diff options
| -rw-r--r-- | README.md | 27 | ||||
| -rwxr-xr-x | bin/nextcloud-backup | 72 | ||||
| -rwxr-xr-x | bin/nextcloud-download | 60 | ||||
| -rwxr-xr-x | bin/nextcloud-pharupdate | 97 | ||||
| -rwxr-xr-x | bin/nextcloud-update | 65 | ||||
| -rwxr-xr-x | bin/nextcloud-upgrade | 166 | ||||
| -rw-r--r-- | etc/nextcloud.conf | 18 |
7 files changed, 505 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..a126bba --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# Why? + +updater.phar is useless. + +1. It creates a backup FIRST inside the data dir (security implications through this explicitly? + None known so far... yet.) + (I did the separate file and database backups anyways ever since my instance'S inception - so + that _is_ reliable and I see no need to rely on "blackboxes".) +2. It THEN proceeds to the download which may be hilariously slow (Version 31.x.x: the servers + delivered a 255MiB file in over 15 minutes to a machine with download speeds of 30+MiB/sec) + so the backup may already be dated when we proceed +3. It then does stuff with nextcloud in an undocumented manner. Given that some utterly stupid + morons decided that within Nextcloud (nice software) everything needs to be writable by + the web server user (utterly insane), we don't want to rely on such a construct too much. + (Nextcloud don't give a fuck about security principles that are aaaaages old? Fuck your meta + layers, then, we don't trust you anymore, because fuck you.) +4. Solution? Create own scripts which take over downloads, download verification, and then + execute occ commands (well, they're still occ commands, but more granular and potentially + less fucked by imbecile decisions). + +# What? + +1. Work in progress. (!!!) (Some parts may not have enough exception handling yet, some parts + are too dependent on the scripter's setup - I hope I will be getting there eventually.) +2. A few files which complement each other to achieve download-backup-extraction-upgrade. + The entrypoint is nextcloud-update. (nextcloud-pharupdate is an old one still using + updater.phar, that one's isolated.) diff --git a/bin/nextcloud-backup b/bin/nextcloud-backup new file mode 100755 index 0000000..b64175c --- /dev/null +++ b/bin/nextcloud-backup @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# This script is mostly included "as is", I did this quite a while ago and (also see todo remarks) +# I'm not happy yet, but it works fine and the core mechanisms are swell. +# +# shellcheck disable=SC1091 +source /etc/lirion/nextcloud.conf || exit 1 +# shellcheck disable=SC1091 +source /usr/lib/lirion/ln-initfunctions || exit 2 + +# TODO: Parametrise file directory and pw acquisition - better design and more secure +BDBDIR="${NCDBBKPDIR}/files" +PWFL="${NCDBBKPDIR}/pw" +TIME="$(date +"%Y-%m-%dT%H:%M:%S%z")" + +######### +# MYSQL # +######### +DUMPOPTS=( "--add-drop-table" "--add-locks" ) +DUMPOPTS+=( "--complete-insert" "--create-options" "--lock-tables" ) + +printf "File timestamp: %s\n" "$TIME" +DBARR=( "$NCDBNAME" ) +for i in "${DBARR[@]}";do + lnbegin "DB backup: $i" + sleep 0.1337 + lnprog "dump" + if ! mysqldump "${DUMPOPTS[@]}" -u root --password="$(cat "$PWFL")" --databases \ + "$i" > "$BDBDIR/$i-$TIME.sql" 2>/dev/null; then + lnfail + exit 120 + fi + sleep 0.1337 + lnprog "compression" + if ! xz -T4 "$BDBDIR/$i-$TIME.sql" > /dev/null 2>&1 && chmod 0600 \ + "$BDBDIR/$i-$TIME.sql.xz" 2>/dev/null; then + lnfail + exit 121 + fi + sleep 0.1337 + lnok +done + +NCVER="$(/usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" 'status')" || exit 122 +NCVER="$(/usr/bin/printf '%b' "$NCVER" | /usr/bin/grep 'version:' | /usr/bin/awk '{print $NF}')" || exit 123 +/usr/bin/printf 'Current version: %b\n' "$NCVER" +if [ "$(printf '%b' "$NCVER" | wc -l)" -gt 0 ]; then + printf 'Not a single line: %b\n' "$NCVER" >&2 + exit 124 +elif [ "$(printf '%b' "$NCVER" | wc -w)" -ne 1 ]; then + printf 'Not a single word: %b\n' "$NCVER" >&2 + exit 125 +fi +lnbegin "File backup: Nextcloud" +sudo rm -f "${NCAPPLDIR}/../nextcloud-$(date -I)-${NCVER}.tar" \ + "${NCAPPLDIR}/../nextcloud-$(date -I)-${NCVER}.tar.xz" || exit 126 +sleep 0.1337 +lnprog 'dump' +if ! tar -C "${NCAPPLDIR}/.." --checkpoint=32768 --checkpoint-action='.' -cf \ + "${NCAPPLDIR}/../nextcloud-$(date -I)-${NCVER}.tar" "$NCAPPLDIR" 2>/dev/null +then + lnfail + exit 127 +fi +lnprog 'compression' +if ! xz -T4 "${NCAPPLDIR}/../nextcloud-$(date -I)-${NCVER}.tar" > /dev/null 2>&1 && \ + chmod 0600 "${NCAPPLDIR}/../nextcloud-$(date -I)-${NCVER}.tar.xz" 2>/dev/null +then + lnfail + exit 128 +fi +lnok diff --git a/bin/nextcloud-download b/bin/nextcloud-download new file mode 100755 index 0000000..ae9c824 --- /dev/null +++ b/bin/nextcloud-download @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +[ -z "$1" ] && printf 'Usage: %b VERSION\n' "$(basename "$0")" >&2 && exit 101 +# shellcheck disable=SC1091 +source /etc/lirion/nextcloud.conf || exit 102 +# shellcheck disable=SC1091 +source /usr/lib/lirion/ln-initfunctions || exit 103 + +NCFILES=( + "nextcloud-${1}.tar.bz2.asc" + "nextcloud-${1}.tar.bz2.sha512" + "nextcloud-${1}.tar.bz2" +) + +#NCDLTMP="$(/usr/bin/sudo '-u' "$NCUSER" /usr/bin/mktemp '-d' '-p' '/tmp' 'ncupdate.XXXXXX')" || exit 110 +/usr/bin/sudo -u "$NCUSER" /usr/bin/install -d -v -m '0700' "$NCDLTMP" || exit 110 + +/usr/bin/sudo -u "$NCUSER" /usr/bin/rm -vf "${NCDLTMP}/nextcloud-${1}".{asc,sha512} || exit 111 +for tgtfile in "${NCFILES[@]}"; do + url="https://download.nextcloud.com/server/releases/${tgtfile}" + curlcont=( '/usr/bin/sudo' '-u' "$NCUSER" '/usr/bin/curl' '-#RL' '-C' '-' '-o' "${NCDLTMP}/${tgtfile}" "$url" ) + curlfull=( '/usr/bin/sudo' '-u' "$NCUSER" '/usr/bin/curl' '-#RL' '-o' "${NCDLTMP}/${tgtfile}" "$url" ) + # we cannot simply [ -e FILE ] here as we may not have access to the directory: + if /usr/bin/sudo -u "$NCUSER" /usr/bin/stat -c '%f' "${NCDLTMP}/${tgtfile}" >/dev/null 2>&1; then + printf 'File %b existing, continuing download:\n' "$tgtfile" + "${curlcont[@]}"; crval="$?" + case "$crval" in + 7|18|26|27|28|35|55|56|58|59|60|63|66|67|77|80|83|89|90|91|92|94|96) + sleep 3.14159 + if ! "${curlcont[@]}"; then + exit 112 + fi + ;; + 130) + exit "$crval" + ;; + 0) ;; + *) + /usr/bin/sudo '-u' "$NCUSER" /usr/bin/rm -vf "${NCDLTMP}/${tgtfile}" + "${curlfull[@]}" || exit 113 + ;; + esac + else + printf 'Downloading %b:\n' "$tgtfile" + "${curlfull[@]}" || exit 114 + fi +done +lnbegin "Verifying download" +lnprog 'GPG' +if ! /usr/bin/sudo -u "$NCUSER" /usr/bin/gpg --no-default-keyring --keyring /var/www/keyrings/nextcloud-security.gpg \ + --quiet --verify "${NCDLTMP}/nextcloud-${1}.tar.bz2.asc" "${NCDLTMP}/nextcloud-${1}.tar.bz2" 2>/dev/null +then + lnfail 'GPG failed' + exit 116 +fi +lnok +for tgtfile in "${NCFILES[@]}"; do + /usr/bin/sudo -u "$NCUSER" /usr/bin/cp -vp "${NCDLTMP}/${tgtfile}" "${NCDLTGT}/${tgtfile}" || exit 115 +done +#rm -rf "${NCDLTMP}/" || exit 115 diff --git a/bin/nextcloud-pharupdate b/bin/nextcloud-pharupdate new file mode 100755 index 0000000..b05404d --- /dev/null +++ b/bin/nextcloud-pharupdate @@ -0,0 +1,97 @@ +#!/usr/bin/env bash + +# This will not be maintained anymore. It's an older script entirely relying +# on updater.phar - and I'm not happy with the latter, so I've integrated this +# into my conf file construct, also for cutover to the new scripts, and then +# be abandoned once production can 100% rely on the new scripts. + +# shellcheck disable=SC1091 +source /etc/lirion/nextcloud.conf || exit 1 + +COREUP=0 +APPSUP=0 +NCSTATUS=0 +UPDCHECK=0 +[ -n "$COLUMNS" ] && MYCOLS="$COLUMNS" +[ -z "$MYCOLS" ] && MYCOLS="$(tput cols 2>/dev/null)" +[ -z "$MYCOLS" ] && MYCOLS="32" +function dashprint { + printf "\\033[;1m" + for (( i=0; i<MYCOLS; ++i ));do + printf "-" + done + printf "\\033[0m\\n" +} +function hayulp { + printf "USAGE: %b [-a] [-c] [-s] [-u]\\n" "$(basename "$0")" + ( + printf -- "-a:;Update all apps\\n" + printf -- "-c:;Update the Nextcloud core\\n" + printf -- "-s:;Status including version\\n" + printf -- "-u:;Status including update check\\n" + printf -- "-h:;This help text\\n" + )|column -ts \; +} +while getopts :cahsu SHOPT;do + # shellcheck disable=SC2220 + case "$SHOPT" in + c) COREUP=1;; + a) APPSUP=1;; + s) NCSTATUS=1;; + u) UPDCHECK=1;; + h)hayulp;exit 0;; + esac +done +if [ "$COREUP" -eq 1 ] || [ "$APPSUP" -eq 1 ];then + sudo stat -tL "${NCAPPLDIR}" >/dev/null 2>&1 || exit 101 +fi +if [ "$NCSTATUS" -eq 1 ];then + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" status + MYRET="$?" + [ "$MYRET" -ne 0 ] && exit "$MYRET" + if [ "$UPDCHECK" -eq 1 ];then + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" update:check + fi + if [ "$COREUP" -eq 1 ] || [ "$APPSUP" -eq 1 ];then + printf "\\nYou selected the status action, not proceeding with updates.\\n" + exit 255 + fi + exit "$MYRET" +fi +if [ "$UPDCHECK" -eq 1 ];then + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" update:check +fi +if [ "$COREUP" -eq 1 ];then + dashprint + printf "\\033[1mupdater/updater.phar\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/updater/updater.phar" || exit 1 + dashprint +fi +if [ "$APPSUP" -eq 1 ];then + printf "\\033[1mocc app:update --all\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" app:update --all || exit 2 + # NC 29+: Now there's a message if no updates could be found. Commenting out the following: + # printf "\\033[96mDone.\\033[0m\\n" + dashprint +fi +if [ "$COREUP" -eq 1 ] || [ "$APPSUP" -eq 1 ];then + printf "\\033[1mocc db:add-missing-primary-keys\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-primary-keys || exit 3 + dashprint + printf "\\033[1mocc db:add-missing-columns\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-columns || exit 4 + printf "\\033[1m-------------------------------\\033[0m\\n" + printf "\\033[1mocc db:add-missing-indices\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-indices || exit 5 + printf "\\033[96mDone.\\033[0m\\n" + dashprint + printf "\\033[1mcron.php\\033[0m\\n" + sudo -u "${NCUSER}" "$NCPHPBIN" -f "${NCAPPLDIR}/cron.php" || exit 6 + printf "\\033[96mDone.\\033[0m\\n" + dashprint +fi +if [ "$COREUP" -eq 0 ] && [ "$APPSUP" -eq 0 ] && [ "$NCSTATUS" -eq 0 ] && [ "$UPDCHECK" -eq 0 ];then + hayulp + printf "\\nNo option specified.\\n" >&2 + exit 101 +fi diff --git a/bin/nextcloud-update b/bin/nextcloud-update new file mode 100755 index 0000000..f0f399c --- /dev/null +++ b/bin/nextcloud-update @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +# Scenario: it's a pain in the ass using updater.phar since it always deletes previous downloads, +# the download servers are raging slow and thus watching that "convenient" thing is rather +# futile and it's built without enough options to cirvumvent single steps being tedious - so the +# whole thing is built by morons for morons and we do things differently from here on. + +# Steps: +# 1. Download the nextcloud release. In our scenario this was the reason. This is fucking painfully +# long, so do not do any backup or whatever else before this is finished. (we are talking over +# 15 minutes for 255 MiB here on a machine that has 30MiB/sec+ tops...) +# 2. Trigger our own database and file backup, because we can rely on that as we know what it does, +# and we will continue to know that for all eternity. Do not rely on vendor coding (which becomes +# more and more moronic - e.g. Nextcloud wants everything to be writable by the web user which is +# unbelievably stupid and insecure, and it wasn't the case for all time, so yeah - some Nextcloud +# coders became more moronic over time). +# 3. Run the upgrade-only part. This IS well documented here: +# https://docs.nextcloud.com/server/31/admin_manual/maintenance/manual_upgrade.html +# ...so we do not need updater.phar. +# TODO: Check whether we can re-enable proper file security inside Nextcloud (we assume, however, +# that the Nextcloud setup checks will cry aloud unless everything(!) is writable - which +# was the case a few major versions before 31, that's as far as memory goes...) +# 4. ??? +# 5. Profit! +# +# P.S.: "coders" actually refer to the people who made these stupid decisions and the people coding +# the feeble parts of updater.phar - Nextcloud itself is still a nice product, it's just +# a bit poisoned by morons who want to make the lifes of destructive hackers easier. + +# shellcheck disable=SC1091 +source /etc/lirion/nextcloud.conf || exit 1 +# shellcheck disable=SC1091 +source /usr/lib/lirion/ln-initfunctions || exit 2 + +# YEAH CODE! +# Mark this: we call other scripts here which should be bundled with this script (precisely: anything +# called /usr/local/bin/nextcloud-*). + +# TODO: make update check decide on whether to update +sudo whoami > /dev/null || exit 2 +lnbegin "Checking for update" +# THis script always returns 0 - php yokerel, tee hee - so we need to parse. RC!=0 = script failed +# unexpectedly. +if ! UPDSTR="$(/usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" update:check 2>&1)"; then + lnfail 'update check failed' + exit 10 +fi +if ! /usr/bin/printf '%b' "$UPDSTR" | grep -P '^Nextcloud [0-9]+\..*is available' > /dev/null; then + lnok 'none available' + exit 0 +else + UPDVER="$(/usr/bin/printf '%b' "$UPDSTR" | grep -P '^Nextcloud [0-9]+\..*is available')" + UPDVER="$(printf '%b' "$UPDVER" | sed 's/.*extcloud[\ \t-]\([^\ \t]\+\).*/\1/')" + lnok "available: $UPDVER" +fi +if [ "$(printf '%b' "$UPDVER" | wc -l)" -gt 0 ]; then + printf 'Not a single line: %b\n' "$NCVER" >&2 + exit 14 +elif [ "$(printf '%b' "$UPDVER" | wc -w)" -ne 1 ]; then + printf 'Not a single word: %b\n' "$NCVER" >&2 + exit 15 +fi +/usr/local/bin/nextcloud-download "$UPDVER" || exit "$?" +/usr/bin/sudo /usr/local/bin/nextcloud-backup || exit "$?" +/usr/local/bin/nextcloud-upgrade "$UPDVER" || exit "$?" diff --git a/bin/nextcloud-upgrade b/bin/nextcloud-upgrade new file mode 100755 index 0000000..7b222de --- /dev/null +++ b/bin/nextcloud-upgrade @@ -0,0 +1,166 @@ +#!/usr/bin/env bash + +# Error codes: 131-159 (130 is reserved for sigint et al!) + +[ -z "$1" ] && printf 'Usage: %b VERSION\n' "$(basename "$0")" >&2 && exit 101 +# shellcheck disable=SC1091 +source /etc/lirion/nextcloud.conf || exit 102 +# shellcheck disable=SC1091 +source /usr/lib/lirion/ln-initfunctions || exit 103 + +/usr/bin/sudo -u "$NCUSER" /usr/bin/whoami > /dev/null || exit 133 +/usr/bin/sudo /usr/bin/whoami > /dev/null || exit 133 + +lnbegin "File inventory" +if ! /usr/bin/sudo -u "$NCUSER" /usr/bin/stat -tL "${NCDLTGT}/nextcloud-${1}.tar.bz2" > /dev/null 2>&1; then + lnfail "archive not found" + exit 131 +elif ! /usr/bin/sudo -u "$NCUSER" /usr/bin/stat -tL "${NCDLTGT}/nextcloud-${1}.tar.bz2.sha512" >/dev/null 2>&1; then + lnfail "checksum file not found" + exit 131 +elif ! /usr/bin/sudo -u "$NCUSER" /usr/bin/stat -tL "${NCDLTGT}/nextcloud-${1}.tar.bz2.asc" >/dev/null 2>&1; then + lnfail "signature file not found" + exit 131 +fi +lnok +# TODO: implement script parameter skipping this - if we execute right after nextcloud-download, +# this is redundant as the latter also verifies. We need this only on separate execution (so +# by default as well). +lnbegin "Verifying download" +lnprog 'GPG' +if ! /usr/bin/sudo -u "$NCUSER" /usr/bin/gpg --no-default-keyring --keyring /var/www/keyrings/nextcloud-security.gpg \ + --quiet --verify "${NCDLTGT}/nextcloud-${1}.tar.bz2.asc" "${NCDLTGT}/nextcloud-${1}.tar.bz2" 2>/dev/null +then + lnfail 'GPG failed' + exit 132 +fi +lnok + +lnbegin 'Setting maintenance mode' +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" 'maintenance:mode' '--on' >/dev/null 2>&1; then + lnfail 'enabling failed' + exit 133 +fi +lnok +lnbegin "Grace period with maintenance mode" +while [ "$NCGRACE" -ge 1 ]; do + lnprog "$NCGRACE" + NCGRACE="$((NCGRACE-1))" + sleep 1 +done +lnok + +lnbegin 'Move old Nextcloud folder' +lnprog 'folder backup removal' +if ! /usr/bin/sudo rm -rf "${NCAPPLDIR}.bak" >/dev/null 2>&1; then + lnfail 'folder backup removal failed' + exit 134 +fi +lnprog 'folder backup' +if ! /usr/bin/sudo /usr/bin/mv -v "${NCAPPLDIR}" "${NCAPPLDIR}.bak" >/dev/null 2>&1; then + lnfail 'folder backup failed' + exit 135 +fi +lnok +lnbegin 'NC download extraction' +if ! /usr/bin/sudo /usr/bin/install -dm'0750' -o"$NCUSER" -g"$NCUSER" "$NCAPPLDIR" > /dev/null 2>&1; then + lnfail 'folder creation failed' + exit 136 +elif ! MYTMP="$(/usr/bin/sudo -u "$NCUSER" /usr/bin/mktemp -d -p /tmp nextcloud.XXXXXX 2>/dev/null)"; then + lnfail 'temp creation failed' + exit 137 +elif ! /usr/bin/sudo -u "$NCUSER" /usr/bin/tar -C "$MYTMP" --checkpoint-action='.' --checkpoint=16384 \ + -xjf "${NCDLTGT}/nextcloud-${1}.tar.bz2"; then + lnfail 'tarball extraction failed' + exit 138 +elif [ "$(/usr/bin/sudo -u "$NCUSER" /usr/bin/find "$MYTMP" -mindepth 1 -maxdepth 1 -name 'nextcloud' 2>/dev/null | wc -w)" -ne 1 ]; then + lnfail 'subfolder nextcloud not found' + exit 139 +elif ! /usr/bin/sudo rsync -rlptD "${MYTMP}/nextcloud/" "${NCAPPLDIR}/" >/dev/null 2>&1; then + lnfail 'folder sync failed' + exit 140 +fi +lnok +function ctrl_c { + printf '\n' + lnbegin 'Caught TERM/INT, aborting.' + lnquit + if ! /usr/bin/sudo /usr/bin/rm -rf "$MYTMP"; then + exit 141 + fi + exit 130 +} +trap ctrl_c INT +trap ctrl_c TERM +lnbegin 'Temp dir removal' +if ! /usr/bin/sudo -u "$NCUSER" /usr/bin/rm -rf "$MYTMP" >/dev/null 2>&1; then + lnfail 142 +fi +lnok +lnbegin 'Sync old config/apps' +# do use trailing slashes for folders here, we are rsyncing! +for src in 'config/config.php' 'apps/' 'apps-extras/' 'apps-external/'; do + lnprog "$src" + if ! stat -tL "${NCAPPLDIR}.bak/$src" >/dev/null 2>&1; then + lnprog "$src not existing in backup" + sleep 0.314159 + continue + fi + if ! /usr/bin/sudo /usr/bin/rsync -rulptgoD "${NCAPPLDIR}.bak/$src" "${NCAPPLDIR}/$src" >/dev/null 2>&1; then + lnfail "syncing $src failed" + exit 143 + fi +done +lnok +lnbegin "Nextcloud file permissions" +if ! /usr/bin/sudo /usr/bin/chown -R "${NCUSER}:" "${NCAPPLDIR}/" >/dev/null 2>&1 && \ + /usr/bin/sudo /usr/bin/chmod o-rwx "${NCAPPLDIR}/" >/dev/null 2>&1; then + lnfail + exit 144 +fi +lnok + +# TODO: make update check decide on whether to update +lnbegin 'Disabling maintenance mode' +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" 'maintenance:mode' '--off' >/dev/null 2>&1; then + lnfail 'disabling failed' + exit 152 +fi +lnok +lnbegin "Nextcloud upgrade" +if ! /usr/bin/sudo -u "$NCUSER" /usr/bin/stat -tL "${NCAPPLDIR}/occ" >/dev/null 2>&1 &&\ + [ "$(/usr/bin/sudo -u "$NCUSER" /usr/bin/stat -c '%f' "${NCAPPLDIR}/occ" 2>/dev/null)" != '81a0' ]; then + lnfail + exit 145 +fi +lnprog "occ upgrade" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" upgrade -q >/dev/null 2>&1; then + lnfail + exit 146 +fi +lnprog "occ app:update" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" app:update -q --all >/dev/null 2>&1; then + lnfail "occ app:update" + exit 147 +fi +lnprog "occ db:add-missing-primary-keys" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-primary-keys -q >/dev/null 2>&1; then + lnfail "occ db:add-missing-primary-keys" + exit 148 +fi +lnprog "occ db:add-missing-columns" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-columns -q >/dev/null 2>&1; then + lnfail "occ db:add-missing-columns" + exit 149 +fi +lnprog "occ db:add-missing-indices" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" "${NCAPPLDIR}/occ" db:add-missing-indices -q >/dev/null 2>&1; then + lnfail "occ db:add-missing-indices" + exit 150 +fi +lnprog "cron.php" +if ! /usr/bin/sudo -u "$NCUSER" "$NCPHPBIN" -f "${NCAPPLDIR}/cron.php" 2>/dev/null; then + lnfail "cron.php" + exit 151 +fi +lnok diff --git a/etc/nextcloud.conf b/etc/nextcloud.conf new file mode 100644 index 0000000..a88883b --- /dev/null +++ b/etc/nextcloud.conf @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# This contains variables for our helper scripts - it does not contain +# Nextcloud core configuration variables, nor does it contain anything +# like database passwords. + +# shellcheck disable=SC2034 + +NCUSER='www-data' +NCPHPBIN='/usr/bin/php8.3' +NCAPPLDIR='/path/to/nextcloud' +NCDATADIR='/apth/to/nextclouds/datadir' +NCDBNAME='nextcloud_mysql_dbname' +NCINSTANCE='nextcloud_instance_id' +NCDLTMP='/tmp/nc-update-lnde' +NCDLTGT="${NCDATADIR}/updater-${NCINSTANCE}/downloads" +NCDBBKPDIR='/path/to/sqlbackups' +NCGRACE=60 +# vim:syntax=sh |