gstone/nextcloud-selfhosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix source command

Browse Source
This commit is contained in:
Thomas Gräfenstein
2026-03-22 12:15:11 +01:00
parent cdc2ce5d05
commit 9771fc620e
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
review.md
View File

@@ -7,7 +7,7 @@
| 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | DONE | | 3 | Critical | `scripts/restore.sh` | Same broken `SCRIPT_DIR` path issue | DONE |
| 4 | High | `scripts/backup.sh:20` | `pg_dumpall -U nextcloud` hardcodes DB username instead of reading from env | DONE | | 4 | High | `scripts/backup.sh:20` | `pg_dumpall -U nextcloud` hardcodes DB username instead of reading from env | DONE |
| 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | DONE | | 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | DONE |
| 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | TODO | | 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | DONE |
| 7 | Medium | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access | TODO | | 7 | Medium | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access | TODO |
| 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | TODO | | 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | TODO |
| 9 | Low | `gitea/docker-compose.yml` | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does | TODO | | 9 | Low | `gitea/docker-compose.yml` | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does | TODO |

15
scripts/deploy.sh
View File

@@ -4,14 +4,23 @@ set -euo pipefail
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# Load config # Load config (safe parser — only loads KEY=VALUE lines)
# ------------------------------------------------------------------ # ------------------------------------------------------------------
if [ ! -f "$REPO_ROOT/.env" ]; then if [ ! -f "$REPO_ROOT/.env" ]; then
echo "ERROR: $REPO_ROOT/.env not found. Copy .env.example and fill in values." echo "ERROR: $REPO_ROOT/.env not found. Copy .env.example and fill in values."
exit 1 exit 1
fi fi
source "$REPO_ROOT/.env" set -a
DATA_ROOT="${DATA_ROOT:-/opt/docker-data}" eval "$(grep -v '^#' "$REPO_ROOT/.env" | grep -v '^$' | grep '^[A-Za-z_][A-Za-z_0-9]*=' )"
set +a
# Validate required variables
for var in DOMAIN DATA_ROOT; do
if [ -z "${!var:-}" ]; then
echo "ERROR: $var is not set in .env"
exit 1
fi
done
echo "==> VPS info:" echo "==> VPS info:"
cat /etc/os-release cat /etc/os-release