gstone/nextcloud-selfhosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix critical issues

Browse Source
This commit is contained in:
Thomas Gräfenstein
2026-03-22 12:12:21 +01:00
parent a66b9cea5f
commit 0b334a5daf
4 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
review.md
View File

@@ -2,9 +2,9 @@
| # | Severity | File | Issue | Status | | # | Severity | File | Issue | Status |
|----|----------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------| |----|----------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|
| 1 | Critical | `scripts/deploy.sh` | `SCRIPT_DIR` resolves to `scripts/` but paths assume repo root (e.g. `$SCRIPT_DIR/caddy/docker-compose.yml`). All scripts broken after move to `scripts/`. Fix: use `REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"` | TODO | | 1 | Critical | `scripts/deploy.sh` | `SCRIPT_DIR` resolves to `scripts/` but paths assume repo root (e.g. `$SCRIPT_DIR/caddy/docker-compose.yml`). All scripts broken after move to `scripts/`. Fix: use `REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"` | DONE |
| 2 | Critical | `scripts/backup.sh` | Same broken `SCRIPT_DIR` path issue | TODO | | 2 | Critical | `scripts/backup.sh` | Same broken `SCRIPT_DIR` path issue | DONE |
| 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | TODO | | 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | DONE |
| 4 | High | `scripts/backup.sh:20` | `pg_dumpall -U nextcloud` hardcodes DB username instead of reading from env | TODO | | 4 | High | `scripts/backup.sh:20` | `pg_dumpall -U nextcloud` hardcodes DB username instead of reading from env | TODO |
| 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | TODO | | 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | TODO |
| 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | TODO | | 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | TODO |

6
scripts/backup.sh
View File

@@ -1,8 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/.env" source "$REPO_ROOT/.env"
DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}"
BACKUP_DIR="/opt/backups" BACKUP_DIR="/opt/backups"
@@ -45,4 +45,4 @@ ls -lh "$BACKUP_DIR"/*"$DATE"* 2>/dev/null || echo " (no files found)"
echo "" echo ""
echo "To schedule daily backups, add to crontab (crontab -e):" echo "To schedule daily backups, add to crontab (crontab -e):"
echo " 0 3 * * * $SCRIPT_DIR/backup.sh >> /var/log/backup.log 2>&1" echo " 0 3 * * * $REPO_ROOT/backup.sh >> /var/log/backup.log 2>&1"

18
scripts/deploy.sh
View File

@@ -1,16 +1,16 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# Load config # Load config
# ------------------------------------------------------------------ # ------------------------------------------------------------------
if [ ! -f "$SCRIPT_DIR/.env" ]; then if [ ! -f "$REPO_ROOT/.env" ]; then
echo "ERROR: $SCRIPT_DIR/.env not found. Copy .env.example and fill in values." echo "ERROR: $REPO_ROOT/.env not found. Copy .env.example and fill in values."
exit 1 exit 1
fi fi
source "$SCRIPT_DIR/.env" source "$REPO_ROOT/.env"
DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}"
echo "==> VPS info:" echo "==> VPS info:"
@@ -58,7 +58,7 @@ mkdir -p /opt/backups
# Check .env files exist for each service # Check .env files exist for each service
# ------------------------------------------------------------------ # ------------------------------------------------------------------
for svc in nextcloud gitea monitoring; do for svc in nextcloud gitea monitoring; do
if [ ! -f "$SCRIPT_DIR/$svc/.env" ]; then if [ ! -f "$REPO_ROOT/$svc/.env" ]; then
echo "WARNING: $svc/.env not found. Copy $svc/.env.example and fill in values." echo "WARNING: $svc/.env not found. Copy $svc/.env.example and fill in values."
fi fi
done done
@@ -67,16 +67,16 @@ done
# Start stacks in order # Start stacks in order
# ------------------------------------------------------------------ # ------------------------------------------------------------------
echo "==> Starting Caddy..." echo "==> Starting Caddy..."
docker compose -f "$SCRIPT_DIR/caddy/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/caddy/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
echo "==> Starting Nextcloud..." echo "==> Starting Nextcloud..."
docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
echo "==> Starting Gitea..." echo "==> Starting Gitea..."
docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
echo "==> Starting Monitoring..." echo "==> Starting Monitoring..."
docker compose -f "$SCRIPT_DIR/monitoring/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/monitoring/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
echo "" echo ""
echo "==> All services started. Verify with: docker ps" echo "==> All services started. Verify with: docker ps"

14
scripts/restore.sh
View File

@@ -1,8 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/.env" source "$REPO_ROOT/.env"
DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" DATA_ROOT="${DATA_ROOT:-/opt/docker-data}"
BACKUP_DIR="/opt/backups" BACKUP_DIR="/opt/backups"
@@ -41,8 +41,8 @@ sleep 5
# Stop services # Stop services
# ------------------------------------------------------------------ # ------------------------------------------------------------------
echo "==> Stopping services..." echo "==> Stopping services..."
docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" down docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" down
docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" down docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" down
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# Restore Nextcloud data # Restore Nextcloud data
@@ -60,7 +60,7 @@ tar -xzf "$GITEA_ARCHIVE" -C "$DATA_ROOT"
# Start Postgres and restore DB # Start Postgres and restore DB
# ------------------------------------------------------------------ # ------------------------------------------------------------------
echo "==> Starting Postgres for DB restore..." echo "==> Starting Postgres for DB restore..."
docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d postgres docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d postgres
echo " -> Waiting for Postgres to be ready..." echo " -> Waiting for Postgres to be ready..."
sleep 5 sleep 5
@@ -71,7 +71,7 @@ docker exec -i nextcloud-postgres psql -U nextcloud < "$DB_DUMP"
# Start all services # Start all services
# ------------------------------------------------------------------ # ------------------------------------------------------------------
echo "==> Starting all services..." echo "==> Starting all services..."
docker compose -f "$SCRIPT_DIR/nextcloud/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/nextcloud/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
docker compose -f "$SCRIPT_DIR/gitea/docker-compose.yml" --env-file "$SCRIPT_DIR/.env" up -d docker compose -f "$REPO_ROOT/gitea/docker-compose.yml" --env-file "$REPO_ROOT/.env" up -d
echo "==> Restore complete." echo "==> Restore complete."