From e379096a5fce5463ed8fecd7e5e8da8a5d2d88f6 Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 10:15:49 +0200 Subject: [PATCH 01/51] fix install script Signed-off-by: enoch85 --- nextcloud_install_production.sh | 253 +++++--------------------------- 1 file changed, 36 insertions(+), 217 deletions(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index d7ee0ebed7..98daa256a5 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -103,14 +103,17 @@ msg_box "Nextcloud repo is not available, exiting..." exit 1 fi -# Test Home/SME function -if home_sme_server -then - msg_box "This is the Home/SME server, function works!" -else - print_text_in_color "$ICyan" "Home/SME Server not detected. No worries, just testing the function." - sleep 3 -fi +# Make it obvius regarding the differences +msg_box "This is the install script for the Official Nextcloud VM. + +The intention with this is just to get a working Nextcloud without any extras at all, really - none. + +The Official VM is just a test VM, and is not an example of how th original VM is built. +The original VM is years of development, and much richer and advanced in it's possibilites. +Though, we will use some of the basics from the original VM to be able to run Nextcloud. + +In the full-version you can automatically install Nextcloud apps like e.g: OnlyOffice, Collabora, Talk (with signaling), get a valid TLS cert, and much much more. +You can check out the original full-version VM here: https://github.com/nextcloud/vm/releases." # Fix LVM on BASE image if grep -q "LVM" /etc/fstab @@ -156,12 +159,6 @@ stop_if_installed php7.3-fpm stop_if_installed mysql-common stop_if_installed mariadb-server -# Create $SCRIPTS dir -if [ ! -d "$SCRIPTS" ] -then - mkdir -p "$SCRIPTS" -fi - # Create $VMLOGS dir if [ ! -d "$VMLOGS" ] then @@ -378,8 +375,7 @@ tar -xjf "$HTML/$STABLEVERSION.tar.bz2" -C "$HTML" & spinner_loading rm "$HTML/$STABLEVERSION.tar.bz2" # Secure permissions -download_script STATIC setup_secure_permissions_nextcloud -bash $SECURE & spinner_loading +run_script STATIC setup_secure_permissions_nextcloud # Install Nextcloud print_text_in_color "$ICyan" "Installing Nextcloud..." @@ -401,14 +397,6 @@ echo # Prepare cron.php to be run every 15 minutes crontab -u www-data -l | { cat; echo "*/5 * * * * php -f $NCPATH/cron.php > /dev/null 2>&1"; } | crontab -u www-data - -# Run the updatenotification on a schelude -occ_command config:system:set upgrade.disable-web --value="true" -occ_command config:app:set updatenotification notify_groups --value="[]" -print_text_in_color "$ICyan" "Configuring update notifications specific for this server..." -download_script STATIC updatenotification -check_command chmod +x "$SCRIPTS"/updatenotification.sh -crontab -u root -l | { cat; echo "59 $AUT_UPDATES_TIME * * * $SCRIPTS/updatenotification.sh > /dev/null 2>&1"; } | crontab -u root - - # Change values in php.ini (increase max file size) # max_execution_time sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" "$PHP_INI" @@ -433,21 +421,6 @@ occ_command config:system:set log.condition apps 0 --value admin_audit # Set SMTP mail occ_command config:system:set mail_smtpmode --value="smtp" -# Forget login/session after 30 minutes -occ_command config:system:set remember_login_cookie_lifetime --value="1800" - -# Set logrotate (max 10 MB) -occ_command config:system:set log_rotate_size --value="10485760" - -# Set trashbin retention obligation (save it in trahbin for 6 months or delete when space is needed) -occ_command config:system:set trashbin_retention_obligation --value="auto, 180" - -# Set versions retention obligation (save versions for 12 months or delete when space is needed) -occ_command config:system:set versions_retention_obligation --value="auto, 365" - -# Remove simple signup -occ_command config:system:set simpleSignUpLink.shown --type=bool --value=false - # Enable OPCache for PHP # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/server_tuning.html#enable-php-opcache phpenmod opcache @@ -481,74 +454,6 @@ echo "pgsql.ignore_notice = 0" echo "pgsql.log_notice = 0" } >> "$PHP_FPM_DIR"/conf.d/20-pdo_pgsql.ini -# Install Redis (distrubuted cache) -run_script ADDONS redis-server-ubuntu - -# Install smbclient -# php"$PHPVER"-smbclient does not yet work in PHP 7.4 -install_if_not libsmbclient-dev -yes no | pecl install smbclient -if [ ! -f $PHP_MODS_DIR/smbclient.ini ] -then - touch $PHP_MODS_DIR/smbclient.ini -fi -if ! grep -qFx extension=smbclient.so $PHP_MODS_DIR/smbclient.ini -then - echo "# PECL smbclient" > $PHP_MODS_DIR/smbclient.ini - echo "extension=smbclient.so" >> $PHP_MODS_DIR/smbclient.ini - check_command phpenmod -v ALL smbclient -fi - -# Enable igbinary for PHP -# https://github.com/igbinary/igbinary -if is_this_installed "php$PHPVER"-dev -then - if ! yes no | pecl install -Z igbinary - then - msg_box "igbinary PHP module installation failed" - exit - else - print_text_in_color "$IGreen" "igbinary PHP module installation OK!" - fi -{ -echo "# igbinary for PHP" -echo "extension=igbinary.so" -echo "session.serialize_handler=igbinary" -echo "igbinary.compact_strings=On" -} >> "$PHP_INI" -restart_webserver -fi - -# APCu (local cache) -if is_this_installed "php$PHPVER"-dev -then - if ! yes no | pecl install -Z apcu - then - msg_box "APCu PHP module installation failed" - exit - else - print_text_in_color "$IGreen" "APCu PHP module installation OK!" - fi -{ -echo "# APCu settings for Nextcloud" -echo "extension=apcu.so" -echo "apc.enabled=1" -echo "apc.max_file_size=5M" -echo "apc.shm_segments=1" -echo "apc.shm_size=128M" -echo "apc.entries_hint=4096" -echo "apc.ttl=3600" -echo "apc.gc_ttl=7200" -echo "apc.mmap_file_mask=NULL" -echo "apc.slam_defense=1" -echo "apc.enable_cli=1" -echo "apc.use_request_time=1" -echo "apc.serializer=igbinary" -echo "apc.coredump_unmap=0" -echo "apc.preload_path" -} >> "$PHP_INI" -restart_webserver -fi # Fix https://github.com/nextcloud/vm/issues/714 print_text_in_color "$ICyan" "Optimizing Nextcloud..." @@ -636,10 +541,10 @@ if [ ! -f $SITES_AVAILABLE/$TLS_CONF ] then touch "$SITES_AVAILABLE/$TLS_CONF" cat << TLS_CREATE > "$SITES_AVAILABLE/$TLS_CONF" -# -# RewriteEngine On -# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] -# + + RewriteEngine On + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" @@ -704,115 +609,31 @@ fi # Enable new config a2ensite "$TLS_CONF" -a2ensite "$HTTP_CONF" a2dissite default-ssl +a2dissite 000-default restart_webserver -choice=$(whiptail --title "$TITLE - Install apps or software" --checklist "Automatically configure and install selected apps or software\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Calendar" "" ON \ -"Contacts" "" ON \ -"IssueTemplate" "" ON \ -"PDFViewer" "" ON \ -"Extract" "" ON \ -"Text" "" ON \ -"Mail" "" ON \ -"Deck" "" ON \ -"Group-Folders" "" ON 3>&1 1>&2 2>&3) - -case "$choice" in - *"Calendar"*) - install_and_enable_app calendar - ;;& - *"Contacts"*) - install_and_enable_app contacts - ;;& - *"IssueTemplate"*) - install_and_enable_app issuetemplate - ;;& - *"PDFViewer"*) - install_and_enable_app files_pdfviewer - ;;& - *"Extract"*) - if install_and_enable_app extract - then - install_if_not unrar - install_if_not p7zip - install_if_not p7zip-full - fi - ;;& - *"Text"*) - install_and_enable_app text - ;;& - *"Mail"*) - install_and_enable_app mail - ;;& - *"Deck"*) - install_and_enable_app deck - ;;& - *"Group-Folders"*) - install_and_enable_app groupfolders - ;;& - *) - ;; -esac - # Prepare first bootup check_command run_script STATIC change-ncadmin-profile check_command run_script STATIC change-root-profile -# Upgrade -apt update -q4 & spinner_loading -apt dist-upgrade -y - -# Remove LXD (always shows up as failed during boot) -apt-get purge lxd -y - # Cleanup apt autoremove -y apt autoclean find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name '*.zip*' \) -delete -# Install virtual kernels for Hyper-V, (and extra for UTF8 kernel module + Collabora and OnlyOffice) -# Kernel 5.4 -if ! home_sme_server -then - if [ "$SYSVENDOR" == "Microsoft Corporation" ] - then - # Hyper-V - apt install -y --install-recommends \ - linux-virtual \ - linux-image-virtual \ - linux-tools-virtual \ - linux-cloud-tools-virtual - # linux-image-extra-virtual only needed for AUFS driver with Docker - fi -fi - -# Add aliases -if [ -f /root/.bash_aliases ] -then - if ! grep -q "nextcloud" /root/.bash_aliases - then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} >> /root/.bash_aliases - fi -elif [ ! -f /root/.bash_aliases ] -then -{ -echo "alias nextcloud_occ='sudo -u www-data php /var/www/nextcloud/occ'" -echo "alias run_update_nextcloud='bash /var/scripts/update.sh'" -} > /root/.bash_aliases -fi - -# Set secure permissions final (./data/.htaccess has wrong permissions otherwise) -bash $SECURE & spinner_loading +# Set permissions final +run_script STATIC setup_secure_permissions_nextcloud +chown -R www-data:www-data "$NCPATH" # Put IP adress in /etc/issue (shown before the login) if [ -f /etc/issue ] then - echo "\4" >> /etc/issue +{ +echo "\4" +echo "DEFAULT USER: ncadmin" +echo "DEFAULT PASS: nextcloud" +} >> /etc/issue fi # Force MOTD to show correct number of updates @@ -821,24 +642,22 @@ then sudo /usr/lib/update-notifier/update-motd-updates-available --force fi + +####### OFFICIAL (custom scripts) ####### + +# shellcheck disable=2034,2059 +true +# shellcheck source=lib.sh +. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/official-basic-vm/lib.sh) + # Get needed scripts for first bootup download_script GITHUB_REPO nextcloud-startup-script download_script STATIC instruction -download_script STATIC history -download_script NETWORK static_ip - -if home_sme_server -then - # Change nextcloud-startup-script.sh - check_command sed -i "s|VM|Home/SME Server|g" $SCRIPTS/nextcloud-startup-script.sh -fi - -# Make $SCRIPTS excutable -chmod +x -R "$SCRIPTS" -chown root:root -R "$SCRIPTS" +download_script STATIC lib # Reboot -msg_box "Installation almost done, system will reboot when you hit OK. +msg_box "Installation almost done, system will reboot when you hit OK. Please log in again once rebooted to run the setup script." reboot + From 045e50f19be0d6771bbada3ead04a3693ff4ef07 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:07:59 +0200 Subject: [PATCH 02/51] more changes (#1465) --- lib.sh | 6 ++--- nextcloud_install_production.sh | 41 --------------------------------- 2 files changed, 2 insertions(+), 45 deletions(-) diff --git a/lib.sh b/lib.sh index 4366cb46d8..9d43c595cd 100644 --- a/lib.sh +++ b/lib.sh @@ -82,7 +82,7 @@ TITLE="Nextcloud VM - $(date +%Y)" CHECKLIST_GUIDE="Navigate with the [ARROW] keys and (de)select with the [SPACE] key. Confirm by pressing [ENTER]" MENU_GUIDE="You can view this menu later by running 'sudo bash $SCRIPTS/menu.sh'" # Repo -GITHUB_REPO="https://raw.githubusercontent.com/nextcloud/vm/master" +GITHUB_REPO="https://raw.githubusercontent.com/nextcloud/vm/official-basic-vm" STATIC="$GITHUB_REPO/static" LETS_ENC="$GITHUB_REPO/lets-encrypt" APP="$GITHUB_REPO/apps" @@ -1146,9 +1146,7 @@ or experience other issues then please report this to $ISSUES" # Do the upgrade chown -R www-data:www-data "$NCPATH" rm -rf "$NCPATH"/assets - yes | sudo -u www-data php /var/www/nextcloud/updater/updater.phar - download_script STATIC setup_secure_permissions_nextcloud -P $SCRIPTS - bash $SECURE + yes no | sudo -u www-data php /var/www/nextcloud/updater/updater.phar occ_command maintenance:mode --off fi diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index 98daa256a5..d9df49ebc1 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -75,7 +75,6 @@ cpu_check 1 Nextcloud # Download needed libraries before execution of the first script mkdir -p "$SCRIPTS" download_script GITHUB_REPO lib -download_script STATIC fetch_lib # Set locales run_script ADDONS locales @@ -202,46 +201,6 @@ case "$choice" in ;; esac -# Set DNS resolver -# https://unix.stackexchange.com/questions/442598/how-to-configure-systemd-resolved-and-systemd-networkd-to-use-local-dns-server-f -while : -do - choice=$(whiptail --title "$TITLE - Set DNS Resolver" --menu "Which DNS provider should this Nextcloud box use?" "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Quad9" "(https://www.quad9.net/)" \ - "Cloudflare" "(https://www.cloudflare.com/dns/)" \ - "Local" "($GATEWAY) - DNS on gateway" 3>&1 1>&2 2>&3) - - case "$choice" in - "Quad9") - sed -i "s|^#\?DNS=.*$|DNS=9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9|g" /etc/systemd/resolved.conf - ;; - "Cloudflare") - sed -i "s|^#\?DNS=.*$|DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001|g" /etc/systemd/resolved.conf - ;; - "Local") - sed -i "s|^#\?DNS=.*$|DNS=$GATEWAY|g" /etc/systemd/resolved.conf - if network_ok - then - break - else - msg_box "Could not validate the local DNS server. Pick an Internet DNS server and try again." - continue - fi - ;; - *) - ;; - esac - if test_connection - then - break - else - msg_box "Could not validate the DNS server. Please try again." - fi -done - -# Check current repo -run_script ADDONS locate_mirror - # Install PostgreSQL # sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main" # curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - From 8b957cc77885606ff5e9cdff6bcad82f9543a8ae Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:11:12 +0200 Subject: [PATCH 03/51] change folder --- nextcloud_install_production.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index d9df49ebc1..ab50bae1dd 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -611,8 +611,8 @@ true # Get needed scripts for first bootup download_script GITHUB_REPO nextcloud-startup-script +download_script GITHUB_REPO lib download_script STATIC instruction -download_script STATIC lib # Reboot msg_box "Installation almost done, system will reboot when you hit OK. From 1ffc07b89e93cf656649e46071d84e90b5a30934 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:11:59 +0200 Subject: [PATCH 04/51] change branch --- nextcloud_install_production.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index ab50bae1dd..3659fcabdb 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -18,7 +18,7 @@ fi true SCRIPT_NAME="Nextcloud Install Script" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/official-basic-vm/lib.sh) # Check if dpkg or apt is running is_process_running apt @@ -54,7 +54,7 @@ fi # shellcheck disable=2034,2059 true # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/official-basic-vm/lib.sh) # Get all needed variables from the library first_iface From 292e76df1e8d6940bea35c289948822ce2dab3c4 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:16:36 +0200 Subject: [PATCH 05/51] remove locales --- nextcloud_install_production.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index 3659fcabdb..31397387e2 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -76,9 +76,6 @@ cpu_check 1 Nextcloud mkdir -p "$SCRIPTS" download_script GITHUB_REPO lib -# Set locales -run_script ADDONS locales - # Create new current user download_script STATIC adduser bash $SCRIPTS/adduser.sh "nextcloud_install_production.sh" From e67b72154bc518010b5297fb208015a26301d18c Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:50:08 +0200 Subject: [PATCH 06/51] fix startup script --- nextcloud-startup-script.sh | 326 +++++------------------------------- 1 file changed, 45 insertions(+), 281 deletions(-) diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index a5b8cbc51e..58a51fcf73 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -40,7 +40,7 @@ is_process_running dpkg true SCRIPT_NAME="Nextcloud Startup Script" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh +source /var/scripts/lib.sh # Get all needed variables from the library first_iface @@ -70,71 +70,26 @@ SETDHCP print_text_in_color "$ICyan" "Checking connection..." sleep 1 set_systemd_resolved_dns "$IFACE" - if ! nslookup github.com - then -msg_box "The script failed to get an address from DHCP. -You must have a working network connection to run this script. - -You will now be provided with the option to set a static IP manually instead." - - # Run static_ip script - bash /var/scripts/static_ip.sh - fi fi # Check network again if network_ok then print_text_in_color "$IGreen" "Online!" -elif home_sme_server -then -msg_box "It seems like the last try failed as well using LAN ethernet. - -Since the Home/SME server is equipped with a WIFI module, you will now be asked to enable it to get connectivity. - -Please note: It's not recomended to run a server on WIFI. Using an ethernet cable is always the best." - if yesno_box_yes "Do you want to enable WIFI on this server?" - then - nmtui - fi - if network_ok - then - print_text_in_color "$IGreen" "Online!" - else -msg_box "Network NOT OK. You must have a working network connection to run this script. - -Please contact us for support: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/ - -Please also post this issue on: https://github.com/nextcloud/vm/issues" - exit 1 - fi else -msg_box "Network NOT OK. You must have a working network connection to run this script. - -Please contact us for support: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/ - -Please also post this issue on: https://github.com/nextcloud/vm/issues" - exit 1 + print_text_in_color "$IGreen" "Still offline, but no worries we can continue anyway!!" fi # shellcheck disable=2034,2059,1091 true SCRIPT_NAME="Nextcloud Startup Script" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh +source /var/scripts/lib.sh # Get all needed variables from the library ncdb nc_update -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - # Check that this run on the PostgreSQL VM if ! is_this_installed postgresql-common then @@ -150,85 +105,7 @@ lowest_compatible_nc 18 zpool_import_if_missing # Run the startup menu -run_script MENU startup_configuration - -# Is this run as a pure root user? -if is_root -then - if [[ "$UNIXUSER" == "ncadmin" ]] - then - sleep 1 - else - if [ -z "$UNIXUSER" ] - then -msg_box "You seem to be running this as the pure root user. -You must run this as a regular user with sudo permissions. - -Please create a user with sudo permissions and the run this command: -sudo -u [user-with-sudo-permissions] sudo bash /var/scripts/nextcloud-startup-script.sh - -We will do this for you when you hit OK." - download_script STATIC adduser - bash $SCRIPTS/adduser.sh "$SCRIPTS/nextcloud-startup-script.sh" - rm $SCRIPTS/adduser.sh - else -msg_box "You probably see this message if the user 'ncadmin' does not exist on the system, -which could be the case if you are running directly from the scripts on Gihub and not the VM. - -As long as the user you created have sudo permissions it's safe to continue. -This would be the case if you created a new user with the script in the previous step. - -If the user you are running this script with is a user that doesn't have sudo permissions, -please abort this script (CTRL+C) and report this issue to $ISSUES." - fi - fi -fi - -######## The first setup is OK to run to this point several times, but not any further ######## -if [ -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times" ] -then -msg_box "The Nextcloud startup script that handles the first setup (this one) is desinged to be run once, not several times in a row. - -If you feel uncertain about adding some extra features during this setup, then it's best to wait until after the first setup is done. You can always add all the extra features later. - -[For the Nextcloud VM:] -Please delete this VM from your host and reimport it once again, then run this setup like you did the first time. - -[For the Nextcloud Home/SME Server:] -It's a bit more tricky since you can't revert in the same way as with a VM. The best thing you can do now is to save all the output from the session you ran before this one + write down all the steps you took and send and email to: -github@hanssonit.se with the subject 'Issues with first setup', and we'll take it from there. - -Full documentation can be found here: https://docs.hanssonit.se -Please report any bugs you find here: $ISSUES" - exit 1 -fi - -touch "$SCRIPTS/you-can-not-run-the-startup-script-several-times" - -echo -print_text_in_color "$ICyan" "Getting scripts from GitHub to be able to run the first setup..." -# Scripts in static (.sh, .php, .py) -download_script LETS_ENC activate-tls -download_script STATIC temporary-fix -download_script STATIC update -download_script STATIC setup_secure_permissions_nextcloud -download_script STATIC change_db_pass -download_script STATIC nextcloud -download_script MENU menu -download_script MENU server_configuration -download_script MENU nextcloud_configuration -download_script MENU additional_apps - -if home_sme_server -then - download_script STATIC nhss_index - mv $SCRIPTS/nhss_index.php $HTML/index.php && rm -f $HTML/html/index.html - chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php -else - download_script STATIC index - mv $SCRIPTS/index.php $HTML/index.php && rm -f $HTML/html/index.html - chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php -fi +bash $SCRIPTS/startup_configuration.sh # Change 000-default to $WEB_ROOT sed -i "s|DocumentRoot /var/www/html|DocumentRoot $HTML|g" /etc/apache2/sites-available/000-default.conf @@ -246,68 +123,11 @@ sed -i "s|DocumentRoot /var/www/html|DocumentRoot $HTML|g" /etc/apache2/sites-av chmod +x -R $SCRIPTS chown root:root -R $SCRIPTS -# Allow $UNIXUSER to run figlet script -chown "$UNIXUSER":"$UNIXUSER" "$SCRIPTS/nextcloud.sh" - -msg_box "This script will configure your Nextcloud and activate TLS. -It will also do the following: - -- Generate new SSH keys for the server -- Generate new PostgreSQL password -- Install selected apps and automatically configure them -- Detect and set hostname -- Detect and set trusted domains -- Detect the best Ubuntu mirrors depending on your location -- Upgrade your system and Nextcloud to latest version -- Set secure permissions to Nextcloud -- Set new passwords to Linux and Nextcloud -- Change timezone -- Set correct Rewriterules for Nextcloud -- Copy content from .htaccess to .user.ini (because we use php-fpm) -- Add additional options if you choose them -- And more..." - -msg_box "PLEASE NOTE: -[#] Please finish the whole setup. The server will reboot once done. - -[#] Please read the on-screen instructions carefully, they will guide you through the setup. - -[#] When complete it will delete all the *.sh, *.html, *.tar, *.zip inside: - /root - /home/$UNIXUSER - -[#] Please consider donating if you like the product: - https://shop.hanssonit.se/product-category/donate/ - -[#] You can also ask for help here: - https://help.nextcloud.com/c/support/appliances-docker-snappy-vm - https://shop.hanssonit.se/product/premium-support-per-30-minutes/" -clear - -msg_box "PLEASE NOTE: - -The first setup is meant to be run once, and not aborted. -If you feel uncertain about the options during the setup, just choose the defaults by hitting [ENTER] at each question. - -When the setup is done, the server will automatically reboot. - -Please report any issues to: $ISSUES" -clear - # Change timezone in PHP sed -i "s|;date.timezone.*|date.timezone = $(cat /etc/timezone)|g" "$PHP_INI" # Change timezone for logging occ_command config:system:set logtimezone --value="$(cat /etc/timezone)" -clear - -# Pretty URLs -print_text_in_color "$ICyan" "Setting RewriteBase to \"/\" in config.php..." -chown -R www-data:www-data $NCPATH -occ_command config:system:set overwrite.cli.url --value="http://localhost/" -occ_command config:system:set htaccess.RewriteBase --value="/" -occ_command maintenance:update:htaccess -bash $SECURE & spinner_loading # Generate new SSH Keys printf "\nGenerating new SSH keys for the server...\n" @@ -320,38 +140,52 @@ check_command bash "$SCRIPTS/change_db_pass.sh" sleep 3 clear -# Server configurations -bash $SCRIPTS/server_configuration.sh - -# Nextcloud configuration -bash $SCRIPTS/nextcloud_configuration.sh - -# Install apps -bash $SCRIPTS/additional_apps.sh - -clear # Change passwords # CLI USER -print_text_in_color "$ICyan" "For better security, change the system user password for [$(getent group sudo | cut -d: -f4 | cut -d, -f1)]" -any_key "Press any key to change password for system user..." +msg_box "For better security, we will now change the password for the unix-user" while : do - sudo passwd "$(getent group sudo | cut -d: -f4 | cut -d, -f1)" && break + UNIX_PASSWORD=$(input_box_flow "Please type in the new password for the unix-user [$(getent group sudo | cut -d: -f4 | cut -d, -f1)]") + if [[ "$UNIX_PASSWORD" == *" "* ]] + then + msg_box "Please don't use spaces" + else + break + fi done -echo +check_command echo -e "$UNIX_PASSWORD\n$UNIX_PASSWORD" | (passwd --stdin "$(getent group sudo | cut -d: -f4 | cut -d, -f1)") +unset UNIX_PASSWORD clear # NEXTCLOUD USER NCADMIN=$(occ_command user:list | awk '{print $3}') -print_text_in_color "$ICyan" "The current admin user in Nextcloud GUI is [$NCADMIN]" -print_text_in_color "$ICyan" "We will now replace this user with your own." -any_key "Press any key to replace the current (local) admin user for Nextcloud..." -# Create new user +msg_box "We will now change the username and password for the nextcloud-admin user" while : do - print_text_in_color "$ICyan" "Please enter the username for your new user:" - read -r NEWUSER - sudo -u www-data $NCPATH/occ user:add "$NEWUSER" -g admin && break + NEWUSER=$(input_box_flow "Please type in the name of the nextcloud-admin user. It must differ from [$NCADMIN].\nThe only allowed character are: 'a-z', 'A-Z', '0-9', and '_.@-'") + if [[ "$NEWUSER" == *" "* ]] + then + msg_box "Please don't use spaces." + elif [ "$NEWUSER" = "$NCADMIN" ] + then + msg_box "This username is already in use. Please choose a different one." + else + break + fi done +while : +do + OC_PASS=$(input_box_flow "Please type in the new password for the new nextcloud-admin user $NEWUSER") + if [[ "$OC_PASS" == *" "* ]] + then + msg_box "Please don't use spaces." + else + break + fi +done +# Create new user +export OC_PASS +occ_command user:add "$NEWUSER" --password-from-env -g admin +unset OC_PASS # Delete old user if [[ "$NCADMIN" ]] then @@ -360,67 +194,6 @@ then sleep 2 fi clear - -msg_box "Well done, you have now finished most of the setup. - -There are still some stuff left to do, but they are automated so sit back and relax! :)" - -# Add default notifications -notify_admin_gui \ -"Please setup SMTP" \ -"Please remember to setup SMTP to be able to send shared links, user notifications and more via email. Please go here and start setting it up: https://your-nextcloud/settings/admin." - -notify_admin_gui \ -"Do you need support?" \ -"If you need support, please visit the shop: https://shop.hanssonit.se, or the forum: https://help.nextcloud.com." - -if ! is_this_installed php"$PHPVER"-imagick -then - notify_admin_gui \ - "Regarding Imagick not being installed" \ - "As you may have noticed, Imagick is not installed. We care about your security, and here's the reason: https://github.com/nextcloud/server/issues/13099." -fi - -# Fixes https://github.com/nextcloud/vm/issues/58 -a2dismod status -restart_webserver - -if home_sme_server -then - install_if_not bc - mem_available="$(awk '/MemTotal/{print $2}' /proc/meminfo)" - mem_available_gb="$(echo "scale=0; $mem_available/(1024*1024)" | bc)" - # 32 GB RAM - if [[ 30 -lt "${mem_available_gb}" ]] - then - # Add specific values to PHP-FPM based on 32 GB RAM - check_command sed -i "s|pm.max_children.*|pm.max_children = 600|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.start_servers.*|pm.start_servers = 100|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 100|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 400|g" "$PHP_POOL_DIR"/nextcloud.conf - restart_webserver - # 16 GB RAM - elif [[ 14 -lt "${mem_available_gb}" ]] - then - # Add specific values to PHP-FPM based on 16 GB RAM - check_command sed -i "s|pm.max_children.*|pm.max_children = 300|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.start_servers.*|pm.start_servers = 50|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 50|g" "$PHP_POOL_DIR"/nextcloud.conf - check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 200|g" "$PHP_POOL_DIR"/nextcloud.conf - restart_webserver - fi -else - # Calculate the values of PHP-FPM based on the amount of RAM available (minimum 2 GB or 8 children) - calculate_php_fpm - - # Run again if values are reset on last run - calculate_php_fpm -fi - -# Add temporary fix if needed -bash "$SCRIPTS"/temporary-fix.sh -rm "$SCRIPTS"/temporary-fix.sh - # Cleanup 1 occ_command maintenance:repair rm -f "$SCRIPTS/ip.sh" @@ -428,7 +201,6 @@ rm -f "$SCRIPTS/change_db_pass.sh" rm -f "$SCRIPTS/instruction.sh" rm -f "$NCDATA/nextcloud.log" rm -f "$SCRIPTS/static_ip.sh" -rm -f "$SCRIPTS/lib.sh" rm -f "$SCRIPTS/server_configuration.sh" rm -f "$SCRIPTS/nextcloud_configuration.sh" rm -f "$SCRIPTS/additional_apps.sh" @@ -461,30 +233,23 @@ then fi fi -if [ -x /var/scripts/nextcloud-startup-script.sh ] -then - /var/scripts/nextcloud-startup-script.sh -fi - -if [ -x /var/scripts/history.sh ] -then - /var/scripts/history.sh -fi - mesg n ROOTNEWPROFILE # Upgrade system -print_text_in_color "$ICyan" "System will now upgrade..." -bash $SCRIPTS/update.sh +if test_connection +then + print_text_in_color "$ICyan" "System will now upgrade..." + bash $SCRIPTS/update.sh +fi # Cleanup 2 apt autoremove -y apt autoclean # Set trusted domain in config.php -run_script NETWORK trusted +bash $SCRIPTS/trusted.sh # Success! msg_box "The installation process is *almost* done. @@ -521,6 +286,5 @@ sed -i "s|precedence ::ffff:0:0/96 100|#precedence ::ffff:0:0/96 100|g" /etc/g # Reboot print_text_in_color "$IGreen" "Installation done, system will now reboot..." -check_command rm -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times" check_command rm -f "$SCRIPTS/nextcloud-startup-script.sh" reboot From 7cdaf1d930bfe21dbf578d4cd0592abf7e5728aa Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 11:51:56 +0200 Subject: [PATCH 07/51] pre download more scripts --- nextcloud_install_production.sh => nextcloud_install_basic.sh | 4 ++++ 1 file changed, 4 insertions(+) rename nextcloud_install_production.sh => nextcloud_install_basic.sh (99%) diff --git a/nextcloud_install_production.sh b/nextcloud_install_basic.sh similarity index 99% rename from nextcloud_install_production.sh rename to nextcloud_install_basic.sh index 31397387e2..1c4b5335a9 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_basic.sh @@ -610,6 +610,10 @@ true download_script GITHUB_REPO nextcloud-startup-script download_script GITHUB_REPO lib download_script STATIC instruction +download_script STATIC change-db_pass +download_script NETWORK trusted +download_script menu startup_configuration + # Reboot msg_box "Installation almost done, system will reboot when you hit OK. From cf105c469033b128c2432b53a7e79388e3c344ef Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 11:57:03 +0200 Subject: [PATCH 08/51] change lib Signed-off-by: enoch85 --- addons/automatic_updates.sh | 2 +- addons/locales.sh | 2 +- addons/locate_mirror.sh | 2 +- addons/redis-server-ubuntu.sh | 2 +- addons/security.sh | 2 +- apps/additional_apps.sh | 2 +- apps/adminer.sh | 2 +- apps/bitwarden-rs.sh | 4 ++-- apps/bitwarden-rs_admin-panel.sh | 2 +- apps/bitwarden_mailconfig.sh | 2 +- apps/bitwarden_registration.sh | 2 +- apps/collabora_docker.sh | 4 ++-- apps/collabora_integrated.sh | 2 +- apps/fail2ban.sh | 2 +- apps/fulltextsearch.sh | 2 +- apps/netdata.sh | 2 +- apps/onlyoffice_docker.sh | 4 ++-- apps/onlyoffice_integrated.sh | 2 +- apps/previewgenerator.sh | 2 +- apps/smbmount.sh | 2 +- apps/talk.sh | 2 +- apps/talk_signaling.sh | 4 ++-- apps/tmbitwarden.sh | 4 ++-- apps/webmin.sh | 2 +- disk/change-to-zfs-mount-generator.sh | 2 +- disk/format-chosen.sh | 2 +- disk/format-sdb.sh | 2 +- disk/prune_zfs_snaphots.sh | 2 +- disk/smartctl.sh | 2 +- lets-encrypt/activate-ssl.sh | 2 +- lets-encrypt/activate-tls.sh | 4 ++-- lets-encrypt/test-new-config.sh | 2 +- menu/additional_apps.sh | 2 +- menu/bitwarden_menu.sh | 2 +- menu/configuration.sh | 2 +- menu/documentserver.sh | 2 +- menu/fail2ban_menu.sh | 2 +- menu/main_menu.sh | 2 +- menu/menu.sh | 2 +- menu/nextcloud_configuration.sh | 2 +- menu/server_configuration.sh | 2 +- menu/startup_configuration.sh | 2 +- menu/talk_menu.sh | 2 +- network/ddclient-configuration.sh | 2 +- network/static_ip.sh | 2 +- network/trusted.sh | 2 +- nextcloud_update.sh | 2 +- old/format-sda-nuc-server.sh | 2 +- old/modsecurity.sh | 2 +- old/ntpdate.sh | 2 +- old/spreedme.sh | 2 +- old/test_connection.sh | 2 +- static/adduser.sh | 2 +- static/change-ncadmin-profile.sh | 2 +- static/change-root-profile.sh | 2 +- static/change-to-zfs-mount-generator.sh | 2 +- static/change_db_pass.sh | 2 +- static/configuration.sh | 2 +- static/cookielifetime.sh | 2 +- static/docker_overlay2.sh | 2 +- static/locales.sh | 2 +- static/locate_mirror.sh | 2 +- static/main_menu.sh | 2 +- static/menu.sh | 2 +- static/nextcloud_configuration.sh | 2 +- static/server_configuration.sh | 2 +- static/setup_secure_permissions_nextcloud.sh | 2 +- static/static_ip.sh | 2 +- static/temporary-fix.sh | 2 +- static/test_connection.sh | 2 +- static/trusted.sh | 2 +- static/update.sh | 2 +- static/updatenotification.sh | 2 +- vagrant/install.sh | 2 +- 74 files changed, 80 insertions(+), 80 deletions(-) diff --git a/addons/automatic_updates.sh b/addons/automatic_updates.sh index 17e364f0ef..1caaf42fc2 100644 --- a/addons/automatic_updates.sh +++ b/addons/automatic_updates.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Automatic Updates" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh print_text_in_color "$ICyan" "Configuring automatic updates..." diff --git a/addons/locales.sh b/addons/locales.sh index 93c8056f7c..918a17e701 100644 --- a/addons/locales.sh +++ b/addons/locales.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Locales" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh ### TODO Remove this after some releases # Download fetch_lib.sh to be able to use it diff --git a/addons/locate_mirror.sh b/addons/locate_mirror.sh index aea8bdf2f0..738185aabb 100644 --- a/addons/locate_mirror.sh +++ b/addons/locate_mirror.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Locate Mirror" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Must be root root_check diff --git a/addons/redis-server-ubuntu.sh b/addons/redis-server-ubuntu.sh index 1ca36fbf34..02f3a558e7 100644 --- a/addons/redis-server-ubuntu.sh +++ b/addons/redis-server-ubuntu.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Redis Server Ubuntu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ diff --git a/addons/security.sh b/addons/security.sh index 584a6eb4ff..6db9bb5c80 100644 --- a/addons/security.sh +++ b/addons/security.sh @@ -7,7 +7,7 @@ true SCRIPT_NAME="Setup Extra Security" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/additional_apps.sh b/apps/additional_apps.sh index 78a8968619..685b483352 100644 --- a/apps/additional_apps.sh +++ b/apps/additional_apps.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Additional Apps" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/adminer.sh b/apps/adminer.sh index cbd7b6fc52..5554c380a7 100644 --- a/apps/adminer.sh +++ b/apps/adminer.sh @@ -7,7 +7,7 @@ true SCRIPT_NAME="Adminer" SCRIPT_EXPLAINER="Adminer is a full-featured database management tool written in PHP." # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/bitwarden-rs.sh b/apps/bitwarden-rs.sh index 7bc1c2e323..3677539fb4 100644 --- a/apps/bitwarden-rs.sh +++ b/apps/bitwarden-rs.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden RS" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON @@ -62,7 +62,7 @@ SUBDOMAIN=$(input_box_flow "Please enter the Domain that you want to use for Bit # curl the lib another time to get the correct https_conf # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh msg_box "Please make sure that you have you have edited the dns-settings of your domain and open ports 80 and 443." diff --git a/apps/bitwarden-rs_admin-panel.sh b/apps/bitwarden-rs_admin-panel.sh index b85eca6720..b42eed9b54 100644 --- a/apps/bitwarden-rs_admin-panel.sh +++ b/apps/bitwarden-rs_admin-panel.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden RS Admin" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/bitwarden_mailconfig.sh b/apps/bitwarden_mailconfig.sh index 6a25de869c..0cca4c2121 100644 --- a/apps/bitwarden_mailconfig.sh +++ b/apps/bitwarden_mailconfig.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden Mail Configuration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/bitwarden_registration.sh b/apps/bitwarden_registration.sh index 88363efc2a..b05ed89ae6 100644 --- a/apps/bitwarden_registration.sh +++ b/apps/bitwarden_registration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden Registration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/collabora_docker.sh b/apps/collabora_docker.sh index 7142753e66..940dcfca02 100644 --- a/apps/collabora_docker.sh +++ b/apps/collabora_docker.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Collabora (Docker)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON @@ -156,7 +156,7 @@ NCDOMAIN_ESCAPED=${NCDOMAIN//[.]/\\\\.} # Curl the library another time to get the correct https_conf # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/collabora_integrated.sh b/apps/collabora_integrated.sh index dc819a6445..600890b64a 100644 --- a/apps/collabora_integrated.sh +++ b/apps/collabora_integrated.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Collabora (Integrated)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/fail2ban.sh b/apps/fail2ban.sh index a7dcbd1800..aa1021656b 100644 --- a/apps/fail2ban.sh +++ b/apps/fail2ban.sh @@ -7,7 +7,7 @@ true SCRIPT_NAME="Fail2ban" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/fulltextsearch.sh b/apps/fulltextsearch.sh index bf18f4cf00..4ed0a18fd2 100644 --- a/apps/fulltextsearch.sh +++ b/apps/fulltextsearch.sh @@ -7,7 +7,7 @@ true SCRIPT_NAME="Full Text Search" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library ncdb diff --git a/apps/netdata.sh b/apps/netdata.sh index 95e8ba2642..97c52aa874 100644 --- a/apps/netdata.sh +++ b/apps/netdata.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Netdata" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/onlyoffice_docker.sh b/apps/onlyoffice_docker.sh index 5f8ec87a6d..a8362d2ec0 100644 --- a/apps/onlyoffice_docker.sh +++ b/apps/onlyoffice_docker.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="OnlyOffice (Docker)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON @@ -169,7 +169,7 @@ NCDOMAIN=$(occ_command_no_check config:system:get overwrite.cli.url | sed 's|htt # shellcheck disable=2034,2059 true # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/onlyoffice_integrated.sh b/apps/onlyoffice_integrated.sh index f8d286ffcf..14a0c99f40 100644 --- a/apps/onlyoffice_integrated.sh +++ b/apps/onlyoffice_integrated.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="OnlyOffice (Integrated)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/previewgenerator.sh b/apps/previewgenerator.sh index b161550820..ca2621a121 100644 --- a/apps/previewgenerator.sh +++ b/apps/previewgenerator.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Preview Generator" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/smbmount.sh b/apps/smbmount.sh index 6d849eee69..79c88fa309 100644 --- a/apps/smbmount.sh +++ b/apps/smbmount.sh @@ -7,7 +7,7 @@ true SCRIPT_NAME="SMB Mount" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/apps/talk.sh b/apps/talk.sh index 0978184e25..646839df18 100644 --- a/apps/talk.sh +++ b/apps/talk.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Talk" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/apps/talk_signaling.sh b/apps/talk_signaling.sh index a68ead3b33..09796829ea 100644 --- a/apps/talk_signaling.sh +++ b/apps/talk_signaling.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Talk with Signaling Server" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update @@ -223,7 +223,7 @@ SUBDOMAIN=$(input_box_flow "Talk Signaling Server subdomain e.g: talk.yourdomain # curl the lib another time to get the correct https_conf # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if $SUBDOMAIN exists and is reachable print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." diff --git a/apps/tmbitwarden.sh b/apps/tmbitwarden.sh index 7e725889c2..20c2b78324 100644 --- a/apps/tmbitwarden.sh +++ b/apps/tmbitwarden.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON @@ -187,7 +187,7 @@ msg_box "We'll now setup the Apache Proxy that will act as TLS front for your Bi # Curl the lib another time to get the correct HTTPS_CONF # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if $SUBDOMAIN exists and is reachable print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." diff --git a/apps/webmin.sh b/apps/webmin.sh index 6f2268e467..524a42137e 100644 --- a/apps/webmin.sh +++ b/apps/webmin.sh @@ -10,7 +10,7 @@ Using any modern web browser, you can setup user accounts, Apache, DNS, file sha Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. See the following page with standard modules for a list of all the functions built into Webmin: https://webmin.com/standard.html" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/disk/change-to-zfs-mount-generator.sh b/disk/change-to-zfs-mount-generator.sh index e4364c5812..f7fe054a47 100644 --- a/disk/change-to-zfs-mount-generator.sh +++ b/disk/change-to-zfs-mount-generator.sh @@ -14,7 +14,7 @@ true SCRIPT_NAME="Change to ZFS Mount Generator" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if root root_check diff --git a/disk/format-chosen.sh b/disk/format-chosen.sh index e194d797c7..d15b0191dc 100644 --- a/disk/format-chosen.sh +++ b/disk/format-chosen.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Format Chosen Disk" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if root root_check diff --git a/disk/format-sdb.sh b/disk/format-sdb.sh index 4ebf0d7b97..cacee626de 100644 --- a/disk/format-sdb.sh +++ b/disk/format-sdb.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Format sdb" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if root root_check diff --git a/disk/prune_zfs_snaphots.sh b/disk/prune_zfs_snaphots.sh index 53a8c73fbf..32799331f7 100644 --- a/disk/prune_zfs_snaphots.sh +++ b/disk/prune_zfs_snaphots.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Prune ZFS Snapshots" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/disk/smartctl.sh b/disk/smartctl.sh index f8b93c9cf3..48ed67f311 100644 --- a/disk/smartctl.sh +++ b/disk/smartctl.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Setup smartctl" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/lets-encrypt/activate-ssl.sh b/lets-encrypt/activate-ssl.sh index d8bbf01a87..548c6b5c7e 100644 --- a/lets-encrypt/activate-ssl.sh +++ b/lets-encrypt/activate-ssl.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Activate TLS" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # This is needed since we removed this from the startup script, or changed name so it can't be downloaded anymore msg_box "You are running an outdated release. diff --git a/lets-encrypt/activate-tls.sh b/lets-encrypt/activate-tls.sh index 3078869ff9..815ac00618 100644 --- a/lets-encrypt/activate-tls.sh +++ b/lets-encrypt/activate-tls.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Activate TLS" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ @@ -66,7 +66,7 @@ TLSDOMAIN=$(input_box_flow "Please enter the domain name you will use for Nextcl # Curl the lib another time to get the correct https_conf # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if $TLSDOMAIN exists and is reachable echo diff --git a/lets-encrypt/test-new-config.sh b/lets-encrypt/test-new-config.sh index 15cc691c5f..3b5a2b409b 100644 --- a/lets-encrypt/test-new-config.sh +++ b/lets-encrypt/test-new-config.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Test New Configuration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ diff --git a/menu/additional_apps.sh b/menu/additional_apps.sh index 49767e7748..a7c2ff9727 100644 --- a/menu/additional_apps.sh +++ b/menu/additional_apps.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Additional Apps Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/bitwarden_menu.sh b/menu/bitwarden_menu.sh index c971189332..1d4eee8d74 100644 --- a/menu/bitwarden_menu.sh +++ b/menu/bitwarden_menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Bitwarden Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/configuration.sh b/menu/configuration.sh index 9675c6b774..d7d2ba6347 100644 --- a/menu/configuration.sh +++ b/menu/configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Configuration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/documentserver.sh b/menu/documentserver.sh index 9dc097ad88..8768e7fa3c 100644 --- a/menu/documentserver.sh +++ b/menu/documentserver.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Documentserver Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/fail2ban_menu.sh b/menu/fail2ban_menu.sh index 6b8e68372e..0833938e9c 100644 --- a/menu/fail2ban_menu.sh +++ b/menu/fail2ban_menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Fail2ban Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/main_menu.sh b/menu/main_menu.sh index df20f70bca..c73df0b476 100644 --- a/menu/main_menu.sh +++ b/menu/main_menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Main Menu" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh ### TODO Remove this after some releases # Download fetch_lib.sh to be able to use it diff --git a/menu/menu.sh b/menu/menu.sh index 4670cc5f05..de36c09dda 100644 --- a/menu/menu.sh +++ b/menu/menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Main Menu" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/nextcloud_configuration.sh b/menu/nextcloud_configuration.sh index 96cfc431cb..8e6b1db20b 100644 --- a/menu/nextcloud_configuration.sh +++ b/menu/nextcloud_configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Nextcloud Configuration Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/menu/server_configuration.sh b/menu/server_configuration.sh index 81c4856b0b..efd98cc91c 100644 --- a/menu/server_configuration.sh +++ b/menu/server_configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Server Configuration Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/startup_configuration.sh b/menu/startup_configuration.sh index 3c85b73af0..4589416db9 100644 --- a/menu/startup_configuration.sh +++ b/menu/startup_configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Startup Configuration Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/menu/talk_menu.sh b/menu/talk_menu.sh index 6299dcbbf5..ee61b0a97e 100644 --- a/menu/talk_menu.sh +++ b/menu/talk_menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Talk Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/network/ddclient-configuration.sh b/network/ddclient-configuration.sh index f27f882760..8f98651411 100644 --- a/network/ddclient-configuration.sh +++ b/network/ddclient-configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Setup DDclient" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/network/static_ip.sh b/network/static_ip.sh index 6b2e61aa33..b43d7a9974 100644 --- a/network/static_ip.sh +++ b/network/static_ip.sh @@ -9,7 +9,7 @@ then true SCRIPT_NAME="Static IP" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # If we have internet, then use the latest variables from the lib remote file elif [ -f /var/scripts/lib.sh ] then diff --git a/network/trusted.sh b/network/trusted.sh index 9898faf6ea..8332d4f5ef 100644 --- a/network/trusted.sh +++ b/network/trusted.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Trusted" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/nextcloud_update.sh b/nextcloud_update.sh index fab39a5520..ee9eba0e2d 100644 --- a/nextcloud_update.sh +++ b/nextcloud_update.sh @@ -8,7 +8,7 @@ true SCRIPT_NAME="Nextcloud Update Script" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library ncdb diff --git a/old/format-sda-nuc-server.sh b/old/format-sda-nuc-server.sh index 967f94d32f..2dd776ef45 100644 --- a/old/format-sda-nuc-server.sh +++ b/old/format-sda-nuc-server.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Format sda NUC Server" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if root root_check diff --git a/old/modsecurity.sh b/old/modsecurity.sh index 7386f12b79..c7b667caf1 100644 --- a/old/modsecurity.sh +++ b/old/modsecurity.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Modsecurity" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh print_text_in_color "$ICyan" "Installing ModSecurity..." diff --git a/old/ntpdate.sh b/old/ntpdate.sh index a5836b8046..8f392cc57e 100644 --- a/old/ntpdate.sh +++ b/old/ntpdate.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Ntpdate" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/old/spreedme.sh b/old/spreedme.sh index 67cfcb3856..5c1dbc79e4 100644 --- a/old/spreedme.sh +++ b/old/spreedme.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Spreedme" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/old/test_connection.sh b/old/test_connection.sh index 205bfaeac6..48746d2783 100644 --- a/old/test_connection.sh +++ b/old/test_connection.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Test connection" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ diff --git a/static/adduser.sh b/static/adduser.sh index 6e7327abad..56b47b2cd3 100644 --- a/static/adduser.sh +++ b/static/adduser.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Add CLI User" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ diff --git a/static/change-ncadmin-profile.sh b/static/change-ncadmin-profile.sh index 773b91e191..1e6f6654ef 100644 --- a/static/change-ncadmin-profile.sh +++ b/static/change-ncadmin-profile.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Change ncadmin Profile" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/change-root-profile.sh b/static/change-root-profile.sh index 2d97a88c5d..18c490a0fd 100644 --- a/static/change-root-profile.sh +++ b/static/change-root-profile.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Change root Profile" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/change-to-zfs-mount-generator.sh b/static/change-to-zfs-mount-generator.sh index e4364c5812..f7fe054a47 100644 --- a/static/change-to-zfs-mount-generator.sh +++ b/static/change-to-zfs-mount-generator.sh @@ -14,7 +14,7 @@ true SCRIPT_NAME="Change to ZFS Mount Generator" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check if root root_check diff --git a/static/change_db_pass.sh b/static/change_db_pass.sh index 244a482f85..8dedfedcf6 100644 --- a/static/change_db_pass.sh +++ b/static/change_db_pass.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Change Database Password" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library ncdbpass diff --git a/static/configuration.sh b/static/configuration.sh index 9675c6b774..d7d2ba6347 100644 --- a/static/configuration.sh +++ b/static/configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Configuration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/cookielifetime.sh b/static/cookielifetime.sh index d70665c82c..b7cd3888a3 100644 --- a/static/cookielifetime.sh +++ b/static/cookielifetime.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Set Cookie Lifetime" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh print_text_in_color "$ICyan" "Configuring Cookie Lifetime timeout..." diff --git a/static/docker_overlay2.sh b/static/docker_overlay2.sh index 8fc63e659b..74c0bc5bf1 100644 --- a/static/docker_overlay2.sh +++ b/static/docker_overlay2.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Change to Docker overlay2" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ diff --git a/static/locales.sh b/static/locales.sh index de1b22a063..143bf8b7ad 100644 --- a/static/locales.sh +++ b/static/locales.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Locales" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Must be root root_check diff --git a/static/locate_mirror.sh b/static/locate_mirror.sh index be538344c9..0ff9ae1b9a 100644 --- a/static/locate_mirror.sh +++ b/static/locate_mirror.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Locate Mirror" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Must be root root_check diff --git a/static/main_menu.sh b/static/main_menu.sh index ed958dd210..7c0da4a94b 100644 --- a/static/main_menu.sh +++ b/static/main_menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Main Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/menu.sh b/static/menu.sh index 122693f4bc..5843537177 100644 --- a/static/menu.sh +++ b/static/menu.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Menu" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/nextcloud_configuration.sh b/static/nextcloud_configuration.sh index 09e170eed0..4bd7302e74 100644 --- a/static/nextcloud_configuration.sh +++ b/static/nextcloud_configuration.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Nextcloud Configuration (menu)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/static/server_configuration.sh b/static/server_configuration.sh index e564484e1d..c6d737bbb3 100644 --- a/static/server_configuration.sh +++ b/static/server_configuration.sh @@ -9,7 +9,7 @@ then true SCRIPT_NAME="Server configuration" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Use local lib file in case there is no internet connection elif [ -f /var/scripts/lib.sh ] then diff --git a/static/setup_secure_permissions_nextcloud.sh b/static/setup_secure_permissions_nextcloud.sh index 0db38fbd0c..18e900bcee 100644 --- a/static/setup_secure_permissions_nextcloud.sh +++ b/static/setup_secure_permissions_nextcloud.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Setup Secure Permissions for Nextcloud" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/static_ip.sh b/static/static_ip.sh index cfbbafd943..4150ec02ee 100644 --- a/static/static_ip.sh +++ b/static/static_ip.sh @@ -23,7 +23,7 @@ then # shellcheck disable=2034,2059 true # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh else printf "You don't seem to have a working internet connection, and /var/scripts/lib.sh is missing so you can't run this script." printf "Please report this to https://github.com/nextcloud/vm/issues/" diff --git a/static/temporary-fix.sh b/static/temporary-fix.sh index 10c450235b..d1eaefb3d3 100644 --- a/static/temporary-fix.sh +++ b/static/temporary-fix.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Temporary Fix" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/test_connection.sh b/static/test_connection.sh index 34ae9ed5b7..e369ee8357 100644 --- a/static/test_connection.sh +++ b/static/test_connection.sh @@ -3,7 +3,7 @@ true SCRIPT_NAME="Test Connection (old)" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # This is needed since we removed this from the startup script, or changed name so it can't be downloaded anymore msg_box "You are running an outdated release. diff --git a/static/trusted.sh b/static/trusted.sh index 3e36cb1d01..358ff61f08 100644 --- a/static/trusted.sh +++ b/static/trusted.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Trusted Nextcloud Domains" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/update.sh b/static/update.sh index cfa3dc490b..c9f4db81ce 100644 --- a/static/update.sh +++ b/static/update.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Update Server + Nextcloud" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Check for errors + debug code and abort if something isn't right # 1 = ON diff --git a/static/updatenotification.sh b/static/updatenotification.sh index 5974e9d7dd..fe7b88006c 100644 --- a/static/updatenotification.sh +++ b/static/updatenotification.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Update Notification" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh # Get all needed variables from the library nc_update diff --git a/vagrant/install.sh b/vagrant/install.sh index 84651f4ea0..ed9316c24b 100644 --- a/vagrant/install.sh +++ b/vagrant/install.sh @@ -4,7 +4,7 @@ true SCRIPT_NAME="Install NcVM with Vagrant" # shellcheck source=lib.sh -. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) +source /var/scripts/lib.sh check_command git clone https://github.com/nextcloud/vm.git From f8ac7f3a93237beb65566f6d5ab60d4443d2a3f6 Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 12:00:42 +0200 Subject: [PATCH 09/51] remove menu scripts and fix locales Signed-off-by: enoch85 --- addons/locales.sh | 2 +- menu/additional_apps.sh | 131 -------------------------------- menu/bitwarden_menu.sh | 64 ---------------- menu/configuration.sh | 29 ------- menu/documentserver.sh | 50 ------------ menu/fail2ban_menu.sh | 52 ------------- menu/main_menu.sh | 64 ---------------- menu/menu.sh | 31 -------- menu/nextcloud_configuration.sh | 115 ---------------------------- menu/server_configuration.sh | 102 ------------------------- menu/talk_menu.sh | 47 ------------ 11 files changed, 1 insertion(+), 686 deletions(-) delete mode 100644 menu/additional_apps.sh delete mode 100644 menu/bitwarden_menu.sh delete mode 100644 menu/configuration.sh delete mode 100644 menu/documentserver.sh delete mode 100644 menu/fail2ban_menu.sh delete mode 100644 menu/main_menu.sh delete mode 100644 menu/menu.sh delete mode 100644 menu/nextcloud_configuration.sh delete mode 100644 menu/server_configuration.sh delete mode 100644 menu/talk_menu.sh diff --git a/addons/locales.sh b/addons/locales.sh index 918a17e701..0df5bbe8b7 100644 --- a/addons/locales.sh +++ b/addons/locales.sh @@ -6,7 +6,7 @@ true SCRIPT_NAME="Locales" # shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh +source /var/scripts/lib.sh ### TODO Remove this after some releases # Download fetch_lib.sh to be able to use it diff --git a/menu/additional_apps.sh b/menu/additional_apps.sh deleted file mode 100644 index a7c2ff9727..0000000000 --- a/menu/additional_apps.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Additional Apps Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -# Install Apps -choice=$(whiptail --title "$TITLE" --checklist "Which apps do you want to install?\n\nAutomatically configure and install selected apps\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Documentserver" "(OnlyOffice or Collabora - Docker or Integrated)" OFF \ -"Bitwarden" "(External password manager)" OFF \ -"Fail2ban " "(Extra Bruteforce protection)" "$STARTUP_SWITCH" \ -"Adminer" "(PostgreSQL GUI)" OFF \ -"Netdata" "(Real-time server monitoring in Web GUI)" OFF \ -"BPYTOP" "(Real-time server monitoring in CLI)" OFF \ -"FullTextSearch" "(Elasticsearch for Nextcloud [2GB RAM])" OFF \ -"PreviewGenerator" "(Pre-generate previews)" "$STARTUP_SWITCH" \ -"LDAP" "(Windows Active directory)" OFF \ -"Talk" "(Nextcloud Video calls and chat)" OFF \ -"Webmin" "(Server GUI)" "$STARTUP_SWITCH" \ -"SMB-mount" "(Connect to SMB-shares from your local network)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Documentserver"*) - clear - print_text_in_color "$ICyan" "Downloading the Documentserver script..." - run_script MENU documentserver - ;;& - *"Bitwarden"*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden script..." - run_script MENU bitwarden_menu - ;;& - *"Fail2ban "*) - clear - print_text_in_color "$ICyan" "Downloading the Fail2ban script..." - run_script MENU fail2ban_menu - ;;& - *"Adminer"*) - clear - print_text_in_color "$ICyan" "Downloading the Adminer script..." - run_script APP adminer - ;;& - *"Netdata"*) - clear - print_text_in_color "$ICyan" "Downloading the Netdata script..." - run_script APP netdata - ;;& - *"BPYTOP"*) - clear - SUBTITLE="BPYTOP" - msg_box "BPYTOP is an amazing alternative to ressource-monitor software like htop." "$SUBTITLE" - if yesno_box_yes "Do you want to install BPYTOP?" "$SUBTITLE" - then - print_text_in_color "$ICyan" "Installing BPYTOP..." - install_if_not snapd - if snap install bpytop - then - snap connect bpytop:mount-observe - snap connect bpytop:network-control - snap connect bpytop:hardware-observe - snap connect bpytop:system-observe - snap connect bpytop:process-control - snap connect bpytop:physical-memory-observe - hash -r - msg_box "BPYTOP is now installed! Check out the amazing stats by runnning 'bpytop' from your CLI.\n\nYou can check out their Gihub repo here: https://github.com/aristocratos/bpytop/blob/master/README.md" "$SUBTITLE" - else - msg_box "It seems like the installation of BPYTOP failed. Please try again." "$SUBTITLE" - fi - fi - ;;& - *"FullTextSearch"*) - clear - print_text_in_color "$ICyan" "Downloading the FullTextSearch script..." - run_script APP fulltextsearch - ;;& - *"PreviewGenerator"*) - clear - print_text_in_color "$ICyan" "Downloading the PreviewGenerator script..." - run_script APP previewgenerator - ;;& - *"LDAP"*) - clear - SUBTITLE="LDAP" - print_text_in_color "$ICyan" "Installing LDAP..." - if install_and_enable_app user_ldap - then - msg_box "LDAP installed! Please visit https://subdomain.yourdomain.com/settings/admin/ldap to finish the setup once this script is done." "$SUBTITLE" - else - msg_box "LDAP installation failed." "$SUBTITLE" - fi - ;;& - *"Talk"*) - clear - print_text_in_color "$ICyan" "Downloading the Talk script..." - run_script MENU talk_menu - ;;& - *"Webmin"*) - clear - print_text_in_color "$ICyan" "Downloading the Webmin script..." - run_script APP webmin - ;;& - *"SMB-mount"*) - clear - print_text_in_color "$ICyan" "Downloading the SMB-mount script..." - run_script APP smbmount - ;;& - *) - ;; -esac -exit diff --git a/menu/bitwarden_menu.sh b/menu/bitwarden_menu.sh deleted file mode 100644 index 1d4eee8d74..0000000000 --- a/menu/bitwarden_menu.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -choice=$(whiptail --title "$TITLE" --checklist "Automatically configure and install the Bitwarden or configure some aspects of it.\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Bitwarden " "(External password manager [4GB RAM] - subdomain required)" OFF \ -"Bitwarden Registration" "(Enable or disable public user registration for Bitwarden)" OFF \ -"Bitwarden Mail-Configuration" "(Configure the mailserver settings for Bitwarden)" OFF \ -"Bitwarden-RS " "(Unofficial Bitwarden password manager - subdomain required)" OFF \ -"Bitwarden-RS Admin-panel" "(Enable or disable the admin-panel for Bitwarden-RS)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Bitwarden "*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden script..." - run_script APP tmbitwarden - ;;& - *"Bitwarden Registration"*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden Registration script..." - run_script APP bitwarden_registration - ;;& - *"Bitwarden Mail-Configuration"*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden Mailconfig script..." - run_script APP bitwarden_mailconfig - ;;& - *"Bitwarden-RS "*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden-RS script..." - run_script APP bitwarden-rs - ;;& - *"Bitwarden-RS Admin-panel"*) - clear - print_text_in_color "$ICyan" "Downloading the Bitwarden-RS Admin-panel script..." - run_script APP bitwarden-rs_admin-panel - ;;& - *) - ;; -esac -exit diff --git a/menu/configuration.sh b/menu/configuration.sh deleted file mode 100644 index d7d2ba6347..0000000000 --- a/menu/configuration.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Configuration" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -mkdir -p "$SCRIPTS" -print_text_in_color "$ICyan" "Running the nextcloud configuration script..." - -if network_ok -then - # Delete, download, run - run_script MENU nextcloud_configuration -fi - -exit diff --git a/menu/documentserver.sh b/menu/documentserver.sh deleted file mode 100644 index 8768e7fa3c..0000000000 --- a/menu/documentserver.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Documentserver Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -choice=$(whiptail --title "$TITLE" --menu "Which Documentserver do you want to install?\n\nAutomatically configure and install the selected Documentserver.\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Collabora (Docker)" "(Online editing - Extra Subdomain required)" \ -"Collabora (Integrated)" "(Online editing - No Subdomain required)" \ -"OnlyOffice (Docker)" "(Online editing - Extra Subdomain required)" \ -"OnlyOffice (Integrated)" "(Online editing - No Subdomain required)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Collabora (Docker)") - clear - print_text_in_color "$ICyan" "Downloading the Collabora (Docker) script..." - run_script APP collabora_docker - ;; - "Collabora (Integrated)") - clear - print_text_in_color "$ICyan" "Downloading the Collabora (Integrated) script..." - run_script APP collabora_integrated - ;; - "OnlyOffice (Docker)") - clear - print_text_in_color "$ICyan" "Downloading the OnlyOffice (Docker) script..." - run_script APP onlyoffice_docker - ;; - "OnlyOffice (Integrated)") - clear - print_text_in_color "$ICyan" "Downloading the OnlyOffice (Integrated) script..." - run_script APP onlyoffice_integrated - ;; - *) - ;; -esac -exit diff --git a/menu/fail2ban_menu.sh b/menu/fail2ban_menu.sh deleted file mode 100644 index 0833938e9c..0000000000 --- a/menu/fail2ban_menu.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Fail2ban Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -choice=$(whiptail --title "$TITLE" --checklist "Automatically install and configure Fail2ban.\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Install-Fail2ban" "(Install Fail2ban and protect Nextcloud + SSH)" "$STARTUP_SWITCH" \ -"Fail2ban-Statuscheck" "(Check status of currently blocked attacks)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Install-Fail2ban"*) - clear - print_text_in_color "$ICyan" "Downloading the Fail2ban install script..." - run_script APP fail2ban - ;;& - *"Fail2ban-Statuscheck"*) - clear - SUBTITLE="Fail2ban Statuscheck" - if is_this_installed fail2ban && [ -f "/etc/fail2ban/filter.d/nextcloud.conf" ] - then - msg_box "$(fail2ban-client status nextcloud && fail2ban-client status sshd && iptables -L -n)" "$SUBTITLE" - else - msg_box "Fail2ban isn't installed. Please run 'sudo bash /var/scripts/menu.sh' to install it." "$SUBTITLE" - fi - ;;& - *) - ;; -esac -exit - diff --git a/menu/main_menu.sh b/menu/main_menu.sh deleted file mode 100644 index c73df0b476..0000000000 --- a/menu/main_menu.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059,1091 -true -SCRIPT_NAME="Main Menu" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh - -### TODO Remove this after some releases -# Download fetch_lib.sh to be able to use it -download_script STATIC fetch_lib - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -################################################################## - -# Main menu -choice=$(whiptail --title "$TITLE" --menu "Choose what you want to do.\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Additional Apps" "(Choose which apps to install)" \ -"Nextcloud Configuration" "(Choose between available Nextcloud configurations)" \ -"Startup Configuration" "(Choose between available startup configurations)" \ -"Server Configuration" "(Choose between available server configurations)" \ -"Update Nextcloud" "(Update Nextcloud to the latest release)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Additional Apps") - print_text_in_color "$ICyan" "Downloading the Additional Apps script..." - run_script MENU additional_apps - ;; - "Nextcloud Configuration") - print_text_in_color "$ICyan" "Downloading the Nextcloud Configuration script..." - run_script MENU nextcloud_configuration - ;; - "Startup Configuration") - print_text_in_color "$ICyan" "Downloading the Startup Configuration script..." - run_script MENU startup_configuration - ;; - "Server Configuration") - print_text_in_color "$ICyan" "Downloading the Server Configuration script..." - run_script MENU server_configuration - ;; - "Update Nextcloud") - if [ -f "$SCRIPTS"/update.sh ] - then - bash "$SCRIPTS"/update.sh - else - print_text_in_color "$ICyan" "Downloading the Update script..." - download_script STATIC update - bash "$SCRIPTS"/update.sh - fi - ;; - *) - ;; -esac -exit diff --git a/menu/menu.sh b/menu/menu.sh deleted file mode 100644 index de36c09dda..0000000000 --- a/menu/menu.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059,1091 -true -SCRIPT_NAME="Main Menu" -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || sourcsource /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -################################################################## - -mkdir -p "$SCRIPTS" -print_text_in_color "$ICyan" "Running the main menu script..." - -if network_ok -then - # Delete, download, run - run_script MENU main_menu -fi - -exit diff --git a/menu/nextcloud_configuration.sh b/menu/nextcloud_configuration.sh deleted file mode 100644 index 8e6b1db20b..0000000000 --- a/menu/nextcloud_configuration.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Nextcloud Configuration Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -# Configure Nextcloud -choice=$(whiptail --title "$TITLE" --checklist "Which settings do you want to configure?\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"CookieLifetime" "(Configure forced logout timeout for users using the web GUI)" OFF \ -"Share-folder" "(Shares from other users will appear in a folder named 'Shared')" OFF \ -"Disable workspaces" "(disable top notes in GUI)" OFF \ -"Disable user flows" "(Disable user settings for Nextcloud Flow)" OFF \ -"Enable logrotate" "(Use logrotate to keep more Nextcloud logs)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"CookieLifetime"*) - print_text_in_color "$ICyan" "Downloading the CookieLifetime script..." - run_script STATIC cookielifetime - ;;& - *"Share-folder"*) - clear - SUBTITLE="Share-folder" - msg_box "This option will make all Nextcloud shares from other users appear in a folder named 'Shared' in the Nextcloud GUI.\n\nIf you don't enable this option, all shares will appear directly in the Nextcloud GUI root folder, which is the default behaviour." "$SUBTITLE" - if yesno_box_yes "Do you want to enable this option?" "$SUBTITLE" - then - occ_command config:system:set share_folder --value="/Shared" - msg_box "All new Nextcloud shares from other users will appear in the 'Shared' folder from now on." "$SUBTITLE" - fi - ;;& - *"Disable workspaces"*) - clear - SUBTITLE="Disable workspaces" - msg_box "This option will will disable a feature named 'rich workspaces'. It will disable the top notes in GUI." "$SUBTITLE" - if yesno_box_yes "Do you want to disable rich workspaces?" "$SUBTITLE" - then - # Check if text is enabled - if ! is_app_enabled text - then - msg_box "The text app isn't enabled - unable to disable rich workspaces." "$SUBTITLE" - sleep 1 - else - # Disable workspaces - occ_command config:app:set text workspace_available --value=0 - msg_box "Rich workspaces are now disabled." "$SUBTITLE" - fi - fi - ;;& - *"Disable user flows"*) - clear - SUBTITLE="Disable user flows" - # Greater than 18.0.3 is 18.0.4 which is required - if version_gt "$CURRENTVERSION" "18.0.3" - then - msg_box "This option will disable the with Nextcloud 18 introduced user flows. It will disable the user flow settings. Admin flows will continue to work." "$SUBTITLE" - if yesno_box_yes "Do you want to disable user flows?" "$SUBTITLE" - then - occ_command config:app:set workflowengine user_scope_disabled --value yes - msg_box "User flow settings are now disabled." "$SUBTITLE" - fi - else - msg_box "'Disable user flows' is only available on Nextcloud 18.0.4 and above.\nPlease upgrade by running 'sudo bash /var/scripts/update.sh'" "$SUBTITLE" - sleep 1 - fi - ;;& - *"Enable logrotate"*) - clear - SUBTITLE="Enable logrotate" - msg_box "This option enables logrotate for Nextcloud logs to keep all logs for 10 days" "$SUBTITLE" - if yesno_box_yes "Do you want to enable logrotate for Nextcloud logs?" "$SUBTITLE" - then - # Set logrotate (without size restriction) - occ_command config:system:set log_rotate_size --value=0 - - # Configure logrotate to rotate logs for us (max 10, every day a new one) - cat << NEXTCLOUD_CONF > /etc/logrotate.d/nextcloud.log.conf -$VMLOGS/nextcloud.log { -daily -rotate 10 -} -NEXTCLOUD_CONF - - # Set needed ownerchip for the nextcloud log folder to work correctly - chown www-data:www-data "${VMLOGS}"/ - - msg_box "Logrotate was successfully enabled." "$SUBTITLE" - fi - ;;& - *) - ;; -esac -exit diff --git a/menu/server_configuration.sh b/menu/server_configuration.sh deleted file mode 100644 index efd98cc91c..0000000000 --- a/menu/server_configuration.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Server Configuration Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the correct switch for activate_tls -if [ -f $SCRIPTS/activate-tls.sh ] -then - ACTIVATE_TLS_SWITCH="ON" -else - ACTIVATE_TLS_SWITCH="OFF" -fi - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -# Server configurations -choice=$(whiptail --title "$TITLE" --checklist "Choose what you want to configure\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Static IP" "(Set static IP in Ubuntu with netplan.io)" OFF \ -"Security" "(Add extra security based on this http://goo.gl/gEJHi7)" OFF \ -"DDclient Configuration" "(Use ddclient for automatic DDNS updates)" OFF \ -"Activate TLS" "(Enable HTTPS with Let's Encrypt)" "$ACTIVATE_TLS_SWITCH" \ -"Automatic updates" "(Automatically update your server every week on Sundays)" OFF \ -"Disk Check" "(Check for S.M.A.R.T errors on your disks every week on Mondays)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Static IP"*) - clear - print_text_in_color "$ICyan" "Downloading the Static IP script..." - run_script NETWORK static_ip - ;;& - *"Security"*) - clear - print_text_in_color "$ICyan" "Downloading the Security script..." - run_script ADDONS security - ;;& - *"DDclient Configuration"*) - clear - print_text_in_color "$ICyan" "Downloading the DDclient Configuration script..." - run_script NETWORK ddclient-configuration - ;;& - *"Activate TLS"*) - clear - SUBTITLE="Activate TLS" -msg_box "The following script will install a trusted -TLS certificate through Let's Encrypt. -It's recommended to use TLS (https) together with Nextcloud. -Please open port 80 and 443 to this servers IP before you continue. -More information can be found here: -https://www.techandme.se/open-port-80-443/" "$SUBTITLE" - - if yesno_box_yes "Do you want to install TLS?" "$SUBTITLE" - then - if [ -f $SCRIPTS/activate-tls.sh ] - then - bash $SCRIPTS/activate-tls.sh - else - print_text_in_color "$ICyan" "Downloading the Let's Encrypt script..." - download_script LETS_ENC activate-tls - bash $SCRIPTS/activate-tls.sh - fi - else - msg_box "OK, but if you want to run it later, just type: sudo bash $SCRIPTS/activate-tls.sh" "$SUBTITLE" - fi - - # Just make sure it is gone - rm -f "$SCRIPTS/test-new-config.sh" - clear - ;;& - *"Automatic updates"*) - clear - print_text_in_color "$ICyan" "Downloading the Automatic Updates script..." - run_script ADDONS automatic_updates - ;;& - *"Disk Check"*) - clear - print_text_in_color "$ICyan" "Downloading the Disk Check script..." - run_script DISK smartctl - ;;& - *) - ;; -esac -exit diff --git a/menu/talk_menu.sh b/menu/talk_menu.sh deleted file mode 100644 index ee61b0a97e..0000000000 --- a/menu/talk_menu.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Talk Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Set the startup switch -if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ] -then - STARTUP_SWITCH="ON" -else - STARTUP_SWITCH="OFF" -fi - -choice=$(whiptail --title "$TITLE" --checklist "Automatically install and configure Talk.\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Talk " "(Install Talk standalone - no subdomain required)" OFF \ -"Talk-Signaling" "(Install Talk + Signaling Server - subdomain required)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Talk "*) - clear - print_text_in_color "$ICyan" "Downloading the Talk script..." - run_script APP talk - ;;& - *"Talk-Signaling"*) - clear - print_text_in_color "$ICyan" "Downloading the Talk Signaling script..." - run_script APP talk_signaling - ;;& - *) - ;; -esac -exit - From de005495071dcef1260d1c9046d543df9d174356 Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 12:01:55 +0200 Subject: [PATCH 10/51] add back history Signed-off-by: enoch85 --- nextcloud_install_basic.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 1c4b5335a9..89f2046457 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -611,6 +611,7 @@ download_script GITHUB_REPO nextcloud-startup-script download_script GITHUB_REPO lib download_script STATIC instruction download_script STATIC change-db_pass +download_script STATIC history download_script NETWORK trusted download_script menu startup_configuration From a6955f44050ee9500b396d129b65f0752500b318 Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 12:03:39 +0200 Subject: [PATCH 11/51] further removal of scripts Signed-off-by: enoch85 --- static/adduser.sh | 40 ------- static/configuration.sh | 29 ------ static/cookielifetime.sh | 74 ------------- static/docker_overlay2.sh | 168 ------------------------------ static/fetch_lib.sh | 38 ------- static/main_menu.sh | 61 ----------- static/menu.sh | 29 ------ static/nextcloud_configuration.sh | 77 -------------- static/nhss_index.php | 147 -------------------------- static/recover_apps.py | 16 --- static/server_configuration.sh | 92 ---------------- static/temporary-fix.sh | 20 ---- static/test_connection.sh | 15 --- static/update-config.php | 53 ---------- static/update.sh | 36 ------- static/updatenotification.sh | 79 -------------- 16 files changed, 974 deletions(-) delete mode 100644 static/adduser.sh delete mode 100644 static/configuration.sh delete mode 100644 static/cookielifetime.sh delete mode 100644 static/docker_overlay2.sh delete mode 100644 static/fetch_lib.sh delete mode 100644 static/main_menu.sh delete mode 100644 static/menu.sh delete mode 100644 static/nextcloud_configuration.sh delete mode 100644 static/nhss_index.php delete mode 100644 static/recover_apps.py delete mode 100644 static/server_configuration.sh delete mode 100644 static/temporary-fix.sh delete mode 100644 static/test_connection.sh delete mode 100644 static/update-config.php delete mode 100644 static/update.sh delete mode 100644 static/updatenotification.sh diff --git a/static/adduser.sh b/static/adduser.sh deleted file mode 100644 index 56b47b2cd3..0000000000 --- a/static/adduser.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Add CLI User" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -if [[ $UNIXUSER != "ncadmin" ]] -then -msg_box "Current user with sudo permissions is: $UNIXUSER. -This script will set up everything with that user. -If the field after ':' is blank you are probably running as a pure root user. -It's possible to install with root, but there will be minor errors. - -Please create a user with sudo permissions if you want an optimal installation. -The preferred user is 'ncadmin'." - if ! yesno_box_yes "Do you want to create a new user?" - then - print_text_in_color "$ICyan" "Not adding another user..." - sleep 1 - else - read -r -p "Enter name of the new user: " NEWUSER - adduser --disabled-password --gecos "" "$NEWUSER" - sudo usermod -aG sudo "$NEWUSER" - usermod -s /bin/bash "$NEWUSER" - while : - do - sudo passwd "$NEWUSER" && break - done - sudo -u "$NEWUSER" sudo bash "$1" - fi -fi diff --git a/static/configuration.sh b/static/configuration.sh deleted file mode 100644 index d7d2ba6347..0000000000 --- a/static/configuration.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Configuration" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -mkdir -p "$SCRIPTS" -print_text_in_color "$ICyan" "Running the nextcloud configuration script..." - -if network_ok -then - # Delete, download, run - run_script MENU nextcloud_configuration -fi - -exit diff --git a/static/cookielifetime.sh b/static/cookielifetime.sh deleted file mode 100644 index b7cd3888a3..0000000000 --- a/static/cookielifetime.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Set Cookie Lifetime" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -print_text_in_color "$ICyan" "Configuring Cookie Lifetime timeout..." - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -choice=$(whiptail --title "$TITLE" --menu "Configure the logout time (in seconds) which will forcefully logout the Nextcloud user from the web browser when the timeout is reached." "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"1800s" "30 minutes" \ -"7200s" "2 hours" \ -"43200s" "12 hours" \ -"172800s" "2 days" \ -"604800s" "1 week" \ -"2419200s" "4 weeks" \ -"Custom" "setup a custom time" 3>&1 1>&2 2>&3) - -case "$choice" in - "1800s") - occ_command config:system:set remember_login_cookie_lifetime --value="1800" - ;; - "7200s") - occ_command config:system:set remember_login_cookie_lifetime --value="7200" - ;; - "43200s") - occ_command config:system:set remember_login_cookie_lifetime --value="43200" - ;; - "172800s") - occ_command config:system:set remember_login_cookie_lifetime --value="172800" - ;; - "604800s") - occ_command config:system:set remember_login_cookie_lifetime --value="604800" - ;; - "2419200s") - occ_command config:system:set remember_login_cookie_lifetime --value="2419200" - ;; - "Custom") - while : - do - COOKIE_LIFETIME=$(input_box "Configure the logout time (in seconds) which will forcefully logout the Nextcloud user from the web browser when the timeout is reached.\n\nPlease enter the Cookie Lifetime in seconds, so e.g. 1800 for 30 minutes or 3600 for 1 hour\n\n You can not set a value below 30 minutes (1800 seconds).") - if ! check_if_number "$COOKIE_LIFETIME" - then - msg_box "The value you entered doesn't seem to be a number between 0-9, please enter a valid number." - elif [ "$COOKIE_LIFETIME" -lt "1800" ] - then - msg_box "Please choose a value more than 1800 seconds." - elif ! yesno_box_yes "Is this correct? $COOKIE_LIFETIME seconds" - then - msg_box "It seems like you weren't satisfied with your setting of ($COOKIE_LIFETIME) seconds. Please try again." - else - if occ_command config:system:set remember_login_cookie_lifetime --value="$COOKIE_LIFETIME" - then - msg_box "Cookie Lifetime is now successfully set to $COOKIE_LIFETIME seconds." - fi - break - fi - done - ;; - *) - ;; -esac diff --git a/static/docker_overlay2.sh b/static/docker_overlay2.sh deleted file mode 100644 index 74c0bc5bf1..0000000000 --- a/static/docker_overlay2.sh +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Change to Docker overlay2" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -### Migrating Docker images to overlay2 ### -# https://www.techandme.se/changes-to-docker-ce-in-the-nextcloud-vm/ -# Credits to: https://gist.github.com/hydra1983/22b2bed38b4f5f56caa87c830c96378d - -# Make sure DOCKERBACKUP is created -if [ -f "$NCPATH"/config/config.php ] -then - NCDATA="$(grep 'datadir' "$NCPATH"/config/config.php | awk '{print $3}' | cut -d "'" -f2)" -fi -DOCKERBACKUP="$NCDATA/DOCKERBACKUP" -mkdir -p "$DOCKERBACKUP" - -# Check if aufs and don't run -if grep -q "aufs" /etc/default/docker -then -msg_box "This script doesn't support images that uses the AUFS driver, sorry - -You are welcome to send a PR, or report an issue here: $ISSUES" - exit 1 -fi - -readonly DB_FILE="$DOCKERBACKUP/images.db" -readonly IMG_DIR="$DOCKERBACKUP/images" - -save_images() { - print_text_in_color "$ICyan" "Create ${IMG_DIR}" - if [[ ! -d "${IMG_DIR}" ]]; then - mkdir "${IMG_DIR}" - fi - - print_text_in_color "$ICyan" "Create ${DB_FILE}" - docker images|grep -v 'IMAGE ID'|awk '{printf("%s %s %s\n", $1, $2, $3)}'|column -t > "${DB_FILE}" - - print_text_in_color "$ICyan" "Read ${DB_FILE}" - local images - while read -r image; do - images+=("$image"); - done <<< "$(cat "${DB_FILE}")" - - local name tag id - for image in "${images[@]}"; do - name=$(echo "$image"|awk '{print $1}') - tag=$(echo "$image"|awk '{print $2}') - id=$(echo "$image"|awk '{print $3}') - - if [[ "${id}" != "" ]]; then - local imgPath="${IMG_DIR}/${id}.dim" - - if [[ ! -f "${imgPath}" ]] ; then - print_text_in_color "$ICyan" "[DEBUG] save ${id} ${name}:${tag} to ${imgPath}" - (time docker save -o "${imgPath}" "${name}":"${tag}") 2>&1 | grep real - else - print_text_in_color "$ICyan" "[DEBUG] ${id} ${name}:${tag} already saved" - fi - fi - done -} - -load_images() { - if [[ ! -f "${DB_FILE}" ]]; then - print_text_in_color "$ICyan" "No ${DB_FILE} to read" - exit 0 - fi - - if [[ ! -d "${IMG_DIR}" ]]; then - print_text_in_color "$ICyan" "No ${IMG_DIR} to load images" - exit 0 - fi - - print_text_in_color "$ICyan" "Read ${DB_FILE}" - local images - while read -r image; do - images+=("$image"); - done <<< "$(cat "${DB_FILE}")" - - local name tag id - for image in "${images[@]}"; do - name=$(echo "$image"|awk '{print $1}') - tag=$(echo "$image"|awk '{print $2}') - id=$(echo "$image"|awk '{print $3}') - - if [[ "${id}" != "" ]]; then - local imgPath="${IMG_DIR}/${id}.dim" - - if [[ "$(docker images|grep "${id}" | grep "${name}" | grep "${tag}")" == "" ]]; then - if [[ "$(docker images|grep "${id}")" == "" ]]; then - print_text_in_color "$ICyan" "[DEBUG] load ${id} ${name}:${tag} from ${imgPath}" - docker load -i "${imgPath}" - else - print_text_in_color "$ICyan" "[DEBUG] tag ${id} as ${name}:${tag}" - docker tag "${id}" "${name}":"${tag}" - fi - else - print_text_in_color "$ICyan" "[DEBUG] ${id} ${name}:${tag} already loaded" - fi - fi - done -} - -# Save all docker images in one file -check_command docker ps -a > "$DOCKERBACKUP"/dockerps.txt -check_command docker images | sed '1d' | awk '{print $1 " " $2 " " $3}' > "$DOCKERBACKUP"/mydockersimages.list -msg_box "The following images will be saved to $DOCKERBACKUP/images - -$(cat "$DOCKERBACKUP"/mydockersimages.list) - -It may take a while so please be patient." - -check_command save_images - -# Set overlay2 -print_text_in_color "$ICyan" "Setting overlay2 in /etc/docker/daemon.json" - -cat << OVERLAY2 > /etc/docker/daemon.json -{ - "storage-driver": "overlay2" -} -OVERLAY2 -rm -f /etc/systemd/system/docker.service -systemctl restart docker.service -print_text_in_color "$ICyan" "Reloading daemon" -systemctl daemon-reload -print_text_in_color "$ICyan" "Restarting the docker service" -check_command systemctl restart docker.service -apt-mark unhold docker-ce - -# Remove old cached versions to avoid failures on update to new version -rm -Rf /var/cache/apt/archives/docker* -rm -Rf /var/cache/apt/archives/container* -rm -Rf /var/cache/apt/archives/aufs* - -# Upgrade docker to latest version -rm -Rf /var/lib/docker -apt update -q4 & spinner_loading -apt upgrade docker-ce -y - -# Load docker images back -print_text_in_color "$ICyan" "Importing saved docker images to overlay2..." -check_command load_images -msg_box "Your Docker images are now imported to overlay2, but not yet running. - -To start the images again, please run the appropriate 'docker run' command for each docker. -These are all the imported docker images: -$(cat "${DB_FILE}") - -You can also find the file with the imported docker images here: -$DB_FILE - -If you experiance any issues, please report them to $ISSUES." -rm -f "$DOCKERBACKUP"/mydockersimages.list diff --git a/static/fetch_lib.sh b/static/fetch_lib.sh deleted file mode 100644 index ccb1babe5c..0000000000 --- a/static/fetch_lib.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# shellcheck disable=2034,2059 -true -# see https://github.com/koalaman/shellcheck/wiki/Directive - -IRed='\e[0;91m' # Red -IGreen='\e[0;92m' # Green -ICyan='\e[0;96m' # Cyan -Color_Off='\e[0m' # Text Reset -print_text_in_color() { - printf "%b%s%b\n" "$1" "$2" "$Color_Off" -} - -if [[ "$EUID" -ne 0 ]] -then - print_text_in_color "$IRed" "You must run fetch_lib with sudo privileges, or directly as root!" - print_text_in_color "$ICyan" "Please report this to https://github.com/nextcloud/vm/issues if you think it's a bug." - exit 1 -fi - -mkdir -p /var/scripts -if ! [ -f /var/scripts/lib.sh ] -then - if ! curl -sfL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh -o /var/scripts/lib.sh - then - print_text_in_color "$IRed" "You don't seem to have an internet connection and the local lib isn't available. Hence you cannot run this script." - exit 1 - fi -else - if ! [ -f /var/scripts/nextcloud-startup-script.sh ] - then - print_text_in_color "$ICyan" "Updating lib..." - curl -sfL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh -o /var/scripts/lib.sh - fi -fi - -# shellcheck source=lib.sh -source /var/scripts/lib.sh diff --git a/static/main_menu.sh b/static/main_menu.sh deleted file mode 100644 index 7c0da4a94b..0000000000 --- a/static/main_menu.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Main Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Main menu -choice=$(whiptail --title "$TITLE" --menu "Choose what you want to do.\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Additional Apps" "(Choose which apps to install)" \ -"Nextcloud Configuration" "(Choose between available Nextcloud configurations)" \ -"Server Configuration" "(Choose between available server configurations)" \ -"Update Nextcloud" "(Update Nextcloud to the latest release)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Additional Apps") - if network_ok - then - run_script MENU additional_apps - fi - ;; - "Nextcloud Configuration") - if network_ok - then - run_script MENU nextcloud_configuration - fi - ;; - "Server Configuration") - if network_ok - then - run_script MENU server_configuration - fi - ;; - "Update Nextcloud") - if [ -f $SCRIPTS/update.sh ] - then - bash $SCRIPTS/update.sh - else - if network_ok - then - download_script STATIC update - bash $SCRIPTS/update.sh - fi - fi - ;; - *) - ;; -esac -exit diff --git a/static/menu.sh b/static/menu.sh deleted file mode 100644 index 5843537177..0000000000 --- a/static/menu.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Menu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -mkdir -p "$SCRIPTS" -print_text_in_color "$ICyan" "Running the main menu script..." - -if network_ok -then - # Delete, download, run - run_script MENU main_menu -fi - -exit diff --git a/static/nextcloud_configuration.sh b/static/nextcloud_configuration.sh deleted file mode 100644 index 4bd7302e74..0000000000 --- a/static/nextcloud_configuration.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Nextcloud Configuration (menu)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Configure Nextcloud -choice=$(whiptail --title "$TITLE" --checklist "Which settings do you want to configure?\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"CookieLifetime" "(Configure forced logout timeout for users using the web GUI)" OFF \ -"Share-folder" "(Shares from other users will appear in a folder named 'Shared')" OFF \ -"Disable workspaces" "(disable top notes in GUI)" OFF \ -"Disable user flows" "(Disable user settings for Nextcloud Flow)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"CookieLifetime"*) - run_script STATIC cookielifetime - ;;& - *"Share-folder"*) - clear - msg_box "This option will make all Nextcloud shares from other users appear in a folder named 'Shared' in the Nextcloud GUI.\n\nIf you don't enable this option, all shares will appear directly in the Nextcloud GUI root folder, which is the default behaviour." - if yesno_box_yes "Do you want to enable this option?" - then - occ_command config:system:set share_folder --value="/Shared" - msg_box "All new Nextcloud shares from other users will appear in the 'Shared' folder from now on." - fi - ;;& - *"Disable workspaces"*) - msg_box "This option will will disable a feature named 'rich workspaces'. It will disable the top notes in GUI." - if yesno_box_yes "Do you want to disable rich workspaces?" - then - # Check if text is enabled - if ! is_app_enabled text - then - msg_box "The text app isn't enabled - unable to disable rich workspaces." - sleep 1 - else - # Disable workspaces - occ_command config:app:set text workspace_available --value=0 - msg_box "Rich workspaces are now disabled." - fi - fi - ;;& - *"Disable user flows"*) - # Greater than 18.0.3 is 18.0.4 which is required - if version_gt "$CURRENTVERSION" "18.0.3" - then - msg_box "This option will disable the with Nextcloud 18 introduced user flows. It will disable the user flow settings. Admin flows will continue to work." - if yesno_box_yes "Do you want to disable user flows?" - then - occ_command config:app:set workflowengine user_scope_disabled --value yes - msg_box "User flow settings are now disabled." - fi - else - msg_box "'Disable user flows' is only available on Nextcloud 18.0.4 and above.\nPlease upgrade by running 'sudo bash /var/scripts/update.sh'" - sleep 1 - fi - ;;& - *) - ;; -esac -exit diff --git a/static/nhss_index.php b/static/nhss_index.php deleted file mode 100644 index b958ea60bb..0000000000 --- a/static/nhss_index.php +++ /dev/null @@ -1,147 +0,0 @@ - - - - Nextcloud Home/SME Server - - - - -
- -
-

Nextcloud Home/SME Server - by T&M Hansson IT AB

-
-
-
-

Thank you for purchasing the Nextcloud Home/SME Server, you made a good choice! If you see this page, you have run the first setup, and you are now ready to start using Nextcloud on your new server. Congratulations! :)

-

We have set everything up for you and the only thing you have to do now is to login. You can find login details in the middle of this page.

-

Don't hesitate to ask if you have any questions. You can ask for help in our community support channels, or buy hands on support from T&M Hansson IT AB. You can also check the documentation.

-
- -

Access Nextcloud

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you have a self-signed certificate.
- -

It's recomended to get your own certificate and replace the self-signed certificate to your own. - The easiest way to get a real TLS certificate is to run the Lets' Encrypt script included on this server.
- Just run 'sudo bash /var/scripts/menu.sh' from your CLI and choose Server Configuration --> Activate TLS. -

- Login details -

-
- -

Access Webmin

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you have a self-signed certificate.
-

- Login details -

-

Note: To access Webmin externally you have to open port 10000 in your router, it's not recomended though due to security concerns.

-
- -

Access Adminer

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you connect via HTTPS.

-

- Login details -

-

Note: Your LAN IP is set as approved in /etc/apache2/sites-available/adminer.conf, all other access is forbidden.

-
- -

Follow us on Social Media

- -
-

If you want to get the latest news and updates, please consider following us! We are very active on Twitter, and post some videos from time to time on Youtube. It might be worth checking out. ;)

-
-

- -
- - diff --git a/static/recover_apps.py b/static/recover_apps.py deleted file mode 100644 index 8ff4f0f499..0000000000 --- a/static/recover_apps.py +++ /dev/null @@ -1,16 +0,0 @@ -import glob, json, os, subprocess, requests - -nc_path = '/var/www/nextcloud/apps/' -backup_path = '/var/NCBACKUP/apps/' -shipped_url = 'http://raw.githubusercontent.com/nextcloud/server/master/core/shipped.json' - -json_data = requests.get(shipped_url, timeout=60).json() -shipped_apps = json_data['shippedApps'] + json_data['alwaysEnabled'] - -installed_dirs = set(os.path.basename(path) for path in glob.glob(backup_path + '*')) -missing_dirs = installed_dirs.difference(shipped_apps) - -for d in missing_dirs: -# subprocess.call(['rsync', '-Aax', os.path.join(backup_path, d), nc_path]) -# subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:enable', d]) - subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:install', d]) diff --git a/static/server_configuration.sh b/static/server_configuration.sh deleted file mode 100644 index c6d737bbb3..0000000000 --- a/static/server_configuration.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# If we have internet, then use the latest variables from the lib remote file -if printf "Testing internet connection..." && ping github.com -c 2 -then -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Server configuration" -# shellcheck source=lib.sh -source /var/scripts/lib.sh -# Use local lib file in case there is no internet connection -elif [ -f /var/scripts/lib.sh ] -then -# shellcheck disable=2034,2059 -true -# shellcheck source=lib.sh -source /var/scripts/lib.sh -else - printf "You don't seem to have a working internet connection, and /var/scripts/lib.sh is missing so you can't run this script." - printf "Please report this to https://github.com/nextcloud/vm/issues/" - exit 1 -fi - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Server configurations -choice=$(whiptail --title "$TITLE" --checklist "Choose what you want to configure\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Activate TLS" "(Enable HTTPS with Let's Encrypt)" ON \ -"Security" "(Add extra security based on this http://goo.gl/gEJHi7)" OFF \ -"Static IP" "(Set static IP in Ubuntu with netplan.io)" OFF \ -"Disk Check" "(Check for S.M.A.R.T errors on your disks every week on Mondays)" OFF \ -"Automatic updates" "(Automatically update your server every week on Sundays)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Disk Check"*) - clear - run_script DISK smartctl - ;;& - *"Security"*) - clear - run_script ADDONS security - ;;& - *"Static IP"*) - clear - run_script STATIC static_ip - ;;& - *"Automatic updates"*) - clear - run_script ADDONS automatic_updates - ;;& - *"Activate TLS"*) - clear -msg_box "The following script will install a trusted -TLS certificate through Let's Encrypt. -It's recommended to use TLS (https) together with Nextcloud. -Please open port 80 and 443 to this servers IP before you continue. -More information can be found here: -https://www.techandme.se/open-port-80-443/" - - if yesno_box_yes "Do you want to install TLS?" - then - if [ -f $SCRIPTS/activate-tls.sh ] - then - bash $SCRIPTS/activate-tls.sh - else - download_script LETS_ENC activate-tls - bash $SCRIPTS/activate-tls.sh - fi - else - echo - print_text_in_color "$ICyan" "OK, but if you want to run it later, just type: sudo bash $SCRIPTS/activate-tls.sh" - any_key "Press any key to continue..." - fi - - # Just make sure they are gone - rm -f "$SCRIPTS/test-new-config.sh" - rm -f "$SCRIPTS/activate-tls.sh" - clear - ;;& - *) - ;; -esac -exit diff --git a/static/temporary-fix.sh b/static/temporary-fix.sh deleted file mode 100644 index d1eaefb3d3..0000000000 --- a/static/temporary-fix.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Temporary Fix" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -exit diff --git a/static/test_connection.sh b/static/test_connection.sh deleted file mode 100644 index e369ee8357..0000000000 --- a/static/test_connection.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Test Connection (old)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# This is needed since we removed this from the startup script, or changed name so it can't be downloaded anymore -msg_box "You are running an outdated release. - -You see this message only to make it possible to run the first startup script, but as time goes, more and more will we incompatible. - -We urge you to download the latest version as soon as possible: https://github.com/nextcloud/vm/releases" - -exit diff --git a/static/update-config.php b/static/update-config.php deleted file mode 100644 index cf88651ff1..0000000000 --- a/static/update-config.php +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/php - -# Credit to: https://github.com/jnweiger - - 3) - { - # append [] to the key name, if you need to pass an array object. - if (substr($argv[2], -2) === '[]') - { - $CONFIG[substr($argv[2],0,-2)] = array_slice($argv,3); - } - else - { - $CONFIG[$argv[2]] = $argv[3]; - } - } -else - { - # exactly two parameter given -- means delete. - unset($CONFIG[$argv[2]]); - } - -$text = var_export($CONFIG, true); -## A warning is printed, if argv[1] is not writable. -## PHP does not issue proper errno or strerror() does it? -file_put_contents($argv[1], " diff --git a/static/update.sh b/static/update.sh deleted file mode 100644 index c9f4db81ce..0000000000 --- a/static/update.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Update Server + Nextcloud" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -mkdir -p "$SCRIPTS" - -if [ "${1}" = "minor" ] -then - echo "$((NCMAJOR-1))" > /tmp/minor.version -elif [ "${1}" = "beta" ] -then - echo "beta" > /tmp/prerelease.version -elif [[ "${1}" == *"RC"* ]] -then - echo "${1}" > /tmp/prerelease.version -fi - -# Delete, download, run -run_script GITHUB_REPO nextcloud_update - -exit diff --git a/static/updatenotification.sh b/static/updatenotification.sh deleted file mode 100644 index fe7b88006c..0000000000 --- a/static/updatenotification.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Update Notification" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -print_text_in_color "$ICyan" "Checking for new Nextcloud version..." - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -NCMIN=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | grep "${CURRENTVERSION%%.*}" | tail -1) -REPORTEDMAJ="$CURRENTVERSION" -REPORTEDMIN="$CURRENTVERSION" - -if [ "$CURRENTVERSION" == "$NCVERSION" ] && [ "$CURRENTVERSION" == "$NCMIN" ] -then - print_text_in_color "$IGreen" "You already run the latest version! ($NCVERSION)" - exit -fi - -if [ "$REPORTEDMAJ" == "$NCVERSION" ] && [ "$REPORTEDMIN" == "$NCMIN" ] -then - print_text_in_color "$ICyan" "The notification regarding the new Nextcloud update has been already reported!" - exit -fi - -if [ "$NCVERSION" == "$NCMIN" ] && version_gt "$NCMIN" "$REPORTEDMIN" && version_gt "$NCMIN" "$CURRENTVERSION" -then - sed -i "s|^REPORTEDMAJ.*|REPORTEDMAJ=$NCVERSION|" $SCRIPTS/updatenotification.sh - sed -i "s|^REPORTEDMIN.*|REPORTEDMIN=$NCMIN|" $SCRIPTS/updatenotification.sh - if crontab -l -u root | grep -q $SCRIPTS/update.sh - then - notify_admin_gui \ - "New minor Nextcloud Update!" \ - "Nextcloud $NCMIN just became available. Since you are running Automatic Updates on Saturdays at $AUT_UPDATES_TIME:00, you don't need to bother about updating the server to minor Nextcloud versions manually, as that's already taken care of." - else - notify_admin_gui \ - "New minor Nextcloud Update!" \ - "Nextcloud $NCMIN just became available. Please run 'sudo bash /var/scripts/update.sh minor' from your CLI to update your server to Nextcloud $NCMIN." - fi - exit -fi - -if version_gt "$NCMIN" "$REPORTEDMIN" && version_gt "$NCMIN" "$CURRENTVERSION" -then - sed -i "s|^REPORTEDMIN.*|REPORTEDMIN=$NCMIN|" $SCRIPTS/updatenotification.sh - if crontab -l -u root | grep -q $SCRIPTS/update.sh - then - notify_admin_gui \ - "New minor Nextcloud Update!" \ - "Nextcloud $NCMIN just became available. Since you are running Automatic Updates on Saturdays at $AUT_UPDATES_TIME:00, you don't need to bother about updating the server to minor Nextcloud versions manually, as that's already taken care of." - else - notify_admin_gui \ - "New minor Nextcloud Update!" \ - "Nextcloud $NCMIN just became available. Please run 'sudo bash /var/scripts/update.sh minor' from your CLI to update your server to Nextcloud $NCMIN." - fi -fi - -if version_gt "$NCVERSION" "$REPORTEDMAJ" && version_gt "$NCVERSION" "$CURRENTVERSION" -then - sed -i "s|^REPORTEDMAJ.*|REPORTEDMAJ=$NCVERSION|" $SCRIPTS/updatenotification.sh - notify_admin_gui \ - "New major Nextcloud Update!" \ - "Nextcloud $NCVERSION just became available. Please run 'sudo bash /var/scripts/update.sh' from your CLI to update your server to Nextcloud $NCVERSION. Before updating though, you should visit https://your-nc-domain/settings/admin/overview and make sure that all apps are compatible with the new version." -fi From 41903c9c013763780881e19c7b0b27af94b3757e Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 12:10:27 +0200 Subject: [PATCH 12/51] remove ZFS and adduser we will only run the installer anyway, it's not meant for anyone else --- nextcloud_install_basic.sh | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 89f2046457..4369db2901 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -76,11 +76,6 @@ cpu_check 1 Nextcloud mkdir -p "$SCRIPTS" download_script GITHUB_REPO lib -# Create new current user -download_script STATIC adduser -bash $SCRIPTS/adduser.sh "nextcloud_install_production.sh" -rm -f $SCRIPTS/adduser.sh - # Check distribution and version if ! version 20.04 "$DISTRO" 20.04.6 then @@ -167,37 +162,6 @@ install_if_not netplan.io # Install build-essentials to get make install_if_not build-essential -# Set dual or single drive setup -msg_box "This VM is designed to run with two disks, one for OS and one for DATA. This will get you the best performance since the second disk is using ZFS which is a superior filesystem. -You could still choose to only run on one disk though, which is not recommended, but maybe your only option depending on which hypervisor you are running. - -You will now get the option to decide which disk you want to use for DATA, or run the automatic script that will choose the available disk automatically." - -choice=$(whiptail --title "$TITLE - Choose disk format" --nocancel --menu "How would you like to configure your disks?" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"2 Disks Auto" "(Automatically configured)" \ -"2 Disks Manual" "(Choose by yourself)" \ -"1 Disk" "(Only use one disk /mnt/ncdata - NO ZFS!)" 3>&1 1>&2 2>&3) - -case "$choice" in - "2 Disks Auto") - run_script DISK format-sdb - # Change to zfs-mount-generator - run_script DISK change-to-zfs-mount-generator - - ;; - "2 Disks Manual") - run_script DISK format-chosen - # Change to zfs-mount-generator - run_script DISK change-to-zfs-mount-generator - ;; - "1 Disk") - print_text_in_color "$IRed" "1 Disk setup chosen." - sleep 2 - ;; - *) - ;; -esac - # Install PostgreSQL # sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main" # curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - From 3b9626374afeab53ff1273411f01886e8a8f6e62 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 12:25:11 +0200 Subject: [PATCH 13/51] minor bugs --- nextcloud_install_basic.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 4369db2901..2776d7b370 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -533,10 +533,6 @@ a2dissite default-ssl a2dissite 000-default restart_webserver -# Prepare first bootup -check_command run_script STATIC change-ncadmin-profile -check_command run_script STATIC change-root-profile - # Cleanup apt autoremove -y apt autoclean @@ -574,11 +570,14 @@ true download_script GITHUB_REPO nextcloud-startup-script download_script GITHUB_REPO lib download_script STATIC instruction -download_script STATIC change-db_pass +download_script STATIC change_db_pass download_script STATIC history download_script NETWORK trusted -download_script menu startup_configuration +download_script MENU startup_configuration +# Prepare first bootup +check_command run_script STATIC change-ncadmin-profile +check_command run_script STATIC change-root-profile # Reboot msg_box "Installation almost done, system will reboot when you hit OK. From f6d90e849ad13ed4a6843c4748529b387c068729 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 13:47:43 +0200 Subject: [PATCH 14/51] update password prompt --- nextcloud-startup-script.sh | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index 58a51fcf73..e1133e7933 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -101,9 +101,6 @@ fi # Nextcloud 18 is required lowest_compatible_nc 18 -# Import if missing and export again to import it with UUID -zpool_import_if_missing - # Run the startup menu bash $SCRIPTS/startup_configuration.sh @@ -140,12 +137,13 @@ check_command bash "$SCRIPTS/change_db_pass.sh" sleep 3 clear -# Change passwords +### Change passwords # CLI USER -msg_box "For better security, we will now change the password for the unix-user" +msg_box "For better security, we will now change the password for the UNIX-user for Ubuntu" +UNIXUSER="$(getent group sudo | cut -d: -f4 | cut -d, -f1)" while : do - UNIX_PASSWORD=$(input_box_flow "Please type in the new password for the unix-user [$(getent group sudo | cut -d: -f4 | cut -d, -f1)]") + UNIX_PASSWORD=$(input_box_flow "Please type in the new password for the UNIX-user: [$UNIXUSER]") if [[ "$UNIX_PASSWORD" == *" "* ]] then msg_box "Please don't use spaces" @@ -153,21 +151,24 @@ do break fi done -check_command echo -e "$UNIX_PASSWORD\n$UNIX_PASSWORD" | (passwd --stdin "$(getent group sudo | cut -d: -f4 | cut -d, -f1)") +check_command echo "$UNIXUSER:$UNIX_PASSWORD" | sudo chpasswd unset UNIX_PASSWORD -clear + # NEXTCLOUD USER NCADMIN=$(occ_command user:list | awk '{print $3}') -msg_box "We will now change the username and password for the nextcloud-admin user" +msg_box "We will now change the username and password for the Nextcloud admin user" while : do - NEWUSER=$(input_box_flow "Please type in the name of the nextcloud-admin user. It must differ from [$NCADMIN].\nThe only allowed character are: 'a-z', 'A-Z', '0-9', and '_.@-'") + NEWUSER=$(input_box_flow "Please type in the name of the Nextcloud admin user. It must differ from [$NCADMIN].\nThe only allowed character are: 'a-z', 'A-Z', '0-9', and '_.@-'") if [[ "$NEWUSER" == *" "* ]] then msg_box "Please don't use spaces." elif [ "$NEWUSER" = "$NCADMIN" ] then msg_box "This username is already in use. Please choose a different one." + elif [[ "$NEWUSER" =~ [^a-zA-Z0-9_.@-] ]] + then + msg_box "Allowed characters are: a-z', 'A-Z', '0-9', and '_.@-'\nPlease try again." else break fi @@ -178,14 +179,17 @@ do if [[ "$OC_PASS" == *" "* ]] then msg_box "Please don't use spaces." - else - break fi -done # Create new user export OC_PASS -occ_command user:add "$NEWUSER" --password-from-env -g admin -unset OC_PASS + if su -s /bin/sh www-data -c "php /var/www/nextcloud/occ user:add $NEWUSER --password-from-env" + then + unset OC_PASS + break + else + any_key "Press any key to choose a different password." + fi +done # Delete old user if [[ "$NCADMIN" ]] then @@ -194,6 +198,7 @@ then sleep 2 fi clear + # Cleanup 1 occ_command maintenance:repair rm -f "$SCRIPTS/ip.sh" From 381a5fda1cf62206ff85c6aa8b365440e36f211f Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 14:08:47 +0200 Subject: [PATCH 15/51] make script executable --- nextcloud_install_basic.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 2776d7b370..daaf3ab778 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -575,6 +575,9 @@ download_script STATIC history download_script NETWORK trusted download_script MENU startup_configuration +# Make $SCRIPTS excutable +chmod +x -R "$SCRIPTS" + # Prepare first bootup check_command run_script STATIC change-ncadmin-profile check_command run_script STATIC change-root-profile From 65912b749a2fad639e55de95e3de91723a34febb Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 14:28:49 +0200 Subject: [PATCH 16/51] final touches to startup script --- nextcloud-startup-script.sh | 59 +++++++++++-------------------------- 1 file changed, 17 insertions(+), 42 deletions(-) diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index e1133e7933..3c9acab0b1 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -199,18 +199,19 @@ then fi clear -# Cleanup 1 -occ_command maintenance:repair -rm -f "$SCRIPTS/ip.sh" -rm -f "$SCRIPTS/change_db_pass.sh" -rm -f "$SCRIPTS/instruction.sh" -rm -f "$NCDATA/nextcloud.log" -rm -f "$SCRIPTS/static_ip.sh" -rm -f "$SCRIPTS/server_configuration.sh" -rm -f "$SCRIPTS/nextcloud_configuration.sh" -rm -f "$SCRIPTS/additional_apps.sh" -rm -f "$SCRIPTS/adduser.sh" +# Check if user got internet once more, and then do the Nextcloud upgrade +msg_box "We will no try to upgrade Nextcloud to the latest version. +Please press OK to continue." +if network_ok +then + # Do the upgrade + chown -R www-data:www-data "$NCPATH" + rm -rf "$NCPATH"/assets + yes no | sudo -u www-data php /var/www/nextcloud/updater/updater.phar + occ_command maintenance:mode --off +fi +# Cleanup 1 find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name 'results' -o -name '*.zip*' \) -delete find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete sed -i "s|instruction.sh|nextcloud.sh|g" "/home/$UNIXUSER/.bash_profile" @@ -242,41 +243,15 @@ mesg n ROOTNEWPROFILE -# Upgrade system -if test_connection -then - print_text_in_color "$ICyan" "System will now upgrade..." - bash $SCRIPTS/update.sh -fi - # Cleanup 2 apt autoremove -y apt autoclean - -# Set trusted domain in config.php -bash $SCRIPTS/trusted.sh +occ_command maintenance:repair +rm -f "$NCDATA/nextcloud.log" +rm -f $SCRIPTS/startup_configuration.sh +rm -f $SCRIPTS/trusted.sh # Success! -msg_box "The installation process is *almost* done. - -Please hit OK in all the following prompts and let the server reboot to complete the installation process." - -msg_box "TIPS & TRICKS: -1. Publish your server online: https://goo.gl/iUGE2U -2. To login to PostgreSQL just type: sudo -u postgres psql nextcloud_db -3. To update this server just type: sudo bash /var/scripts/update.sh -4. Install apps, configure Nextcloud, and server: sudo bash $SCRIPTS/menu.sh" - -msg_box "SUPPORT: -Please ask for help in the forums, visit our shop to buy support, -or buy a yearly subscription from Nextcloud: -- SUPPORT: https://shop.hanssonit.se/product/premium-support-per-30-minutes/ -- FORUM: https://help.nextcloud.com/ -- SUBSCRIPTION: https://nextcloud.com/pricing/ (Please refer to @enoch85) - -BUGS: -Please report any bugs here: https://github.com/nextcloud/vm/issues" - msg_box "Congratulations! You have successfully installed Nextcloud! LOGIN: @@ -284,7 +259,7 @@ Login to Nextcloud in your browser: - IP: $ADDRESS - Hostname: $(hostname -f) -PLEASE HIT OK TO REBOOT" +## PLEASE PRESS OK TO REBOOT. ##" # Prefer IPv6 sed -i "s|precedence ::ffff:0:0/96 100|#precedence ::ffff:0:0/96 100|g" /etc/gai.conf From 24b562a537b501ab0ee684d2dd3168cd7e7e51ef Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 14:47:29 +0200 Subject: [PATCH 17/51] tidy up a bit (#1466) --- nextcloud-startup-script.sh | 48 +++++++++++++++++++++++++++---------- nextcloud_install_basic.sh | 2 ++ static/instruction.sh | 20 +++++----------- static/welcome.sh | 26 ++++++++++++++++++++ 4 files changed, 70 insertions(+), 26 deletions(-) create mode 100644 static/welcome.sh diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index 3c9acab0b1..3ed36867a8 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -214,19 +214,32 @@ fi # Cleanup 1 find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name 'results' -o -name '*.zip*' \) -delete find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete -sed -i "s|instruction.sh|nextcloud.sh|g" "/home/$UNIXUSER/.bash_profile" -truncate -s 0 \ - /root/.bash_history \ - "/home/$UNIXUSER/.bash_history" \ - /var/spool/mail/root \ - "/var/spool/mail/$UNIXUSER" \ - /var/log/apache2/access.log \ - /var/log/apache2/error.log \ - /var/log/cronjobs_success.log \ - "$VMLOGS/nextcloud.log" - -sed -i "s|sudo -i||g" "$UNIXUSER_PROFILE" +cat << UNIXUSERNEWPROFILE > "$UNIXUSER_PROFILE" +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 +# if running bash +if [ -n "5.0.16(1)-release" ] +then + # include .bashrc if it exists + if [ -f "/root/.bashrc" ] + then + . "/root/.bashrc" + fi +fi +# set PATH so it includes user's private bin if it exists +if [ -d "/root/bin" ] +then + PATH="/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" +fi +bash /home/"$UNIXUSER"/welcome.sh +UNIXUSERNEWPROFILE cat << ROOTNEWPROFILE > "$ROOT_PROFILE" # ~/.profile: executed by Bourne-compatible login shells. @@ -243,6 +256,16 @@ mesg n ROOTNEWPROFILE +truncate -s 0 \ + /root/.bash_history \ + "/home/$UNIXUSER/.bash_history" \ + /var/spool/mail/root \ + "/var/spool/mail/$UNIXUSER" \ + /var/log/apache2/access.log \ + /var/log/apache2/error.log \ + /var/log/cronjobs_success.log \ + "$VMLOGS/nextcloud.log" + # Cleanup 2 apt autoremove -y apt autoclean @@ -250,6 +273,7 @@ occ_command maintenance:repair rm -f "$NCDATA/nextcloud.log" rm -f $SCRIPTS/startup_configuration.sh rm -f $SCRIPTS/trusted.sh +rm -f $SCRIPTS/history.sh # Success! msg_box "Congratulations! You have successfully installed Nextcloud! diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index daaf3ab778..2f753eb235 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -572,6 +572,8 @@ download_script GITHUB_REPO lib download_script STATIC instruction download_script STATIC change_db_pass download_script STATIC history +download_script STATIC welcome +chown $UNIXUSER:UNIXUSER welcome download_script NETWORK trusted download_script MENU startup_configuration diff --git a/static/instruction.sh b/static/instruction.sh index 8752b9c19f..d4eccdd0d4 100644 --- a/static/instruction.sh +++ b/static/instruction.sh @@ -1,3 +1,4 @@ + #!/bin/bash # T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ @@ -16,22 +17,13 @@ echo -e "|" "${IGreen}To run the startup script type the sudoer password, then echo -e "|" "${IGreen}The default sudoer password is: ${BIGreen}nextcloud${IGreen}${Color_Off} |" cat << INST2 | | -| You can find the complete install instructions here: | -| Nextcloud VM = https://bit.ly/2S8eGfS | -| Nextcloud Home/SME Server = https://bit.ly/2k2TNaM | -| | -| To be 100% sure that all the keystrokes work correctly (like @), | -| please use an SSH terminal like Putty. You can download it here: | -| https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html | -| If you are running Windows 10 1809 or later, you can simply use SSH | -| from the command prompt. Connect like this: | -| ssh ncadmin@local.IP.of.this.server | +| You will now setup the basics of the server. | +| A working internet connection if recomended, but not needed for the | +| setup to finish properly. | | | -| This server could be made maintenace free by using automatic updates | -| with the built in update script. If you want automatic updates on | -| a weekly schelude, choose to configure it later during this setup. | +| To choose the defaults during installation, just hit [ENTER]. | | | -| ###################### T&M Hansson IT - $(date +"%Y") ###################### | +| ###################### Nextcloud - $(date +"%Y") ##################### | +-----------------------------------------------------------------------+ INST2 diff --git a/static/welcome.sh b/static/welcome.sh new file mode 100644 index 0000000000..3b456613dc --- /dev/null +++ b/static/welcome.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ + +# shellcheck disable=2034,2059 +true +# shellcheck source=lib.sh +source /var/scripts/lib.sh + +# Check for errors + debug code and abort if something isn't right +# 1 = ON +# 0 = OFF +DEBUG=0 +debug_mode + +msg_box "Nice job, you're now done with the setup! + +Please open your web browser and go to one of these places: +WAN IPv4: $WANIP4 +LAN IPv4: $ADDRESS +WAN IPv6: $WANIP6 + +If you need support, please visit https://help.nextcloud.com/ +If you want the full and extended version of this VM (including TLS, automated apps configuration, and more), please download it here: https://github.com/nextcloud/vm/releases + +To remove this prompt, please remove 'bash /home/ncadmin/welcome.sh' in /home/ncadmin/.bash_profile" From 121be84b71c80c837d16f22342d75b7eda128446 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:04:51 +0200 Subject: [PATCH 18/51] small detail --- nextcloud_install_basic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 2f753eb235..01e1c296c4 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -573,7 +573,7 @@ download_script STATIC instruction download_script STATIC change_db_pass download_script STATIC history download_script STATIC welcome -chown $UNIXUSER:UNIXUSER welcome +chown $UNIXUSER:$UNIXUSER welcome download_script NETWORK trusted download_script MENU startup_configuration From 6950a37286878b6fbca94e6ffec521fa89c2ca34 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:10:50 +0200 Subject: [PATCH 19/51] add locales --- nextcloud_install_basic.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 01e1c296c4..6e9684341f 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -573,6 +573,7 @@ download_script STATIC instruction download_script STATIC change_db_pass download_script STATIC history download_script STATIC welcome +download_script ADDONS locales chown $UNIXUSER:$UNIXUSER welcome download_script NETWORK trusted download_script MENU startup_configuration From 2c9cd94fa637e8aa3fe9b56897e1b9bf78bf657b Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:12:39 +0200 Subject: [PATCH 20/51] make it work without internet --- menu/startup_configuration.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/menu/startup_configuration.sh b/menu/startup_configuration.sh index 4589416db9..03f2c9b0e4 100644 --- a/menu/startup_configuration.sh +++ b/menu/startup_configuration.sh @@ -63,7 +63,7 @@ case "$choice" in dpkg-reconfigure keyboard-configuration setupcon --force # Set locales - run_script ADDONS locales + bash /var/scripts/locales.sh input_box "Please try out all buttons (e.g: @ # \$ : y n) to find out if the keyboard settings were correctly applied.\nIf the keyboard is still wrong, you will be offered to reboot the server in the next step.\n\nPlease continue by hitting [ENTER]" "$SUBTITLE" >/dev/null if ! yesno_box_yes "Did the keyboard work as expected??\n\nIf you choose 'No' the server will be rebooted. After the reboot, please login as usual and run this script again." "$SUBTITLE" then @@ -100,7 +100,7 @@ case "$choice" in *"Locate Mirror"*) clear print_text_in_color "$ICyan" "Downloading the Locate Mirror script..." - run_script ADDONS locate_mirror + bash /ar/scripts/locate_mirror.sh ;;& *) ;; From fcec20daa9e56092425da9c9a8c3003e86bd3823 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:13:26 +0200 Subject: [PATCH 21/51] add locate mirror --- nextcloud_install_basic.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index 6e9684341f..f204eb3ca0 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -574,6 +574,7 @@ download_script STATIC change_db_pass download_script STATIC history download_script STATIC welcome download_script ADDONS locales +download_script ADDONS locate_mirror chown $UNIXUSER:$UNIXUSER welcome download_script NETWORK trusted download_script MENU startup_configuration From b36fcccce6923ad82cb673f54bfb1815416cd55f Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:14:07 +0200 Subject: [PATCH 22/51] cleanup --- nextcloud-startup-script.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index 3ed36867a8..625bd1b52f 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -274,6 +274,8 @@ rm -f "$NCDATA/nextcloud.log" rm -f $SCRIPTS/startup_configuration.sh rm -f $SCRIPTS/trusted.sh rm -f $SCRIPTS/history.sh +rm -f $SCRIPTS/locate_mirror.sh +rm -f $SCRIPTS/locales.sh # Success! msg_box "Congratulations! You have successfully installed Nextcloud! From 2065284f14aecd709a8d54ae2687ddae8070be67 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:15:01 +0200 Subject: [PATCH 23/51] change path --- nextcloud-startup-script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-startup-script.sh b/nextcloud-startup-script.sh index 625bd1b52f..51fe0a1e25 100644 --- a/nextcloud-startup-script.sh +++ b/nextcloud-startup-script.sh @@ -238,7 +238,7 @@ if [ -d "/root/bin" ] then PATH="/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" fi -bash /home/"$UNIXUSER"/welcome.sh +bash $SCRIPTS/welcome.sh UNIXUSERNEWPROFILE cat << ROOTNEWPROFILE > "$ROOT_PROFILE" From 77ed156ee9a317ec7c437156eec240129946ee76 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:15:47 +0200 Subject: [PATCH 24/51] change path 2 --- static/welcome.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/welcome.sh b/static/welcome.sh index 3b456613dc..6b934a3473 100644 --- a/static/welcome.sh +++ b/static/welcome.sh @@ -23,4 +23,4 @@ WAN IPv6: $WANIP6 If you need support, please visit https://help.nextcloud.com/ If you want the full and extended version of this VM (including TLS, automated apps configuration, and more), please download it here: https://github.com/nextcloud/vm/releases -To remove this prompt, please remove 'bash /home/ncadmin/welcome.sh' in /home/ncadmin/.bash_profile" +To remove this prompt, please remove 'bash /var/scripts/welcome.sh' in /home/ncadmin/.bash_profile" From 9d7b703685dbb721bd956c7ecda5d29a188ddae0 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Wed, 16 Sep 2020 15:29:56 +0200 Subject: [PATCH 25/51] chown correct path --- nextcloud_install_basic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud_install_basic.sh b/nextcloud_install_basic.sh index f204eb3ca0..b62c4f5fe9 100644 --- a/nextcloud_install_basic.sh +++ b/nextcloud_install_basic.sh @@ -575,7 +575,7 @@ download_script STATIC history download_script STATIC welcome download_script ADDONS locales download_script ADDONS locate_mirror -chown $UNIXUSER:$UNIXUSER welcome +chown $UNIXUSER:$UNIXUSER $SCRIPTS/welcome.sh download_script NETWORK trusted download_script MENU startup_configuration From 9177bb67d867f6eb41b3bbaf11e01284ba39a6ef Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 15:42:06 +0200 Subject: [PATCH 26/51] remove leftovers Signed-off-by: enoch85 --- addons/automatic_updates.sh | 45 -- addons/redis-server-ubuntu.sh | 107 ----- addons/security.sh | 122 ----- apps/additional_apps.sh | 103 ----- apps/adminer.sh | 126 ------ apps/bitwarden-rs.sh | 289 ------------ apps/bitwarden-rs_admin-panel.sh | 70 --- apps/bitwarden_mailconfig.sh | 191 -------- apps/bitwarden_registration.sh | 98 ---- apps/collabora_docker.sh | 330 -------------- apps/collabora_integrated.sh | 190 -------- apps/fail2ban.sh | 193 -------- apps/fulltextsearch.sh | 184 -------- apps/netdata.sh | 116 ----- apps/onlyoffice_docker.sh | 332 -------------- apps/onlyoffice_integrated.sh | 214 --------- apps/previewgenerator.sh | 245 ---------- apps/smbmount.sh | 579 ------------------------ apps/talk.sh | 180 -------- apps/talk_signaling.sh | 435 ------------------ apps/tmbitwarden.sh | 314 ------------- apps/webmin.sh | 75 --- static/change-to-zfs-mount-generator.sh | 68 --- static/index.php | 147 ------ static/locales.sh | 36 -- static/locate_mirror.sh | 54 --- static/nextcloud.sh | 19 - static/static_ip.sh | 242 ---------- 28 files changed, 5104 deletions(-) delete mode 100644 addons/automatic_updates.sh delete mode 100644 addons/redis-server-ubuntu.sh delete mode 100644 addons/security.sh delete mode 100644 apps/additional_apps.sh delete mode 100644 apps/adminer.sh delete mode 100644 apps/bitwarden-rs.sh delete mode 100644 apps/bitwarden-rs_admin-panel.sh delete mode 100644 apps/bitwarden_mailconfig.sh delete mode 100644 apps/bitwarden_registration.sh delete mode 100644 apps/collabora_docker.sh delete mode 100644 apps/collabora_integrated.sh delete mode 100644 apps/fail2ban.sh delete mode 100644 apps/fulltextsearch.sh delete mode 100644 apps/netdata.sh delete mode 100644 apps/onlyoffice_docker.sh delete mode 100644 apps/onlyoffice_integrated.sh delete mode 100644 apps/previewgenerator.sh delete mode 100644 apps/smbmount.sh delete mode 100644 apps/talk.sh delete mode 100644 apps/talk_signaling.sh delete mode 100644 apps/tmbitwarden.sh delete mode 100644 apps/webmin.sh delete mode 100644 static/change-to-zfs-mount-generator.sh delete mode 100644 static/index.php delete mode 100644 static/locales.sh delete mode 100644 static/locate_mirror.sh delete mode 100644 static/nextcloud.sh delete mode 100644 static/static_ip.sh diff --git a/addons/automatic_updates.sh b/addons/automatic_updates.sh deleted file mode 100644 index 1caaf42fc2..0000000000 --- a/addons/automatic_updates.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Automatic Updates" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -print_text_in_color "$ICyan" "Configuring automatic updates..." - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -msg_box "This option will update your server every week on Saturdays at $AUT_UPDATES_TIME:00. -The update will run the built in script '$SCRIPTS/update.sh' which will update both the server packages and Nextcloud itself. - -You can read more about it here: https://www.techandme.se/nextcloud-update-is-now-fully-automated/ -Please keep in mind that automatic updates might fail hence it's important to have a proper backup in place if you plan to run this option. - -You can disable the automatic updates by entering the crontab file like this: -'sudo crontab -e -u root' -Then just put a hash (#) in front of the row that you want to disable. - -In the next step you will be able to choose to proceed or exit." - -if yesno_box_yes "Do you want to enable automatic updates?" -then - # TODO: delete the following line after a few releases. It was copied to the install-script. - occ_command config:app:set updatenotification notify_groups --value="[]" - touch $VMLOGS/update.log - crontab -u root -l | { cat; echo "0 $AUT_UPDATES_TIME * * 6 $SCRIPTS/update.sh minor >> $VMLOGS/update.log"; } | crontab -u root - - if yesno_box_yes "Do you want to reboot your server after every update? *recommended*" - then - sed -i "s|exit|/sbin/shutdown -r +1|g" "$SCRIPTS"/update.sh - echo "exit" >> "$SCRIPTS"/update.sh - fi -fi diff --git a/addons/redis-server-ubuntu.sh b/addons/redis-server-ubuntu.sh deleted file mode 100644 index 02f3a558e7..0000000000 --- a/addons/redis-server-ubuntu.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Redis Server Ubuntu" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Check Ubuntu version -if ! version 16.04 "$DISTRO" 20.04.6; then -msg_box "Your current Ubuntu version is $DISTRO but must be between 16.04 - 20.04.6 to run this script." -msg_box "Please contact us to get support for upgrading your server: -https://www.hanssonit.se/#contact -https://shop.hanssonit.se/" - exit 1 -fi - -# Check if dir exists -if [ ! -d $SCRIPTS ] -then - mkdir -p $SCRIPTS -fi - -# Check the current PHPVER -check_php - -# Install Redis -install_if_not php"$PHPVER"-dev -pecl channel-update pecl.php.net -if ! yes no | pecl install -Z redis -then - msg_box "PHP module installation failed" -exit 1 -else - printf "${IGreen}\nPHP module installation OK!${Color_Off}\n" -fi -install_if_not redis-server - -# Setting direct to PHP-FPM as it's installed with PECL (globally doesn't work) -print_text_in_color "$ICyan" "Adding extension=redis.so to $PHP_INI..." -echo 'extension=redis.so' >> "$PHP_INI" - -# Prepare for adding redis configuration -sed -i "s|);||g" $NCPATH/config/config.php - -# Add the needed config to Nextclouds config.php -cat <> $NCPATH/config/config.php - 'memcache.local' => '\\OC\\Memcache\\APCu', - 'filelocking.enabled' => true, - 'memcache.distributed' => '\\OC\\Memcache\\Redis', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'redis' => - array ( - 'host' => '$REDIS_SOCK', - 'port' => 0, - 'timeout' => 0.5, - 'dbindex' => 0, - 'password' => '$REDIS_PASS', - ), -); -ADD_TO_CONFIG - -## Redis performance tweaks ## -if ! grep -Fxq "vm.overcommit_memory = 1" /etc/sysctl.conf -then - echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf -fi - -# Disable THP -if ! grep -Fxq "never" /sys/kernel/mm/transparent_hugepage/enabled -then - echo "never" > /sys/kernel/mm/transparent_hugepage/enabled -fi - -# Raise TCP backlog -#if ! grep -Fxq "net.core.somaxconn" /proc/sys/net/core/somaxconn -#then -# sed -i "s|net.core.somaxconn.*||g" /etc/sysctl.conf -# sysctl -w net.core.somaxconn=512 -# echo "net.core.somaxconn = 512" >> /etc/sysctl.conf -#fi -sed -i "s|# unixsocket .*|unixsocket $REDIS_SOCK|g" $REDIS_CONF -sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF -sed -i "s|^port.*|port 0|" $REDIS_CONF -sed -i "s|# requirepass .*|requirepass $REDIS_PASS|g" $REDIS_CONF -sed -i 's|# rename-command CONFIG ""|rename-command CONFIG ""|' $REDIS_CONF -redis-cli SHUTDOWN - -# Secure Redis -chown redis:root /etc/redis/redis.conf -chmod 600 /etc/redis/redis.conf - -apt update -q4 & spinner_loading -apt autoremove -y -apt autoclean - -exit diff --git a/addons/security.sh b/addons/security.sh deleted file mode 100644 index 6db9bb5c80..0000000000 --- a/addons/security.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# REMOVE disable of SC2154 WHEN PUTTING SPAMHAUS IN PRODUCTION (it's just to fixing travis for now) -# shellcheck disable=2034,2059,SC2154 -true -SCRIPT_NAME="Setup Extra Security" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -print_text_in_color "$ICyan" "Installing Extra Security..." - -# Based on: http://www.techrepublic.com/blog/smb-technologist/secure-your-apache-server-from-ddos-slowloris-and-dns-injection-attacks/ - -# Protect against DDOS -apt update -q4 & spinner_loading -apt -y install libapache2-mod-evasive -mkdir -p /var/log/apache2/evasive -chown -R www-data:root /var/log/apache2/evasive -if [ ! -f "$ENVASIVE" ] -then - touch "$ENVASIVE" - cat << ENVASIVE > "$ENVASIVE" -DOSHashTableSize 2048 -DOSPageCount 20 # maximum number of requests for the same page -DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener -DOSPageInterval 1.0 # interval for the page count threshold -DOSSiteInterval 1.0 # interval for the site count threshold -DOSBlockingPeriod 10.0 # time that a client IP will be blocked for -DOSLogDir -ENVASIVE -fi - -# Protect against Slowloris -#apt -y install libapache2-mod-qos -a2enmod reqtimeout # http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html - -# Don't enable SpamHaus now as it's now working anyway -# REMOVE disable of SC2154 WHEN PUTTING SPAMHAUS IN PRODUCTION (it's just to fixing travis for now) -exit - -# Protect against DNS Injection -# Insipired by: https://www.c-rieger.de/nextcloud-13-nginx-installation-guide-for-ubuntu-18-04-lts/#spamhausproject - -# shellcheck disable=SC2016 -DATE='$(date +%Y-%m-%d)' -cat << SPAMHAUS_ENABLE > "$SCRIPTS/spamhaus_cronjob.sh" -#!/bin/bash -# Thanks to @ank0m -EXEC_DATE='date +%Y-%m-%d' -SPAMHAUS_DROP="/usr/local/src/drop.txt" -SPAMHAUS_eDROP="/usr/local/src/edrop.txt" -URL="https://www.spamhaus.org/drop/drop.txt" -eURL="https://www.spamhaus.org/drop/edrop.txt" -DROP_ADD_TO_UFW="/usr/local/src/DROP2.txt" -eDROP_ADD_TO_UFW="/usr/local/src/eDROP2.txt" -DROP_ARCHIVE_FILE="/usr/local/src/DROP_{$EXEC_DATE}" -eDROP_ARCHIVE_FILE="/usr/local/src/eDROP_{$EXEC_DATE}" -# All credits for the following BLACKLISTS goes to "The Spamhaus Project" - https://www.spamhaus.org -echo "Start time: $(date)" -echo " " -echo "Download daily DROP file:" -curl -fsSL "$URL" > $SPAMHAUS_DROP -grep -v '^;' $SPAMHAUS_DROP | cut -d ' ' -f 1 > $DROP_ADD_TO_UFW -echo " " -echo "Extract DROP IP addresses and add to UFW:" -cat $DROP_ADD_TO_UFW | while read line -do -/usr/sbin/ufw insert 1 deny from "$line" comment 'DROP_Blacklisted_IPs' -done -echo " " -echo "Downloading eDROP list and import to UFW" -echo " " -echo "Download daily eDROP file:" -curl -fsSL "$eURL" > $SPAMHAUS_eDROP -grep -v '^;' $SPAMHAUS_eDROP | cut -d ' ' -f 1 > $eDROP_ADD_TO_UFW -echo " " -echo "Extract eDROP IP addresses and add to UFW:" -cat $eDROP_ADD_TO_UFW | while read line -do -/usr/sbin/ufw insert 1 deny from "$line" comment 'eDROP_Blacklisted_IPs' -done -echo " " -##### -## To remove or revert these rules, keep the list of IPs! -## Run a command like so to remove the rules: -# while read line; do ufw delete deny from $line; done < $ARCHIVE_FILE -##### -echo "Backup DROP IP address list:" -mv $DROP_ADD_TO_UFW $DROP_ARCHIVE_FILE -echo " " -echo "Backup eDROP IP address list:" -mv $eDROP_ADD_TO_UFW $eDROP_ARCHIVE_FILE -echo " " -echo End time: $(date) -SPAMHAUS_ENABLE - -# Make the file executable -chmod +x "$SCRIPTS"/spamhaus_cronjob.sh - -# Add it to crontab -(crontab -l ; echo "10 2 * * * $SCRIPTS/spamhaus_crontab.sh 2>&1") | crontab -u root - - -# Run it for the first time -check_command bash "$SCRIPTS"/spamhaus_cronjob.sh - -# Enable $SPAMHAUS -if sed -i "s|#MS_WhiteList /etc/spamhaus.wl|MS_WhiteList $SPAMHAUS|g" /etc/apache2/mods-enabled/spamhaus.conf -then - print_text_in_color "$IGreen" "Security added!" - restart_webserver -fi diff --git a/apps/additional_apps.sh b/apps/additional_apps.sh deleted file mode 100644 index 685b483352..0000000000 --- a/apps/additional_apps.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Additional Apps" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Install Apps -choice=$(whiptail --title "$TITLE" --checklist "Which apps do you want to install?\n\nAutomatically configure and install selected apps\n$CHECKLIST_GUIDE\n$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Fail2ban" "(Extra Bruteforce protection)" OFF \ -"Adminer" "(PostgreSQL GUI)" OFF \ -"Netdata" "(Real-time server monitoring)" OFF \ -"Collabora" "(Online editing [2GB RAM])" OFF \ -"OnlyOffice" "(Online editing [2GB RAM])" OFF \ -"Bitwarden" "(External password manager)" OFF \ -"FullTextSearch" "(Elasticsearch for Nextcloud [2GB RAM])" OFF \ -"PreviewGenerator" "(Pre-generate previews)" OFF \ -"LDAP" "(Windows Active directory)" OFF \ -"Talk" "(Nextcloud Video calls and chat)" OFF \ -"Webmin" "(Server GUI)" OFF \ -"SMB-mount" "(Connect to SMB-shares from your local network)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Fail2ban"*) - clear - print_text_in_color "$ICyan" "Downloading Fail2ban.sh..." - run_script APP fail2ban - ;;& - *"Adminer"*) - clear - print_text_in_color "$ICyan" "Downloading Adminer.sh..." - run_script APP adminer - ;;& - *"Netdata"*) - clear - print_text_in_color "$ICyan" "Downloading Netdata.sh..." - run_script APP netdata - ;;& - *"OnlyOffice"*) - clear - print_text_in_color "$ICyan" "Downloading OnlyOffice.sh..." - run_script APP onlyoffice - ;;& - *"Collabora"*) - clear - print_text_in_color "$ICyan" "Downloading Collabora.sh..." - run_script APP collabora - ;;& - *"Bitwarden"*) - clear - print_text_in_color "$ICyan" "Downloading Bitwarden.sh..." - run_script APP tmbitwarden - ;;& - *"FullTextSearch"*) - clear - print_text_in_color "$ICyan" "Downloading FullTextSearch.sh..." - run_script APP fulltextsearch - ;;& - *"PreviewGenerator"*) - clear - print_text_in_color "$ICyan" "Downloading PreviewGenerator.sh..." - run_script APP previewgenerator - ;;& - *"LDAP"*) - clear - print_text_in_color "$ICyan" "Installing LDAP..." - if install_and_enable_app user_ldap - then - msg_box "LDAP installed! Please visit https://subdomain.yourdomain.com/settings/admin/ldap to finish the setup once this script is done." - else - msg_box "LDAP installation failed." - fi - ;;& - *"Talk"*) - clear - print_text_in_color "$ICyan" "Downloading Talk.sh..." - run_script APP talk - ;;& - *"SMB-mount"*) - clear - print_text_in_color "$ICyan" "Downloading SMB-mount.sh..." - run_script APP smbmount - ;;& - *"Webmin"*) - run_script APP webmin - ;;& - *) - ;; -esac -clear -exit diff --git a/apps/adminer.sh b/apps/adminer.sh deleted file mode 100644 index 5554c380a7..0000000000 --- a/apps/adminer.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Adminer" -SCRIPT_EXPLAINER="Adminer is a full-featured database management tool written in PHP." -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -explainer_popup - -# Check if adminer is already installed -print_text_in_color "$ICyan" "Checking if Adminer is already installed..." -if is_this_installed adminer -then - # Ask for removal or reinstallation - reinstall_remove_menu - # Removal - check_external_ip # Check that the script can see the external IP (apache fails otherwise) - a2disconf adminer.conf - rm -f $ADMINER_CONF - rm -rf $ADMINERDIR - check_command apt-get purge adminer -y - restart_webserver - # Show successful uninstall if applicable - removal_popup -else - print_text_in_color "$ICyan" "Installing and securing Adminer..." -fi - -# Check that the script can see the external IP (apache fails otherwise) -check_external_ip - -# Check distrobution and version -check_distro_version - -# Install Adminer -apt update -q4 & spinner_loading -install_if_not adminer -curl_to_dir "http://www.adminer.org" "latest.php" "$ADMINERDIR" -curl_to_dir "https://raw.githubusercontent.com/Niyko/Hydra-Dark-Theme-for-Adminer/master" "adminer.css" "$ADMINERDIR" -ln -s "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php - -cat << ADMINER_CREATE > "$ADMINER_CONF" - - RewriteEngine On - RewriteRule ^(.*)$ https://%{HTTP_HOST}$1:9443 [R=301,L] - - -Listen 9443 - - - Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" - SSLEngine on - - # This is needed to redirect access on http://$ADDRESS:9443/ to https://$ADDRESS:9443/ - ErrorDocument 400 https://$ADDRESS:9443/ - -### YOUR SERVER ADDRESS ### -# ServerAdmin admin@example.com -# ServerName adminer.example.com - -### SETTINGS ### - - SetHandler "proxy:unix:/run/php/php7.4-fpm.nextcloud.sock|fcgi://localhost" - - - DocumentRoot $ADMINERDIR - - - - DirectoryIndex adminer.php - - AllowOverride None - - # Only allow connections from localhost: - Require ip $GATEWAY/24 - - -### LOCATION OF CERT FILES ### - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - -ADMINER_CREATE - -# Enable config -check_command a2ensite adminer.conf - -if ! restart_webserver -then -msg_box "Apache2 could not restart... -The script will exit." - exit 1 -else -msg_box "Adminer was sucessfully installed and can be reached here: -https://$ADDRESS:9443 - -You can download more plugins and get more information here: -https://www.adminer.org - -Your PostgreSQL connection information can be found in $NCPATH/config/config.php. -These are the current values: - -$(grep dbhost $NCPATH/config/config.php) -$(grep dbuser $NCPATH/config/config.php) -$(grep dbpassword $NCPATH/config/config.php) -$(grep dbname $NCPATH/config/config.php) - -In case you try to access Adminer and get 'Forbidden' you need to change the IP in: -$ADMINER_CONF" -fi - -exit diff --git a/apps/bitwarden-rs.sh b/apps/bitwarden-rs.sh deleted file mode 100644 index 3677539fb4..0000000000 --- a/apps/bitwarden-rs.sh +++ /dev/null @@ -1,289 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden RS" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if bitwarden_rs is already installed -if [ -d /home/bitwarden_rs ] || docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden_rs"; -then - msg_box "It seems like you have already installed Bitwarden_rs. -You cannot install it again because you would loose all your data and passwords. - -If you are certain that you definitely want to delete Bitwarden_rs and all -its data to be able to reinstall it, you can execute the following commands: - -'sudo docker stop bitwarden_rs' -'sudo docker rm bitwarden_rs' -'sudo rm -r /home/bitwarden_rs'" - exit 1 -fi - -# Inform what bitwarden_rs is -msg_box "Bitwarden_rs is an unofficial Bitwarden server API implementation in Rust. -It has less hardware requirements and therefore runs on nearly any hardware. - -Since it's unofficial, you need to really trust the maintainer of the project to install it: -https://github.com/dani-garcia/bitwarden_rs -You never know what could hide in an unofficial release. - -It's always is recommended to install the official Bitwarden by running: -sudo bash /var/scripts/menu.sh --> Additional Apps --> Bitwarden - -Please report issues only to https://github.com/dani-garcia/bitwarden_rs" - -msg_box "Are you really sure? - -It's always is recommended to install the official Bitwarden by running: -sudo bash /var/scripts/menu.sh --> Additional Apps --> Bitwarden - -You will be offered to abort in the next step" - -if ! yesno_box_yes "Are you sure you want to install Bitwarden_rs?" -then - exit -fi - -# Ask for domain -SUBDOMAIN=$(input_box_flow "Please enter the Domain that you want to use for Bitwarden RS.") - -# curl the lib another time to get the correct https_conf -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -msg_box "Please make sure that you have you have edited the dns-settings of your domain and open ports 80 and 443." - -if ! yesno_box_yes "Have you made the necessary preparations?" -then - exit -fi - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# Install Apache2 -install_if_not apache2 - -# Enable Apache2 module's -a2enmod proxy -a2enmod proxy_wstunnel -a2enmod proxy_http -a2enmod ssl -a2enmod headers -a2enmod remoteip - -if [ -f "$HTTPS_CONF" ] -then - a2dissite "$SUBDOMAIN.conf" - rm -f "$HTTPS_CONF" -fi - -if [ ! -f "$HTTPS_CONF" ]; -then - cat << HTTPS_CREATE > "$HTTPS_CONF" - - ServerName $SUBDOMAIN:443 - SSLEngine on - ServerSignature On - SSLHonorCipherOrder on - SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem - SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB - - SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/access.log combined - ErrorLog ${APACHE_LOG_DIR}/error.log - # Just in case - see below - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - # contra mixed content warnings - RequestHeader set X-Forwarded-Proto "https" - RewriteEngine On - RewriteCond %{HTTP:Upgrade} =websocket [NC] - RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L] - # basic proxy settings - ProxyRequests off - ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.1:1024/$1$2" - ProxyPass / "http://127.0.0.1:1024/" - ProxyPassReverse / "http://127.0.0.1:1024/" - # Extra (remote) headers - RequestHeader set X-Real-IP %{REMOTE_ADDR}s - Header set X-XSS-Protection "1; mode=block" - Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - Header set X-Content-Type-Options nosniff - Header set Content-Security-Policy "frame-ancestors 'self'" - -HTTPS_CREATE - - if [ -f "$HTTPS_CONF" ]; - then - print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created." - sleep 1 - else - print_text_in_color "$IRed" "Unable to create vhost, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 - fi -fi - -# Install certbot (Let's Encrypt) -install_certbot - -# Generate certs and auto-configure if successful -if generate_cert "$SUBDOMAIN" -then - # Generate DHparams chifer - if [ ! -f "$DHPARAMS_SUB" ] - then - openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096 - fi - print_text_in_color "$IGreen" "Certs are generated!" - a2ensite "$SUBDOMAIN.conf" - restart_webserver -else - # remove settings to be able to start over again - rm -f "$HTTPS_CONF" - last_fail_tls "$SCRIPTS"/apps/tmbitwarden.sh - exit 1 -fi - -# Install docker -install_docker - -# Create dir for Bitwarden RS -mkdir -p /home/bitwarden_rs -chown nobody -R /home/bitwarden_rs -chmod -R 0770 /home/bitwarden_rs - -# Generate admin password -ADMIN_PASS=$(gen_passwd "$SHUF" "A-Za-z0-9") - -# Install docker-container -docker pull bitwardenrs/server:latest -docker run -d --name bitwarden_rs \ - --user nobody \ - -e ADMIN_TOKEN="$ADMIN_PASS" \ - -e SIGNUPS_VERIFY=true \ - -e DOMAIN="https://$SUBDOMAIN" \ - -e SIGNUPS_ALLOWED=false \ - -p 1024:1024 \ - -e ROCKET_PORT=1024 \ - -e WEBSOCKET_ENABLED=true \ - -p 3012:3012 \ - -e LOG_FILE=/data/bitwarden.log \ - -e LOG_LEVEL=warn \ - -v /home/bitwarden_rs/:/data/ \ - -v /etc/timezone:/etc/timezone:ro \ - -v /etc/localtime:/etc/localtime:ro \ - --restart always \ - bitwardenrs/server:latest - -# Add prune command -add_dockerprune - -# Inform about fail2ban -msg_box "We will now set up fail2ban for you. -You can unban ip addresses by executing the following command: -sudo fail2ban-client set bitwarden_rs unbanip XX.XX.XX.XX -sudo fail2ban-client set bitwarden_rs-admin unbanip XX.XX.XX.XX" - -# Install fail2ban -install_if_not fail2ban -systemctl stop fail2ban - -# Create all needed files -# Bitwarden RS conf -cat << BW_CONF > /etc/fail2ban/filter.d/bitwarden_rs.local -[INCLUDES] -before = common.conf - -[Definition] -failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ -ignoreregex = -BW_CONF - -# Bitwarden RS jail -cat << BW_JAIL_CONF > /etc/fail2ban/jail.d/bitwarden_rs.local -[bitwarden_rs] -enabled = true -port = 80,443,8081 -filter = bitwarden_rs -action = iptables-allports[name=bitwarden_rs] -logpath = /home/bitwarden_rs/bitwarden.log -maxretry = 20 -bantime = 1209600 -findtime = 1800 -ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 -BW_JAIL_CONF - -# bitwarden_rs-admin conf -cat << BWA_CONF > /etc/fail2ban/filter.d/bitwarden_rs-admin.local -[INCLUDES] -before = common.conf - -[Definition] -failregex = ^.*Invalid admin token\. IP: .*$ -ignoreregex = -BWA_CONF - -# bitwarden_rs-admin jail -cat << BWA_JAIL_CONF > /etc/fail2ban/jail.d/bitwarden_rs-admin.local -[bitwarden_rs-admin] -enabled = true -port = 80,443 -filter = bitwarden_rs-admin -action = iptables-allports[name=bitwarden_rs] -logpath = /home/bitwarden_rs/bitwarden.log -maxretry = 5 -bantime = 1209600 -findtime = 1800 -ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 -BWA_JAIL_CONF - -check_command systemctl start fail2ban -countdown "Waiting for fail2ban to start... " 5 -check_command fail2ban-client reload - -while : -do -msg_box "Bitwarden_rs with fail2ban have been sucessfully installed! -Please visit https://$SUBDOMAIN/admin to manage all your settings. - -Attention! Please note down the password for the admin panel: $ADMIN_PASS -Otherwise you will not have access to your Bitwarden_rs installation and have to reinstall it completely! - -It is highly recommended to configure and test the smtp settings for mails first. -Then, if it works, you can easily invite all your user with an e-mail address from this admin-panel. -(You have to click on users in the top-panel) - -Please remember to report issues only to https://github.com/dani-garcia/bitwarden_rs" - if yesno_box_no "Do you have the admin password now and know how to access the admin-panel?" - then - break - fi -done - -exit diff --git a/apps/bitwarden-rs_admin-panel.sh b/apps/bitwarden-rs_admin-panel.sh deleted file mode 100644 index b42eed9b54..0000000000 --- a/apps/bitwarden-rs_admin-panel.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden RS Admin" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -if [ ! -d /home/bitwarden_rs ] -then - msg_box "Please install Bitwarden_rs before changing this option." - exit 1 -elif [ ! -f /home/bitwarden_rs/config.json ] -then - msg_box "Please configure your smtp settings before changing this option." - exit 1 -fi - -# Yes or No? -choice=$(whiptail --title "$TITLE" --menu "Do you want to disable the Bitwarden_rs admin-panel?\nYou can view this menu later by running 'sudo bash $SCRIPTS/menu.sh'" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Yes" "(Disable the admin-panel)" \ -"No" "(Enable the admin-panel and change the password for the admin-panel)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Yes") - clear - print_text_in_color "$ICyan" "Stopping bitwarden_rs..." - docker stop bitwarden_rs - if grep -q '"admin_token":' /home/bitwarden_rs/config.json - then - sed -i 's|"admin_token":.*|"admin_token": "",|g' /home/bitwarden_rs/config.json - else - sed -i '0,/{/a \ \ "admin_token": "",' /home/bitwarden_rs/config.json - fi - print_text_in_color "$ICyan" "Starting bitwarden_rs..." - docker start bitwarden_rs - msg_box "The admin-panel for Bitwarden_rs is now disabled." - ;; - "No") - clear - print_text_in_color "$ICyan" "Stopping bitwarden_rs..." - docker stop bitwarden_rs - ADMIN_PASS=$(gen_passwd "$SHUF" "A-Za-z0-9") - if grep -q '"admin_token":' /home/bitwarden_rs/config.json - then - sed -i "s|\"admin_token\":.*|\"admin_token\": \"$ADMIN_PASS\",|g" /home/bitwarden_rs/config.json - else - sed -i "0,/{/a \ \ \"admin_token\": \"$ADMIN_PASS\"," /home/bitwarden_rs/config.json - fi - print_text_in_color "$ICyan" "Starting bitwarden_rs..." - docker start bitwarden_rs -msg_box "The admin-panel for Bitwarden_rs is now enabled.\n -Please note down the new admin-panel password: $ADMIN_PASS\n -Otherwise you will not be able to login to the admin-panel.\n -To change the password again, you can simply run this option (enable admin-panel) again." - ;; - *) - ;; -esac diff --git a/apps/bitwarden_mailconfig.sh b/apps/bitwarden_mailconfig.sh deleted file mode 100644 index 0cca4c2121..0000000000 --- a/apps/bitwarden_mailconfig.sh +++ /dev/null @@ -1,191 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden Mail Configuration" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Check if Bitwarden is already installed -print_text_in_color "$ICyan" "Checking if Bitwarden is already installed..." -if is_docker_running -then - if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden"; - then - if [ ! -d "$BITWARDEN_HOME"/bwdata ] - then - msg_box "It seems like 'Bitwarden' isn't installed in $BITWARDEN_HOME.\n\nYou cannot run this script." - exit 1 - fi - else - msg_box "It seems like 'Bitwarden' isn't installed.\n\nYou cannot run this script." - exit 1 - fi -else - msg_box "It seems like 'Bitwarden' isn't installed.\n\nYou cannot run this script." - exit 1 -fi - -msg_box "This script lets you configure your mailserver settings for Bitwarden." -if ! yesno_box_yes "Do you want to continue?" -then - exit -fi - -# Insert globalSettings__mail__smtp__trustServer to global.override -if ! grep -q "^globalSettings__mail__smtp__trustServer=" "$BITWARDEN_HOME"/bwdata/env/global.override.env -then - echo "globalSettings__mail__smtp__trustServer=false" >> "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi - -# Insert globalSettings__mail__smtp__startTls to global.override -if ! grep -q "^globalSettings__mail__smtp__startTls=" "$BITWARDEN_HOME"/bwdata/env/global.override.env -then - echo "globalSettings__mail__smtp__startTls=false" >> "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi - -# Enter mailserver -MAIL_SERVER=$(input_box_flow "Please enter the mailserver URL that you want to use.\nE.g. smtp.mail.de\nIf you don't want to change the mailserver, that is already configured inside the global.override.env-file, just leave the box empty.") - -# Enter if you want to use ssl -while : -do - PROTOCOL=$(input_box "Please type in the encryption protocol for your mailserver.\nThe available options are 'SSL', 'STARTTLS' or 'none'.\n\nIf you don't want to change the protocol setting, that are already configured inside the global.override.env-file, just leave the box empty.") - if ! yesno_box_yes "Is this correct? $PROTOCOL" - then - msg_box "OK, please try again." - else - if [ "$PROTOCOL" = "SSL" ] - then - DEFAULT_PORT=465 - break - elif [ "$PROTOCOL" = "none" ] - then - DEFAULT_PORT=25 - break - elif [ "$PROTOCOL" = "STARTTLS" ] - then - DEFAULT_PORT=587 - break - elif [ "$PROTOCOL" = "" ] - then - DEFAULT_PORT="" - break - else - msg_box "The answer wasn't correct. Please type in 'SSL', 'STARTTLS', 'none' or leave the inputbox empty." - fi - fi -done - -# Enter Port or just use standard port (defined by usage of ssl) -SMTP_PORT=$(input_box_flow "Please enter the port for your mailserver. The default port based on your protocol setting is $DEFAULT_PORT?\nPlease type that port into the inputbox, if you want to use it.\n\nIf you don't want to change the port, that is already configured inside the global.override.env-file, just leave the box empty.") - -# Enter your mail username -MAIL_USERNAME=$(input_box_flow "Please enter the username for the login to your mail provider. E.g. mail@example.com\nPlease note: the domain used for your mail username and the mailserver domain have to match!\nIf you don't want to change the mail username that is already configured inside the global.override.env-file, just leave the box empty.") - -# Enter your mailuser password -MAIL_PASSWORD=$(input_box_flow "Please enter the password for your mailserver user.\nIf you don't want to change the password, that is already configured inside the global.override.env-file, just leave the box empty.") - -# Enter admin mailadresses -ADMIN_ACCOUNT=$(input_box_flow "Please enter mailaccounts, that should have access to the Bitwarden admin-panel, reachable under https://your-bitwarden-domain/admin/.\nThey don't have to be registered Bitwarden accounts.\nTo make this setting work, your Bitwarden mailserver settings have to be correct.\nYou can enter just one e-mailaddress or enter more than one like so:\n'bitwarden@example.com,bitwarden2@example1.com,bitwarden3@example2.com'\nIf you want to keep the admin accounts that are already configured inside the global.override.env-file, just leave the box empty.") - -# Get results and store in a variable: -RESULT="These are the settings that will be changed in global.override.env. Please check that everything seems correct.\n\n" -if [ -n "$MAIL_SERVER" ] -then - RESULT+="Mailserver URL=$MAIL_SERVER\n" -fi -# SSL -if [ -n "$PROTOCOL" ] -then - RESULT+="PROTOCOL=$PROTOCOL\n" -fi -# SMTP-Port -if [ -n "$SMTP_PORT" ] -then - RESULT+="SMTP port=$SMTP_PORT\n" -fi -# Mail username -if [ -n "$MAIL_USERNAME" ] -then - RESULT+="SMTP Username=$MAIL_USERNAME\n" -fi -# Mail password -if [ -n "$MAIL_PASSWORD" ] -then - RESULT+="SMTP Password=$MAIL_PASSWORD\n" -fi -# Admin account(s) -if [ -n "$ADMIN_ACCOUNT" ] -then - RESULT+="Admin account(s)=$ADMIN_ACCOUNT" -fi - -# Present what we gathered, if everything okay, write to files -msg_box "$RESULT" -if ! yesno_box_yes "Do you want to proceed?" -then - exit -fi - -# Stop bitwarden -systemctl stop bitwarden - -# Write to files -# mailserver -if [ -n "$MAIL_SERVER" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__host=.*|globalSettings__mail__smtp__host=$MAIL_SERVER|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi -# SSL -if [ "$PROTOCOL" = "SSL" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__ssl=.*|globalSettings__mail__smtp__ssl=true|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env - check_command sed -i "s|^globalSettings__mail__smtp__startTls=.*|globalSettings__mail__smtp__startTls=false|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -elif [ "$PROTOCOL" = "none" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__ssl=.*|globalSettings__mail__smtp__ssl=false|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env - check_command sed -i "s|^globalSettings__mail__smtp__startTls=.*|globalSettings__mail__smtp__startTls=false|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -elif [ "$PROTOCOL" = "STARTTLS" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__startTls=.*|globalSettings__mail__smtp__startTls=true|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env - check_command sed -i "s|^globalSettings__mail__smtp__ssl=.*|globalSettings__mail__smtp__ssl=false|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi -# SMTP-Port -if [ -n "$SMTP_PORT" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__port=.*|globalSettings__mail__smtp__port=$SMTP_PORT|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi -# Mail username -if [ -n "$MAIL_USERNAME" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__username=.*|globalSettings__mail__smtp__username=$MAIL_USERNAME|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi -# Mail password -if [ -n "$MAIL_PASSWORD" ] -then - check_command sed -i "s|^globalSettings__mail__smtp__password=.*|globalSettings__mail__smtp__password=$MAIL_PASSWORD|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi -# Admin account(s) -if [ -n "$ADMIN_ACCOUNT" ] -then - check_command sed -i "s|^adminSettings__admins=.*|adminSettings__admins=$ADMIN_ACCOUNT|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env -fi - -# Start Bitwarden -systemctl start bitwarden -msg_box "Your Bitwarden mailserver settings should be successfully changed by now. - -If you experience any issues, please report them to $ISSUES" -exit diff --git a/apps/bitwarden_registration.sh b/apps/bitwarden_registration.sh deleted file mode 100644 index b05ed89ae6..0000000000 --- a/apps/bitwarden_registration.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden Registration" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Check if Bitwarden is already installed -print_text_in_color "$ICyan" "Checking if Bitwarden is already installed..." -if is_docker_running -then - if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden"; - then - if [ ! -d /root/bwdata ] [ ! -d "$BITWARDEN_HOME"/bwdata ] - then - msg_box "It seems like 'Bitwarden' isn't installed.\n\nYou cannot run this script." - exit 1 - fi - else - msg_box "It seems like 'Bitwarden' isn't installed.\n\nYou cannot run this script." - exit 1 - fi -else - msg_box "It seems like 'Bitwarden' isn't installed.\n\nYou cannot run this script." - exit 1 -fi - -# Yes or No? -choice=$(whiptail --title "$TITLE" --menu "Do you want to disable Bitwarden User Registration?\nYou can view this menu later by running 'sudo bash $SCRIPTS/menu.sh'" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Yes" "(Disable public user registration)" \ -"No" "(Enable public user registration)" 3>&1 1>&2 2>&3) - -case "$choice" in - "Yes") - clear - print_text_in_color "$ICyan" "Disabling Bitwarden User Regitration..." - # Disable - if [ -f /root/bwdata/env/global.override.env ] - then - sed -i "s|globalSettings__disableUserRegistration=.*|globalSettings__disableUserRegistration=true|g" /root/bwdata/env/global.override.env - # Restart Bitwarden - install_if_not curl - cd /root - curl_to_dir "https://raw.githubusercontent.com/bitwarden/core/master/scripts" "bitwarden.sh" "/root" - chmod +x /root/bitwarden.sh - check_command ./bitwarden.sh restart - elif [ -f "$BITWARDEN_HOME"/bwdata/env/global.override.env ] - then - sed -i "s|globalSettings__disableUserRegistration=.*|globalSettings__disableUserRegistration=true|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env - # Restart Bitwarden - install_if_not curl - cd "$BITWARDEN_HOME" - curl_to_dir "https://raw.githubusercontent.com/bitwarden/core/master/scripts" "bitwarden.sh" "$BITWARDEN_HOME" - chown "$BITWARDEN_USER":"$BITWARDEN_USER" "$BITWARDEN_HOME"/bitwarden.sh - chmod +x "$BITWARDEN_HOME"/bitwarden.sh - check_command systemctl restart bitwarden - fi - ;; - "No") - clear - print_text_in_color "$ICyan" "Enabling Bitwarden User Registration..." - # Enable - if [ -f /root/bwdata/env/global.override.env ] - then - sed -i "s|globalSettings__disableUserRegistration=.*|globalSettings__disableUserRegistration=false|g" /root/bwdata/env/global.override.env - # Restart Bitwarden - install_if_not curl - cd /root - curl_to_dir "https://raw.githubusercontent.com/bitwarden/core/master/scripts" "bitwarden.sh" "/root" - chmod +x /root/bitwarden.sh - check_command ./bitwarden.sh restart - elif [ -f "$BITWARDEN_HOME"/bwdata/env/global.override.env ] - then - sed -i "s|globalSettings__disableUserRegistration=.*|globalSettings__disableUserRegistration=false|g" "$BITWARDEN_HOME"/bwdata/env/global.override.env - # Restart Bitwarden - install_if_not curl - cd "$BITWARDEN_HOME" - curl_to_dir "https://raw.githubusercontent.com/bitwarden/core/master/scripts" "bitwarden.sh" "$BITWARDEN_HOME" - chown "$BITWARDEN_USER":"$BITWARDEN_USER" "$BITWARDEN_HOME"/bitwarden.sh - chmod +x "$BITWARDEN_HOME"/bitwarden.sh - check_command systemctl restart bitwarden - fi - ;; - *) - ;; -esac diff --git a/apps/collabora_docker.sh b/apps/collabora_docker.sh deleted file mode 100644 index 940dcfca02..0000000000 --- a/apps/collabora_docker.sh +++ /dev/null @@ -1,330 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Collabora (Docker)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Test RAM size (2GB min) + CPUs (min 2) -ram_check 2 Collabora -cpu_check 2 Collabora - -# Check if Nextcloud is installed with TLS -check_nextcloud_https "Collabora (Docker)" - -# Check if Collabora is already installed -print_text_in_color "$ICyan" "Checking if Collabora is already installed..." -if does_this_docker_exist 'collabora/code' -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Collabora' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Collabora" "" \ - "Uninstall Collabora" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Collabora") - print_text_in_color "$ICyan" "Uninstalling Collabora..." - # Check if Collabora is previously installed - # If yes, then stop and prune the docker container - docker_prune_this 'collabora/code' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Disable RichDocuments (Collabora App) if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done - - msg_box "Collabora was successfully uninstalled." - exit - ;; - "Reinstall Collabora") - print_text_in_color "$ICyan" "Reinstalling Collabora..." - - # Check if Collabora is previously installed - # If yes, then stop and prune the docker container - docker_prune_this 'collabora/code' - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Collabora..." -fi - -# Check if OnlyOffice is previously installed -# If yes, then stop and prune the docker container -if does_this_docker_exist 'onlyoffice/documentserver' -then - docker_prune_this 'onlyoffice/documentserver' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for OnlyOffice, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done -fi - -# remove OnlyOffice-documentserver if activated -if is_app_enabled documentserver_community -then - any_key "OnlyOffice will get uninstalled. Press any key to continue. Press CTRL+C to abort" - occ_command app:remove documentserver_community -fi - -# Disable OnlyOffice App if activated -if is_app_installed onlyoffice -then - occ_command app:remove onlyoffice -fi - -# Ask for the domain for Collabora - SUBDOMAIN=$(input_box_flow "Collabora subdomain e.g: office.yourdomain.com\n\nNOTE: This domain must be different than your Nextcloud domain. They can however be hosted on the same server, but would require seperate DNS entries.") - -# Nextcloud Main Domain -NCDOMAIN=$(occ_command_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||') - -# Nextcloud Main Domain dot-escaped -NCDOMAIN_ESCAPED=${NCDOMAIN//[.]/\\\\.} - -# Curl the library another time to get the correct https_conf -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Notification -msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!" - -# Get the latest packages -apt update -q4 & spinner_loading - -# Check if Nextcloud is installed -print_text_in_color "$ICyan" "Checking if Nextcloud is installed..." -if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true' -then -msg_box "It seems like Nextcloud is not installed or that you don't use https on: -$NCDOMAIN. -Please install Nextcloud and make sure your domain is reachable, or activate TLS -on your domain to be able to run this script. - -If you use the Nextcloud VM you can use the Let's Encrypt script to get TLS and activate your Nextcloud domain. -When TLS is activated, run these commands from your terminal: -sudo curl -sLO $APP/collabora.sh -sudo bash collabora.sh" - exit 1 -fi - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# Install Docker -install_docker - -# Install Collabora docker -docker pull collabora/code:latest -docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$NCDOMAIN_ESCAPED" --restart always --name code --cap-add MKNOD collabora/code - -# Install Apache2 -install_if_not apache2 - -# Enable Apache2 module's -a2enmod proxy -a2enmod proxy_wstunnel -a2enmod proxy_http -a2enmod ssl -a2enmod headers - -if [ -f "$HTTPS_CONF" ] -then - a2dissite "$SUBDOMAIN.conf" - rm -f "$HTTPS_CONF" -fi - -# Create Vhost for Collabora online in Apache2 -if [ ! -f "$HTTPS_CONF" ]; -then - cat << HTTPS_CREATE > "$HTTPS_CONF" - - ServerName $SUBDOMAIN:443 - - - Options -Indexes - - - # TLS configuration, you may want to take the easy route instead and use Lets Encrypt! - SSLEngine on - SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem - SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB - SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - SSLHonorCipherOrder on - SSLCompression off - - # Encoded slashes need to be allowed - AllowEncodedSlashes NoDecode - - # Container uses a unique non-signed certificate - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - - # Improve security settings - Header set X-XSS-Protection "1; mode=block" - Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - Header set X-Content-Type-Options nosniff - Header set Content-Security-Policy "frame-ancestors 'self' $NCDOMAIN" - - # keep the host - ProxyPreserveHost On - - # static html, js, images, etc. served from loolwsd - # loleaflet is the client part of LibreOffice Online - ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0 - ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet - - # WOPI discovery URL - ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 - ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery - - # Endpoint with information about availability of various features - ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 - ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities - - # Main websocket - ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon - - # Admin Console websocket - ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws - - # Download as, Fullscreen presentation and Image upload operations - ProxyPass /lool https://127.0.0.1:9980/lool - ProxyPassReverse /lool https://127.0.0.1:9980/lool - -HTTPS_CREATE - - if [ -f "$HTTPS_CONF" ]; - then - print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created." - sleep 1 - else - print_text_in_color "$IRed" "Unable to create vhost, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 - fi -fi - -# Install certbot (Let's Encrypt) -install_certbot - -# Generate certs and auto-configure if successful -if generate_cert "$SUBDOMAIN" -then - # Generate DHparams chifer - if [ ! -f "$DHPARAMS_SUB" ] - then - openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096 - fi - print_text_in_color "$IGreen" "Certs are generated!" - a2ensite "$SUBDOMAIN.conf" - restart_webserver - # Install Collabora App - install_and_enable_app richdocuments -else - last_fail_tls "$SCRIPTS"/apps/collabora.sh - exit 1 -fi - -# Set config for RichDocuments (Collabora App) -if is_app_installed richdocuments -then - occ_command config:app:set richdocuments wopi_url --value=https://"$SUBDOMAIN" - chown -R www-data:www-data "$NC_APPS_PATH" - occ_command config:system:set trusted_domains 3 --value="$SUBDOMAIN" - # Add prune command - add_dockerprune - # Restart Docker - print_text_in_color "$ICyan" "Restarting Docker..." - systemctl restart docker.service - docker restart code - msg_box "Collabora is now successfully installed." -fi - -# Make sure the script exits -exit diff --git a/apps/collabora_integrated.sh b/apps/collabora_integrated.sh deleted file mode 100644 index 600890b64a..0000000000 --- a/apps/collabora_integrated.sh +++ /dev/null @@ -1,190 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Collabora (Integrated)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -print_text_in_color "$ICyan" "Running the Collabora install script..." - -# Nextcloud 19 is required. -lowest_compatible_nc 19 - -ram_check 2 Collabora -cpu_check 2 Collabora - -# Check if Nextcloud is installed with TLS -check_nextcloud_https "Collabora (Integrated)" - -# Check if Collabora is installed using the old method -if does_this_docker_exist 'collabora/code' -then - msg_box "Your server is compatible with the new way of installing Collabora. We will now remove the old docker and install the app from Nextcloud instead." - # Remove docker image - docker_prune_this 'collabora/code' - # Disable RichDocuments (Collabora App) if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - # Disable OnlyOffice (Collabora App) if activated - if is_app_installed onlyoffice - then - occ_command app:remove onlyoffice - fi - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done -fi - -# Check if Collabora is installed using the new method -if is_app_enabled richdocumentscode -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Collabora' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Collabora" "" \ - "Uninstall Collabora" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Collabora") - print_text_in_color "$ICyan" "Uninstalling Collabora..." - occ_command app:remove richdocumentscode - # Disable Collabora App if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - msg_box "Collabora was successfully uninstalled." - exit - ;; - "Reinstall Collabora") - print_text_in_color "$ICyan" "Reinstalling Collabora..." - occ_command app:remove richdocumentscode - ;; - "") - exit 1 - ;; - *) - ;; - esac -fi - -# Check if Onlyoffice is installed and remove every trace of it -if does_this_docker_exist 'onlyoffice/documentserver' -then - msg_box "You can't run both Collabora and OnlyOffice on the same VM. We will now remove Onlyoffice from the server." - # Remove docker image - docker_prune_this 'onlyoffice/documentserver' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Onlyoffice, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done -else - # Remove OnlyOffice app - if is_app_installed onlyoffice - then - occ_command app:remove onlyoffice - fi -fi - -# remove OnlyOffice-documentserver if activated -if is_app_enabled documentserver_community -then - any_key "OnlyOffice will get uninstalled. Press any key to continue. Press CTRL+C to abort" - occ_command app:remove documentserver_community -fi - -# Disable OnlyOffice App if activated -if is_app_installed onlyoffice -then - occ_command app:remove onlyoffice -fi - -# Install Collabora -msg_box "We will now install Collabora. - -Please note that it might take very long time to install the app, and you will not see any progress bar. - -Please be paitent, don't abort." -install_and_enable_app richdocuments -sleep 2 -if install_and_enable_app richdocumentscode -then - chown -R www-data:www-data "$NC_APPS_PATH" - msg_box "Collabora was successfully installed." -else - msg_box "The Collabora app failed to install. Please try again later." -fi - -if ! is_app_installed richdocuments -then - msg_box "The Collabora app failed to install. Please try again later." -fi - -# Just make sure the script exits -exit diff --git a/apps/fail2ban.sh b/apps/fail2ban.sh deleted file mode 100644 index aa1021656b..0000000000 --- a/apps/fail2ban.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ -# Inspired by https://github.com/nextcloud/nextcloudpi/blob/master/etc/nextcloudpi-config.d/fail2ban.sh - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Fail2ban" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Check if fail2ban is already installed -print_text_in_color "$ICyan" "Checking if Fail2Ban is already installed..." -if is_this_installed fail2ban && [ -f "/etc/fail2ban/filter.d/nextcloud.conf" ] -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Fail2Ban' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Fail2Ban" "" \ - "Uninstall Fail2Ban" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Fail2Ban") - print_text_in_color "$ICyan" "Uninstalling Fail2Ban..." - fail2ban-client unban --all - rm /etc/fail2ban/filter.d/nextcloud.conf - rm /etc/fail2ban/jail.local - check_command apt-get purge fail2ban -y - msg_box "Fail2Ban was successfully uninstalled." - exit - ;; - "Reinstall Fail2Ban") - print_text_in_color "$ICyan" "Reinstalling Fail2Ban..." - fail2ban-client unban --all - rm /etc/fail2ban/filter.d/nextcloud.conf - rm /etc/fail2ban/jail.local - check_command apt-get purge fail2ban -y - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Fail2ban..." -fi - -# Create $VMLOGS dir -mkdir -p "$VMLOGS" - -### Local variables ### -# location of Nextcloud logs -print_text_in_color "$ICyan" "Finding nextcloud.log..." -while : -do - if [ "$(occ_command_no_check config:system:get logfile)" = "$VMLOGS/nextcloud.log" ] - then - if [ -f "$VMLOGS/nextcloud.log" ] - then - chown www-data:www-data "$VMLOGS/nextcloud.log" - occ_command config:system:set log_type --value=file - occ_command config:system:set loglevel --value=2 - break - fi - elif [ "$(occ_command_no_check config:system:get logfile)" != "" ] - then - # Set logging - occ_command config:system:set log_type --value=file - occ_command config:system:set logfile --value="$VMLOGS/nextcloud.log" - occ_command config:system:set loglevel --value=2 - touch "$VMLOGS/nextcloud.log" - chown www-data:www-data "$VMLOGS/nextcloud.log" - break - else - NCLOG=$(find / -type f -name "nextcloud.log" 2> /dev/null) - if [ "$NCLOG" != "$VMLOGS/nextcloud.log" ] - then - # Might enter here if no OR multiple logs already exist, tidy up any existing logs and set the correct path - print_text_in_color "$ICyan" "Unexpected or non-existent logging configuration - deleting any discovered nextcloud.log files and creating a new one at $VMLOGS/nextcloud.log..." - xargs rm -f <<< "$NCLOG" - # Set logging - occ_command config:system:set log_type --value=file - occ_command config:system:set logfile --value="$VMLOGS/nextcloud.log" - occ_command config:system:set loglevel --value=2 - touch "$VMLOGS/nextcloud.log" - chown www-data:www-data "$VMLOGS/nextcloud.log" - break - fi - fi -done -# remove ncdata, else it will be used -rm -f $NCDATA/nextcloud.log -# time to ban an IP that exceeded attempts -BANTIME_=1209600 -# cooldown time for incorrect passwords -FINDTIME_=1800 -# failed attempts before banning an IP -MAXRETRY_=20 - -apt update -q4 & spinner_loading -check_command apt install fail2ban -y -check_command update-rc.d fail2ban disable - -# Set timezone -occ_command config:system:set logtimezone --value="$(cat /etc/timezone)" - -# Create nextcloud.conf file -# Test: failregex = Login failed.*Remote IP.* -cat << NCONF > /etc/fail2ban/filter.d/nextcloud.conf -[Definition] -failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ - ^.*\"remoteAddr\":\"\".*Trusted domain error.*\$ -NCONF - -# Create jail.local file -cat << FCONF > /etc/fail2ban/jail.local -# The DEFAULT allows a global definition of the options. They can be overridden -# in each jail afterwards. -[DEFAULT] - -# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not -# ban a host which matches an address in this list. Several addresses can be -# defined using space separator. -ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 - -# "bantime" is the number of seconds that a host is banned. -bantime = $BANTIME_ - -# A host is banned if it has generated "maxretry" during the last "findtime" -# seconds. -findtime = $FINDTIME_ -maxretry = $MAXRETRY_ - -# -# ACTIONS -# -banaction = iptables-multiport -protocol = tcp -chain = INPUT -action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] -action = %(action_)s - -# -# SSH -# - -[sshd] - -enabled = true -maxretry = $MAXRETRY_ - -# -# HTTP servers -# - -[nextcloud] - -enabled = true -port = http,https -filter = nextcloud -logpath = $VMLOGS/nextcloud.log -maxretry = $MAXRETRY_ -FCONF - -# Update settings -check_command update-rc.d fail2ban defaults -check_command update-rc.d fail2ban enable -check_command systemctl restart fail2ban.service - -# The End -msg_box "Fail2ban is now sucessfully installed. - -Please use 'fail2ban-client set nextcloud unbanip ' to unban certain IPs -You can also use 'iptables -L -n' to check which IPs that are banned" - -exit diff --git a/apps/fulltextsearch.sh b/apps/fulltextsearch.sh deleted file mode 100644 index 4ed0a18fd2..0000000000 --- a/apps/fulltextsearch.sh +++ /dev/null @@ -1,184 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ -# SwITNet Ltd © - 2020, https://switnet.net/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Full Text Search" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -ncdb -nc_update -es_install - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Nextcloud 19 is required. -lowest_compatible_nc 18 - -# Test RAM size (2GB min) + CPUs (min 2) -ram_check 2 FullTextSearch -cpu_check 2 FullTextSearch - -# Check if fulltextsearch is already installed -print_text_in_color "$ICyan" "Checking if Fulltextsearch is already installed..." -if does_this_docker_exist "$nc_fts" -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Fulltextsearch' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Fulltextsearch" "" \ - "Uninstall Fulltextsearch" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Fulltextsearch") - print_text_in_color "$ICyan" "Uninstalling Fulltextsearch..." - # Reset database table - check_command sudo -Hiu postgres psql "$NCCONFIGDB" -c "TRUNCATE TABLE oc_fulltextsearch_ticks;" - # Reset Full Text Search to be able to index again, and also remove the app to be able to install it again - if is_app_installed fulltextsearch - then - print_text_in_color "$ICyan" "Removing old version of Full Text Search and resetting the app..." - occ_command_no_check fulltextsearch:reset - occ_command app:remove fulltextsearch - fi - if is_app_installed fulltextsearch_elasticsearch - then - occ_command app:remove fulltextsearch_elasticsearch - fi - if is_app_installed files_fulltextsearch - then - occ_command app:remove files_fulltextsearch - fi - # Remove nc_fts docker if installed - docker_prune_this "$nc_fts" - - msg_box "Fulltextsearch was successfully uninstalled." - exit - ;; - "Reinstall Fulltextsearch") - print_text_in_color "$ICyan" "Reinstalling FullTextSearch..." - - # Reset Full Text Search to be able to index again, and also remove the app to be able to install it again - if is_app_installed fulltextsearch - then - print_text_in_color "$ICyan" "Removing old version of Full Text Search and resetting the app..." - # Reset database table - check_command sudo -Hiu postgres psql "$NCCONFIGDB" -c "TRUNCATE TABLE oc_fulltextsearch_ticks;" - # Reset Full Text Search to be able to index again, and also remove the app to be able to install it again - occ_command_no_check fulltextsearch:reset - occ_command app:remove fulltextsearch - fi - if is_app_installed fulltextsearch_elasticsearch - then - occ_command app:remove fulltextsearch_elasticsearch - fi - if is_app_installed files_fulltextsearch - then - occ_command app:remove files_fulltextsearch - fi - - # Remove nc_fts docker if installed - docker_prune_this "$nc_fts" - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Fulltextsearch..." -fi - -# Make sure there is an Nextcloud installation -if ! [ "$(occ_command -V)" ] -then - msg_box "It seems there is no Nextcloud server installed, please check your installation." - exit 1 -fi - -# Disable and remove Nextant + Solr -if is_app_installed nextant -then - # Remove Nextant - msg_box "We will now remove Nextant + Solr and replace it with Full Text Search" - occ_command app:remove nextant - - # Remove Solr - systemctl stop solr.service - rm -rf /var/solr - rm -rf /opt/solr* - rm /etc/init.d/solr - deluser --remove-home solr - deluser --group solr -fi - -# Check & install docker -install_docker -set_max_count -mkdir -p "$RORDIR" -docker pull "$nc_fts" - -# Create configuration YML -cat << YML_CREATE > /opt/es/readonlyrest.yml -readonlyrest: - access_control_rules: - - name: Accept requests from cloud1 on $INDEX_USER-index - groups: ["cloud1"] - indices: ["$INDEX_USER-index"] - - users: - - username: $INDEX_USER - auth_key: $INDEX_USER:$ROREST - groups: ["cloud1"] -YML_CREATE - -# Set persmissions -chown 1000:1000 -R $RORDIR -chmod ug+rwx -R $RORDIR - -# Run Elastic Search Docker -docker run -d --restart always \ ---name $fts_es_name \ ---ulimit memlock=-1:-1 \ ---ulimit nofile=65536:65536 \ --p 127.0.0.1:9200:9200 \ --p 127.0.0.1:9300:9300 \ --v esdata:/usr/share/elasticsearch/data \ --v /opt/es/readonlyrest.yml:/usr/share/elasticsearch/config/readonlyrest.yml \ --e "discovery.type=single-node" \ --e "bootstrap.memory_lock=true" \ --e ES_JAVA_OPTS="-Xms512M -Xmx512M" \ --i -t $nc_fts - -# Wait for bootstraping -docker restart $fts_es_name -countdown "Waiting for docker bootstraping..." "20" -docker logs $fts_es_name - -# Get Full Text Search app for nextcloud -install_and_enable_app fulltextsearch -install_and_enable_app fulltextsearch_elasticsearch -install_and_enable_app files_fulltextsearch -chown -R www-data:www-data $NC_APPS_PATH - -# Final setup -occ_command fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_ElasticSearch\\Platform\\ElasticSearchPlatform"}' -occ_command fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://${INDEX_USER}:${ROREST}@localhost:9200\",\"elastic_index\":\"${INDEX_USER}-index\"}" -occ_command files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}" -if occ_command fulltextsearch:index < /dev/null -then - msg_box "Full Text Search was successfully installed!" -fi - -# Make sure the script exists -exit diff --git a/apps/netdata.sh b/apps/netdata.sh deleted file mode 100644 index 97c52aa874..0000000000 --- a/apps/netdata.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Netdata" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Check if Netdata is already installed -print_text_in_color "$ICyan" "Checking if Netdata is already installed..." -if [ -d /etc/netdata ] -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Netdata' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Netdata" "" \ - "Uninstall Netdata" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Netdata") - print_text_in_color "$ICyan" "Uninstalling Netdata..." - if [ -f /usr/src/netdata.git/netdata-uninstaller.sh ] - then - if ! yes no | bash /usr/src/netdata.git/netdata-uninstaller.sh --force - then - rm -Rf /usr/src/netdata.git - fi - elif [ -f /usr/libexec/netdata-uninstaller.sh ] - then - yes no | bash /usr/libexec/netdata-uninstaller.sh --yes - elif [ -f /usr/libexec/netdata/netdata-uninstaller.sh ] - then - bash /usr/libexec/netdata/netdata-uninstaller.sh --force --yes - else - check_command curl_to_dir https://raw.githubusercontent.com/netdata/netdata/master/packaging/installer netdata-uninstaller.sh $SCRIPTS - check_command bash $SCRIPTS/netdata-uninstaller.sh --force --yes - rm $SCRIPTS/netdata-uninstaller.sh - rm -rf /var/lib/netdata - msg_box "Netdata was successfully uninstalled." - fi - exit - ;; - "Reinstall Netdata") - print_text_in_color "$ICyan" "Reinstalling Netdata..." - if [ -f /usr/src/netdata.git/netdata-uninstaller.sh ] - then - if ! yes no | bash /usr/src/netdata.git/netdata-uninstaller.sh --force - then - rm -Rf /usr/src/netdata.git - fi - elif [ -f /usr/libexec/netdata-uninstaller.sh ] - then - yes | bash /usr/libexec/netdata-uninstaller.sh --yes - elif [ -f /usr/libexec/netdata/netdata-uninstaller.sh ] - then - bash /usr/libexec/netdata/netdata-uninstaller.sh --force --yes - else - check_command curl_to_dir https://raw.githubusercontent.com/netdata/netdata/master/packaging/installer netdata-uninstaller.sh $SCRIPTS - check_command bash $SCRIPTS/netdata-uninstaller.sh --force --yes - rm $SCRIPTS/netdata-uninstaller.sh - rm -rf /var/lib/netdata - fi - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Netdata..." -fi - -# Install -is_process_running dpkg -is_process_running apt -apt update -q4 & spinner_loading -curl_to_dir https://my-netdata.io kickstart.sh $SCRIPTS -sudo -u "$UNIXUSER" bash $SCRIPTS/kickstart.sh all --dont-wait --no-updates --stable-channel -rm -f $SCRIPTS/kickstart.sh - -# Check Netdata instructions after script is done -any_key "Please check information above and press any key to continue..." - -# Installation done? -if [ -d /etc/netdata ] -then -msg_box "Netdata is now installed and can be accessed from this address: - -http://$ADDRESS:19999 - -If you want to reach it from the internet you need to open port 19999 in your firewall. -If you don't know how to open ports, please follow this guide: -https://www.techandme.se/open-port-80-443/ - -After you have opened the correct port, then you can visit Netdata from your domain: - -http://$(hostname -f):19999 and or http://yourdomanin.com:19999 - -You can find more configuration options in their WIKI: -https://docs.netdata.cloud/daemon/config#configuration-guide" - -# Cleanup -rm -rf /tmp/netdata* -fi - -exit diff --git a/apps/onlyoffice_docker.sh b/apps/onlyoffice_docker.sh deleted file mode 100644 index a8362d2ec0..0000000000 --- a/apps/onlyoffice_docker.sh +++ /dev/null @@ -1,332 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="OnlyOffice (Docker)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Test RAM size (2GB min) + CPUs (min 2) -ram_check 2 OnlyOffice -cpu_check 2 OnlyOffice - -# Check if Nextcloud is installed with TLS -check_nextcloud_https "OnlyOffice (Docker)" - -# Remove OnlyOffice-documentserver if activated -if is_app_enabled documentserver_community -then - any_key "The integrated OnlyOffice Documentserver will get uninstalled. Press any key to continue. Press CTRL+C to abort" - occ_command app:remove documentserver_community -fi - -# Check if collabora is already installed -print_text_in_color "$ICyan" "Checking if Onlyoffice Docker is already installed..." -if does_this_docker_exist 'onlyoffice/documentserver' -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Onlyoffice Docker' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Onlyoffice Docker" "" \ - "Uninstall Onlyoffice Docker" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Onlyoffice Docker") - print_text_in_color "$ICyan" "Uninstalling Onlyoffice Docker..." - # Check if Collabora is previously installed - # If yes, then stop and prune the docker container - docker_prune_this 'onlyoffice/documentserver' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for OnlyOffice, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Disable RichDocuments (Collabora App) if activated - if is_app_installed onlyoffice - then - occ_command app:remove onlyoffice - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done - - msg_box "Onlyoffice Docker was successfully uninstalled." - exit - ;; - "Reinstall Onlyoffice Docker") - print_text_in_color "$ICyan" "Reinstalling Onlyoffice Docker..." - - # Check if Collabora is previously installed - # If yes, then stop and prune the docker container - docker_prune_this 'onlyoffice/documentserver' - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Onlyoffice Docker..." -fi - -# Check if collabora is installed and remove every trace of it -if does_this_docker_exist 'collabora/code' -then - msg_box "You can't run both Collabora and OnlyOffice on the same VM. We will now remove Collabora from the server." - # Remove docker image - docker_prune_this 'collabora/code' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Disable Collabora App if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done -fi - -# Check if apache2 evasive-mod is enabled and disable it because of compatibility issues -if [ "$(apache2ctl -M | grep evasive)" != "" ] -then - msg_box "We noticed that 'mod_evasive' is installed which is the DDOS protection for webservices. It has comptibility issues with OnlyOffice and you can now choose to disable it." - if ! yesno_box_yes "Do you want to disable DDOS protection?" - then - print_text_in_color "$ICyan" "Keeping mod_evasive active." - else - a2dismod evasive - # a2dismod mod-evasive # not needed, but existing in the Extra Security script. - apt-get purge libapache2-mod-evasive -y - systemctl restart apache2 - fi -fi - -# Ask for the domain for OnlyOffice -SUBDOMAIN=$(input_box_flow "OnlyOffice subdomain e.g: office.yourdomain.com\n\nNOTE: This domain must be different than your Nextcloud domain. They can however be hosted on the same server, but would require seperate DNS entries.") - -# Nextcloud Main Domain -NCDOMAIN=$(occ_command_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||') - -# shellcheck disable=2034,2059 -true -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Notification -msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!" - -# Get the latest packages -apt update -q4 & spinner_loading - -# Check if Nextcloud is installed -print_text_in_color "$ICyan" "Checking if Nextcloud is installed..." -if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true' -then -msg_box "It seems like Nextcloud is not installed or that you don't use https on: -$NCDOMAIN. -Please install Nextcloud and make sure your domain is reachable, or activate TLS -on your domain to be able to run this script. -If you use the Nextcloud VM you can use the Let's Encrypt script to get TLS and activate your Nextcloud domain. -When TLS is activated, run these commands from your terminal: -sudo curl -sLO $APP/onlyoffice_docker.sh -sudo bash onlyoffice_docker.sh" - exit 1 -fi - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# Install Docker -install_docker - -# Install Onlyoffice docker -docker pull onlyoffice/documentserver:latest -docker run -i -t -d -p 127.0.0.3:9090:80 --restart always --name onlyoffice onlyoffice/documentserver - -# Licensed version -# https://helpcenter.onlyoffice.com/server/integration-edition/docker/docker-installation.aspx -# docker run -i -t -d -p 127.0.0.3:9090:80 --restart=always --name onlyoffice \ -# -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver-ie - -# Install apache2 -install_if_not apache2 - -# Enable Apache2 module's -a2enmod proxy -a2enmod proxy_wstunnel -a2enmod proxy_http -a2enmod ssl -a2enmod headers - -if [ -f "$HTTPS_CONF" ] -then - a2dissite "$SUBDOMAIN.conf" - rm -f "$HTTPS_CONF" -fi - -# Create Vhost for OnlyOffice Docker online in Apache2 -if [ ! -f "$HTTPS_CONF" ]; -then - cat << HTTPS_CREATE > "$HTTPS_CONF" - - ServerName $SUBDOMAIN:443 - - SSLEngine on - ServerSignature On - SSLHonorCipherOrder on - - SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem - SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB - - SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/access.log combined - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Just in case - see below - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - - # Improve security settings - Header set X-XSS-Protection "1; mode=block" - Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - Header set X-Content-Type-Options nosniff - Header set Content-Security-Policy "frame-ancestors 'self' $NCDOMAIN" - - # contra mixed content warnings - RequestHeader set X-Forwarded-Proto "https" - - # basic proxy settings - ProxyRequests off - - ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.3:9090/$1$2" - ProxyPass / "http://127.0.0.3:9090/" - ProxyPassReverse / "http://127.0.0.3:9090/" - - - ProxyPassReverse / - - -HTTPS_CREATE - - if [ -f "$HTTPS_CONF" ]; - then - print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created." - sleep 1 - else - print_text_in_color "$IRed" "Unable to create vhost, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 - fi -fi - -# Install certbot (Let's Encrypt) -install_certbot - -# Generate certs -if generate_cert "$SUBDOMAIN" -then - # Generate DHparams chifer - if [ ! -f "$DHPARAMS_SUB" ] - then - openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096 - fi - print_text_in_color "$IGreen" "Certs are generated!" - a2ensite "$SUBDOMAIN.conf" - restart_webserver - # Install OnlyOffice - install_and_enable_app onlyoffice -else - last_fail_tls "$SCRIPTS"/apps/onlyoffice.sh - exit 1 -fi - -# Set config for OnlyOffice -if [ -d "$NC_APPS_PATH"/onlyoffice ] -then - occ_command config:app:set onlyoffice DocumentServerUrl --value=https://"$SUBDOMAIN/" - chown -R www-data:www-data "$NC_APPS_PATH" - occ_command config:system:set trusted_domains 3 --value="$SUBDOMAIN" - # Add prune command - add_dockerprune - # Restart Docker - print_text_in_color "$ICyan" "Restaring Docker..." - systemctl restart docker.service - docker restart onlyoffice - msg_box "OnlyOffice Docker is now successfully installed." -fi - -exit diff --git a/apps/onlyoffice_integrated.sh b/apps/onlyoffice_integrated.sh deleted file mode 100644 index 14a0c99f40..0000000000 --- a/apps/onlyoffice_integrated.sh +++ /dev/null @@ -1,214 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="OnlyOffice (Integrated)" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -print_text_in_color "$ICyan" "Running the OnlyOffice install script..." - -# Nextcloud 18 is required. -lowest_compatible_nc 18 - -# Check if Nextcloud is installed with TLS -check_nextcloud_https "OnlyOffice (Integrated)" - -# Check if OnlyOffice is installed using the old method -if does_this_docker_exist 'onlyoffice/documentserver' -then - # Greater than 18.0.1 is 18.0.2 which is required - if version_gt "$CURRENTVERSION" "18.0.1" - then - msg_box "Your server is compatible with the new way of installing OnlyOffice. We will now remove the old docker and install the app from Nextcloud instead." - # Remove docker image - docker_prune_this 'onlyoffice/documentserver' - # Disable RichDocuments (Collabora App) if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - # Disable OnlyOffice (Collabora App) if activated - if is_app_installed onlyoffice - then - occ_command app:remove onlyoffice - fi - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for OnlyOffice, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done - else -msg_box "You need to run at least Nextcloud 18.0.1 to be able to run OnlyOffice. Please upgrade using the built in script: - -'sudo bash $SCRIPTS/update.sh' - -You can also buy support directly in our shop: https://shop.hanssonit.se/product/upgrade-between-major-owncloud-nextcloud-versions/" - exit - fi -# Check if OnlyOffice is installed using the new method -elif version_gt "$CURRENTVERSION" "18.0.1" && ! does_this_docker_exist 'onlyoffice/documentserver' -then - if is_app_enabled documentserver_community - then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'OnlyOffice' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall OnlyOffice" "" \ - "Uninstall OnlyOffice" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall OnlyOffice") - print_text_in_color "$ICyan" "Uninstalling OnlyOffice..." - occ_command app:remove documentserver_community - # Disable Onlyoffice App if activated - if is_app_installed onlyoffice - then - occ_command app:remove onlyoffice - fi - msg_box "OnlyOffice was successfully uninstalled." - exit - ;; - "Reinstall OnlyOffice") - print_text_in_color "$ICyan" "Reinstalling OnlyOffice..." - occ_command app:remove documentserver_community - ;; - "") - exit 1 - ;; - *) - ;; - esac - fi -else -msg_box "You need to run at least Nextcloud 18.0.1 to be able to run OnlyOffice. Please upgrade using the built in script: - -'sudo bash $SCRIPTS/update.sh' - -You can also buy support directly in our shop: https://shop.hanssonit.se/product/upgrade-between-major-owncloud-nextcloud-versions/" - exit -fi - -# Check if collabora is installed and remove every trace of it -if does_this_docker_exist 'collabora/code' -then - msg_box "You can't run both Collabora and OnlyOffice on the same VM. We will now remove Collabora from the server." - # Remove docker image - docker_prune_this 'collabora/code' - # Revoke LE - SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com") - if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ] - then - yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem" - REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")" - for remove in $REMOVE_OLD - do rm -rf "$remove" - done - fi - # Remove Apache2 config - if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ] - then - a2dissite "$SUBDOMAIN".conf - restart_webserver - rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" - fi - # Disable Collabora App if activated - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi - # Remove trusted domain - count=0 - while [ "$count" -lt 10 ] - do - if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ] - then - occ_command_no_check config:system:delete trusted_domains "$count" - break - else - count=$((count+1)) - fi - done -else - # Remove Collabora app - if is_app_installed richdocuments - then - occ_command app:remove richdocuments - fi -fi - -# Check if apache2 evasive-mod is enabled and disable it because of compatibility issues -if [ "$(apache2ctl -M | grep evasive)" != "" ] -then - msg_box "We noticed that 'mod_evasive' is installed which is the DDOS protection for webservices. It has comptibility issues with OnlyOffice and you can now choose to disable it." - if ! yesno_box_yes "Do you want to disable DDOS protection?" - then - print_text_in_color "$ICyan" "Keeping mod_evasive active." - else - a2dismod evasive - # a2dismod mod-evasive # not needed, but existing in the Extra Security script. - apt-get purge libapache2-mod-evasive -y - systemctl restart apache2.service - fi -fi - -# Install OnlyOffice -msg_box "We will now install OnlyOffice. - -Please note that it might take very long time to install the app, and you will not see any progress bar. - -Please be paitent, don't abort." -install_and_enable_app onlyoffice -sleep 2 -if install_and_enable_app documentserver_community -then - chown -R www-data:www-data "$NC_APPS_PATH" - occ_command config:app:set onlyoffice DocumentServerUrl --value="$(occ_command_no_check config:system:get overwrite.cli.url)/index.php/apps/documentserver_community/" - msg_box "OnlyOffice was successfully installed." -else - msg_box "The documentserver_community app failed to install. Please try again later.\n\nIf the error presist, please report the issue to https://github.com/nextcloud/documentserver_community\n\n'sudo -u www-data php ./occ app:install documentserver_community failed!'" -fi - -if ! is_app_installed onlyoffice -then - msg_box "The onlyoffice app failed to install. Please try again later." -fi - -# Just make sure the script exits -exit diff --git a/apps/previewgenerator.sh b/apps/previewgenerator.sh deleted file mode 100644 index ca2621a121..0000000000 --- a/apps/previewgenerator.sh +++ /dev/null @@ -1,245 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Preview Generator" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# PHP 7.x is needed -if is_this_installed php5.6-common -then - msg_box "At least PHP 7.X is supported, please upgrade your PHP version: https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit -elif is_this_installed php5.5-common -then - msg_box "At least PHP 7.X is supported, please upgrade your PHP version: https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/" - exit -fi - -# Encryption may not be enabled -if is_app_enabled encryption -then - msg_box "It seems like you have encryption enabled which is unsupported when using the Preview Generator" - exit -fi - -msg_box "This script will install the Preview Generator. - -It can speedup the loading of previews in Nextcloud a lot. - -Please note: If you continue, all your current Preview Generator settings will be lost, if any." -if yesno_box_yes "Do you want to install the Preview Generator?" -then - # Install preview generator - print_text_in_color "$ICyan" "Installing the Preview Generator..." - install_and_enable_app previewgenerator - - # check if the previewgenerator is installed and enabled - if is_app_installed previewgenerator - then - # enable previews - occ_command config:system:set enable_previews --value=true --type=boolean - - # install needed dependency for movies - install_if_not ffmpeg - - # reset the preview formats - occ_command config:system:delete "enabledPreviewProviders" - - # reset the cronjob - print_text_in_color "$ICyan" "Resetting the cronjob for the Preview Generation" - crontab -u www-data -l | grep -v 'preview:pre-generate' | crontab -u www-data - - else - exit - fi -else - exit -fi - -msg_box "In the next step you can choose to install a package called imagick to speed up the generation of previews and add support for more filetypes. - -The currently supported filetypes are: -* PNG -* JPEG -* GIF -* BMP -* MarkDown -* MP3 -* TXT -* Movie -* Photoshop (needs imagick) -* SVG (needs imagick) -* TIFF (needs imagick)" - -msg_box "IMPORTANT NOTE!! - -Imagick will put your server at risk as it's is known to have several flaws. -You can check this issue to understand why: https://github.com/nextcloud/vm/issues/743 - -Please note: If you choose not to install imagick, it will get removed now." -if yesno_box_no "Do you want to install imagick?" -then - # Install imagick - install_if_not php-imagick - install_if_not libmagickcore-6.q16-3-extra - - # Choose file formats fo the case when imagick is installed. - # for additional previews please look at the nextcloud documentation. But these probably won't work. - choice=$(whiptail --title "$TITLE - Choose file formats" --checklist "Now you can choose for which file formats you would like to generate previews for\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "PNG" "" ON \ - "JPEG" "" ON \ - "GIF" "" ON \ - "BMP" "" ON \ - "MarkDown" "" ON \ - "MP3" "" ON \ - "TXT" "" ON \ - "Movie" "" ON \ - "Photoshop" "" ON \ - "SVG" "" ON \ - "TIFF" "" ON 3>&1 1>&2 2>&3) - - case "$choice" in - *"PNG"*) - occ_command config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\PNG" - ;;& - *"JPEG"*) - occ_command config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\JPEG" - ;;& - *"GIF"*) - occ_command config:system:set enabledPreviewProviders 2 --value="OC\\Preview\\GIF" - ;;& - *"BMP"*) - occ_command config:system:set enabledPreviewProviders 3 --value="OC\\Preview\\BMP" - ;;& - *"MarkDown"*) - occ_command config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\MarkDown" - ;;& - *"MP3"*) - occ_command config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\MP3" - ;;& - *"TXT"*) - occ_command config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\TXT" - ;;& - *"Movie"*) - occ_command config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Movie" - ;;& - *"Photoshop"*) - occ_command config:system:set enabledPreviewProviders 8 --value="OC\\Preview\\Photoshop" - ;;& - *"SVG"*) - occ_command config:system:set enabledPreviewProviders 9 --value="OC\\Preview\\SVG" - ;;& - *"TIFF"*) - occ_command config:system:set enabledPreviewProviders 10 --value="OC\\Preview\\TIFF" - ;;& - *) - ;; - esac -else - # check if imagick ist installed and remove it - if is_this_installed php-imagick - then - apt-get purge php-imagick -y - fi - # check if libmagickcore is installed and remove it - if is_this_installed libmagickcore-6.q16-3-extra - then - apt-get purge libmagickcore-6.q16-3-extra -y - fi - # Choose file formats fo the case when imagick is not installed. - # for additional previews please look at the nextcloud documentation. But these probably won't work. - choice=$(whiptail --title "$TITLE - Choose file formats" --checklist "Now you can choose for which file formats you would like to generate previews for\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "PNG" "" ON \ - "JPEG" "" ON \ - "GIF" "" ON \ - "BMP" "" ON \ - "MarkDown" "" ON \ - "MP3" "" ON \ - "TXT" "" ON \ - "Movie" "" ON 3>&1 1>&2 2>&3) - - case "$choice" in - *"PNG"*) - occ_command config:system:set enabledPreviewProviders 11 --value="OC\\Preview\\PNG" - ;;& - *"JPEG"*) - occ_command config:system:set enabledPreviewProviders 12 --value="OC\\Preview\\JPEG" - ;;& - *"GIF"*) - occ_command config:system:set enabledPreviewProviders 13 --value="OC\\Preview\\GIF" - ;;& - *"BMP"*) - occ_command config:system:set enabledPreviewProviders 14 --value="OC\\Preview\\BMP" - ;;& - *"MarkDown"*) - occ_command config:system:set enabledPreviewProviders 15 --value="OC\\Preview\\MarkDown" - ;;& - *"MP3"*) - occ_command config:system:set enabledPreviewProviders 16 --value="OC\\Preview\\MP3" - ;;& - *"TXT"*) - occ_command config:system:set enabledPreviewProviders 17 --value="OC\\Preview\\TXT" - ;;& - *"Movie"*) - occ_command config:system:set enabledPreviewProviders 18 --value="OC\\Preview\\Movie" - ;;& - *) - ;; - esac -fi - -# Set aspect ratio -occ_command config:app:set previewgenerator squareSizes --value="32 256" -occ_command config:app:set previewgenerator widthSizes --value="256 384" -occ_command config:app:set previewgenerator heightSizes --value="256" -occ_command config:system:set preview_max_x --value="2048" -occ_command config:system:set preview_max_y --value="2048" -occ_command config:system:set jpeg_quality --value="60" -occ_command config:app:set preview jpeg_quality --value="60" - -msg_box "In the last step you can define a specific Nextcloud user for which will be the user that runs the Preview Generation. - -The default behaviour (just hit [ENTER]) is to run with the system user 'www-data' which will generate previews for all users. - -If you on the other hand choose to use a specific user, previews will ONLY be generated for that specific user." -if ! yesno_box_no "Do you want to choose a specific Nextcloud user to generate previews?" -then - print_text_in_color "$ICyan" "Using www-data (all Nextcloud users) for generating previews..." - # Add crontab for www-data - crontab -u www-data -l | { cat; echo "0 4 * * * php -f $NCPATH/occ preview:pre-generate >> $VMLOGS/previewgenerator.log"; } | crontab -u www-data - - touch "$VMLOGS"/previewgenerator.log - chown www-data:www-data "$VMLOGS"/previewgenerator.log - - # Pre generate everything - occ_command preview:generate-all -else - while : - do - PREVIEW_USER=$(input_box "Enter the Nextcloud user for which you want to run the Preview Generation (as a scheluded task)") - if [ -z "$(occ_command user:list | grep "$PREVIEW_USER" | awk '{print $3}')" ] - then - msg_box "It seems like the user you entered ($PREVIEW_USER) doesn't exist, please try again." - else - break - fi - done - # Add crontab for $PREVIEW_USER - crontab -u www-data -l | { cat; echo "0 4 * * * php -f $NCPATH/occ preview:pre-generate $PREVIEW_USER >> $VMLOGS/previewgenerator.log"; } | crontab -u www-data - - touch "$VMLOGS"/previewgenerator.log - chown www-data:www-data "$VMLOGS"/previewgenerator.log - - # Pre generate everything - occ_command preview:generate-all "$PREVIEW_USER" -fi diff --git a/apps/smbmount.sh b/apps/smbmount.sh deleted file mode 100644 index 79c88fa309..0000000000 --- a/apps/smbmount.sh +++ /dev/null @@ -1,579 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ -# Copyright © 2020 Simon Lindner (https://github.com/szaimen) - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="SMB Mount" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Variables -MAX_COUNT=16 -SMBSHARES="/mnt/smbshares" -SMBSHARES_SED=${SMBSHARES//\//\\/} -SMB_CREDENTIALS="/root/.smbcredentials" - -# Install whiptail if not existing -install_if_not whiptail - -# Check MAX_COUNT -if ! [ $MAX_COUNT -gt 0 ] -then - msg_box "The MAX_COUNT variable has to be a positive integer, greater than 0. Please change it accordingly. Recommended is MAX_COUNT=16, because not all menus work reliably with a higher count." - exit -fi - -# Inform the user -msg_box "This script automates mounting SMB-shares locally in your system and adds them automatically as external storage to your Nextcloud." -if ! yesno_box_yes "Do you want to proceed with this script?" -then - exit 1 -fi - -# Needed for DFS-shares to work -install_if_not keyutils - -# Install cifs-utils -install_if_not cifs-utils - -# Make sure, that name resolution works -install_if_not winbind -if [ "$(grep "^hosts:" /etc/nsswitch.conf | grep wins)" == "" ] -then - sed -i '/^hosts/ s/$/ wins/' /etc/nsswitch.conf -fi - -# Functions -add_mount() { - -local SUBTITLE="Add a SMB-mount" - -# Check if mounting slots are available -count=1 -while [ $count -le $MAX_COUNT ] -do - if grep -q "$SMBSHARES/$count " /etc/fstab - then - count=$((count+1)) - else - break - fi -done -if [ $count -gt $MAX_COUNT ] -then -msg_box "All $MAX_COUNT slots are occupied. No mounting slots available. Please delete one of the SMB-mounts. -If you really want to mount more, you can simply download the smb-mount script directly and edit the variable 'MAX_COUNT' to a higher value than $MAX_COUNT by running: -'curl -sLO https://raw.githubusercontent.com/nextcloud/vm/master/apps/smbmount.sh /var/scripts' -'sudo nano /var/scripts/smbmount.sh' # Edit MAX_COUNT=$MAX_COUNT to your likings and save the file -'sudo bash /var/scripts/smbmount.sh' # Execute the script." "$SUBTITLE" - return -fi - -# Enter SMB-server and Share-name -SERVER_SHARE_NAME=$(input_box_flow "Please enter the server and Share-name like this:\n//Server/Share\nor\n//IP-address/Share" "$SUBTITLE") -SERVER_SHARE_NAME=${SERVER_SHARE_NAME// /\\040} - -# Enter the SMB-user -SMB_USER=$(input_box_flow "Please enter the username of the SMB-user" "$SUBTITLE") - -# Enter the password of the SMB-user -SMB_PASSWORD=$(input_box_flow "Please enter the password of the SMB-user $SMB_USER." "$SUBTITLE") - -# Write everything to /etc/fstab, mount and connect external storage -count=1 -while [ $count -le $MAX_COUNT ] -do - # Check which mounting slot is available - if ! grep -q "$SMBSHARES/$count " /etc/fstab - then - # Write to /etc/fstab and mount - echo "$SERVER_SHARE_NAME $SMBSHARES/$count cifs credentials=$SMB_CREDENTIALS/SMB$count,uid=www-data,gid=www-data,file_mode=0770,dir_mode=0770,nounix,noserverino,cache=none 0 0" >> /etc/fstab - mkdir -p $SMB_CREDENTIALS - touch $SMB_CREDENTIALS/SMB$count - chown -R root:root $SMB_CREDENTIALS - chmod -R 600 $SMB_CREDENTIALS - echo "username=$SMB_USER" > $SMB_CREDENTIALS/SMB$count - echo "password=$SMB_PASSWORD" >> $SMB_CREDENTIALS/SMB$count - unset SMB_USER && unset SMB_PASSWORD - mkdir -p "$SMBSHARES/$count" - mount "$SMBSHARES/$count" - - # Check if mounting was successful - if ! mountpoint -q $SMBSHARES/$count - then - # If not remove this line from fstab -msg_box "It seems like the mount wasn't successful. It will get deleted now. Please try again. -As a hint: -- you might fix the connection problem by enabling SMB3 on your SMB-server. -- You could also try to use the IP-address of the SMB-server instead of the Server-name, if not already done. -- Please also make sure, that 'ping IP-address' of your SMB-Server from your Nextcloud-instance works." "$SUBTITLE" - sed -i "/$SMBSHARES_SED\/$count /d" /etc/fstab - if [ -f $SMB_CREDENTIALS/SMB$count ] - then - check_command rm $SMB_CREDENTIALS/SMB$count - fi - break - else - # Check if Nextcloud is existing - if [ -f $NCPATH/occ ] - then - # Install and enable files_external - if ! is_app_enabled files_external - then - install_and_enable_app files_external - fi - - # Create and mount external storage to the admin group - MOUNT_ID=$(occ_command files_external:create "SMB$count" local null::null -c datadir="$SMBSHARES/$count" ) - MOUNT_ID=${MOUNT_ID//[!0-9]/} - occ_command files_external:applicable --add-group=admin "$MOUNT_ID" -q - occ_command files_external:option "$MOUNT_ID" filesystem_check_changes 1 - - # Inform the user that mounting was successful -msg_box "Your mount was successful, congratulations! -It's now accessible in your root directory under $SMBSHARES/$count. -You are now using the Nextcloud external storage app to access files there. -The Share has been mounted to the Nextcloud admin-group. -You can now access 'https://yourdomain-or-ipaddress/settings/admin/externalstorages' to rename 'SMB$count' to whatever you like or e.g. enable sharing." "$SUBTITLE" - break - else - # Inform the user that mounting was successful - msg_box "Your mount was successful, congratulations!\nIt's now accessible in your root directory under $SMBSHARES/$count." "$SUBTITLE" - break - fi - fi - fi - count=$((count+1)) -done -return -} - -mount_shares() { - -local SUBTITLE="Mount SMB-shares" - -# Check if any SMB-share is created -if ! grep -q "$SMBSHARES" /etc/fstab -then - msg_box "It seems like you have not created any SMB-share." "$SUBTITLE" - return -fi -count=1 -while [ $count -le $MAX_COUNT ] -do - if grep -q "$SMBSHARES/$count " /etc/fstab - then - if mountpoint -q $SMBSHARES/$count - then - count=$((count+1)) - else - break - fi - else - count=$((count+1)) - fi -done -if [ $count -gt $MAX_COUNT ] -then - msg_box "No existing SMB-mount-entry is unmounted. So nothing to mount." "$SUBTITLE" - return -fi - -args=(whiptail --title "$TITLE - $SUBTITLE" --checklist "This option let you mount SMB-shares to connect to network-shares from the host-computer or other machines in the local network.\nChoose which one you want to mount.\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -count=1 - -# Find out which SMB-shares are available -while [ $count -le $MAX_COUNT ] -do - if ! mountpoint -q $SMBSHARES/$count && grep -q "$SMBSHARES/$count " /etc/fstab - then - args+=("$SMBSHARES/$count " "$(grep "$SMBSHARES/$count " /etc/fstab | awk '{print $1}')" OFF) - fi - count=$((count+1)) -done - -# Let the user choose which SMB-shares he wants to mount -selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) -count=1 - -# Mount selected SMB-shares -while [ $count -le $MAX_COUNT ] -do - if [[ $selected_options == *"$SMBSHARES/$count "* ]] - then - mount "$SMBSHARES/$count" - if ! mountpoint -q $SMBSHARES/$count - then - msg_box "It seems like the mount of $SMBSHARES/$count wasn't successful. Please try again." "$SUBTITLE" - else - msg_box "Your mount was successful, congratulations!\n It is accessible in your root directory in $SMBSHARES/$count\nYou can use the Nextcloud external storage app to access files there." "$SUBTITLE" - fi - fi - count=$((count+1)) -done -return -} - -show_all_mounts() { - -local SUBTITLE="Show all SMB-mounts" - -# If no entry created, nothing to show -if ! grep -q "$SMBSHARES" /etc/fstab -then - msg_box "You haven't created any SMB-mount. So nothing to show." "$SUBTITLE" - return -fi - -# Find out which SMB-shares are available -args=(whiptail --title "$TITLE - $SUBTITLE" --checklist "This option let you show detailed information about your SMB-shares.\nChoose which one you want to see.\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -count=1 -while [ $count -le $MAX_COUNT ] -do - if grep -q "$SMBSHARES/$count " /etc/fstab - then - args+=("$SMBSHARES/$count " "$(grep "$SMBSHARES/$count " /etc/fstab | awk '{print $1}')" OFF) - fi - count=$((count+1)) -done - -# Let the user choose which details he wants to see -selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - -# Show selected Shares -count=1 -while [ $count -le $MAX_COUNT ] -do - if [[ $selected_options == *"$SMBSHARES/$count "* ]] - then - if [ -f $SMB_CREDENTIALS/SMB$count ] - then - msg_box "$(grep "$SMBSHARES/$count " /etc/fstab)\n$(cat $SMB_CREDENTIALS/SMB$count)" "$SUBTITLE" - else - msg_box "$(grep "$SMBSHARES/$count " /etc/fstab)" "$SUBTITLE" - fi - fi - count=$((count+1)) -done -return -} - -change_mount() { - -local SUBTITLE="Change a SMB-mount" - -# If no entry created, nothing to show -if ! grep -q "$SMBSHARES" /etc/fstab -then - msg_box "You haven't created any SMB-mount. So nothing to change." "$SUBTITLE" - return -fi - -# Find out which SMB-shares are available -args=(whiptail --title "$TITLE - $SUBTITLE" --menu "This option let you change the password, the username and/or the network-share of one of your SMB-mounts.\nChoose which one you want to show." "$WT_HEIGHT" "$WT_WIDTH" 4) -count=1 -while [ $count -le $MAX_COUNT ] -do - if grep -q "$SMBSHARES/$count " /etc/fstab - then - args+=("$SMBSHARES/$count " "$(grep "$SMBSHARES/$count " /etc/fstab | awk '{print $1}')" ) - fi - count=$((count+1)) -done - -# Let the user choose which mount he wants to change -selected_option=$("${args[@]}" 3>&1 1>&2 2>&3) - -if [[ "$selected_option" == "" ]] -then - return -fi - -# Get count back from selected_option -count=${selected_option//[!0-9]/} - -# Test if SMB-share is still mounted and unmount if yes -if mountpoint -q "$SMBSHARES/$count" -then - umount "$SMBSHARES/$count" - was_mounted=yes - if mountpoint -q "$SMBSHARES/$count" - then - msg_box "It seems like the unmount of $SMBSHARES/$count wasn't successful while trying to change the mount. Please try again." "$SUBTITLE" - return - fi -fi - -# Store fstab entry for later in a variable -fstab_entry=$(grep "$SMBSHARES/$count " /etc/fstab) - -# Get old password and username -if ! [ -f "$SMB_CREDENTIALS/SMB$count" ] -then - SERVER_SHARE_NAME=$(echo "$fstab_entry" | awk '{print $1}') - SMB_USER=${fstab_entry##*username=} - SMB_USER=${SMB_USER%%,*} - SMB_PASSWORD=${fstab_entry##*password=} - SMB_PASSWORD=${SMB_PASSWORD%%,*} -else - old_credentials=$(cat "$SMB_CREDENTIALS/SMB$count") - SMB_USER=$(echo "$old_credentials" | grep username=) - SMB_USER=${SMB_USER##*username=} - SMB_PASSWORD=$(echo "$old_credentials" | grep password=) - SMB_PASSWORD=${SMB_PASSWORD##*password=} -fi - -# Let the user choose which entries he wants to change -choice=$(whiptail --title "$TITLE - $SUBTITLE" --checklist "$fstab_entry\n$old_credentials\nChoose which option you want to change.\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \ -"Password" "(change the password of the SMB-user)" OFF \ -"Username" "(change the username of the SMB-user)" OFF \ -"Share" "(change the SMB-share to use the same mount directory)" OFF 3>&1 1>&2 2>&3) - -case "$choice" in - *"Share"*) - clear - # Enter SMB-server and Share-name - SERVER_SHARE_NAME=$(input_box_flow "Please enter the server and Share-name like this:\n//Server/Share\nor\n//IP-address/Share" "$SUBTITLE") - SERVER_SHARE_NAME=${SERVER_SHARE_NAME// /\\040} - ;;& - *"Username"*) - clear - # Enter the SMB-user - SMB_USER=$(input_box_flow "Please enter the username of the SMB-user" "$SUBTITLE") - ;;& - *"Password"*) - clear - # Enter the password of the SMB-user - SMB_PASSWORD=$(input_box_flow "Please enter the password of the SMB-user $SMB_USER." "$SUBTITLE") - ;;& - "") - return - ;;& - *) - ;; -esac - -# Remove that line from fstab -selected_option_sed=${selected_option//\//\\/} -sed -i "/$selected_option_sed/d" /etc/fstab -unset old_credentials - -# Backup old credentials file -if [ -f "$SMB_CREDENTIALS/SMB$count" ] -then - mv "$SMB_CREDENTIALS/SMB$count" "$SMB_CREDENTIALS/SMB$count.old" -fi - -# Write changed line to /etc/fstab and mount -echo "$SERVER_SHARE_NAME $SMBSHARES/$count cifs credentials=$SMB_CREDENTIALS/SMB$count,uid=www-data,gid=www-data,file_mode=0770,dir_mode=0770,nounix,noserverino,cache=none 0 0" >> /etc/fstab -mkdir -p $SMB_CREDENTIALS -touch "$SMB_CREDENTIALS/SMB$count" -chown -R root:root $SMB_CREDENTIALS -chmod -R 600 $SMB_CREDENTIALS -echo "username=$SMB_USER" > "$SMB_CREDENTIALS/SMB$count" -echo "password=$SMB_PASSWORD" >> "$SMB_CREDENTIALS/SMB$count" -unset SMB_USER && unset SMB_PASSWORD -mount "$SMBSHARES/$count" - -# Check if mounting was successful -if ! mountpoint -q "$SMBSHARES/$count" -then - # If not remove this line from fstab - msg_box "It seems like the mount of the changed configuration wasn't successful. It will get deleted now. The old config will get restored now. Please try again to change the mount." "$SUBTITLE" - sed -i "/$selected_option_sed/d" /etc/fstab - echo "$fstab_entry" >> /etc/fstab - unset fstab_entry - if [ -f "$SMB_CREDENTIALS/SMB$count.old" ] - then - rm "$SMB_CREDENTIALS/SMB$count" - mv "$SMB_CREDENTIALS/SMB$count.old" "$SMB_CREDENTIALS/SMB$count" - fi - if [[ $was_mounted == yes ]] - then - unset was_mounted - mount "$SMBSHARES/$count" - if ! mountpoint -q "$SMBSHARES/$count" - then - msg_box "Your old configuration couldn't get mounted but is restored to /etc/fstab." "$SUBTITLE" - fi - fi -else - # Remove the backup file - if [ -f "$SMB_CREDENTIALS/SMB$count.old" ] - then - check_command rm "$SMB_CREDENTIALS/SMB$count.old" - fi - - # Inform the user that mounting was successful - msg_box "Your change of the mount was successful, congratulations!" "$SUBTITLE" -fi - -} - -unmount_shares() { - -local SUBTITLE="Unmount SMB-shares" - -# Check if any SMB-shares are available for unmounting -count=1 -while [ $count -le $MAX_COUNT ] -do - if ! mountpoint -q $SMBSHARES/$count - then - count=$((count+1)) - else - break - fi -done -if [ $count -gt $MAX_COUNT ] -then - msg_box "You haven't mounted any SMB-mount. So nothing to unmount" "$SUBTITLE" - return -fi - -# Find out which SMB-shares are available -args=(whiptail --title "$TITLE - $SUBTITLE" --checklist "This option let you unmount SMB-shares to disconnect network-shares from the host-computer or other machines in the local network.\nChoose what you want to do.\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -count=1 -while [ $count -le $MAX_COUNT ] -do - if mountpoint -q $SMBSHARES/$count - then - args+=("$SMBSHARES/$count " "$(grep "$SMBSHARES/$count " /etc/fstab | awk '{print $1}')" OFF) - fi - count=$((count+1)) -done - -# Let the user select which SMB-shares he wants to unmount -selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) -count=1 -while [ $count -le $MAX_COUNT ] -do - if [[ $selected_options == *"$SMBSHARES/$count "* ]] - then - umount "$SMBSHARES/$count" - if mountpoint -q $SMBSHARES/$count - then - msg_box "It seems like the unmount of $SMBSHARES/$count wasn't successful. Please try again." "$SUBTITLE" - else - msg_box "Your unmount of $SMBSHARES/$count was successful!" "$SUBTITLE" - fi - fi - count=$((count+1)) -done -return -} - -delete_mounts() { - -local SUBTITLE="Delete SMB-mounts" - -# Check if any SMB-share is available -if ! grep -q "$SMBSHARES" /etc/fstab -then - msg_box "You haven't created any SMB-mount, nothing to delete." "$SUBTITLE" - return -fi - -# Check which SMB-shares are available -args=(whiptail --title "$TITLE - $SUBTITLE" --checklist "This option let you delete SMB-shares to disconnect and remove network-shares from the Nextcloud VM.\nChoose what you want to do.\n$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4) -count=1 -while [ $count -le $MAX_COUNT ] -do - if grep -q "$SMBSHARES/$count " /etc/fstab - then - args+=("$SMBSHARES/$count " "$(grep "$SMBSHARES/$count " /etc/fstab | awk '{print $1}')" OFF) - fi - count=$((count+1)) -done - -# Let the user choose which SMB-shares he wants to delete -selected_options=$("${args[@]}" 3>&1 1>&2 2>&3) - -# Delete the selected SMB-shares -count=1 -while [ $count -le $MAX_COUNT ] -do - if [[ $selected_options == *"$SMBSHARES/$count "* ]] - then - if mountpoint -q $SMBSHARES/$count - then - umount "$SMBSHARES/$count" - if mountpoint -q $SMBSHARES/$count - then - msg_box "It seems like the unmount of $SMBSHARES/$count wasn't successful during the deletion. Please try again." "$SUBTITLE" - else - sed -i "/$SMBSHARES_SED\/$count /d" /etc/fstab - if [ -f $SMB_CREDENTIALS/SMB$count ] - then - check_command rm $SMB_CREDENTIALS/SMB$count - fi - msg_box "Your deletion of $SMBSHARES/$count was successful!" "$SUBTITLE" - fi - else - sed -i "/$SMBSHARES_SED\/$count /d" /etc/fstab - if [ -f $SMB_CREDENTIALS/SMB$count ] - then - check_command rm $SMB_CREDENTIALS/SMB$count - fi - msg_box "Your deletion of $SMBSHARES/$count was successful!" "$SUBTITLE" - fi - fi - count=$((count+1)) -done -return -} - -# Loop main menu until exited -while : -do - # Main menu - choice=$(whiptail --title "$TITLE" --menu "This script let you manage SMB-shares to access files from the host-computer or other machines in the local network.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Add a SMB-mount" "(and mount/connect it)" \ - "Mount SMB-shares" "(connect SMB-shares)" \ - "Show all SMB-mounts" "(show detailed information about the SMB-mounts)" \ - "Change a SMB-mount" "(change password, username &/or share of a mount)" \ - "Unmount SMB-shares" "(disconnect SMB-shares)" \ - "Delete SMB-mounts" "(and unmount/disconnect them)" \ - "Exit SMB-share" "(exit this script)" 3>&1 1>&2 2>&3) - - case "$choice" in - "Add a SMB-mount") - add_mount - ;; - "Mount SMB-shares") - mount_shares - ;; - "Show all SMB-mounts") - show_all_mounts - ;; - "Change a SMB-mount") - change_mount - ;; - "Unmount SMB-shares") - unmount_shares - ;; - "Delete SMB-mounts") - delete_mounts - ;; - "Exit SMB-share") - break - ;; - "") - break - ;; - *) - ;; - esac -done -exit diff --git a/apps/talk.sh b/apps/talk.sh deleted file mode 100644 index 646839df18..0000000000 --- a/apps/talk.sh +++ /dev/null @@ -1,180 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Talk" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update -turn_install - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Must be 20.04 -if ! version 20.04 "$DISTRO" 20.04.6 -then -msg_box "Your current Ubuntu version is $DISTRO but must be between 20.04 - 20.04.6 to install Talk" -msg_box "Please contact us to get support for upgrading your server: -https://www.hanssonit.se/#contact -https://shop.hanssonit.se/" -exit -fi - -# Nextcloud 13 is required. -lowest_compatible_nc 13 - -# Check if adminer is already installed -print_text_in_color "$ICyan" "Checking if Talk is already installed..." -if [ -n "$(occ_command_no_check config:app:get spreed turn_servers | sed 's/\[\]//')" ] || is_this_installed coturn -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Nextcloud Talk' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Nextcloud Talk" "" \ - "Uninstall Nextcloud Talk" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Nextcloud Talk") - print_text_in_color "$ICyan" "Uninstalling Nextcloud Talk and resetting all settings..." - occ_command_no_check config:app:delete spreed stun_servers - occ_command_no_check config:app:delete spreed turn_servers - occ_command_no_check app:remove spreed - rm $TURN_CONF - apt-get purge coturn -y - msg_box "Nextcloud Talk was successfully uninstalled and all settings were resetted." - exit - ;; - "Reinstall Nextcloud Talk") - print_text_in_color "$ICyan" "Reinstalling Nextcloud Talk..." - occ_command_no_check config:app:delete spreed stun_servers - occ_command_no_check config:app:delete spreed turn_servers - occ_command_no_check app:remove spreed - rm $TURN_CONF - apt-get purge coturn -y - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Nextcloud Talk..." -fi - -# Check if Nextcloud is installed -print_text_in_color "$ICyan" "Checking if Nextcloud is installed..." -if ! curl -s https://"${TURN_DOMAIN//\\/}"/status.php | grep -q 'installed":true' -then -msg_box "It seems like Nextcloud is not installed or that you don't use https on: -${TURN_DOMAIN//\\/} -Please install Nextcloud and make sure your domain is reachable, or activate TLS -on your domain to be able to run this script. -If you use the Nextcloud VM you can use the Let's Encrypt script to get TLS and activate your Nextcloud domain. - -When TLS is activated, run these commands from your terminal: -sudo curl -sLO $APP/talk.sh -sudo bash talk.sh" - exit 1 -fi - -# Let the user choose port. TURN_PORT in msg_box is taken from lib.sh and later changed if user decides to. -msg_box "The default port for Talk used in this script is port $TURN_PORT. -You can read more about that port here: https://www.speedguide.net/port.php?port=$TURN_PORT - -You will now be given the option to change this port to something of your own. -Please keep in mind NOT to use the following ports as they are likley to be in use already: -${NONO_PORTS[*]}" - -if yesno_box_no "Do you want to change port?" -then - # Ask for port - TURN_PORT=$(input_box_flow "Please enter the port you will use for Nextcloud Talk") -fi - -containsElement () { - local e match="$1" - shift - for e; do [[ "$e" == "$match" ]] && return 0; done - return 1 -} - -if containsElement "$TURN_PORT" "${NONO_PORTS[@]}" -then - msg_box "You have to choose another port. Please start over." - exit 1 -fi - -# Install TURN -check_command install_if_not coturn -check_command sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn - -# Create log for coturn -mkdir -p "$VMLOGS" -touch "$VMLOGS"/turnserver.log - -# Generate $TURN_CONF -cat << TURN_CREATE > "$TURN_CONF" -listening-port=$TURN_PORT -fingerprint -use-auth-secret -static-auth-secret=$TURN_SECRET -realm=$TURN_DOMAIN -total-quota=100 -bps-capacity=0 -stale-nonce -no-multicast-peers -no-stdout-log -simple-log -log-file=$VMLOGS/turnserver.log -TURN_CREATE -if [ -f "$TURN_CONF" ]; -then - print_text_in_color "$IGreen" "$TURN_CONF was successfully created." -else - print_text_in_color "$IRed" "Unable to create $TURN_CONF, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 -fi - -# Restart the TURN server -check_command systemctl restart coturn.service - -# Warn user to open port -msg_box "You have to open $TURN_PORT TCP/UDP in your firewall or your TURN/STUN server won't work! -After you hit OK the script will check for the firewall and eventually exit on failure. - -To run again the setup, after fixing your firewall: -sudo -sLO $APP/talk.sh -sudo bash talk.sh" - -# Check if the port is open -check_open_port "$TURN_PORT" "$TURN_DOMAIN" - -# Enable Spreed (Talk) -STUN_SERVERS_STRING="[\"$TURN_DOMAIN:$TURN_PORT\"]" -TURN_SERVERS_STRING="[{\"server\":\"$TURN_DOMAIN:$TURN_PORT\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]" -if ! is_app_installed spreed -then - install_and_enable_app spreed - occ_command config:app:set spreed stun_servers --value="$STUN_SERVERS_STRING" --output json - occ_command config:app:set spreed turn_servers --value="$TURN_SERVERS_STRING" --output json - chown -R www-data:www-data "$NC_APPS_PATH" -fi - -if is_app_installed spreed -then -msg_box "Nextcloud Talk is now installed. For more information about Nextcloud Talk and its mobile apps visit: -https://nextcloud.com/talk/" -fi - -exit diff --git a/apps/talk_signaling.sh b/apps/talk_signaling.sh deleted file mode 100644 index 09796829ea..0000000000 --- a/apps/talk_signaling.sh +++ /dev/null @@ -1,435 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Talk with Signaling Server" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Get all needed variables from the library -nc_update -turn_install - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Must be 20.04 -if ! version 20.04 "$DISTRO" 20.04.6 -then -msg_box "Your current Ubuntu version is $DISTRO but must be between 20.04 - 20.04.6 to install Talk" -msg_box "Please contact us to get support for upgrading your server: -https://www.hanssonit.se/#contact -https://shop.hanssonit.se/" -exit -fi - -# Nextcloud 13 is required. -lowest_compatible_nc 19 - -####################### TALK (COTURN) - -# Check if Nextcloud is installed with TLS -check_nextcloud_https "Nextclod Talk" - -# Check if talk/spreed is already installed -print_text_in_color "$ICyan" "Checking if Talk is already installed..." -if [ -n "$(occ_command_no_check config:app:get spreed turn_servers | sed 's/\[\]//')" ] || is_this_installed coturn -then - choice=$(whiptail --title "$TITLE" --menu "It seems like 'Nextcloud Talk' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \ - "Reinstall Nextcloud Talk" "" \ - "Uninstall Nextcloud Talk" "" 3>&1 1>&2 2>&3) - - case "$choice" in - "Uninstall Nextcloud Talk") - print_text_in_color "$ICyan" "Uninstalling Nextcloud Talk and resetting all settings..." - occ_command_no_check config:app:delete spreed stun_servers - occ_command_no_check config:app:delete spreed turn_servers - occ_command_no_check config:app:delete spreed signaling_servers - occ_command_no_check app:remove spreed - rm -rf \ - "$TURN_CONF" \ - "$SIGNALING_SERVER_CONF" \ - /etc/nats \ - /etc/janus \ - /etc/apt/trusted.gpg.d/morph027-janus.asc \ - /etc/apt/trusted.gpg.d/morph027-nats-server.asc \ - /etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc \ - /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list\ - /etc/apt/sources.list.d/morph027-janus.list \ - /etc/apt/sources.list.d/morph027-nats-server.list \ - $VMLOGS/talk_apache_error.log \ - $VMLOGS/talk_apache_access.log \ - $VMLOGS/turnserver.log \ - /var/www/html/error - apt-get purge coturn -y - apt-get purge nats-server -y - apt-get purge janus -y - apt-get purge nextcloud-spreed-signaling -y - apt autoremove -y - msg_box "Nextcloud Talk was successfully uninstalled and all settings were reverted." - exit - ;; - "Reinstall Nextcloud Talk") - print_text_in_color "$ICyan" "Reinstalling Nextcloud Talk..." - occ_command_no_check config:app:delete spreed stun_servers - occ_command_no_check config:app:delete spreed turn_servers - occ_command_no_check config:app:delete spreed signaling_servers - occ_command_no_check app:remove spreed - rm -rf \ - "$TURN_CONF" \ - "$SIGNALING_SERVER_CONF" \ - /etc/nats \ - /etc/janus \ - /etc/apt/trusted.gpg.d/morph027-janus.asc \ - /etc/apt/trusted.gpg.d/morph027-nats-server.asc \ - /etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc \ - /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list\ - /etc/apt/sources.list.d/morph027-janus.list \ - /etc/apt/sources.list.d/morph027-nats-server.list - apt-get purge coturn -y - apt-get purge nats-server -y - apt-get purge janus -y - apt-get purge nextcloud-spreed-signaling -y - apt autoremove -y - ;; - "") - exit 1 - ;; - *) - ;; - esac -else - print_text_in_color "$ICyan" "Installing Nextcloud Talk..." -fi - -# Let the user choose port. TURN_PORT in msg_box is taken from lib.sh and later changed if user decides to. -msg_box "The default port for Talk used in this script is port $TURN_PORT. -You can read more about that port here: https://www.speedguide.net/port.php?port=$TURN_PORT -You will now be given the option to change this port to something of your own. -Please keep in mind NOT to use the following ports as they are likley to be in use already: -${NONO_PORTS[*]}" - -if yesno_box_no "Do you want to change port?" -then - # Ask for port - TURN_PORT=$(input_box_flow "Please enter the port you will use for Nextcloud Talk") -fi - -containsElement () { - local e match="$1" - shift - for e; do [[ "$e" == "$match" ]] && return 0; done - return 1 -} - -if containsElement "$TURN_PORT" "${NONO_PORTS[@]}" -then - msg_box "You have to choose another port. Please start over." - exit 1 -fi - -# Install TURN -check_command install_if_not coturn -check_command sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn - -# Create log for coturn -install -d -m 777 "$VMLOGS" -install -o turnserver -g turnserver -m 660 /dev/null /var/log - -# Generate $TURN_CONF -cat << TURN_CREATE > "$TURN_CONF" -listening-port=$TURN_PORT -fingerprint -use-auth-secret -static-auth-secret=$TURN_SECRET -realm=$TURN_DOMAIN -total-quota=100 -bps-capacity=0 -stale-nonce -no-multicast-peers -no-stdout-log -simple-log -log-file=$VMLOGS/turnserver.log -TURN_CREATE -if [ -f "$TURN_CONF" ]; -then - print_text_in_color "$IGreen" "$TURN_CONF was successfully created." -else - print_text_in_color "$IRed" "Unable to create $TURN_CONF, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 -fi - -# Restart the TURN server -check_command systemctl restart coturn.service - -# Warn user to open port -msg_box "You have to open $TURN_PORT TCP/UDP in your firewall or your TURN/STUN server won't work! -After you hit OK the script will check for the firewall and eventually exit on failure. -To run again the setup, after fixing your firewall: -sudo -sLO $APP/talk_signaling.sh -sudo bash talk_signaling.sh" - -# Check if the port is open -check_open_port "$TURN_PORT" "$TURN_DOMAIN" - -# Enable Spreed (Talk) -STUN_SERVERS_STRING="[\"$TURN_DOMAIN:$TURN_PORT\"]" -TURN_SERVERS_STRING="[{\"server\":\"$TURN_DOMAIN:$TURN_PORT\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]" - -if ! is_app_enabled spreed -then - install_and_enable_app spreed -fi - -occ_command config:app:set spreed stun_servers --value="$STUN_SERVERS_STRING" --output json -occ_command config:app:set spreed turn_servers --value="$TURN_SERVERS_STRING" --output json -chown -R www-data:www-data "$NC_APPS_PATH" - -msg_box "Nextcloud Talk is now installed. For more information about Nextcloud Talk and its mobile apps visit:\nhttps://nextcloud.com/talk/" - -####################### SIGNALING - -DESCRIPTION="Talk Signaling Server" - -msg_box "You will now be presented with the option to install the Talk Signaling (STUN) server. -This aims to give you greater performance and ability to have more users in a call at the same time. - -You can read more here: -https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/README.md - -We will use apt packages from https://gitlab.com/morph027 which is a trusted contributor to this repository. - -The exact sources can be found here: -https://gitlab.com/packaging/nextcloud-spreed-signaling -https://gitlab.com/packaging/janus/" - -# Ask the user if he/she wants the HPB server as well -if ! yesno_box_yes "Do you want to install the $DESCRIPTION?" -then - exit 1 -fi - -# Ask for the domain for Talk -SUBDOMAIN=$(input_box_flow "Talk Signaling Server subdomain e.g: talk.yourdomain.com\n\nNOTE: This domain must be different than your Nextcloud domain. They can however be hosted on the same server, but would require seperate DNS entries.") - -# curl the lib another time to get the correct https_conf -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# NATS -## Pre-Configuration -mkdir -p /etc/nats -echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf -## Installation -curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nats-server.asc" "https://packaging.gitlab.io/nats-server/gpg.key" -echo "deb [arch=amd64] https://packaging.gitlab.io/nats-server nats main" > /etc/apt/sources.list.d/morph027-nats-server.list -apt update -q4 & spinner_loading -install_if_not nats-server -chown nats:nats /etc/nats/nats.conf -start_if_stopped nats-server -check_command systemctl enable nats-server - -# Janus WebRTC Server -## Installation -. /etc/lsb-release -curl -sL -o "/etc/apt/trusted.gpg.d/morph027-janus.asc" "https://packaging.gitlab.io/janus/gpg.key" -echo "deb [arch=amd64] https://packaging.gitlab.io/janus/$DISTRIB_CODENAME $DISTRIB_CODENAME main" > /etc/apt/sources.list.d/morph027-janus.list -apt update -q4 & spinner_loading -install_if_not janus -## Configuration -sed -i "s|#turn_rest_api_key\s*=.*|$JANUS_API_KEY|" /etc/janus/janus.jcfg -sed -i "s|#full_trickle|full_trickle|g" /etc/janus/janus.jcfg -sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg -sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg -start_if_stopped janus -check_command systemctl enable janus - -# HPB -## Installation -curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc" "https://packaging.gitlab.io/nextcloud-spreed-signaling/gpg.key" -echo "deb [arch=amd64] https://packaging.gitlab.io/nextcloud-spreed-signaling signaling main" > /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list -apt update -q4 & spinner_loading -install_if_not nextcloud-spreed-signaling -## Configuration -if [ ! -f "$SIGNALING_SERVER_CONF" ]; -then - cat << SIGNALING_CONF_CREATE > "$SIGNALING_SERVER_CONF" -[http] -listen = 127.0.0.1:8081 -[app] -debug = false -[sessions] -hashkey = $(openssl rand -hex 16) -blockkey = $(openssl rand -hex 16) -[clients] -internalsecret = $(openssl rand -hex 16) -[backend] -allowed = ${TURN_DOMAIN} -allowall = false -secret = ${NC_SECRET} -timeout = 10 -connectionsperhost = 8 -[nats] -url = nats://localhost:4222 -[mcu] -type = janus -url = ws://127.0.0.1:8188 -[turn] -apikey = ${JANUS_API_KEY} -secret = ${TURN_SECRET} -servers = turn:$TURN_DOMAIN:$TURN_PORT?transport=tcp,turn:$TURN_DOMAIN:$TURN_PORT?transport=udp -SIGNALING_CONF_CREATE -fi -start_if_stopped signaling -check_command systemctl enable signaling - -# Apache Proxy -# https://github.com/strukturag/nextcloud-spreed-signaling#apache - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# Install Apache2 -install_if_not apache2 - -# Enable Apache2 module's -a2enmod proxy -a2enmod proxy_wstunnel -a2enmod proxy_http -a2enmod ssl -a2enmod headers -a2enmod remoteip - -# Allow CustomLog -touch $VMLOGS/talk_apache_access.log -touch $VMLOGS/talk_apache_error.log -chown www-data:www-data $VMLOGS/talk_apache_error.log $VMLOGS/talk_apache_access.log - -# Prep the error page -mkdir -p /var/www/html/error -echo "Hi there! :) If you see this page, the Apache2 proxy for $DESCRIPTION is up and running." > /var/www/html/error/404_proxy.html -chown -R www-data:www-data /var/www/html/error - -if [ -f "$HTTPS_CONF" ] -then - a2dissite "$SUBDOMAIN.conf" - rm -f "$HTTPS_CONF" -fi - -if [ ! -f "$HTTPS_CONF" ]; -then - cat << HTTPS_CREATE > "$HTTPS_CONF" - - ServerName $SUBDOMAIN:443 - SSLEngine on - ServerSignature On - SSLHonorCipherOrder on - SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem - SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB - SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - LogLevel warn - CustomLog $VMLOGS/talk_apache_access.log combined - ErrorLog $VMLOGS/talk_apache_error.log - # Just in case - see below - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - # contra mixed content warnings - RequestHeader set X-Forwarded-Proto "https" - # Custom error page - ProxyErrorOverride On - DocumentRoot "/var/www/html" - ProxyPass /error/ ! - ErrorDocument 404 /error/404_proxy.html - # Enable proxying Websocket requests to the standalone signaling server. - # https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html - ProxyPass / "http://127.0.0.1:8081/" - RewriteEngine on - RewriteCond %{HTTP:Upgrade} websocket [NC] - RewriteCond %{HTTP:Connection} upgrade [NC] - RewriteRule ^/?(.*) "ws://127.0.0.1:8081/\$1" [P,L] - # Extra (remote) headers - RequestHeader set X-Real-IP %{REMOTE_ADDR}s - Header set X-XSS-Protection "1; mode=block" - Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - Header set X-Content-Type-Options nosniff - Header set Content-Security-Policy "frame-ancestors 'self'" - -HTTPS_CREATE - - if [ -f "$HTTPS_CONF" ]; - then - print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created." - sleep 1 - else - print_text_in_color "$IRed" "Unable to create vhost, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 - fi -fi - -# Install certbot (Let's Encrypt) -install_certbot - -# Generate certs and auto-configure if successful -if generate_cert "$SUBDOMAIN" -then - # Generate DHparams chifer - if [ ! -f "$DHPARAMS_SUB" ] - then - openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096 - fi - print_text_in_color "$IGreen" "Certs are generated!" - a2ensite "$SUBDOMAIN.conf" - restart_webserver -else - # remove settings to be able to start over again - rm -f "$HTTPS_CONF" - last_fail_tls "$SCRIPTS"/apps/talk_signaling.sh - exit 1 -fi - -## TODO -# Add to /etc/hosts -# Based on https://help.nextcloud.com/t/nextcloud-talk-signaling-server-now-automated-installation/90567/17?u=enoch85 -# echo "127.0.1.1 $SUBDOMAIN" >> /etc/hosts - -# Set signaling server strings -SIGNALING_SERVERS_STRING="{\"servers\":[{\"server\":\"https://$SUBDOMAIN/\",\"verify\":true}],\"secret\":\"$NC_SECRET\"}" -occ_command config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS_STRING" --output json - -# Check that everything is working -if ! curl -L https://"$SUBDOMAIN"/api/v1/welcome -then - msg_box "Installation failed. :/\n\nPlease run this script again to uninstall if you want to clean the system, or choose to reinstall if you want to try again.\n\nLogging can be found by typing: journalctl -lfu signaling" - exit 1 -else - msg_box "Congratulations, everything is working as intended! The installation succeeded.\n\nLogging can be found by typing: journalctl -lfu signaling" - exit 0 -fi diff --git a/apps/tmbitwarden.sh b/apps/tmbitwarden.sh deleted file mode 100644 index 20c2b78324..0000000000 --- a/apps/tmbitwarden.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Bitwarden" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Check if Bitwarden is already installed -print_text_in_color "$ICyan" "Checking if Bitwarden is already installed..." -if is_docker_running -then - if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden"; - then - if is_this_installed apache2 - then - if [ -d /root/bwdata ] || [ -d "$BITWARDEN_HOME"/bwdata ] - then -msg_box "It seems like Bitwarden is already installed. -You cannot install it again because you would loose all your data and passwords. - -If you are certain that you definitely want to delete Bitwarden and all -its data to be able to reinstall it, you can execute the following commands: - -systemctl stop bitwarden -docker volume prune -f -docker system prune -af -rm -rf ${BITWARDEN_HOME:?}/bwdata" - exit 1 - fi - fi - fi -fi - -print_text_in_color "$ICyan" "Installing Bitwarden password manager..." - -msg_box "Bitwarden is a password manager that is seperate from Nextcloud, though we provide this service because it's self hosted and secure. - -To be able to use Bitwarden, you need a seperate subdomain. Please create a DNS record and point it to this server, e.g: bitwarden.yourdomain.com. -After Bitwarden is setup, we will automatically generate a TLS cert with Let's Enrypt. There's no need to get your own prior to this setup, nor during the Bitwarden setup. - -The script is based on this documentation: https://help.bitwarden.com/article/install-on-premise/ -It's a good idea to read that before you start this script. - -Please also report any issues regarding this script setup to $ISSUES" - -msg_box "The necessary preparations to run expose Bitwarden to the internet are: -1. Please open port 443 and 80 and point to this server. -2. Please create a DNS record for your subdomain and point that to this server. -3. Raise the amount of RAM to this server to at least 4 GB." - -if ! yesno_box_yes "Have you made the necessary preparations?" -then -msg_box "OK, please do the necessary preparations before you run this script and then simply run it again once you're done. - -To run this script again, execute $SCRIPTS/menu.sh and choose Additional Apps --> Bitwarden" - exit -fi - -# Test RAM size (3 GB min) + CPUs (min 2) -ram_check 4 Bitwarden -cpu_check 2 Bitwarden - -msg_box "IMPORTANT, PLEASE READ! - -In the next steps you will be asked to answer some questions. -The questions are from the Bitwarden setup script, and therefore nothing that we control. - -It's important that you answer the questions correclty for the rest of the setup to work properly, -and to be able to generate a valid TLS certificate automatically with our own (this) script. - -Basically: -1. Enter the domain for Bitwarden -2. Answer 'no' to the question if you want Let's Encrypt -3. Enter your installation id and keys -4. Continue to answer 'no' to everything related to SSL/TLS. - -Please have a look at how the questions are answered here if you are uncertain: -https://imgur.com/a/3ytwvp6" - -# Install Docker -install_docker -install_if_not docker-compose - -# Create bitwarden user -if ! id "$BITWARDEN_USER" >/dev/null 2>&1 -then - print_text_in_color "$ICyan" "Specifying a certain user for Bitwarden: $BITWARDEN_USER..." - useradd -s /bin/bash -d "$BITWARDEN_HOME" -m -G docker "$BITWARDEN_USER" -else - userdel "$BITWARDEN_USER" - rm -rf "${BITWARDEN_HOME:?}/" - print_text_in_color "$ICyan" "Specifying a certain user for Bitwarden: $BITWARDEN_USER..." - useradd -s /bin/bash -d "$BITWARDEN_HOME/" -m -G docker "$BITWARDEN_USER" -fi - -# Wait for home to be created -while : -do - if ! ls "$BITWARDEN_HOME" >/dev/null 2>&1 - then - print_text_in_color "$ICyan" "Waiting for $BITWARDEN_HOME to be created" - sleep 1 - else - break - fi -done - -# Create the service -print_text_in_color "$ICyan" "Creating the Bitwarden service..." - -cat << BITWARDEN_SERVICE > /etc/systemd/system/bitwarden.service -[Unit] -Description=Bitwarden -Requires=docker.service -After=docker.service - -[Service] -Type=oneshot -User=$BITWARDEN_USER -Group=$BITWARDEN_USER -ExecStart=$BITWARDEN_HOME/bitwarden.sh start -RemainAfterExit=true -ExecStop=$BITWARDEN_HOME/bitwarden.sh stop - -[Install] -WantedBy=multi-user.target -BITWARDEN_SERVICE - -# Set permissions and enable the service -sudo chmod 644 /etc/systemd/system/bitwarden.service -check_command systemctl enable bitwarden - -# Install Bitwarden -install_if_not curl -check_command cd "$BITWARDEN_HOME" -curl_to_dir "https://raw.githubusercontent.com/bitwarden/core/master/scripts" "bitwarden.sh" "$BITWARDEN_HOME" -chmod +x "$BITWARDEN_HOME"/bitwarden.sh -chown -R "$BITWARDEN_USER":"$BITWARDEN_USER" "$BITWARDEN_HOME" -check_command sudo -u "$BITWARDEN_USER" ./bitwarden.sh install -check_command systemctl daemon-reload - -# Check if all ssl settings were entered correctly -if grep ^url "$BITWARDEN_HOME"/bwdata/config.yml | grep -q https || grep ^url "$BITWARDEN_HOME"/bwdata/config.yml | grep -q localhost -then - msg_box "It seems like some of the settings you entered are wrong. We will now remove Bitwarden so that you can start over with the installation." - check_command systemctl stop bitwarden - docker volume prune -f - docker system prune -af - rm -rf "${BITWARDEN_HOME:?}/"bwdata - exit 1 -fi - -# Continue with the installation -sed -i "s|http_port.*|http_port: 5178|g" "$BITWARDEN_HOME"/bwdata/config.yml -sed -i "s|https_port.*|https_port: 5179|g" "$BITWARDEN_HOME"/bwdata/config.yml -USERID=$(id -u $BITWARDEN_USER) -USERGROUPID=$(id -g $BITWARDEN_USER) -sed -i "s|database_docker_volume:.*|database_docker_volume: true|g" "$BITWARDEN_HOME"/bwdata/config.yml -sed -i "s|LOCAL_UID=.*|LOCAL_UID=$USERID|g" "$BITWARDEN_HOME"/bwdata/env/uid.env -sed -i "s|LOCAL_GID=.*|LOCAL_GID=$USERGROUPID|g" "$BITWARDEN_HOME"/bwdata/env/uid.env -# Get Subdomain from config.yml and change it to https -SUBDOMAIN=$(grep ^url "$BITWARDEN_HOME"/bwdata/config.yml) -SUBDOMAIN=${SUBDOMAIN##*url: http://} -sed -i "s|^url: .*|url: https://$SUBDOMAIN|g" "$BITWARDEN_HOME"/bwdata/config.yml -sed -i 's|http://|https://|g' "$BITWARDEN_HOME"/bwdata/env/global.override.env -check_command sudo -u "$BITWARDEN_USER" ./bitwarden.sh rebuild -print_text_in_color "$ICyan" "Starting Bitwarden for the first time, please be patient..." -check_command sudo -u "$BITWARDEN_USER" ./bitwarden.sh start -# We dont' need this for Bitwarden to start, but it's a great way to find out if the DB is online or not. -countdown "Waiting for the DB to come online..." 5 -check_command sudo -u "$BITWARDEN_USER" ./bitwarden.sh updatedb - -# Produce reverse-proxy config and get lets-encrypt certificate -msg_box "We'll now setup the Apache Proxy that will act as TLS front for your Bitwarden installation." - -# Curl the lib another time to get the correct HTTPS_CONF -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if $SUBDOMAIN exists and is reachable -print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..." -domain_check_200 "$SUBDOMAIN" - -# Check open ports with NMAP -check_open_port 80 "$SUBDOMAIN" -check_open_port 443 "$SUBDOMAIN" - -# Install Apache2 -install_if_not apache2 - -# Enable Apache2 module's -a2enmod proxy -a2enmod proxy_wstunnel -a2enmod proxy_http -a2enmod ssl -a2enmod headers -a2enmod remoteip - -if [ -f "$HTTPS_CONF" ] -then - a2dissite "$SUBDOMAIN.conf" - rm -f "$HTTPS_CONF" -fi - -if [ ! -f "$HTTPS_CONF" ]; -then - cat << HTTPS_CREATE > "$HTTPS_CONF" - - ServerName $SUBDOMAIN:443 - SSLEngine on - ServerSignature On - SSLHonorCipherOrder on - SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem - SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB - - SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/access.log combined - ErrorLog ${APACHE_LOG_DIR}/error.log - # Just in case - see below - SSLProxyEngine On - SSLProxyVerify None - SSLProxyCheckPeerCN Off - SSLProxyCheckPeerName Off - # contra mixed content warnings - RequestHeader set X-Forwarded-Proto "https" - # basic proxy settings - ProxyRequests off - ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.1:5178/$1$2" - ProxyPass / "http://127.0.0.1:5178/" - ProxyPassReverse / "http://127.0.0.1:5178/" - # Extra (remote) headers - RequestHeader set X-Real-IP %{REMOTE_ADDR}s - Header set X-XSS-Protection "1; mode=block" - Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - Header set X-Content-Type-Options nosniff - Header set Content-Security-Policy "frame-ancestors 'self'" - - ProxyPassReverse / - - -HTTPS_CREATE - - if [ -f "$HTTPS_CONF" ]; - then - print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created." - sleep 1 - else - print_text_in_color "$IRed" "Unable to create vhost, exiting..." - print_text_in_color "$IRed" "Please report this issue here $ISSUES" - exit 1 - fi -fi - -# Install certbot (Let's Encrypt) -install_certbot - -# Generate certs and auto-configure if successful -if generate_cert "$SUBDOMAIN" -then - # Generate DHparams chifer - if [ ! -f "$DHPARAMS_SUB" ] - then - openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096 - fi - print_text_in_color "$IGreen" "Certs are generated!" - a2ensite "$SUBDOMAIN.conf" - restart_webserver -else - # remove settings to be able to start over again - rm -f "$HTTPS_CONF" - last_fail_tls "$SCRIPTS"/apps/tmbitwarden.sh - systemctl stop bitwarden - docker volume prune -f - docker system prune -af - rm -rf "${BITWARDEN_HOME:?}/"bwdata - exit 1 -fi - -# Add prune command -add_dockerprune - -msg_box "Bitwarden was sucessfully installed! Please visit $SUBDOMAIN to setup your account. - -After the account is registered, please disable user registration by running sudo bash $SCRIPTS/menu.sh and choose: -Additional Apps --> Bitwarden --> Bitwarden Registration - -Some notes to the Bitwarden service: -to START Bitwarden, simply execute: 'systemctl start bitwarden' -to STOP Bitwarden, simply execute: 'systemctl stop bitwarden' -to RESTART Bitwarden, simply execute: 'systemctl restart bitwarden'" - -msg_box "In case you want to backup Bitwarden, you should know that the MSSQL files are stored here: -/var/lib/docker/volumes/docker_mssql_data/_data - -This is beacuse we run the database as a Docker container, and not directly on the filesystem - which otherwise would be the default. -Reason? We found it to be more stable running in a container, several sources in their issue tracker also confirms the same thing." - -exit diff --git a/apps/webmin.sh b/apps/webmin.sh deleted file mode 100644 index 524a42137e..0000000000 --- a/apps/webmin.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Webmin" -SCRIPT_EXPLAINER="Webmin is a web-based interface for system administration for Unix. -Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. -Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. -See the following page with standard modules for a list of all the functions built into Webmin: https://webmin.com/standard.html" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Check if root -root_check - -# Show explainer -explainer_popup - -# Check if webmin is already installed -print_text_in_color "$ICyan" "Checking if Webmin is already installed..." -if is_this_installed webmin -then - # Ask for removal or reinstallation - reinstall_remove_menu - # Removal - check_command apt-get purge webmin -y - rm -rf /etc/apt/sources.list.d/webmin.list - # Show successful uninstall if applicable - removal_popup -else - print_text_in_color "$ICyan" "Installing Webmin..." -fi - -# Install packages for Webmin -install_if_not apt-transport-https -install_if_not perl -install_if_not libnet-ssleay-perl -install_if_not openssl -install_if_not libauthen-pam-perl -install_if_not libpam-runtime -install_if_not libio-pty-perl -install_if_not apt-show-versions -install_if_not python2 - -# Install Webmin -if curl -fsSL http://www.webmin.com/jcameron-key.asc | sudo apt-key add - -then - echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list - apt update -q4 & spinner_loading - install_if_not webmin -fi - -print_text_in_color "$ICyan" "Configuring Webmin..." -# redirect access on http to https -check_command systemctl stop webmin -# Redirect http to https on the LAN IP -check_command sed -i '/^ssl=.*/a ssl_redirect=1' /etc/webmin/miniserv.conf -check_command sed -i "/^port=.*/a host=$ADDRESS" /etc/webmin/miniserv.conf -check_command systemctl start webmin - -msg_box "Webmin is now installed and can be accessed from this address: - -https://$ADDRESS:10000 - -You can log in with your Ubuntu CLI user: $UNIXUSER." - -exit diff --git a/static/change-to-zfs-mount-generator.sh b/static/change-to-zfs-mount-generator.sh deleted file mode 100644 index f7fe054a47..0000000000 --- a/static/change-to-zfs-mount-generator.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# https://wiki.archlinux.org/index.php/ZFS#Using_zfs-mount-generator -# Tested on Ubuntu 20.04 - -# This script came to life when we were having issues with importing the ZFS pool (ncdata) on Ubuntu 20.04. -# After some forum reading and some digging on Github, this is the result. -# The intention here is to make the import process more robust, and less prune to fail -# Esentially, changing from źfs-mount.service' to 'zfs-mount-generator' which by many has been working better. - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Change to ZFS Mount Generator" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if root -root_check - -# Needs to be Ubuntu 20.04 and Multiverse -check_distro_version -check_multiverse - -# Import if missing and export again to import it with UUID -# https://github.com/nextcloud/vm/blob/master/lib.sh#L1233 -# Set a different name for the pool (if used outside of this repo) -# export POOLNAME=ncdata -zpool_import_if_missing - -# Make sure the correct packages are installed -install_if_not zfs-zed - -# Create the dir for this to work -mkdir -p /etc/zfs/zfs-list.cache - -# Enable ZFS Event Daemon(ZED) aka ZEDLET -if [ -f /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh ] -then - if [ ! -L /etc/zfs/zed.d/history_event-zfs-list-cacher.sh ] - then - check_command ln -s /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d - fi -else - msg_box "/usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh is missing, aborting!" - exit 1 -fi - -# Enable and disable services -# NEEDED: -systemctl enable zfs-import-cache -# DISABLE OLD METHOD -systemctl disable zfs-mount -# FOR ZEDLET -check_command systemctl enable zfs-zed.service -check_command systemctl enable zfs.target -check_command systemctl start zfs-zed.service - -# Activate config -touch /etc/zfs/zfs-list.cache/"$POOLNAME" -zfs set canmount=on "$POOLNAME" -sleep 1 -if [ -s /etc/zfs/zfs-list.cache/"$POOLNAME" ] -then - print_text_in_color "$ICyan" "/etc/zfs/zfs-list.cache/$POOLNAME is emtpy, setting values manually instead." - zfs list -H -o name,mountpoint,canmount,atime,relatime,devices,exec,readonly,setuid,nbmand,encroot,keylocation > /etc/zfs/zfs-list.cache/"$POOLNAME" -fi diff --git a/static/index.php b/static/index.php deleted file mode 100644 index beea8b86f8..0000000000 --- a/static/index.php +++ /dev/null @@ -1,147 +0,0 @@ - - - - Nextcloud VM - - - - -
- -
-

Nextcloud VM - by T&M Hansson IT AB

-
-
-
-

Thank you for downloading the Nextcloud VM, you made a good choice! If you see this page, you have run the first setup, and you are now ready to start using Nextcloud on your new server. Congratulations! :)

-

We have set everything up for you and the only thing you have to do now is to login. You can find login details in the middle of this page.

-

Don't hesitate to ask if you have any questions. You can ask for help in our community support channels, or buy hands on support from T&M Hansson IT AB. You can also check the documentation.

-
- -

Access Nextcloud

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you have a self-signed certificate.
- -

It's recomended to get your own certificate and replace the self-signed certificate to your own. - The easiest way to get a real TLS certificate is to run the Lets' Encrypt script included on this server.
- Just run 'sudo bash /var/scripts/menu.sh' from your CLI and choose Server Configuration --> Activate TLS. -

- Login details -

-
- -

Access Webmin

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you have a self-signed certificate.
-

- Login details -

-

Note: To access Webmin externally you have to open port 10000 in your router, it's not recomended though due to security concerns.

-
- -

Access Adminer

- -
-

Use the following address: -

- -

-

Note: Please accept the warning in the browser if you connect via HTTPS.

-

- Login details -

-

Note: Your LAN IP is set as approved in /etc/apache2/sites-available/adminer.conf, all other access is forbidden.

-
- -

Follow us on Social Media

- -
-

If you want to get the latest news and updates, please consider following us! We are very active on Twitter, and post some videos from time to time on Youtube. It might be worth checking out. ;)

-
-

- -
- - diff --git a/static/locales.sh b/static/locales.sh deleted file mode 100644 index 143bf8b7ad..0000000000 --- a/static/locales.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Locales" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Must be root -root_check - -# Set locales -print_text_in_color "$ICyan" "Setting locales..." -if [ "$KEYBOARD_LAYOUT" = "us" ] -then - print_text_in_color "$ICyan" "US locales are already set." -elif [ "$KEYBOARD_LAYOUT" = "se" ] -then - sudo locale-gen "sv_SE.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales -elif [ "$KEYBOARD_LAYOUT" = "de" ] -then - sudo locale-gen "de_DE.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales -elif [ "$KEYBOARD_LAYOUT" = "us" ] -then - sudo locale-gen "en_US.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales -elif [ "$KEYBOARD_LAYOUT" = "fr" ] -then - sudo locale-gen "fr_FR.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales -elif [ "$KEYBOARD_LAYOUT" = "ch" ] -then - sudo locale-gen "de_CH.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales -fi - -# TODO: "localectl list-x11-keymap-layouts" and pair with "cat /etc/locale.gen | grep UTF-8" diff --git a/static/locate_mirror.sh b/static/locate_mirror.sh deleted file mode 100644 index 0ff9ae1b9a..0000000000 --- a/static/locate_mirror.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Locate Mirror" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Must be root -root_check - -# Use another method if the new one doesn't work -if [ -z "$REPO" ] -then - REPO=$(apt update -q4 && apt-cache policy | grep http | tail -1 | awk '{print $2}') -fi - -# Check where the best mirrors are and update -msg_box "To make downloads as fast as possible when updating Ubuntu you should have download mirrors that are as close to you as possible. - -Please note that there are no gurantees that the download mirrors this script will find are staying up for the lifetime of this server. - -This is the method used: https://github.com/jblakeman/apt-select" -msg_box "Your current server repository is: $REPO" - -if ! yesno_box_no "Do you want to try to find a better mirror?" -then - print_text_in_color "$ICyan" "Keeping $REPO as mirror..." - sleep 1 -else - if [[ "$KEYBOARD_LAYOUT" =~ ,|/|_ ]] - then - msg_box "Your keymap contains more than one language, or a special character. ($KEYBOARD_LAYOUT)\nThis script can only handle one keymap at the time.\nThe default mirror ($REPO) will be kept." - exit 1 - fi - print_text_in_color "$ICyan" "Locating the best mirrors..." - curl_to_dir https://bootstrap.pypa.io get-pip.py /tmp - install_if_not python3 - install_if_not python3-testresources - install_if_not python3-distutils - cd /tmp && python3 get-pip.py - pip install \ - --upgrade pip \ - apt-select - check_command apt-select -m up-to-date -t 4 -c -C "$KEYBOARD_LAYOUT" - sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup && \ - if [ -f sources.list ] - then - sudo mv sources.list /etc/apt/ - fi -fi -clear diff --git a/static/nextcloud.sh b/static/nextcloud.sh deleted file mode 100644 index 26f4c09e44..0000000000 --- a/static/nextcloud.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -WANIP6=$(curl -s -k -m 5 https://ipv6bot.whatismyipaddress.com) -WANIP4=$(curl -s -k -m 5 https://ipv4bot.whatismyipaddress.com) -ADDRESS=$(hostname -I | cut -d ' ' -f 1) - -clear -figlet -f small Nextcloud -echo "https://www.hanssonit.se/nextcloud-vm" -echo -echo -echo "Hostname: $(hostname -s)" -echo "WAN IPv4: $WANIP4" -echo "WAN IPv6: $WANIP6" -echo "LAN IPv4: $ADDRESS" -echo -exit 0 diff --git a/static/static_ip.sh b/static/static_ip.sh deleted file mode 100644 index 4150ec02ee..0000000000 --- a/static/static_ip.sh +++ /dev/null @@ -1,242 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -IRed='\e[0;91m' # Red -ICyan='\e[0;96m' # Cyan -Color_Off='\e[0m' # Text Reset -print_text_in_color() { - printf "%b%s%b\n" "$1" "$2" "$Color_Off" -} - -# Use local lib file in case there is no internet connection -if [ -f /var/scripts/lib.sh ] -then -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Static IP" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - # If we have internet, then use the latest variables from the lib remote file -elif printf "Testing internet connection..." && ping github.com -c 2 -then -# shellcheck disable=2034,2059 -true -# shellcheck source=lib.sh -source /var/scripts/lib.sh -else - printf "You don't seem to have a working internet connection, and /var/scripts/lib.sh is missing so you can't run this script." - printf "Please report this to https://github.com/nextcloud/vm/issues/" - exit 1 -fi - -# Get all needed variables from the library -first_iface - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -# Check Ubuntu version -check_distro_version - -# Copy old interfaces files -msg_box "Copying old netplan.io config files file to: - -/tmp/netplan_io_backup/" -if [ -d /etc/netplan/ ] -then - mkdir -p /tmp/netplan_io_backup - check_command cp -vR /etc/netplan/* /tmp/netplan_io_backup/ -fi - -msg_box "Please note that if the IP address changes during an (remote) SSH connection (via Putty, or terminal for example), the connection will break and the IP will reset to DHCP or the IP you had before you started this script. - -To avoid issues with lost connectivity, please use the VM Console directly, and not SSH." -if yesno_box_yes "Are you connected via SSH?" -then - print_text_in_color "$IRed" "Please use the VM Console instead." - sleep 1 - exit -fi - -# Loop until working network settings are validated or the user asks to quit -echo -while : -do - # Loop until user is happy with the IP address and subnet - echo - while : - do - # Ask for IP address - LANIP=$(input_box "Please enter the static IP address you want to set, including the subnet.\nExample: 192.168.1.100/24") - if [[ $LANIP == *"/"* ]] - then - if yesno_box_yes "Is this correct? $LANIP" - then - break - fi - else - print_text_in_color "$IRed" "Did you forget the /subnet?" - fi - done - - # Loop until user is happy with the default gateway - echo - while : - do - # Ask for domain name - GATEWAYIP=$(input_box "Please enter the gateway address you want to set.\nJust hit enter to choose the current gateway.\nYour current gateway is: $GATEWAY") - if [ -z "$GATEWAYIP" ] - then - GATEWAYIP="$GATEWAY" - fi - if yesno_box_yes "Is this correct? $GATEWAYIP" - then - break - fi - done - - # DNS - msg_box "You will now be provided with the option to set your own local DNS. - -If you're not sure what DNS is, or if you don't have a local DNS server, -please don't touch this setting. - -If something goes wrong here, you will not be -able to get any deb packages, download files, or reach the internet. - -The current nameservers are: -$DNS1 -$DNS2 -" - - # Set the variable used to fill in the Netplan nameservers. The existing - # values are used if the user does not decides not to update the nameservers. - DNSs="$DNS1" - # Only add a second nameserver to the list if it is defined. - if [ -n "$DNS2" ] - then - DNSs="$DNS1,$DNS2" - fi - - if yesno_box_yes "Do you want to set your own nameservers?" - then - # Loop until user is happy with the nameserver 1 - echo - while : - do - # Ask for nameserver - NSIP1=$(input_box "Please enter the local nameserver address you want to set.\nJust hit enter to choose the current NS1.\nYour current NS1 is: $DNS1") - if [ -z "$NSIP1" ] - then - NSIP1="$DNS1" - fi - if yesno_box_yes "Is this correct? $NSIP1" - then - break - fi - done - - # Nameserver 2 might be empty. As this will not be clear - # in prompts, 'none' is used in this case. - DISPLAY_DNS2="$DNS2" - if [ -z "$DISPLAY_DNS2" ] - then - DISPLAY_DNS2="'none'" - fi - - # Loop until user is happy with the nameserver 2 - echo - while : - do - # Ask for nameserver - NSIP2=$(input_box "Please enter the local nameserver address you want to set. The 3 options are:\n- Hit enter to choose the current NS2.\n- Enter a new IP address for NS2.\n- Enter the text 'none' if you only have one NS.\nYour current NS2 is: $DISPLAY_DNS2") - if [ -z "$NSIP2" ] - then - NSIP2="$DISPLAY_DNS2" - fi - if yesno_box_yes "Is this correct? $NSIP2" - then - break - fi - done - fi - - # Check if DNS is set manaully and set variables accordingly - if [ -n "$NSIP1" ] - then - DNSs="$NSIP1" - # Only add a second nameserver to the list if it is defined and not 'none'. - if [[ -n "$NSIP2" && ! ( "none" == "$NSIP2" || "'none'" == "$NSIP2" ) ]] - then - DNSs="$NSIP1,$NSIP2" - fi - fi - - # Check if IFACE is empty, if yes, try another method: - if [ -n "$IFACE" ] - then - cat <<-IPCONFIG > "$INTERFACES" -network: - version: 2 - ethernets: - $IFACE: #object name - dhcp4: false # dhcp v4 disable - dhcp6: false # dhcp v6 disable - addresses: [$LANIP] # client IP address - gateway4: $GATEWAYIP # gateway address - nameservers: - addresses: [$DNSs] #name servers -IPCONFIG - - msg_box "These are your settings, please make sure they are correct: - -$(cat /etc/netplan/01-netcfg.yaml)" - netplan try - set_systemd_resolved_dns "$IFACE" - else - cat <<-IPCONFIGnonvmware > "$INTERFACES" -network: - version: 2 - ethernets: - $IFACE2: #object name - dhcp4: false # dhcp v4 disable - dhcp6: false # dhcp v6 disable - addresses: [$ADDRESS/24] # client IP address - gateway4: $GATEWAY # gateway address - nameservers: - addresses: [$DNSs] #name servers -IPCONFIGnonvmware - - msg_box "These are your settings, please make sure they are correct: - -$(cat /etc/netplan/01-netcfg.yaml)" - netplan try - set_systemd_resolved_dns "$IFACE2" - fi - - if test_connection - then - sleep 1 - msg_box "Static IP sucessfully set!" - break - fi - - cat << BADNETWORKTEXT - -The network settings do not provide access to the Internet and/or the DNS -servers are not reachable. Unless Wi-Fi is required and still to be configured -proceeding will not succeed. - -BADNETWORKTEXT - if ! yesno_box_yes "Try new network settings?" - then - break - fi -done From 5e9eaf308ab0a0b51ce01fe155c318a9876b6622 Mon Sep 17 00:00:00 2001 From: enoch85 Date: Wed, 16 Sep 2020 15:43:47 +0200 Subject: [PATCH 27/51] remove leftovers2 Signed-off-by: enoch85 --- disk/change-to-zfs-mount-generator.sh | 68 --- disk/format-chosen.sh | 234 --------- disk/format-sdb.sh | 213 -------- disk/prune_zfs_snaphots.sh | 59 --- disk/smartctl.sh | 49 -- disk/zfs-prune-snapshots.sh | 191 -------- lets-encrypt/activate-ssl.sh | 15 - lets-encrypt/activate-tls.sh | 211 -------- lets-encrypt/test-new-config.sh | 89 ---- network/ddclient-configuration.sh | 133 ----- network/static_ip.sh | 236 --------- nextcloud_update.sh | 672 -------------------------- old/format-sda-nuc-server.sh | 163 ------- old/modsecurity.sh | 99 ---- old/ntpdate.sh | 24 - old/spreedme.sh | 131 ----- old/test_connection.sh | 36 -- vagrant/README.md | 21 - vagrant/Vagrantfile | 11 - vagrant/install.sh | 14 - 20 files changed, 2669 deletions(-) delete mode 100644 disk/change-to-zfs-mount-generator.sh delete mode 100644 disk/format-chosen.sh delete mode 100644 disk/format-sdb.sh delete mode 100644 disk/prune_zfs_snaphots.sh delete mode 100644 disk/smartctl.sh delete mode 100644 disk/zfs-prune-snapshots.sh delete mode 100644 lets-encrypt/activate-ssl.sh delete mode 100644 lets-encrypt/activate-tls.sh delete mode 100644 lets-encrypt/test-new-config.sh delete mode 100644 network/ddclient-configuration.sh delete mode 100644 network/static_ip.sh delete mode 100644 nextcloud_update.sh delete mode 100644 old/format-sda-nuc-server.sh delete mode 100644 old/modsecurity.sh delete mode 100644 old/ntpdate.sh delete mode 100644 old/spreedme.sh delete mode 100644 old/test_connection.sh delete mode 100644 vagrant/README.md delete mode 100644 vagrant/Vagrantfile delete mode 100644 vagrant/install.sh diff --git a/disk/change-to-zfs-mount-generator.sh b/disk/change-to-zfs-mount-generator.sh deleted file mode 100644 index f7fe054a47..0000000000 --- a/disk/change-to-zfs-mount-generator.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# https://wiki.archlinux.org/index.php/ZFS#Using_zfs-mount-generator -# Tested on Ubuntu 20.04 - -# This script came to life when we were having issues with importing the ZFS pool (ncdata) on Ubuntu 20.04. -# After some forum reading and some digging on Github, this is the result. -# The intention here is to make the import process more robust, and less prune to fail -# Esentially, changing from źfs-mount.service' to 'zfs-mount-generator' which by many has been working better. - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Change to ZFS Mount Generator" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if root -root_check - -# Needs to be Ubuntu 20.04 and Multiverse -check_distro_version -check_multiverse - -# Import if missing and export again to import it with UUID -# https://github.com/nextcloud/vm/blob/master/lib.sh#L1233 -# Set a different name for the pool (if used outside of this repo) -# export POOLNAME=ncdata -zpool_import_if_missing - -# Make sure the correct packages are installed -install_if_not zfs-zed - -# Create the dir for this to work -mkdir -p /etc/zfs/zfs-list.cache - -# Enable ZFS Event Daemon(ZED) aka ZEDLET -if [ -f /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh ] -then - if [ ! -L /etc/zfs/zed.d/history_event-zfs-list-cacher.sh ] - then - check_command ln -s /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d - fi -else - msg_box "/usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh is missing, aborting!" - exit 1 -fi - -# Enable and disable services -# NEEDED: -systemctl enable zfs-import-cache -# DISABLE OLD METHOD -systemctl disable zfs-mount -# FOR ZEDLET -check_command systemctl enable zfs-zed.service -check_command systemctl enable zfs.target -check_command systemctl start zfs-zed.service - -# Activate config -touch /etc/zfs/zfs-list.cache/"$POOLNAME" -zfs set canmount=on "$POOLNAME" -sleep 1 -if [ -s /etc/zfs/zfs-list.cache/"$POOLNAME" ] -then - print_text_in_color "$ICyan" "/etc/zfs/zfs-list.cache/$POOLNAME is emtpy, setting values manually instead." - zfs list -H -o name,mountpoint,canmount,atime,relatime,devices,exec,readonly,setuid,nbmand,encroot,keylocation > /etc/zfs/zfs-list.cache/"$POOLNAME" -fi diff --git a/disk/format-chosen.sh b/disk/format-chosen.sh deleted file mode 100644 index d15b0191dc..0000000000 --- a/disk/format-chosen.sh +++ /dev/null @@ -1,234 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Format Chosen Disk" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if root -root_check - -# Needs to be Ubuntu 18.04 and Multiverse -check_distro_version -check_multiverse - -MOUNT_=/mnt/$POOLNAME - -# Needed for partprobe -install_if_not parted - -format() { -# umount if mounted -umount /mnt/* &> /dev/null - -# mkdir if not existing -mkdir -p "$MOUNT_" - -# Check what Hypervisor disks are available -if [ "$SYSVENDOR" == "VMware, Inc." ]; -then - SYSNAME="VMware" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "Microsoft Corporation" ]; -then - SYSNAME="Hyper-V" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "innotek GmbH" ]; -then - SYSNAME="VirtualBox" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "Xen" ]; -then - SYSNAME="Xen/XCP-NG" - DEVTYPE=xvdb -elif [[ "$SYSVENDOR" == "QEMU" || "$SYSVENDOR" == "Red Hat" ]]; -then - SYSNAME="KVM/QEMU" - DEVTYPE=vdb -elif [ "$SYSVENDOR" == "DigitalOcean" ]; -then - SYSNAME="DigitalOcean" - DEVTYPE=sda -elif [ "$SYSVENDOR" == "Intel(R) Client Systems" ]; -then - SYSNAME="Intel-NUC" - DEVTYPE=sda -elif [ "$SYSVENDOR" == "UpCloud" ]; -then - if lsblk -e7 -e11 | grep -q sd - then - SYSNAME="UpCloud ISCSI/IDE" - DEVTYPE=sdb - elif lsblk -e7 -e11 | grep -q vd - then - SYSNAME="UpCloud VirtiO" - DEVTYPE=vdb - fi -elif partprobe /dev/sdb &>/dev/null; -then - SYSNAME="machines" - DEVTYPE=sdb -else -msg_box "It seems like you didn't add a second disk. -To be able to put the DATA on a second drive formatted as ZFS you need to add a second disk to this server. - -This script will now exit. Please add a second disk and start over." -exit 1 -fi - -msg_box "You will now see a list with available devices. Choose the device where you want to put your nextcloud data. -Attention, the selected device will be formatted!" -AVAILABLEDEVICES="$(lsblk | grep 'disk' | awk '{print $1}')" -# https://github.com/koalaman/shellcheck/wiki/SC2206 -mapfile -t AVAILABLEDEVICES <<< "$AVAILABLEDEVICES" - -# Ask for user input -while - lsblk - read -r -e -p "Enter the drive for the nextcloud data:" -i "$DEVTYPE" userinput - userinput=$(echo "$userinput" | awk '{print $1}') - for disk in "${AVAILABLEDEVICES[@]}"; - do - [[ "$userinput" == "$disk" ]] && devtype_present=1 && DEVTYPE="$userinput" - done - [[ -z "${devtype_present+x}" ]] -do - printf "${BRed}$DEVTYPE is not a valid disk. Please try again.${Color_Off}\n" - : -done - -# Get the name of the drive -DISKTYPE=$(fdisk -l | grep "$DEVTYPE" | awk '{print $2}' | cut -d ":" -f1 | head -1) -if [ "$DISKTYPE" != "/dev/$DEVTYPE" ] -then -msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" -exit 1 -fi - -# Check if ZFS utils are installed -install_if_not zfsutils-linux - -# Check still not mounted -#These functions return exit codes: 0 = found, 1 = not found -isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device -isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only -isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only -isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool - -if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok. -then -msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevMounted "/dev/$DEVTYPE"; -then -msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -# Universal: -if isMounted "/mnt/ncdata"; -then -msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isMounted "/dev/${DEVTYPE}1"; -then -msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevPartOfZFS "$DEVTYPE"; -then -msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script." - exit 1 -fi - -if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null -then -msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK. - -*** WARNING: ALL YOUR DATA WILL BE ERASED! ***" - if zpool list | grep "$POOLNAME" > /dev/null - then - check_command zpool destroy "$POOLNAME" - fi - check_command wipefs -a -f "$DISKTYPE" - sleep 0.5 - check_command zpool create -f -o ashift=12 "$POOLNAME" "$DISKTYPE" - check_command zpool set failmode=continue "$POOLNAME" - check_command zfs set mountpoint="$MOUNT_" "$POOLNAME" - check_command zfs set compression=lz4 "$POOLNAME" - check_command zfs set sync=standard "$POOLNAME" - check_command zfs set xattr=sa "$POOLNAME" - check_command zfs set primarycache=all "$POOLNAME" - check_command zfs set atime=off "$POOLNAME" - check_command zfs set recordsize=128k "$POOLNAME" - check_command zfs set logbias=latency "$POOLNAME" - -else -msg_box "It seems like /dev/$DEVTYPE does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" -exit 1 -fi -} -format - -# Do a backup of the ZFS mount -if is_this_installed libzfs2linux -then - if grep -r $POOLNAME /etc/mtab - then - install_if_not zfs-auto-snapshot - sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot - fi -fi - -# Check if UUID is used -if zpool list -v | grep "$DEVTYPE" -then - # Get UUID - check_command partprobe -s - if fdisk -l /dev/"$DEVTYPE"1 >/dev/null 2>&1 - then - UUID_SDB1=$(blkid -o value -s UUID /dev/"DEVTYPE"1) - fi - # Export / import the correct way (based on UUID) - check_command zpool export "$POOLNAME" - check_command zpool import -d /dev/disk/by-uuid/"$UUID_SDB1" "$POOLNAME" -fi - -# Success! -if grep "$POOLNAME" /etc/mtab -then -msg_box "$MOUNT_ mounted successfully as a ZFS volume. - -Automatic scrubbing is done monthly via a cronjob that you can find here: -/etc/cron.d/zfsutils-linux - -Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with: -'sudo zfs list -t snapshot'. -Manpage is here: -http://manpages.ubuntu.com/manpages/focal/man8/zfs-auto-snapshot.8.html - -CURRENT STATUS: -$(zpool status $POOLNAME) - -$(zpool list)" -fi diff --git a/disk/format-sdb.sh b/disk/format-sdb.sh deleted file mode 100644 index cacee626de..0000000000 --- a/disk/format-sdb.sh +++ /dev/null @@ -1,213 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Format sdb" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check if root -root_check - -# Needs to be Ubuntu 18.04 and Multiverse -check_distro_version -check_multiverse - -MOUNT_=/mnt/"$POOLNAME" - -# Needed for partprobe -install_if_not parted - -format() { -# umount if mounted -umount /mnt/* &> /dev/null - -# mkdir if not existing -mkdir -p "$MOUNT_" - -# Check what Hypervisor disks are available -if [ "$SYSVENDOR" == "VMware, Inc." ]; -then - SYSNAME="VMware" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "Microsoft Corporation" ]; -then - SYSNAME="Hyper-V" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "innotek GmbH" ]; -then - SYSNAME="VirtualBox" - DEVTYPE=sdb -elif [ "$SYSVENDOR" == "Xen" ]; -then - SYSNAME="Xen/XCP-NG" - DEVTYPE=xvdb -elif [[ "$SYSVENDOR" == "QEMU" || "$SYSVENDOR" == "Red Hat" ]]; -then - SYSNAME="KVM/QEMU" - DEVTYPE=vdb -elif [ "$SYSVENDOR" == "DigitalOcean" ]; -then - SYSNAME="DigitalOcean" - DEVTYPE=sda -elif [ "$SYSVENDOR" == "Intel(R) Client Systems" ]; -then - SYSNAME="Intel-NUC" - DEVTYPE=sda -elif [ "$SYSVENDOR" == "UpCloud" ]; -then - if lsblk -e7 -e11 | grep -q sd - then - SYSNAME="UpCloud ISCSI/IDE" - DEVTYPE=sdb - elif lsblk -e7 -e11 | grep -q vd - then - SYSNAME="UpCloud VirtiO" - DEVTYPE=vdb - fi -elif partprobe /dev/sdb &>/dev/null; -then - SYSNAME="machines" - DEVTYPE=sdb -else -msg_box "It seems like you didn't add a second disk. -To be able to put the DATA on a second drive formatted as ZFS you need to add a second disk to this server. - -This script will now exit. Please add a second disk and start over." -exit 1 -fi - -# Get the name of the drive -DISKTYPE=$(fdisk -l | grep $DEVTYPE | awk '{print $2}' | cut -d ":" -f1 | head -1) -if [ "$DISKTYPE" != "/dev/$DEVTYPE" ] -then -msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" -exit 1 -fi - -# Check if ZFS utils are installed -install_if_not zfsutils-linux - -# Check still not mounted -#These functions return exit codes: 0 = found, 1 = not found -isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device -isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only -isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only -isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool - -if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok. -then -msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevMounted "/dev/$DEVTYPE"; -then -msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -# Universal: -if isMounted "/mnt/ncdata"; -then -msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isMounted "/dev/${DEVTYPE}1"; -then -msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script." - exit 1 -fi - -if isDevPartOfZFS "$DEVTYPE"; -then -msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script." - exit 1 -fi - -if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null -then -msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK. - -*** WARNING: ALL YOUR DATA WILL BE ERASED! ***" - if zpool list | grep "$POOLNAME" > /dev/null - then - check_command zpool destroy "$POOLNAME" - fi - check_command wipefs -a -f "$DISKTYPE" - sleep 0.5 - check_command zpool create -f -o ashift=12 "$POOLNAME" "$DISKTYPE" - check_command zpool set failmode=continue "$POOLNAME" - check_command zfs set mountpoint="$MOUNT_" "$POOLNAME" - check_command zfs set compression=lz4 "$POOLNAME" - check_command zfs set sync=standard "$POOLNAME" - check_command zfs set xattr=sa "$POOLNAME" - check_command zfs set primarycache=all "$POOLNAME" - check_command zfs set atime=off "$POOLNAME" - check_command zfs set recordsize=128k "$POOLNAME" - check_command zfs set logbias=latency "$POOLNAME" - -else -msg_box "It seems like /dev/$DEVTYPE does not exist. -This script requires that you mount a second drive to hold the data. - -Please shutdown the server and mount a second drive, then start this script again. - -If you want help you can buy support in our shop: -https://shop.hanssonit.se/product/premium-support-per-30-minutes/" -exit 1 -fi -} -format - -# Do a backup of the ZFS mount -if is_this_installed libzfs2linux -then - if grep -r $POOLNAME /etc/mtab - then - install_if_not zfs-auto-snapshot - sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot - fi -fi - -# Check if UUID is used -if zpool list -v | grep "$DEVTYPE" -then - # Get UUID - check_command partprobe -s - if fdisk -l /dev/"$DEVTYPE"1 >/dev/null 2>&1 - then - UUID_SDB1=$(blkid -o value -s UUID /dev/"DEVTYPE"1) - fi - # Export / import the correct way (based on UUID) - check_command zpool export "$POOLNAME" - check_command zpool import -d /dev/disk/by-uuid/"$UUID_SDB1" "$POOLNAME" -fi - -# Success! -if grep "$POOLNAME" /etc/mtab -then -msg_box "$MOUNT_ mounted successfully as a ZFS volume. - -Automatic scrubbing is done monthly via a cronjob that you can find here: -/etc/cron.d/zfsutils-linux - -Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with: -'sudo zfs list -t snapshot'. -Manpage is here: -http://manpages.ubuntu.com/manpages/focal/man8/zfs-auto-snapshot.8.html - -CURRENT STATUS: -$(zpool status $POOLNAME) - -$(zpool list)" -fi diff --git a/disk/prune_zfs_snaphots.sh b/disk/prune_zfs_snaphots.sh deleted file mode 100644 index 32799331f7..0000000000 --- a/disk/prune_zfs_snaphots.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059 -true -SCRIPT_NAME="Prune ZFS Snapshots" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -if [ -d $NCDATA ] -then - if is_this_installed zfs-auto-snapshot - then - if [ "$(df -h $NCDATA | awk '{print $5}' | tail -1 | cut -d "%" -f1)" -gt 70 ] - then - # Notify user - notify_admin_gui \ - "Disk space almost full!" \ - "The disk space for ncdata is almost full. We have automatically deleted ZFS snapshots older than 4 weeks and cleaned up your trashbin to free up some space and avoid a fatal crash. Please check $VMLOGS/zfs_prune.log for the results." - # On screen information -msg_box "Your disk space is almost full (more than 70%). - -To solve that, we will now delete ZFS snapshots older than 4 weeks - -The script will also delete everything in trashbin for all users to free up some space." - countdown "To abort, please press CTRL+C within 10 seconds." 10 - print_text_in_color "$IGreen" "Freeing some space... This might take a while, please don't abort." - # Get the latest prune script - if [ -f $SCRIPTS/zfs-prune-snapshots ] - then - rm -f "$SCRIPTS"/zfs-prune-snapshots - download_script DISK zfs-prune-snapshots - elif [ ! -f $SCRIPTS/zfs-prune-snapshots.sh ] - then - download_script DISK zfs-prune-snapshots - fi - check_command chmod +x "$SCRIPTS"/zfs-prune-snapshots.sh - # Prune! - cd "$SCRIPTS" - if [ ! -d "$VMLOGS" ] - then - mkdir -p "$VMLOGS" - fi - touch $VMLOGS/zfs_prune.log - ./zfs-prune-snapshots.sh 4w ncdata >> $VMLOGS/zfs_prune.log - occ_command trashbin:cleanup --all-users >> $VMLOGS/zfs_prune.log - fi - fi -fi diff --git a/disk/smartctl.sh b/disk/smartctl.sh deleted file mode 100644 index 48ed67f311..0000000000 --- a/disk/smartctl.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -# T&M Hansson IT AB © - 2020, https://www.hanssonit.se/ - -# shellcheck disable=2034,2059,2086 -true -SCRIPT_NAME="Setup smartctl" -# shellcheck source=lib.sh -source /var/scripts/lib.sh - -# Check for errors + debug code and abort if something isn't right -# 1 = ON -# 0 = OFF -DEBUG=0 -debug_mode - -# Must be root -root_check - -print_text_in_color "$ICyan" "Installing and configuring S.M.A.R.T..." - -# Install smartmontools -install_if_not smartmontools - -# Add a crontab to check the disk, and post the output with notify_admin_gui ever week (maybe with updatenotification?) -if home_sme_server -then - notify_admin_gui "S.M.A.R.T results weekly scan (nvme0n1)" "$(smartctl --all /dev/nvme0n1)" - notify_admin_gui "S.M.A.R.T results weekly scan (sda)" "$(smartctl --all /dev/sda)" -else - # get all disks into an array - disks="$(fdisk -l | grep Disk | grep /dev/sd | awk '{print$2}' | cut -d ":" -f1)" - # loop over disks in array - for disk in $(printf "${disks[@]}") - do - if [ -n "$disks" ] - then - notify_admin_gui "S.M.A.R.T results weekly scan ($disk)" "$(smartctl --all $disk)" - fi - done -fi - -# Add crontab “At 06:12 on Monday.” -if ! crontab -u root -l | grep -w 'smartctl.sh' -then - print_text_in_color "$ICyan" "Adding weekly crontab..." - crontab -u root -l | { cat; echo "12 06 * * 1 $SCRIPTS/smartctl.sh"; } | crontab -u root - - msg_box "S.M.A.R.T is now configured scheluded to run every Monday at 06:12.\n\nYou will be notified with the results each time." -fi diff --git a/disk/zfs-prune-snapshots.sh b/disk/zfs-prune-snapshots.sh deleted file mode 100644 index 2e064bda51..0000000000 --- a/disk/zfs-prune-snapshots.sh +++ /dev/null @@ -1,191 +0,0 @@ -#!/usr/bin/env bash -# -# script to prune zfs snapshots over a given age -# -# Author: Dave Eddy -# Date: November 20, 2015 -# License: MIT -# https://raw.githubusercontent.com/bahamas10/zfs-prune-snapshots/master/zfs-prune-snapshots - -VERSION='v1.1.0' - -usage() { - local prog=${0##*/} - cat <<-EOF - usage: $prog [-hnv] [-p ] [-s ]