644 index 2b3a694f7b..0000000000 --- a/torrent/trackers.txt +++ /dev/null @@ -1 +0,0 @@ -http://atrack.pow7.com/announce -t http://bt.henbt.com:2710/announce -t http://bt.pusacg.org:8080/announce -t http://bt2.careland.com.cn:6969/announce -t http://explodie.org:6969/announce -t http://mgtracker.org:2710/announce -t http://mgtracker.org:6969/announce -t http://open.acgtracker.com:1096/announce -t http://open.lolicon.eu:7777/announce -t http://open.touki.ru/announce.php -t http://p4p.arenabg.ch:1337/announce -t http://p4p.arenabg.com:1337/announce -t http://pow7.com:80/announce -t http://retracker.gorcomnet.ru/announce -t http://retracker.krs-ix.ru/announce -t http://retracker.krs-ix.ru:80/announce -t http://secure.pow7.com/announce -t http://t1.pow7.com/announce -t http://t2.pow7.com/announce -t http://thetracker.org:80/announce -t http://torrent.gresille.org/announce -t http://torrentsmd.com:8080/announce -t http://tracker.aletorrenty.pl:2710/announce -t http://tracker.baravik.org:6970/announce -t http://tracker.bittor.pw:1337/announce -t http://tracker.bittorrent.am/announce -t http://tracker.calculate.ru:6969/announce -t http://tracker.dler.org:6969/announce -t http://tracker.dutchtracking.com/announce -t http://tracker.dutchtracking.com:80/announce -t http://tracker.dutchtracking.nl/announce -t http://tracker.dutchtracking.nl:80/announce -t http://tracker.edoardocolombo.eu:6969/announce -t http://tracker.ex.ua/announce -t http://tracker.ex.ua:80/announce -t http://tracker.filetracker.pl:8089/announce -t http://tracker.flashtorrents.org:6969/announce -t http://tracker.grepler.com:6969/announce -t http://tracker.internetwarriors.net:1337/announce -t http://tracker.kicks-ass.net/announce -t http://tracker.kicks-ass.net:80/announce -t http://tracker.kuroy.me:5944/announce -t http://tracker.mg64.net:6881/announce -t http://tracker.opentrackr.org:1337/announce -t http://tracker.skyts.net:6969/announce -t http://tracker.tfile.me/announce -t http://tracker.tiny-vps.com:6969/announce -t http://tracker.tvunderground.org.ru:3218/announce -t http://tracker.yoshi210.com:6969/announce -t http://tracker1.wasabii.com.tw:6969/announce -t http://tracker2.itzmx.com:6961/announce -t http://tracker2.wasabii.com.tw:6969/announce -t http://www.wareztorrent.com/announce -t http://www.wareztorrent.com:80/announce -t https://www.wareztorrent.com/announce -t udp://9.rarbg.com:2710/announce -t udp://9.rarbg.me:2780/announce -t udp://9.rarbg.to:2730/announce -t udp://91.218.230.81:6969/announce -t udp://94.23.183.33:6969/announce -t udp://bt.xxx-tracker.com:2710/announce -t udp://eddie4.nl:6969/announce -t udp://explodie.org:6969/announce -t udp://mgtracker.org:2710/announce -t udp://open.stealth.si:80/announce -t udp://p4p.arenabg.com:1337/announce -t udp://shadowshq.eddie4.nl:6969/announce -t udp://shadowshq.yi.org:6969/announce -t udp://torrent.gresille.org:80/announce -t udp://tracker.aletorrenty.pl:2710/announce -t udp://tracker.bittor.pw:1337/announce -t udp://tracker.coppersurfer.tk:6969/announce -t udp://tracker.eddie4.nl:6969/announce -t udp://tracker.ex.ua:80/announce -t udp://tracker.filetracker.pl:8089/announce -t udp://tracker.flashtorrents.org:6969/announce -t udp://tracker.grepler.com:6969/announce -t udp://tracker.ilibr.org:80/announce -t udp://tracker.internetwarriors.net:1337/announce -t udp://tracker.kicks-ass.net:80/announce -t udp://tracker.kuroy.me:5944/announce -t udp://tracker.leechers-paradise.org:6969/announce -t udp://tracker.mg64.net:2710/announce -t udp://tracker.mg64.net:6969/announce -t udp://tracker.opentrackr.org:1337/announce -t udp://tracker.piratepublic.com:1337/announce -t udp://tracker.sktorrent.net:6969/announce -t udp://tracker.skyts.net:6969/announce -t udp://tracker.tiny-vps.com:6969/announce -t udp://tracker.yoshi210.com:6969/announce -t udp://tracker2.indowebster.com:6969/announce -t udp://tracker4.piratux.com:6969/announce -t udp://zer0day.ch:1337/announce -t udp://zer0day.to:1337/announce diff --git a/vagrant/README.md b/vagrant/README.md deleted file mode 100644 index 3e23f87b88..0000000000 --- a/vagrant/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Nextcloud VM with vagrant -This subrepo contains all the Vagrant config to get an Ubuntu 20.04 VM with the latest version of Nextcloud installed. - -**Please note that this is __not__ the preferred way to install Nextcloud. It's also untested in the current state.** - -# Setup -`vagrant up` will install everything - -Go to [https://localhost:8080/](https://localhost:8080/) and access Nextcloud with credentials `ncadmin / nextcloud` - -# Information -- `VagrantFile` contains instructions to run an inline script: `install.sh` -- `install.sh` does the following - - Clones https://github.com/nextcloud/vm - - Runs `yes no | sudo bash nextcloud_install_production.sh` which uses the default values for each prompt - -See https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh for default values. - -# Special thanks to -@gjgd for providing https://github.com/gjgd/vagrant-nextcloud which this is based upon - diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile deleted file mode 100644 index 2e98f90e0a..0000000000 --- a/vagrant/Vagrantfile +++ /dev/null @@ -1,11 +0,0 @@ -Vagrant.configure("2") do |config| - config.vm.box = "ubuntu/focal64" - config.vm.network "forwarded_port", guest: 443, host: 8080 - config.vm.provision "shell", path: "install.sh" - config.vm.provider "virtualbox" do |vb| - vb.memory = "2048" - end - config.vm.provider "vmware_desktop" do |v| - v.vmx["memsize"] = "2048" - end -end diff --git a/vagrant/install.sh b/vagrant/install.sh deleted file mode 100644 index 6e4369ecc7..0000000000 --- a/vagrant/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -true -SCRIPT_NAME="Install NcVM with Vagrant" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh - -check_command git clone https://github.com/nextcloud/vm.git - -cd vm || exit && print_text_in_color "$IRed" "Could not cd into the 'vm' folder." - -sudo bash nextcloud_install_production.sh --provisioning