From 0b334a5dafd0157974f261fb2d285a16074d8ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Gra=CC=88fenstein?= Date: Sun, 22 Mar 2026 12:12:21 +0100 Subject: [PATCH] fix critical issues --- review.md | 6 +++--- scripts/backup.sh | 6 +++--- scripts/deploy.sh | 18 +++++++++--------- scripts/restore.sh | 14 +++++++------- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/review.md b/review.md index 29353f6..f07101a 100644 --- a/review.md +++ b/review.md @@ -2,9 +2,9 @@ | # | Severity | File | Issue | Status | |----|----------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------| -| 1 | Critical | `scripts/deploy.sh` | `SCRIPT_DIR` resolves to `scripts/` but paths assume repo root (e.g. `$SCRIPT_DIR/caddy/docker-compose.yml`). All scripts broken after move to `scripts/`. Fix: use `REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"` | TODO | -| 2 | Critical | `scripts/backup.sh` | Same broken `SCRIPT_DIR` path issue | TODO | -| 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | TODO | +| 1 | Critical | `scripts/deploy.sh` | `SCRIPT_DIR` resolves to `scripts/` but paths assume repo root (e.g. `$SCRIPT_DIR/caddy/docker-compose.yml`). All scripts broken after move to `scripts/`. Fix: use `REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"` | DONE | +| 2 | Critical | `scripts/backup.sh` | Same broken `SCRIPT_DIR` path issue | DONE | +| 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | DONE | | 4 | High | `scripts/backup.sh:20` | `pg_dumpall -U nextcloud` hardcodes DB username instead of reading from env | TODO | | 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | TODO | | 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | TODO | diff --git a/scripts/backup.sh b/scripts/backup.sh index 473c8ca..4f9d706 100755 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source "$SCRIPT_DIR/.env" +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +source "$REPO_ROOT/.env" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" BACKUP_DIR="/opt/backups" @@ -45,4 +45,4 @@ ls -lh "$BACKUP_DIR"/*"$DATE"* 2>/dev/null || echo " (no files found)" echo "" echo "To schedule daily backups, add to crontab (crontab -e):" -echo " 0 3 * * * $SCRIPT_DIR/backup.sh >> /var/log/backup.log 2>&1" +echo " 0 3 * * * $REPO_ROOT/backup.sh >> /var/log/backup.log 2>&1" diff --git a/scripts/deploy.sh b/scripts/deploy.sh index b6950d0..10b5797 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -1,16 +1,16 @@ #!/usr/bin/env bash set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" # ------------------------------------------------------------------ # Load config # ------------------------------------------------------------------ -if [ ! -f "$SCRIPT_DIR/.env" ]; then - echo "ERROR: $SCRIPT_DIR/.env not found. Copy .env.example and fill in values." +if [ ! -f "$REPO_ROOT/.env" ]; then + echo "ERROR: $REPO_ROOT/.env not found. Copy .env.example and fill in values." exit 1 fi -source "$SCRIPT_DIR/.env" +source "$REPO_ROOT/.env" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" echo "==> VPS info:" @@ -58,7 +58,7 @@ mkdir -p /opt/backups # Check .env files exist for each service # ------------------------------------------------------------------ for svc in nextcloud gitea monitoring; do - if [ ! -f "$SCRIPT_DIR/$svc/.env" ]; then + if [ ! -f "$REPO_ROOT/$svc/.env" ]; then echo "WARNING: $svc/.env not found. Copy $svc/.env.example and fill in values." fi done @@ -67,16 +67,16 @@ done # Start stacks in order # ------------------------------------------------------------------ echo "==> Starting Caddy..." -docker compose -f "$SCRIPT_DIR/caddy/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d +docker compose -f "$REPO_ROOT/caddy/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d echo "==> Starting Nextcloud..." -docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d +docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d echo "==> Starting Gitea..." -docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d +docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d echo "==> Starting Monitoring..." -docker compose -f "$SCRIPT_DIR/monitoring/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d +docker compose -f "$REPO_ROOT/monitoring/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d echo "" echo "==> All services started. Verify with: docker ps" diff --git a/scripts/restore.sh b/scripts/restore.sh index fbae3ec..28311b7 100755 --- a/scripts/restore.sh +++ b/scripts/restore.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source "$SCRIPT_DIR/.env" +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +source "$REPO_ROOT/.env" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" BACKUP_DIR="/opt/backups" @@ -41,8 +41,8 @@ sleep 5 # Stop services # ------------------------------------------------------------------ echo "==> Stopping services..." -docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" down -docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" down +docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" down +docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" down # ------------------------------------------------------------------ # Restore Nextcloud data @@ -60,7 +60,7 @@ tar -xzf "$GITEA_ARCHIVE" -C "$DATA_ROOT" # Start Postgres and restore DB # ------------------------------------------------------------------ echo "==> Starting Postgres for DB restore..." -docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d postgres +docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d postgres echo " -> Waiting for Postgres to be ready..." sleep 5 @@ -71,7 +71,7 @@ docker exec -i nextcloud-postgres psql -U nextcloud < "$DB_DUMP" # Start all services # ------------------------------------------------------------------ echo "==> Starting all services..." -docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d -docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d +docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d +docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d echo "==> Restore complete."