nc-datadir: support for nc-encrypted folders

Signed-off-by: nachoparker <[email protected]>
nextcloud · Nov 2, 2021 · 19ede8a · 19ede8a
1 parent 99a701b
commit 19ede8a
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 44 deletions.
diff --git a/bin/ncp/CONFIG/nc-datadir.sh b/bin/ncp/CONFIG/nc-datadir.sh
@@ -23,84 +23,95 @@ install()
 configure()
 {
   source /usr/local/etc/library.sh # sets PHPVER
+  set -eu -o pipefail
 
   ## CHECKS
-  local SRCDIR
+  local SRCDIR BASEDIR ENCDIR
   SRCDIR=$( cd /var/www/nextcloud; ncc config:system:get datadirectory ) || {
     echo -e "Error reading data directory. Is NextCloud running and configured?";
     return 1;
   }
   [ -d "$SRCDIR" ] || { echo -e "data directory $SRCDIR not found"; return 1; }
 
-  [[ "$SRCDIR" == "$DATADIR" ]] && { echo -e "INFO: data already there"; return 0; }
-
-  # checks
-  local BASEDIR=$( dirname "$DATADIR" )
-
-  [ -d "$BASEDIR" ] || { echo "$BASEDIR does not exist"; return 1; }
+  [[ "$SRCDIR" == "${DATADIR}"      ]] && { echo -e "INFO: data already there"; return 0; }
+  [[ "$SRCDIR" == "${DATADIR}"/data ]] && { echo -e "INFO: data already there"; return 0; }
 
+  BASEDIR="${DATADIR}"
   # If the user chooses the root of the mountpoint, force a folder
-  mountpoint -q "$DATADIR" && {
-    BASEDIR="$DATADIR"
+  mountpoint -q "${BASEDIR}" && {
+    BASEDIR="${BASEDIR}"/ncdata
   }
 
-  grep -q -e ext -e btrfs <( stat -fc%T "$BASEDIR" ) || {
+  mkdir -p "${BASEDIR}"
+  BASEDIR="$(cd "${BASEDIR}" && pwd -P)" # resolve symlinks and use the real path
+  DATADIR="${BASEDIR}"/data
+  ENCDIR="${BASEDIR}"/ncdata_enc
+
+  # checks
+  grep -q -e ext -e btrfs <( stat -fc%T "${BASEDIR}" ) || {
     echo -e "Only ext/btrfs filesystems can hold the data directory"
     return 1
   }
 
-  sudo -u www-data test -x "$BASEDIR" || {
-    echo -e "ERROR: the user www-data does not have access permissions over $BASEDIR"
+  sudo -u www-data test -x "${BASEDIR}" || {
+    echo -e "ERROR: the user www-data does not have access permissions over ${BASEDIR}"
     return 1
   }
 
   # backup possibly existing datadir
-  [ -d $DATADIR ] && {
-    local BKP="${DATADIR}-$( date "+%m-%d-%y" )"
-    echo "INFO: $DATADIR is not empty. Creating backup $BKP"
-    mv "$DATADIR" "$BKP"
+  [ -d "${BASEDIR}" ] && {
+    rmdir "${BASEDIR}" &>/dev/null || {
+      local BKP="${BASEDIR}-$(date "+%m-%d-%y.%s")"
+      echo "INFO: ${BASEDIR} is not empty. Creating backup ${BKP}"
+      mv "${BASEDIR}" "${BKP}"
+    }
+    mkdir -p "${BASEDIR}"
   }
 
-
   ## COPY
   cd /var/www/nextcloud
   save_maintenance_mode
 
-  echo "moving data directory from $SRCDIR to $DATADIR..."
-
-  # resolve symlinks and use the real path
-  mkdir "$DATADIR"
-  DATADIR=$(cd "$DATADIR" && pwd -P)
-  rmdir "$DATADIR"
+  echo "moving data directory from ${SRCDIR} to ${BASEDIR}..."
 
   # use subvolumes, if BTRFS
-  [[ "$( stat -fc%T "$BASEDIR" )" == "btrfs" ]] && {
+  [[ "$(stat -fc%T "${BASEDIR}")" == "btrfs" ]] && {
     echo "BTRFS filesystem detected"
-    btrfs subvolume create "$DATADIR" || return  1
+    rmdir "${BASEDIR}"
+    btrfs subvolume create "${BASEDIR}"
   }
 
-  cp --reflink=auto -raT "$SRCDIR" "$DATADIR" || return 1
-  chown www-data:www-data "$DATADIR"
+  # use encryption, if selected
+  if is_active_app nc-encrypt; then
+    # if we have encryption AND BTRFS, then store ncdata_enc in the subvolume
+    mv "$(dirname "${SRCDIR}")"/ncdata_enc "${ENCDIR}"
+    mkdir "${DATADIR}"                        && mount --bind "${SRCDIR}" "${DATADIR}"
+    mkdir "$(dirname "${SRCDIR}")"/ncdata_enc && mount --bind "${ENCDIR}" "$(dirname "${SRCDIR}")"/ncdata_enc
+  else
+    mv "${SRCDIR}" "${DATADIR}"
+  fi
+  chown www-data: "${DATADIR}"
+
+  # datadir
+  sed -i "s|'datadirectory' =>.*|'datadirectory' => '${DATADIR}',|" "$NCDIR"/config/config.php
+  ncc config:system:set logfile --value="${DATADIR}/nextcloud.log"
+  set_ncpcfg datadir "${DATADIR}"
 
   # tmp upload dir
-  mkdir -p "$DATADIR/tmp"
-  chown www-data:www-data "$DATADIR/tmp"
+  mkdir -p "${DATADIR}/tmp"
+  chown www-data:www-data "${DATADIR}/tmp"
   ncc config:system:set tempdirectory --value "$DATADIR/tmp"
-  sed -i "s|^;\?upload_tmp_dir =.*$|uploadtmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/cli/php.ini
-  sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = $DATADIR/tmp|" /etc/php/${PHPVER}/fpm/php.ini
-  sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = $DATADIR/tmp|"     /etc/php/${PHPVER}/fpm/php.ini
+  sed -i "s|^;\?upload_tmp_dir =.*$|uploadtmp_dir = ${DATADIR}/tmp|"  /etc/php/"${PHPVER}"/cli/php.ini
+  sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = ${DATADIR}/tmp|" /etc/php/"${PHPVER}"/fpm/php.ini
+  sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = ${DATADIR}/tmp|"     /etc/php/"${PHPVER}"/fpm/php.ini
 
   # opcache dir
-  sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$DATADIR/.opcache|" /etc/php/${PHPVER}/mods-available/opcache.ini
+  sed -i "s|^opcache.file_cache=.*|opcache.file_cache=${DATADIR}/.opcache|" /etc/php/"${PHPVER}"/mods-available/opcache.ini
 
   # update fail2ban logpath
   [[ -f /etc/fail2ban/jail.local ]] && \
-  sed -i "s|logpath  =.*nextcloud.log|logpath  = $DATADIR/nextcloud.log|" /etc/fail2ban/jail.local
+  sed -i "s|logpath  =.*nextcloud.log|logpath  = ${DATADIR}/nextcloud.log|" /etc/fail2ban/jail.local
 
-  # datadir
-  ncc config:system:set datadirectory --value="$DATADIR"
-  ncc config:system:set logfile --value="$DATADIR/nextcloud.log"
-  set_ncpcfg datadir "${datadir}"
   restore_maintenance_mode
 }
 

diff --git a/changelog.md b/changelog.md
@@ -1,9 +1,13 @@
 
-[v1.43.0](https://github.com/nextcloud/nextcloudpi/commit/9bad41c) (2021-10-22) add nc-encrypt
+[v1.43.2](https://github.com/nextcloud/nextcloudpi/commit/b555146) (2021-11-02) nc-datadir: support for nc-encrypted folders
 
-[v1.42.5](https://github.com/nextcloud/nextcloudpi/commit/f0abbbc) (2021-10-27) letsencrypt: sync ncp and nc cert paths
+[v1.43.1 ](https://github.com/nextcloud/nextcloudpi/commit/50a003a) (2021-10-27) ncp-web: tweak password suggestions
 
-[v1.42.4 ](https://github.com/nextcloud/nextcloudpi/commit/f7e28c2) (2021-10-27) small trusted domains refactor
+[v1.43.0](https://github.com/nextcloud/nextcloudpi/commit/7b73d1d) (2021-10-22) add nc-encrypt
+
+[v1.42.5](https://github.com/nextcloud/nextcloudpi/commit/532a6a8) (2021-10-27) letsencrypt: sync ncp and nc cert paths
+
+[v1.42.4 ](https://github.com/nextcloud/nextcloudpi/commit/41368fe) (2021-10-27) ncp-vm: add automatic testing and change default root password
 
 [v1.42.3 ](https://github.com/nextcloud/nextcloudpi/commit/b1e7323) (2021-10-25) nextcloud-domain: fix variable collision
 

diff --git a/etc/library.sh b/etc/library.sh
@@ -474,7 +474,7 @@ function save_maintenance_mode()
 
 function restore_maintenance_mode()
 {
-  if [[ "${NCP_MAINTENANCE_MODE}" != "" ]]; then
+  if [[ "${NCP_MAINTENANCE_MODE:-}" != "" ]]; then
     "${ncc}" maintenance:mode --on
   else
     "${ncc}" maintenance:mode --off

diff --git a/ncp-web/index.php b/ncp-web/index.php
@@ -13,14 +13,14 @@
 // check for encrypted data to present unlock dialog
 exec("bash -c 'source /usr/local/etc/library.sh; needs_decrypt'", $output, $ret);
 if ($ret == 0) {
-  header("Location: decrypt");
+  header("Location: /decrypt");
   exit();
 }
 
 // redirect to activation first time
 exec("a2query -s ncp-activation", $output, $ret);
 if ($ret == 0) {
-  header("Location: activate");
+  header("Location: /activate");
   exit();
 }