add source file

Signed-off-by: Daniel Hansson <mailto@danielhansson.nu>

README.md

@@ -38,7 +38,7 @@ Server installation. Simplified. :cloud:
 
 **FYI**
 
-Developed by [Daniel Hansson](https://github.com/enoch85) and the Nextcloud community. Nextcloud GmbH does not offer support for the VM in the [maain branch](https://github.com/nextcloud/vm/tree/main) (full-version), as we only support manual tarball/zip-package installations. You can download the official Nextcloud VM appliance ([also from this repo](https://github.com/nextcloud/vm/tree/official-basic-vm)) from [our website](https://download.nextcloud.com/vm/Official-Nextcloud-VM.zip) to get a stripped down version for testing if you rather want to skip all the manual steps in our documentation.
+Developed by [Daniel Hansson](https://github.com/enoch85) and the Nextcloud community. Nextcloud GmbH does not offer support for the VM in the [main branch](https://github.com/nextcloud/vm/tree/main) (full-version), as we only support manual tarball/zip-package installations. You can download the official Nextcloud VM appliance ([also from this repo](https://github.com/nextcloud/vm/tree/official-basic-vm)) from [our website](https://download.nextcloud.com/vm/Official-Nextcloud-VM.zip) to get a stripped down version for testing if you rather want to skip all the manual steps in our documentation.
 
 If you want support regarding the full-version VM in main, please contact our partner [Hansson IT](https://www.hanssonit.se/nextcloud-vm).
   
@@ -72,7 +72,7 @@ Please report any issues you can find. Improvements are welcome!
 
 ## First look
 #### Nextcloud
-![alt tag](https://github.com/nextcloud/nextcloud.com/blob/main/assets/img/features/VMwelcome.png)
+![alt tag](https://github.com/nextcloud/nextcloud.com/blob/master/assets/img/features/VMwelcome.png)
 #### Adminer (Database Administration) *not default*
 ![alt tag](https://i.imgur.com/tiF4chg.png)
 #### Webmin (Server Administration GUI) *not default*
@@ -113,6 +113,7 @@ Please report any issues you can find. Improvements are welcome!
 * [Georg Großmann](https://github.com/ggeorgg)
 * [liao20081228](https://github.com/liao20081228)
 * [aaaskew](https://github.com/aaaskew)
+* IP address data powered by [IPinfo](https://ipinfo.io/)
 
 [Nextcloud Server]: http://shortio.hanssonit.se/r1Rx0GqXa9
 [app store]: http://shortio.hanssonit.se/Rz1GEXt9dL

addons/automatic_updates.sh

@@ -42,7 +42,7 @@ mkdir -p "$VMLOGS"/updates
 crontab -u root -l | { cat; echo "0 $AUT_UPDATES_TIME * 1-12 6 $SCRIPTS/update.sh minor >> $VMLOGS/updates/update-\$(date +\%Y-\%m-\%d_\%H:\%M).log 2>&1"; } | crontab -u root -
 if yesno_box_yes "Do you want to reboot your server after every update? *recommended*"
 then
-    sed -i "s|exit|/sbin/shutdown -r +1|g" "$SCRIPTS"/update.sh
+    sed -i "s|exit|/sbin/shutdown -r +10|g" "$SCRIPTS"/update.sh
     echo "exit" >> "$SCRIPTS"/update.sh
 fi
 

addons/locate_mirror.sh

@@ -3,55 +3,83 @@
 # T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
 
 true
-SCRIPT_NAME="Locate Mirror"
+SCRIPT_NAME="Locate mirror"
 # shellcheck source=lib.sh
 source /var/scripts/fetch_lib.sh
-
-# Must be root
-root_check
-
-# Use another method if the new one doesn't work
-if [ -z "$REPO" ]
-then
-    REPO=$(apt-get update -q4 && apt-cache policy | grep http | tail -1 | awk '{print $2}')
-fi
-
-# Check where the best mirrors are and update
-msg_box "To make downloads as fast as possible when updating Ubuntu \
+SCRIPT_EXPLAINER="To make downloads as fast as possible when updating Ubuntu \
 you should download mirrors that are as geographically close to you as possible.
 
 Please note that there are no guarantees that the download mirrors \
 this script finds will remain for the lifetime of this server.
 Because of this, we don't recommend that you change the mirror unless you live far away from the default.
 
-This is the method used: https://github.com/jblakeman/apt-select"
-msg_box "Your current server repository is: $REPO"
+This is the method used: https://github.com/vegardit/fast-apt-mirror.sh"
 
+# Check for errors + debug code and abort if something isn't right
+# 1 = ON
+# 0 = OFF
+DEBUG=0
+debug_mode
+
+# Must be root
+root_check
+
+# Check if Locate Mirror is already installed
+if ! [ -f /usr/local/bin/fast-apt-mirror ]
+then
+    # Ask for installing
+    install_popup "$SCRIPT_NAME"
+else
+    # Ask for removal or reinstallation
+    reinstall_remove_menu "$SCRIPT_NAME"
+    # Removal
+    rm -f /usr/local/bin/fast-apt-mirror
+    rm -f /etc/apt/sources.list.backup
+    # Show successful uninstall if applicable
+    removal_popup "$SCRIPT_NAME"
+fi
+
+# Install
+install_if_not bash
+install_if_not curl
+install_if_not apt-transport-https
+install_if_not ca-certificates
+curl_to_dir https://raw.githubusercontent.com/vegardit/fast-apt-mirror.sh/v1/ fast-apt-mirror.sh /usr/local/bin
+mv /usr/local/bin/fast-apt-mirror.sh /usr/local/bin/fast-apt-mirror
+chmod 755 /usr/local/bin/fast-apt-mirror
+
+# Check current mirror
+CURRENT_MIRROR="$(fast-apt-mirror current)"
+msg_box "Current mirror is $CURRENT_MIRROR"
+
+# Ask
 if ! yesno_box_no "Do you want to try to find a better mirror?"
 then
-    print_text_in_color "$ICyan" "Keeping $REPO as mirror..."
+    print_text_in_color "$ICyan" "Keeping $CURRENT_MIRROR as mirror..."
     sleep 1
 else
-    if [[ "$KEYBOARD_LAYOUT" =~ ,|/|_ ]]
+   if [[ "$KEYBOARD_LAYOUT" =~ ,|/|_ ]]
     then
-        msg_box "Your keymap contains more than one language, or a special character. ($KEYBOARD_LAYOUT)
-This script can only handle one keymap at the time.\nThe default mirror ($REPO) will be kept."
+        msg_box "Your keymap (country code) contains more than one language, or a special character. ($KEYBOARD_LAYOUT)
+This script can only handle one keymap at the time.\nThe default mirror ($CURRENT_MIRROR) will be kept."
         exit 1
     fi
+    # Find
+    FIND_MIRROR="$(fast-apt-mirror find -v --healthchecks 100 --speedtests 10 --country "$KEYBOARD_LAYOUT")"
     print_text_in_color "$ICyan" "Locating the best mirrors..."
-    curl_to_dir https://bootstrap.pypa.io get-pip.py /tmp
-    install_if_not python3
-    install_if_not python3-testresources
-    install_if_not python3-distutils
-    cd /tmp && python3 get-pip.py
-    pip install \
-        --upgrade pip \
-        apt-select
-    check_command apt-select -m up-to-date -t 4 -c -C "$KEYBOARD_LAYOUT"
-    sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup && \
-    if [ -f sources.list ]
+    if [ "$CURRENT_MIRROR" != "$FIND_MIRROR" ]
     then
-        sudo mv sources.list /etc/apt/
+        if yesno_box_yes "Do you want to replace the $CURRENT_MIRROR with $FIND_MIRROR?"
+        then
+            # Backup
+            cp -f /etc/apt/sources.list /etc/apt/sources.list.backup
+            # Replace
+            if fast-apt-mirror set "$FIND_MIRROR"
+            then
+                msg_box "Your Ubuntu repo was successfully changed to $FIND_MIRROR"
+            fi
+        fi
+    else
+        msg_box "You already have the fastest mirror available, congrats!"
     fi
-    msg_box "The apt-mirror was successfully changed."
 fi

apps/adminer.sh

@@ -52,9 +52,13 @@ a2enmod ssl
 # Install Adminer
 apt-get update -q4 & spinner_loading
 install_if_not adminer
-curl_to_dir "http://www.adminer.org" "latest.php" "$ADMINERDIR"
-curl_to_dir "https://raw.githubusercontent.com/Niyko/Hydra-Dark-Theme-for-Adminer/main" "adminer.css" "$ADMINERDIR"
-ln -s "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php
+curl_to_dir "https://download.adminerevo.org/latest/adminer" "adminer-pgsql.zip" "$ADMINERDIR"
+install_if_not unzip
+# Unzip the latest version
+unzip "$ADMINERDIR"/adminer-pgsql.zip -d "$ADMINERDIR"
+rm -f "$ADMINERDIR"/adminer-pgsql.zip
+# curl_to_dir "https://raw.githubusercontent.com/Niyko/Hydra-Dark-Theme-for-Adminer/master" "adminer.css" "$ADMINERDIR"
+mv "$ADMINERDIR"/adminer-pgsql.php "$ADMINERDIR"/adminer.php
 
 # Only add TLS 1.3 on Ubuntu later than 22.04
 if version 22.04 "$DISTRO" 24.04.10
@@ -65,6 +69,46 @@ fi
 # Get PHP version for the conf file
 check_php
 
+# shellcheck disable=2154
+
+# Add ability to add plugins easily
+cat << ADMINER_CREATE_PLUGIN > "$ADMINER_CONF_PLUGIN"
+<?php
+function adminer_object() {
+    // required to run any plugin
+    include_once "./plugins/plugin.php";
+
+    // autoloader
+    foreach (glob("plugins/*.php") as $filename) {
+        include_once "./$filename";
+    }
+
+    // enable extra drivers just by including them
+    //~ include "./plugins/drivers/simpledb.php";
+
+    $plugins = array(
+        // specify enabled plugins here
+        new AdminerDumpXml(),
+        new AdminerTinymce(),
+        new AdminerFileUpload("data/"),
+        new AdminerSlugify(),
+        new AdminerTranslation(),
+        new AdminerForeignSystem(),
+    );
+
+    /* It is possible to combine customization and plugins:
+    class AdminerCustomization extends AdminerPlugin {
+    }
+    return new AdminerCustomization($plugins);
+    */
+
+    return new AdminerPlugin($plugins);
+}
+
+// include original Adminer or Adminer Editor
+include "./adminer.php";
+ADMINER_CREATE_PLUGIN
+
 cat << ADMINER_CREATE > "$ADMINER_CONF"
  <VirtualHost *:80>
      RewriteEngine On
@@ -108,7 +152,7 @@ Listen 9443
     <IfModule mod_dir.c>
         DirectoryIndex adminer.php
     </IfModule>
-    AllowOverride None
+    AllowOverride All
 
     # Only allow connections from localhost:
     Require ip $GATEWAY/24
@@ -131,7 +175,6 @@ The script will exit."
     exit 1
 else
     # Allow local access:
-    
     check_command sed -i "s|local   all             postgres                                peer|local   all             postgres                                md5|g" /etc/postgresql/*/main/pg_hba.conf
     restart_webserver
 

apps/fail2ban.sh

@@ -5,7 +5,7 @@
 
 true
 SCRIPT_NAME="Fail2ban"
-SCRIPT_EXPLAINER="Fail2ban provides extra Brute Force protextion for Nextcloud.
+SCRIPT_EXPLAINER="Fail2ban provides extra Brute Force protection for Nextcloud.
 It scans the Nextcloud and SSH log files and bans IPs that show malicious \
 signs -- too many password failures, seeking for exploits, etc. 
 Generally Fail2Ban is then used to update firewall rules to \

apps/imaginary.sh

@@ -151,13 +151,15 @@ nextcloud_occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\
 nextcloud_occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\OpenDocument"
 nextcloud_occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\Movie"
 nextcloud_occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Krita"
+nextcloud_occ config:system:set enabledPreviewProviders 8 --value="OC\Preview\ImaginaryPDF"
 nextcloud_occ config:system:set preview_imaginary_url --value="http://127.0.0.1:9000"
 
 # Set general values
 nextcloud_occ config:system:set preview_max_x --value="2048"
 nextcloud_occ config:system:set preview_max_y --value="2048"
-nextcloud_occ config:system:set jpeg_quality --value="60"
 nextcloud_occ config:system:set preview_max_memory --value="256"
+nextcloud_occ config:system:set preview_format --value="webp"
+nextcloud_occ config:app:set preview webp_quality --value="65"
 
 if docker logs imaginary
 then

apps/netdata.sh

@@ -22,16 +22,6 @@ debug_mode
 # Must be sudo
 root_check
 
-# Can't be run as pure root user
-if [ -z "$UNIXUSER" ]
-then
-    msg_box "You can't run this script as a pure root user. You need to issue the following command:
-sudo -u regular_user sudo bash $SCRIPTS/menu.sh
-
-Then choose Additional Apps --> Netdata"
-    exit 1
-fi
-
 # Check if netdata is already installed
 if ! [ -d /etc/netdata ]
 then
@@ -63,6 +53,8 @@ else
     rm -rf /etc/netdata
     apt-get purge netdata -y
     apt-get autoremove -y
+    rm -rf /var/cache/netdata
+    rm -rf /var/log/netdata
     # Show successful uninstall if applicable
     removal_popup "$SCRIPT_NAME"
 fi
@@ -71,8 +63,8 @@ fi
 is_process_running dpkg
 is_process_running apt
 apt-get update -q4 & spinner_loading
-curl_to_dir https://my-netdata.io kickstart.sh $SCRIPTS
-sudo -u "$UNIXUSER" bash $SCRIPTS/kickstart.sh --reinstall-even-if-unsafe --non-interactive --no-updates --stable-channel --disable-cloud
+curl_to_dir https://get.netdata.cloud kickstart.sh $SCRIPTS
+bash $SCRIPTS/kickstart.sh --reinstall-even-if-unsafe --non-interactive --no-updates --stable-channel --disable-cloud
 rm -f $SCRIPTS/kickstart.sh
 
 # Check Netdata instructions after script is done

apps/recognize.sh

@@ -27,26 +27,6 @@ fi
 # Compatible with NC26 and above
 lowest_compatible_nc 26
 
-# Check if suspicious_login are installed
-# https://github.com/nextcloud/recognize/issues/676
-if is_app_enabled suspicious_login
-then
-    msg_box "Since you have the app Suspicious Login Detection installed, you can't install Recognize. The reason is that it will cause issues with cron.php.\nIf you choose 'No' the installer will exit"
-    if yesno_box_no "Do you want to disable Suspicious Login to be able to install Recognize?"
-    then
-        nextcloud_occ app:disable suspicious_login
-        if ! [ -f /etc/fail2ban/filter.d/nextcloud.conf ] || ! is_this_installed fail2ban
-        then
-            if yesno_box_yes "Do you want to install Fail2ban (IP blocking in Linux) instead?"
-            then
-                run_script APP fail2ban
-            fi
-        fi
-    else
-        exit
-    fi
-fi
-
 # Check if face-recognition is installed and ask to remove it
 if is_app_installed facerecognition
 then

apps/talk.sh

@@ -548,7 +548,7 @@ if [ -d "$NCPATH/apps/spreed" ]
 then
     if does_this_docker_exist nextcloud/aio-talk-recording
     then
-        install_if_not netcat
+        install_if_not netcat-traditional
         while ! nc -z "$TURN_RECORDING_HOST" "$TURN_RECORDING_HOST_PORT"
         do
             print_text_in_color "$ICyan" "Waiting for Talk Recording to become available..."

disk/format-chosen.sh

@@ -43,9 +43,13 @@ elif [ "$SYSVENDOR" == "Xen" ];
 then
     SYSNAME="Xen/XCP-NG"
     DEVTYPE=xvdb
-elif [[ "$SYSVENDOR" == "QEMU" || "$SYSVENDOR" == "Red Hat" ]];
+elif [[ "$SYSVENDOR" == "QEMU" ]];
 then
-    SYSNAME="KVM/QEMU"
+    SYSNAME="Proxmox/QEMU"
+    DEVTYPE=sdb
+elif [ "$SYSVENDOR" == "Red Hat" ];
+then
+    SYSNAME="Red Hat"
     DEVTYPE=vdb
 elif [ "$SYSVENDOR" == "DigitalOcean" ];
 then
@@ -99,7 +103,7 @@ while
         done
     [[ -z "${devtype_present+x}" ]]
 do
-    printf "${BRed}$DEVTYPE is not a valid disk. Please try again.${Color_Off}\n"
+    print_text_in_color "$BRed" "$DEVTYPE is not a valid disk. Please try again."
     :
 done
 
@@ -179,6 +183,11 @@ then
     check_command zfs set atime=off "$POOLNAME"
     check_command zfs set recordsize=128k "$POOLNAME"
     check_command zfs set logbias=latency "$POOLNAME"
+    if [ -d /sys/firmware/efi ]
+    then
+        # dnodesize can't boot on BIOS, only UEFI mode
+        check_command zfs set dnodesize=auto "$POOLNAME"
+    fi
 
 else
     msg_box "It seems like /dev/$DEVTYPE does not exist.

disk/format-sdb.sh

@@ -43,9 +43,13 @@ elif [ "$SYSVENDOR" == "Xen" ];
 then
     SYSNAME="Xen/XCP-NG"
     DEVTYPE=xvdb
-elif [[ "$SYSVENDOR" == "QEMU" || "$SYSVENDOR" == "Red Hat" ]];
+elif [[ "$SYSVENDOR" == "QEMU" ]];
 then
-    SYSNAME="KVM/QEMU"
+    SYSNAME="Proxmox/QEMU"
+    DEVTYPE=sdb
+elif [ "$SYSVENDOR" == "Red Hat" ];
+then
+    SYSNAME="Red Hat"
     DEVTYPE=vdb
 elif [ "$SYSVENDOR" == "DigitalOcean" ];
 then
@@ -162,6 +166,11 @@ then
     check_command zfs set atime=off "$POOLNAME"
     check_command zfs set recordsize=128k "$POOLNAME"
     check_command zfs set logbias=latency "$POOLNAME"
+    if [ -d /sys/firmware/efi ]
+    then
+        # dnodesize can't boot on BIOS, only UEFI mode
+        check_command zfs set dnodesize=auto "$POOLNAME"
+    fi
 
 else
     msg_box "It seems like /dev/$DEVTYPE does not exist.

geoblockdat/README.md

@@ -1,22 +0,0 @@
-# What is this folder about?
-This folder is only meant for storing GeoIP Legacy Databases which are used by the [geoip script](https://github.com/nextcloud/vm/blob/main/network/geoblock.sh).
-
-All .dat files in this folder are from https://www.miyuru.lk/geoiplegacy and converted by Miyuru Sankalpa.
-
-## How to add updated Database files in here?
-1. Check if the files were updated by Miyuru Sankalpa by visiting [twitter](https://twitter.com/miyurulk) or verifying the **Last Updated** tag on his [website](https://www.miyuru.lk/geoiplegacy)
-2. If the files were updated, download the newest [Maxmind Country IPv4](https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz) and [Maxmind Country IPv6](https://dl.miyuru.lk/geoip/maxmind/country/maxmind6.dat.gz) files
-3. Extract them
-4. Create a PR with those updated database files, add them to this folder and follow this naming scheme:
-
-### Naming scheme:
-**for IPv4:**<br>
-`yyyy-mm-Maxmind-Country-IPv4.dat`<br>
-**for IPv6:**<br>
-`yyyy-mm-Maxmind-Country-IPv6.dat`<br>
-_(Year and month should be chosen based on when the files were updated by Sankalpa)_<br><br>
-**One example is:**<br>
-`2020-09-Maxmind-Country-IPv4.dat`<br>
-and<br>
-`2020-09-Maxmind-Country-IPv6.dat`<br>
-_(If the files were updated on September 2020 by Sankalpa)_

lets-encrypt/activate-tls.sh

@@ -128,6 +128,28 @@ then
     SETENVPROXY="SetEnv proxy-sendcl 1"
 fi
 
+# Install Brotli
+if version 24.04 "$DISTRO" 26.04.10
+then
+    if ! [ -f /etc/apache2/conf-available/brotli.conf ]
+    then
+        # Install needed packaages
+        install_if_not brotli
+
+        # Add the config
+        {
+            echo "# Brotli support"
+            echo "<IfModule mod_brotli.c>"
+            echo "    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/json application/x-font-ttf application/vnd.ms-fontobject image/x-icon"
+            echo "</IfModule>"
+        } > /etc/apache2/conf-available/brotli.conf
+
+        # Enable the config
+        a2enmod brotli
+        a2enconf brotli
+    fi
+fi
+
 # Generate nextcloud_tls_domain.conf
 if [ ! -f "$tls_conf" ]
 then
@@ -137,7 +159,7 @@ then
     cat << TLS_CREATE > "$tls_conf"
 <VirtualHost *:80>
     RewriteEngine On
-    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+    RewriteRule ^(.*)$ https://%{HTTP_HOST}\$1 [END,NE,R=permanent]
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -172,7 +194,7 @@ then
     # The Nextcloud folder
     <Directory $NCPATH>
     Options Indexes FollowSymLinks
-    AllowOverride None
+    AllowOverride All
     Require all granted
     Satisfy Any
     # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read
@@ -244,8 +266,11 @@ then
     if certbot certonly --manual --text --key-type ecdsa --renew-by-default --server https://acme-v02.api.letsencrypt.org/directory --no-eff-email --agree-tos --preferred-challenges dns --manual-auth-hook "$SCRIPTS"/deSEC/hook.sh --manual-cleanup-hook "$SCRIPTS"/deSEC/hook.sh -d "$DEDYNDOMAIN"
     then
         # Generate DHparams cipher
-        if [ ! -f "$DHPARAMS_TLS" ]
+        if [ -f "$DHPARAMS_TLS" ]
         then
+            rm -f "$DHPARAMS_TLS"
+            openssl dhparam -out "$DHPARAMS_TLS" 2048
+        else
             openssl dhparam -out "$DHPARAMS_TLS" 2048
         fi
         # Choose which port for public access
@@ -304,8 +329,11 @@ else
         if [ -d "$CERTFILES" ]
         then
             # Generate DHparams cipher
-            if [ ! -f "$DHPARAMS_TLS" ]
+            if [ -f "$DHPARAMS_TLS" ]
             then
+                rm -f "$DHPARAMS_TLS"
+                openssl dhparam -out "$DHPARAMS_TLS" 2048
+            else
                 openssl dhparam -out "$DHPARAMS_TLS" 2048
             fi
             # Activate new config

lib.sh

@@ -45,7 +45,6 @@ SYSVENDOR=$(cat /sys/devices/virtual/dmi/id/sys_vendor)
 # Network
 IFACE=$(ip r | grep "default via" | awk '{print $5}')
 IFACE2=$(ip -o link show | awk '{print $2,$9}' | grep 'UP' | cut -d ':' -f 1)
-REPO=$(grep "^deb " /etc/apt/sources.list | grep http | awk '{print $2}' | head -1)
 ADDRESS=$(hostname -I | cut -d ' ' -f 1)
 WANIP4=$(curl -s -k -m 5 -4 https://api64.ipify.org)
 INTERFACES="/etc/netplan/nextcloud.yaml"
@@ -99,7 +98,6 @@ DISK="$GITHUB_REPO/disk"
 NETWORK="$GITHUB_REPO/network"
 VAGRANT_DIR="$GITHUB_REPO/vagrant"
 NOT_SUPPORTED_FOLDER="$GITHUB_REPO/not-supported"
-GEOBLOCKDAT="$GITHUB_REPO/geoblockdat"
 NCREPO="https://download.nextcloud.com/server/releases"
 ISSUES="https://github.com/nextcloud/vm/issues"
 # User information
@@ -135,6 +133,10 @@ nc_update() {
     NCBAD=$((NCMAJOR-2))
     NCNEXT="$((${CURRENTVERSION%%.*}+1))"
 }
+maxmind_geoip() {
+    # shellcheck source=/dev/null
+    source <(curl -sL https://shortio.hanssonit.se/t3vm7ro4CP)
+}
 # Set the hour for automatic updates. This would be 18:00 as only the hour is configurable.
 AUT_UPDATES_TIME="18"
 # Keys
@@ -150,6 +152,10 @@ HTTP_CONF="nextcloud_http_domain_self_signed.conf"
 # Collabora App
 HTTPS_CONF="$SITES_AVAILABLE/$SUBDOMAIN.conf"
 HTTP2_CONF="/etc/apache2/mods-available/http2.conf"
+# GeoBlock
+GEOBLOCK_MOD_CONF="/etc/apache2/conf-available/geoblock.conf"
+GEOBLOCK_MOD="/etc/apache2/mods-available/maxminddb.load"
+GEOBLOCK_DIR="/usr/share/GeoIP"
 # PHP-FPM
 PHPVER=8.3
 PHP_FPM_DIR=/etc/php/$PHPVER/fpm
@@ -162,6 +168,7 @@ NOTIFY_PUSH_SERVICE_PATH="/etc/systemd/system/notify_push.service"
 # Adminer
 ADMINERDIR=/usr/share/adminer
 ADMINER_CONF="$SITES_AVAILABLE/adminer.conf"
+ADMINER_CONF_PLUGIN="$ADMINERDIR/extra_plugins.php"
 # Redis
 REDIS_CONF=/etc/redis/redis.conf
 REDIS_SOCK=/var/run/redis/redis-server.sock
@@ -177,9 +184,8 @@ fulltextsearch_install() {
     ELASTIC_USER_PASSWORD=$(gen_passwd "$SHUF" '[:lower:]')
     FULLTEXTSEARCH_IMAGE_NAME=fulltextsearch_es01
     FULLTEXTSEARCH_SERVICE=nextcloud-fulltext-elasticsearch-worker.service
-    # Supports 0-9.0-99.0-9. Max supprted version with this function is 9.99.9. When ES 10.0.0 is out we have a problem.
-    # Maybe "10\\.[[:digit:]][[:digit:]]\\.[[:digit:]]" will work?
-    FULLTEXTSEARCH_IMAGE_NAME_LATEST_TAG="$(curl -s -m 900 https://www.docker.elastic.co/r/elasticsearch | grep -Eo "[[:digit:]]\\.[[:digit:]][[:digit:]]\\.[[:digit:]]" | sort --version-sort | tail -1)"
+    # Gets the version from the latest tag here: https://github.com/docker-library/official-images/blob/master/library/elasticsearch
+    FULLTEXTSEARCH_IMAGE_NAME_LATEST_TAG="$(curl -s -m 900 https://raw.githubusercontent.com/docker-library/official-images/refs/heads/master/library/elasticsearch | grep "Tags:" | head -1 | awk '{print $2}')"
     # Legacy, changed 2023-09-21
     DOCKER_IMAGE_NAME=es01
     # Legacy, not used at all
@@ -384,60 +390,68 @@ something is wrong here. Please report this to $ISSUES"
     fi
 }
 
+metadefender-scan() {
+# Usage:
+# metadefender-scan.sh $PATH $APIKEY, for example:
+hash="$(sha256sum "$1")"
+hash="${hash%% *}"
+apikey=7283aa9bbcee83132506659a4e5675bb
+curl "https://api.metadefender.com/v4/hash/$hash" -H "apikey: $apikey"
+}
+
 # Used in geoblock.sh
-get_newest_dat_files() {
-    # IPv4
-    IPV4_NAME=$(curl -s https://github.com/nextcloud/vm/tree/main/geoblockdat \
-    | grep -oP '202[0-9]-[01][0-9]-Maxmind-Country-IPv4\.dat' | sort -r | head -1)
-    if [ -z "$IPV4_NAME" ]
+download_geoip_mmdb() {
+    # Rate limit to 1 hour, we have 24 requests per day
+    if [ -f "$GEOBLOCK_DIR/IPInfo-Country.mmdb" ]
     then
-        print_text_in_color "$IRed" "Could not get the latest IPv4 name. Not updating the .dat file"
-        sleep 1
-    else
-        if ! [ -f "$SCRIPTS/$IPV4_NAME" ]
+        if [ "$(( $(date +"%s") - $(stat -c "%Y" "$GEOBLOCK_DIR/IPInfo-Country.mmdb") ))" -lt "3600" ]
         then
-            print_text_in_color "$ICyan" "Downloading new IPv4 dat file..."
-            sleep 1
-            curl_to_dir "$GEOBLOCKDAT" "$IPV4_NAME" "$SCRIPTS"
-            mkdir -p /usr/share/GeoIP
-            rm -f /usr/share/GeoIP/GeoIP.dat
-            check_command cp "$SCRIPTS/$IPV4_NAME" /usr/share/GeoIP
-            check_command mv "/usr/share/GeoIP/$IPV4_NAME" /usr/share/GeoIP/GeoIP.dat
-            chown root:root /usr/share/GeoIP/GeoIP.dat
-            chmod 644 /usr/share/GeoIP/GeoIP.dat
-            find /var/scripts -type f -regex \
-"$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IPv4\.dat" -not -name "$IPV4_NAME" -delete
-        else
-            print_text_in_color "$ICyan" "The latest IPv4 dat file is already downloaded."
-            sleep 1
+            print_text_in_color "$IGreen" "No need to update $GEOBLOCK_DIR/IPInfo-Country.mmdb since it's newer than 1 hour."
+            return 1
         fi
-    fi
-    # IPv6
-    IPV6_NAME=$(curl -s https://github.com/nextcloud/vm/tree/main/geoblockdat \
-    | grep -oP '202[0-9]-[01][0-9]-Maxmind-Country-IPv6\.dat' | sort -r | head -1)
-    if [ -z "$IPV6_NAME" ]
+    elif [ -f "$GEOBLOCK_DIR/GeoLite2-Country.mmdb" ]
     then
-        print_text_in_color "$IRed" "Could not get the latest IPv6 name. Not updating the .dat file"
-        sleep 1
-    else
-        if ! [ -f "$SCRIPTS/$IPV6_NAME" ]
-        then
-            print_text_in_color "$ICyan" "Downloading new IPv6 dat file..."
-            sleep 1
-            curl_to_dir "$GEOBLOCKDAT" "$IPV6_NAME" "$SCRIPTS"
-            mkdir -p /usr/share/GeoIP
-            rm -f /usr/share/GeoIP/GeoIPv6.dat
-            check_command cp "$SCRIPTS/$IPV6_NAME" /usr/share/GeoIP
-            check_command mv "/usr/share/GeoIP/$IPV6_NAME" /usr/share/GeoIP/GeoIPv6.dat
-            chown root:root /usr/share/GeoIP/GeoIPv6.dat
-            chmod 644 /usr/share/GeoIP/GeoIPv6.dat
-            find /var/scripts -type f -regex \
-"$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IPv6\.dat" -not -name "$IPV6_NAME" -delete
-        else
-            print_text_in_color "$ICyan" "The latest IPv6 dat file is already downloaded."
-            sleep 1
-        fi
+        print_text_in_color "$ICyan" "Replacing Maxmind with IPInfo GeoIP database..."
     fi
+
+    # Download or update current GeoIP DB
+    maxmind_geoip
+    export x8v8GyVQg2UejdPh
+    print_text_in_color "$ICyan" "Downloading latest GeoIP database from https://ipinfo.io..."
+    if ! curl -sfL https://ipinfo.io/data/free/country.mmdb?token="$x8v8GyVQg2UejdPh" -o "$GEOBLOCK_DIR"/IPInfo-Country.mmdb
+    then
+        print_text_in_color "$IRed" "Failed downloading GeoIP database from IPInfo, trying plan B..."
+        export MwKfcYATm43NMT
+        export i9HL69SLnp4ymy
+        {
+        echo "GEOIPUPDATE_ACCOUNT_ID=$MwKfcYATm43NMT"
+        echo "GEOIPUPDATE_LICENSE_KEY=$i9HL69SLnp4ymy"
+        echo "GEOIPUPDATE_EDITION_IDS=GeoLite2-Country"
+        echo "GEOIPUPDATE_FREQUENCY=0"
+        echo "GEOIPUPDATE_PRESERVE_FILE_TIMES=1"
+        echo "GEOIPUPDATE_VERBOSE=1"
+        } > /tmp/dockerenv
+        unset MwKfcYATm43NMT
+        unset i9HL69SLnp4ymy
+        install_docker
+        if docker run --name maxmind --env-file /tmp/dockerenv -v "$GEOBLOCK_DIR":"$GEOBLOCK_DIR" ghcr.io/maxmind/geoipupdate
+        then
+            docker rm -f maxmind
+            rm -f /tmp/dockerenv
+            # Since only one mmdb file can exist at the same time due to Apache "if" confitions, remove IPInfos config
+            rm -f "$GEOBLOCK_DIR"/IPInfo-Country.mmdb
+            print_text_in_color "$IGreen" "Maxmind GeoIP database downloaded!"
+        else
+            docker rm -f maxmind
+            rm -f /tmp/dockerenv
+            print_text_in_color "$IRed" "Rate limit for Maxmind GeoIP database reached! Can't continue from here, please report this to $ISSUES"
+        fi
+    else
+        # Since only one mmdb file can exist at the same time due to Apache "if" confitions, remove MaxMinds config
+        rm -f "$GEOBLOCK_DIR"/GeoLite2-Country.mmdb
+        return 0
+    fi
+    unset x8v8GyVQg2UejdPh
 }
 
 # Check if process is runnnig: is_process_running dpkg
@@ -476,13 +490,13 @@ check_running_cronjobs() {
 
 # Checks if site is reachable with a HTTP 200 status
 site_200() {
-print_text_in_color "$ICyan" "Checking connection..."
+print_text_in_color "$ICyan" "Checking connection to ${1}..."
         CURL_STATUS="$(curl -LI "${1}" -o /dev/null -w '%{http_code}\n' -s)"
         if [[ "$CURL_STATUS" = "200" ]]
         then
             return 0
         else
-            print_text_in_color "$IRed" "curl didn't produce a 200 status, is ${1} reachable?"
+            msg_box "curl didn't produce a 200 status, is ${1} reachable? Please report this to $ISSUES."
             return 1
         fi
 }
@@ -855,7 +869,7 @@ local  standalone="certbot certonly --standalone --pre-hook \"systemctl stop apa
 #tls-alpn-01
 local  tls_alpn_01="certbot certonly --preferred-challenges tls-alpn-01 $default_le"
 #dns
-local  dns="certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns $default_le"
+local  dns="certbot certonly --manual --preferred-challenges dns $default_le"
 local  methods=(standalone dns)
 
 for f in "${methods[@]}"
@@ -1381,7 +1395,7 @@ fi
 print_text_in_color "$ICyan" "Checking SHA256 checksum..."
 mkdir -p "$SHA256_DIR"
 curl_to_dir "$NCREPO" "$STABLEVERSION.tar.bz2.sha256" "$SHA256_DIR"
-SHA256SUM="$(tail "$SHA256_DIR"/"$STABLEVERSION".tar.bz2.sha256 | awk '{print$1}')"
+SHA256SUM="$(tail "$SHA256_DIR"/"$STABLEVERSION".tar.bz2.sha256 | awk '{print$1}' | head -1)"
 if ! echo "$SHA256SUM" "$STABLEVERSION.tar.bz2" | sha256sum -c
 then
     msg_box "The SHA256 checksums of $STABLEVERSION.tar.bz2 didn't match, please try again."
@@ -1498,7 +1512,7 @@ any_key() {
 
 lowest_compatible_nc() {
 # .ocdata needs to exist to be able to check version, occ relies on everytihgn working
-until [ -f "$NCDATA"/.ocdata ]
+until [ -f "$NCDATA"/.ocdata ] || [ -f "$NCDATA"/.ncdata ]
 do
         # SUPPORT LEGACY: If it's not in the standard path, check for existing datadir in config.php
         if [ -f "$NCPATH"/config/config.php ]
@@ -1511,7 +1525,7 @@ do
 If you think this is a bug, please report it to $ISSUES"
             else
                 # Check again an break if found
-                if [ -f "$NCDATA"/.ocdata ]
+                if [ -f "$NCDATA"/.ocdata ] || [ -f "$NCDATA"/.ncdata ] 
                 then
                     break
                 fi

menu/main_menu.sh

@@ -81,7 +81,7 @@ To upgrade to the latest version, please run: 'sudo bash $SCRIPTS/update.sh' fro
             download_script STATIC update
             if [ -n "$REBOOT_SET" ]
             then
-                sed -i "s|exit|/sbin/shutdown -r +1|g" "$SCRIPTS"/update.sh
+                sed -i "s|exit|/sbin/shutdown -r +10|g" "$SCRIPTS"/update.sh
             fi
             do_the_update
         else

menu/nextcloud_configuration.sh

@@ -122,6 +122,11 @@ daily
 rotate 10
 copytruncate
 }
+$VMLOGS/audit.log {
+daily
+rotate 10
+copytruncate
+}
 NEXTCLOUD_CONF
 
             # Set needed ownership for the Nextcloud log folder to work correctly

menu/startup_configuration.sh

@@ -37,6 +37,13 @@ else
 fi
 
 # Get the correct apt-mirror
+# Handle several sources
+FIND_SOURCES="$(find /etc/apt/ -type f -name "*sources*")"
+for source in $FIND_SOURCES
+do
+  REPO=$(grep "URIs:" "$source" | grep http | awk '{print $2}' | head -1)
+done
+# Check if it matches
 if [ "$REPO" = 'http://archive.ubuntu.com/ubuntu' ]
 then
     MIRROR_SWITCH="ON"
@@ -59,7 +66,7 @@ choice=$(whiptail --title "$TITLE" --checklist \
 $CHECKLIST_GUIDE\n\n$RUN_LATER_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
 "Keyboard Layout" "(Change the keyboard layout from '$KEYBOARD_LAYOUT')" "$KEYBOARD_LAYOUT_SWITCH" \
 "Timezone" "(Change the timezone from $(cat /etc/timezone))" "$TIMEZONE_SWITCH" \
-"Locate Mirror" "(Change the apt-mirror from $REPO)" OFF 3>&1 1>&2 2>&3)
+"Locate Mirror" "(Change the apt repo for better download performance)" "$MIRROR_SWITCH" 3>&1 1>&2 2>&3)
 
 case "$choice" in
     *"Keyboard Layout"*)

network/asusnuc/pn51.sh

@@ -46,12 +46,7 @@ mkdir -p "$INSTALLDIR"
 print_text_in_color "$ICyan" "Checking for newer version of firmware..."
 if ! curl -k -s https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software | grep "$RVERSION" >/dev/null
 then
-    msg_box "It seems like there's a newer version of the Realtek Driver for the LAN network card.
-
-Please report this to $ISSUES including this link:
-https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software
-
-Thanks!"
+    print_text_in_color "$ICyan" "Newer firmware for your Realtek card available. Please check here for upgrading: https://github.com/awesometic/realtek-r8125-dkms"
 fi
 
 # Download the driver before it's removed (no internet when it's removed)

network/geoblock.sh

@@ -22,40 +22,99 @@ debug_mode
 root_check
 
 # Check if it is already configured
-if ! grep -q "^#Geoip-block" /etc/apache2/apache2.conf
+if [ ! -f "$GEOBLOCK_MOD_CONF" ] && [ ! -f "$GEOBLOCK_MOD" ] && ! grep -q "^#Geoip-block" /etc/apache2/apache2.conf
 then
     # Ask for installing
     install_popup "$SCRIPT_NAME"
 else
     # Ask for removal or reinstallation
     reinstall_remove_menu "$SCRIPT_NAME"
-    # Removal
+    # Remove Apache mod config
+    rm -f "$GEOBLOCK_MOD_CONF"
+    # Remove old database files
     find /var/scripts -type f -regex \
 "$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IPv[46]\.dat" -delete
+    find "$GEOBLOCK_DIR" -type f -regex \
+"*.dat" -delete
+    rm -f "$GEOBLOCK_DIR"/IPInfo-Country.mmdb
+    # Remove Apache2 mod
+    if [ -f "$GEOBLOCK_MOD" ]
+    then
+        a2dismod maxminddb
+        rm -f "$GEOBLOCK_MOD"
+        rm -f /usr/lib/apache2/modules/mod_maxminddb.so
+    fi
     if is_this_installed libapache2-mod-geoip
     then
         a2dismod geoip
         apt-get purge libapache2-mod-geoip -y
     fi
-    apt-get autoremove -y
-    sed -i "/^#Geoip-block-start/,/^#Geoip-block-end/d" /etc/apache2/apache2.conf
-    check_command systemctl restart apache2
+    # Remove PPA
+    if grep ^ /etc/apt/sources.list /etc/apt/sources.list.d/* | grep maxmind-ubuntu-ppa
+    then
+        install_if_not ppa-purge
+        yes | ppa-purge maxmind/ppa
+        rm -f /etc/apt/sources.list.d/maxmind*
+    fi
+    # Remove  Apache config
+    if grep "Geoip-block-start" /etc/apache2/apache2.conf
+    then
+        sed -i "/^#Geoip-block-start/,/^#Geoip-block-end/d" /etc/apache2/apache2.conf
+    fi
+    if [ -f "$GEOBLOCK_MOD_CONF" ]
+    then
+        a2disconf geoblock
+        rm -f "$GEOBLOCK_MOD_CONF"
+    fi
     # Show successful uninstall if applicable
     removal_popup "$SCRIPT_NAME"
+    # Make sure it's clean from unused packages and files
+    apt-get purge libmaxminddb0* libmaxminddb-dev* mmdb-bin* apache2-dev* -y
+    apt-get autoremove -y
+    check_command systemctl restart apache2
 fi
 
-# Install needed tools
-install_if_not libapache2-mod-geoip
+# Download GeoIP Databases
+if ! download_geoip_mmdb
+then
+   exit 1
+fi
 
-# Enable apache mod
-check_command a2enmod geoip rewrite
+##### GeoIP script (Apache Setup)
+# Install  requirements
+yes | add-apt-repository ppa:maxmind/ppa
+apt-get update -q4 & spinner_loading
+install_if_not libmaxminddb0
+install_if_not libmaxminddb-dev
+install_if_not mmdb-bin
+install_if_not apache2-dev
+
+# maxminddb_module https://github.com/maxmind/mod_maxminddb
+cd /tmp
+curl_to_dir https://github.com/maxmind/mod_maxminddb/releases/download/1.2.0/ mod_maxminddb-1.2.0.tar.gz /tmp
+tar -xzf mod_maxminddb-1.2.0.tar.gz
+cd mod_maxminddb-1.2.0
+if ./configure
+then
+    make install
+    # Delete conf made by module
+    rm -f /etc/apache2/mods-enabled/maxminddb.conf
+    # Check if module is enabled
+    if ! apachectl -M | grep -i "maxminddb"
+    then
+       msg_box "Couldn't install the Apache module for MaxMind. Please report this to $ISSUES"
+       exit 1
+    fi
+    # Cleanup
+    rm -rf mod_maxminddb-1.2.0 mod_maxminddb-1.2.0.tar.gz
+fi
+
+# Enable modules
+check_command a2enmod rewrite remoteip maxminddb
+# Delete conf made by module
+rm -f /etc/apache2/mods-enabled/maxminddb.conf
 check_command systemctl restart apache2
 
-# Download newest dat files
-find /var/scripts -type f -regex \
-"$SCRIPTS/202[0-9]-[01][0-9]-Maxmind-Country-IPv[46]\.dat" -delete
-get_newest_dat_files
-
 # Restrict to countries and/or continents
 choice=$(whiptail --title "$TITLE"  --checklist \
 "Do you want to restrict to countries and/or continents?
@@ -71,7 +130,7 @@ fi
 if [[ "$choice" = *"Countries"* ]]
 then
     # Download csv file
-    if ! curl_to_dir "https://dev.maxmind.com/csv-files/codes" "iso3166.csv" "$SCRIPTS"
+    if ! curl_to_dir "https://dev.maxmind.com/static/csv/codes" "iso3166.csv" "$SCRIPTS"
     then
         msg_box "Could not download the iso3166.csv file.
 Please report this to $ISSUES"
@@ -158,24 +217,44 @@ then
     mapfile -t choice <<< "$choice"
 fi
 
-GEOIP_CONF="#Geoip-block-start - Please don't remove or change this line
-<IfModule mod_geoip.c>
-  GeoIPEnable On
-  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
-  GeoIPDBFile /usr/share/GeoIP/GeoIPv6.dat
+# Create conf
+cat << GEOBLOCKCONF_CREATE > "$GEOBLOCK_MOD_CONF"
+<IfModule mod_maxminddb.c>
+  MaxMindDBEnable On
+
+  # Check for IPinfo mmdb
+  <IfFile "$GEOBLOCK_DIR/IPInfo-Country.mmdb">
+    MaxMindDBFile DB $GEOBLOCK_DIR/IPInfo-Country.mmdb
+    MaxMindDBEnv MM_CONTINENT_CODE DB/continent
+    MaxMindDBEnv MM_COUNTRY_CODE DB/country
+  </IfFile>
+  # Check for Maxmind mmdb
+  <IfFile "$GEOBLOCK_DIR/GeoLite2-Country.mmdb">
+    MaxMindDBFile DB $GEOBLOCK_DIR/GeoLite2-Country.mmdb
+    MaxMindDBEnv MM_CONTINENT_CODE DB/continent/code
+    MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
+  </IfFile>
 </IfModule>
-<Location />\n"
+
+  # Geoblock rules
+GEOBLOCKCONF_CREATE
+
+# Add <Location> parameters to maxmind conf
+echo "<Location />" >> "$GEOBLOCK_MOD_CONF"
 for continent in "${choice[@]}"
 do
-    GEOIP_CONF+="  SetEnvIf GEOIP_CONTINENT_CODE    $continent AllowCountryOrContinent\n"
-    GEOIP_CONF+="  SetEnvIf GEOIP_CONTINENT_CODE_V6 $continent AllowCountryOrContinent\n"
+    echo "  SetEnvIf MM_CONTINENT_CODE    $continent AllowCountryOrContinent" >> "$GEOBLOCK_MOD_CONF"
 done
 for country in "${selected_options[@]}"
 do
-    GEOIP_CONF+="  SetEnvIf GEOIP_COUNTRY_CODE    $country AllowCountryOrContinent\n"
-    GEOIP_CONF+="  SetEnvIf GEOIP_COUNTRY_CODE_V6 $country AllowCountryOrContinent\n"
+    echo "  SetEnvIf MM_COUNTRY_CODE    $country AllowCountryOrContinent" >> "$GEOBLOCK_MOD_CONF"
 done
-GEOIP_CONF+="  Allow from env=AllowCountryOrContinent
+echo "  Allow from env=AllowCountryOrContinent" >> "$GEOBLOCK_MOD_CONF"
+
+# Add allow rules to maxmind conf
+cat << GEOBLOCKALLOW_CREATE >> "$GEOBLOCK_MOD_CONF"
+
+  # Specifically allow this
   Allow from 127.0.0.1/8
   Allow from 192.168.0.0/16
   Allow from 172.16.0.0/12
@@ -186,13 +265,18 @@ GEOIP_CONF+="  Allow from env=AllowCountryOrContinent
   Order Deny,Allow
   Deny from all
 </Location>
-#Geoip-block-end - Please don't remove or change this line"
 
-# Write everything to the file
-echo -e "$GEOIP_CONF" >> /etc/apache2/apache2.conf
+  # Logs
+  LogLevel info
+  CustomLog "$VMLOGS/geoblock_access.log" common
+GEOBLOCKALLOW_CREATE
 
-check_command systemctl restart apache2
+# Enable config
+check_command a2enconf geoblock
 
-msg_box "GeoBlock was successfully configured"
-
-exit
+if check_command systemctl restart apache2
+then
+    msg_box "GeoBlock was successfully configured"
+else
+    msg_box "Something went wrong, please check Apache error logs."
+fi

network/static_ip.sh

@@ -186,7 +186,7 @@ network:
        $IFACE: #object name
          dhcp4: false # dhcp v4 disable
          dhcp6: false # dhcp v6 disable
-         addresses: 
+         addresses:
          - $LANIP
          routes:
           - to: default
@@ -198,6 +198,7 @@ IPCONFIG
         msg_box "These are your settings, please make sure they are correct:
 
 $(cat /etc/netplan/nextcloud.yaml)"
+        chmod 600 /etc/netplan/nextcloud.yaml
         netplan try
         set_systemd_resolved_dns "$IFACE"
     else
@@ -208,7 +209,7 @@ network:
        $IFACE2: #object name
          dhcp4: false # dhcp v4 disable
          dhcp6: false # dhcp v6 disable
-         addresses: 
+         addresses:
          - $LANIP
          routes:
           - to: default
@@ -220,6 +221,7 @@ IPCONFIGnonvmware
         msg_box "These are your settings, please make sure they are correct:
 
 $(cat /etc/netplan/nextcloud.yaml)"
+        chmod 600 /etc/netplan/nextcloud.yaml
         netplan try
         set_systemd_resolved_dns "$IFACE2"
     fi

nextcloud-startup-script.sh

@@ -517,8 +517,11 @@ rm -f "$SCRIPTS/desec_menu.sh"
 rm -f "$NCDATA"/*.log
 
 find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name 'results' -o -name '*.zip*' \) -delete
-find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete
 sed -i "s|instruction.sh|nextcloud.sh|g" "/home/$UNIXUSER/.bash_profile"
+# TODO: Do we really need this?
+# https://github.com/nextcloud/server/issues/48773
+# find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete
+find "$NCPATH" -type f \( -name 'results' \) -delete
 
 truncate -s 0 \
     /root/.bash_history \
@@ -563,6 +566,9 @@ run_script STATIC trusted_domains
 print_text_in_color "$ICyan" "System will now upgrade..."
 bash $SCRIPTS/update.sh minor
 
+# Add missing indices (if any)
+nextcloud_occ db:add-missing-indices
+
 # Check if new major is out, and inform on how to update
 nc_update
 if version_gt "$NCMAJOR" "$CURRENTMAJOR"
@@ -571,6 +577,9 @@ then
 https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration?currentPageId=W7D3quPiqQz3_MsE"
 fi
 
+# Repair
+nextcloud_occ maintenance:repair --include-expensive
+
 # Cleanup 2
 apt-get autoremove -y
 apt-get autoclean
@@ -617,7 +626,7 @@ Login to Nextcloud in your browser:
 ### PLEASE HIT OK TO REBOOT ###"
 
 # Reboot
-print_text_in_color "$IGreen" "Installation done, system will now reboot..."
+print_text_in_color "$IGreen" "Installation done! Please hit OK to cleanup the setup files, and reboot the system."
 check_command rm -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times"
 check_command rm -f "$SCRIPTS/nextcloud-startup-script.sh"
 if ! reboot

nextcloud_install_production.sh

@@ -511,45 +511,50 @@ download_script STATIC setup_secure_permissions_nextcloud
 bash "$SECURE" & spinner_loading
 
 # Ask to set a custom username
-if yesno_box_no "Nextcloud is about to be installed.\nDo you want to change the standard GUI user '$GUIUSER' to something else?"
+if [ -z "$PROVISIONING" ]
 then
-    while :
-    do
-        GUIUSER=$(input_box_flow "Please type in the name of the Web Admin in Nextcloud.
+    if yesno_box_no "Nextcloud is about to be installed.\nDo you want to change the standard GUI user '$GUIUSER' to something else?"
+    then
+        while :
+        do
+            GUIUSER=$(input_box_flow "Please type in the name of the Web Admin in Nextcloud.
 \nThe only allowed characters for the username are:
 'a-z', 'A-Z', '0-9', and '_.@-'")
-        if [[ "$GUIUSER" == *" "* ]]
-        then
-            msg_box "Please don't use spaces."
-        # - has to be escaped otherwise it won't work.
-        # Inspired by: https://unix.stackexchange.com/a/498731/433213
-        elif [ "${GUIUSER//[A-Za-z0-9_.\-@]}" ]
-        then
-            msg_box "Allowed characters for the username are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again."
-        else
-            break
-        fi
-    done
-    while :
-    do
-        GUIPASS=$(input_box_flow "Please type in the new password for the new Web Admin ($GUIUSER) in Nextcloud.")
-        if [[ "$GUIPASS" == *" "* ]]
-        then
-            msg_box "Please don't use spaces."
-        fi
-        if [ "${GUIPASS//[A-Za-z0-9_.\-@]}" ]
-        then
-            msg_box "Allowed characters for the password are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again."
-        else
-        msg_box "The new Web Admin in Nextcloud is now: $GUIUSER\nThe password is set to: $GUIPASS
+            if [[ "$GUIUSER" == *" "* ]]
+            then
+                msg_box "Please don't use spaces."
+            # - has to be escaped otherwise it won't work.
+            # Inspired by: https://unix.stackexchange.com/a/498731/433213
+            elif [ "${GUIUSER//[A-Za-z0-9_.\-@]}" ]
+            then
+                msg_box "Allowed characters for the username are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again."
+            else
+                break
+            fi
+        done
+        while :
+        do
+            GUIPASS=$(input_box_flow "Please type in the new password for the new Web Admin ($GUIUSER) in Nextcloud.")
+            if [[ "$GUIPASS" == *" "* ]]
+            then
+                msg_box "Please don't use spaces."
+            fi
+            if [ "${GUIPASS//[A-Za-z0-9_.\-@]}" ]
+            then
+                msg_box "Allowed characters for the password are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again."
+            else
+                msg_box "The new Web Admin in Nextcloud is now: $GUIUSER\nThe password is set to: $GUIPASS
 This is used when you login to Nextcloud itself, i.e. on the web."
             break
-        fi
-    done
-
+            fi
+        done
+    fi
 fi
 
 # Install Nextcloud
+# NC 29 fix ## TODO: is this needed in coming versions?
+chown www-data:www-data "$NCPATH"/data
+# Normal install
 print_text_in_color "$ICyan" "Installing Nextcloud, it might take a while..."
 cd "$NCPATH"
 # Don't use nextcloud_occ here as it takes alooong time.
@@ -643,11 +648,16 @@ sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1000M|g" "$PHP_INI"
 nextcloud_occ config:system:set log_type --value=file
 nextcloud_occ config:system:set logfile --value="$VMLOGS/nextcloud.log"
 rm -f "$NCDATA/nextcloud.log"
+rm -f "$NCPATH/data/nextcloud.log"
 nextcloud_occ config:system:set loglevel --value=2
 install_and_enable_app admin_audit
 nextcloud_occ config:app:set admin_audit logfile --value="$VMLOGS/audit.log"
 nextcloud_occ config:system:set log.condition apps 0 --value admin_audit
 
+# Set maintenance window for cron
+# https://docs.nextcloud.com/server/29/admin_manual/configuration_server/background_jobs_configuration.html#background-jobs
+nextcloud_occ config:system:set maintenance_window_start --type=integer --value=2
+
 # Set SMTP mail
 nextcloud_occ config:system:set mail_smtpmode --value="smtp"
 
@@ -770,7 +780,7 @@ then
     # The Nextcloud folder
     <Directory $NCPATH>
     Options Indexes FollowSymLinks
-    AllowOverride None
+    AllowOverride All
     Require all granted
     Satisfy Any
     # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read
@@ -822,7 +832,7 @@ then
     cat << TLS_CREATE > "$SITES_AVAILABLE/$TLS_CONF"
 # <VirtualHost *:80>
 #     RewriteEngine On
-#     RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+#     RewriteRule ^(.*)$ https://%{HTTP_HOST}\$1 [END,NE,R=permanent]
 # </VirtualHost>
 
 <VirtualHost *:443>
@@ -857,7 +867,7 @@ then
     # The Nextcloud folder
     <Directory $NCPATH>
     Options Indexes FollowSymLinks
-    AllowOverride None
+    AllowOverride All
     Require all granted
     Satisfy Any
     # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read

nextcloud_update.sh

@@ -253,6 +253,10 @@ then
     fi
 fi
 
+# Since the branch change, always get the latest update script
+download_script STATIC update
+chmod +x $SCRIPTS/update.sh
+
 # Ubuntu 16.04 is deprecated
 check_distro_version
 
@@ -341,7 +345,7 @@ fi
 # Upgrade OS dependencies
 export DEBIAN_FRONTEND=noninteractive ; apt-get dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
 
-# Temporary fix for PHP 2024-08-27
+# Temporary fix for PHP 2023-08-27
 # There's a bug in PHP 8.1.21 which causes server to crash
 # If you're on Ondrejs PPA, PHP isn't updated, so do that here instead
 apt-mark unhold php* >/dev/null 2>&1
@@ -565,16 +569,35 @@ restart_webserver
 if [ -d "$ADMINERDIR" ]
 then
     print_text_in_color "$ICyan" "Updating Adminer..."
-    rm -f "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php
-    curl_to_dir "http://www.adminer.org" "latest.php" "$ADMINERDIR"
-    ln -s "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php
+    rm -f "$ADMINERDIR"/latest.php "$ADMINERDIR"/adminer.php "$ADMINERDIR"/adminer-pgsql.php
+    # Download the latest version
+    curl_to_dir "https://download.adminerevo.org/latest/adminer" "adminer-pgsql.zip" "$ADMINERDIR"
+    install_if_not unzip
+    # Unzip the latest version
+    unzip "$ADMINERDIR"/adminer-pgsql.zip -d "$ADMINERDIR"
+    rm -f "$ADMINERDIR"/adminer-pgsql.zip
+    mv "$ADMINERDIR"/adminer-pgsql.php "$ADMINERDIR"/adminer.php
 fi
 
-# Get newest dat files for geoblock.sh
+# Get latest Maxmind databse for Geoblock
 if grep -q "^#Geoip-block" /etc/apache2/apache2.conf
 then
-    get_newest_dat_files
-    check_command systemctl restart apache2
+    if grep -c GeoIPDBFile /etc/apache2/apache2.conf
+    then
+        msg_box "We have updated GeoBlock to a new version which isn't compatible with the old one. Please reinstall with the menu script to get the latest version."
+        notify_admin_gui \
+"GeoBlock needs to be reinstalled!" \
+"We have updated GeoBlock to a new version which isn't compatible with the old one.
+Please reinstall with the menu script to get the latest version.
+
+sudo bash /ar/scripts/menu.sh --> Server Configuration --> GeoBlock"
+    fi
+elif [ -f "$GEOBLOCK_MOD" ]
+then
+    if download_geoip_mmdb
+    then
+        print_text_in_color "$IGreen" "GeoBlock database updated!"
+    fi
 fi
 
 # Update docker containers and remove Watchtower if Bitwarden is present due to compatibility issue
@@ -583,6 +606,12 @@ fi
 # individually depending on which docker containers that exist.
 if is_docker_running
 then
+    # Fix Docker compose issue
+    if is_this_installed docker-compose
+    then
+        apt purge docker-compose -y
+        install_if_not docker-compose-plugin
+    fi
     # To fix https://github.com/nextcloud/vm/issues/1459 we need to remove Watchtower
     # to avoid updating Bitwarden again, and only update the specified docker images above
     if docker ps -a --format '{{.Names}}' | grep -Eq "bitwarden";
@@ -764,6 +793,23 @@ else
     print_text_in_color "$IGreen" "Your apps are already up to date!"
 fi
 
+# Apply correct redirect rule to avoid security check errors
+REDIRECTRULE="$(grep -r "\[R=301,L\]" $SITES_AVAILABLE | cut -d ":" -f1)"
+if [ -n "$REDIRECTRULE" ]
+then
+    # Change the redirect rule in all files in Apache available
+    mapfile -t REDIRECTRULE <<< "$REDIRECTRULE"
+    for rule in "${REDIRECTRULE[@]}"
+    do
+        sed -i "s|{HTTP_HOST} \[R=301,L\]|{HTTP_HOST}\$1 \[END,NE,R=permanent\]|g" "$rule"
+    done
+    # Restart Apache
+    if check_command apachectl configtest
+    then
+        restart_webserver
+    fi
+fi
+
 # Nextcloud 13 is required.
 lowest_compatible_nc 13
 
@@ -860,7 +906,7 @@ then
 fi
 
 ############# Don't upgrade to specific version
-DONOTUPDATETO='23.0.0'
+DONOTUPDATETO='29.0.0'
 if [[ "$NCVERSION" == "$DONOTUPDATETO" ]]
 then
     msg_box "Due to major bugs with Nextcloud $DONOTUPDATETO we won't upgrade to that version since it's a risk it will break your server. Please try to upgrade again when the next maintenance release is out."
@@ -939,6 +985,21 @@ If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-
     fi
 fi
 
+# Check if PHP version is compatible with $NCVERSION
+# https://github.com/nextcloud/server/issues/29258
+PHP_VER=81
+NC_VER=31
+if [ "${NCVERSION%%.*}" -ge "$NC_VER" ]
+then
+    if [ "$(php -v | head -n 1 | cut -d " " -f 2 | cut -c 1,3)" -lt "$PHP_VER" ]
+    then
+msg_box "Your PHP version isn't compatible with the new version of Nextcloud. Please upgrade your PHP stack and try again.
+
+If you need support, please visit https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/"
+        exit
+    fi
+fi
+
 # Upgrade Nextcloud
 if ! site_200 "$NCREPO"
 then
@@ -1141,7 +1202,7 @@ Please check in $BACKUP if the folders exist."
 fi
 
 # Repair
-nextcloud_occ maintenance:repair
+nextcloud_occ maintenance:repair --include-expensive
 
 # Update Bitwarden
 if is_docker_running

not-supported/daily-backup-wizard.sh

@@ -381,6 +381,7 @@ fi
 # Install needed tools
 msg_box "We will now install all needed tools, initialize the Borg backup repository and create the daily backup script now."
 install_if_not borgbackup
+apt-get install python3-pyfuse3 --no-install-recommends -y
 
 # Initialize the borg backup repository
 export BORG_PASSPHRASE="$ENCRYPTION_KEY"

not-supported/not-supported_menu.sh

@@ -32,9 +32,9 @@ $CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
 "NTFS Mount" "(Mount NTFS drives)" OFF \
 "NTFS Veracrypt" "(Format, encrypt and mount Veracrypt NTFS drives)" OFF \
 "Backup Viewer" "(View your Backups)" OFF \
+"Restic Cloud Backup" "(Backup your server using Restic to multiple clouds)" OFF \
 "Daily Backup Wizard" "(Create a Daily Backup script)" OFF \
 "Firewall" "(Setting up a firewall)" OFF \
-"Harden SSH" "(Harden SSH configuration)" OFF \
 "Monitor Link Shares" "(Monitors the creation of link shares)" OFF \
 "Off-Shore Backup Wizard" "(Create an Off-Shore Backup script)" OFF \
 "Pi-hole" "(Network wide ads- and tracker blocking)" OFF \
@@ -77,14 +77,14 @@ case "$choice" in
         print_text_in_color "$ICyan" "Downloading the Daily Backup Wizard script..."
         run_script NOT_SUPPORTED_FOLDER daily-backup-wizard
     ;;&
+    *"Restic Cloud Backup Wizard"*)
+        print_text_in_color "$ICyan" "Downloading the Cloud Backup Wizard script..."
+        run_script NOT_SUPPORTED_FOLDER restic-cloud-backup-wizard
+    ;;&
     *"Firewall"*)
         print_text_in_color "$ICyan" "Downloading the Firewall script..."
         run_script NOT_SUPPORTED_FOLDER firewall
     ;;&
-    *"Harden SSH"*)
-        print_text_in_color "$ICyan" "Downloading the Harden SSH script..."
-        run_script ADDONS harden-ssh
-    ;;&
     *"Monitor Link Shares"*)
         print_text_in_color "$ICyan" "Monitor Link Shares..."
         run_script NOT_SUPPORTED_FOLDER monitor-link-shares

not-supported/pi-hole.sh

@@ -3,7 +3,7 @@
 # T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
 # Copyright © 2021 Simon Lindner (https://github.com/szaimen)
 
-# shellcheck disable=2016,2034,2059,2178
+# shellcheck disable=2016,2034,2059,2178,2317
 true
 SCRIPT_NAME="Pi-hole"
 SCRIPT_EXPLAINER="The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, \
@@ -21,6 +21,10 @@ debug_mode
 # Check if root
 root_check
 
+msg_box "The pi-hole script is unfortunately deprecated as it needs a rewrite since many parts in the upstream pi-hole project changed.
+Feel free to subscribe to https://github.com/szaimen/Nextcloud-NAS-Guide/issues/133 in the meantime."
+exit 1
+
 # Check if already installed
 if ! pihole &>/dev/null
 then
@@ -70,6 +74,8 @@ If you press 'yes', we will remove Pi-hole, its settings and all those listed pr
     # Make an array from installed applications
     read -r -a INSTALLED <<< "$INSTALLED"
 
+    # /opt/pihole/uninstall.sh edit file and put setupVars variable setupVars="/etc/pihole/setupVars.conf" at 5th line or something
+
     UNINSTALL="/etc/.pihole/automated install/uninstall.sh"
     # Uninstall pihole; we need to modify it, else it is not unattended
     if ! [ -f "$UNINSTALL" ] || ! grep -q "######### SCRIPT ###########" "$UNINSTALL" || ! grep -q "removeNoPurge()" "$UNINSTALL"

not-supported/remotedesktop.sh

@@ -343,9 +343,13 @@ This can set your server under risk, though!" "$SUBTITLE"
             if yesno_box_yes "Do you want to install OnlyOffice Desktop Editors nonetheless?" "$SUBTITLE"
             then
                 print_text_in_color "$ICyan" "Installing $SUBTITLE"
-                apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
-                echo "deb https://download.onlyoffice.com/repo/debian squeeze main" \
-> /etc/apt/sources.list.d/onlyoffice-desktopeditors.list
+                # From https://helpcenter.onlyoffice.com/installation/desktop-install-ubuntu.aspx
+                mkdir -p ~/.gnupg
+                gpg --no-default-keyring --keyring gnupg-ring:/tmp/onlyoffice.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
+                chmod 644 /tmp/onlyoffice.gpg
+                chown root:root /tmp/onlyoffice.gpg
+                mv /tmp/onlyoffice.gpg /usr/share/keyrings/onlyoffice.gpg
+                echo "deb [signed-by=/usr/share/keyrings/onlyoffice.gpg] https://download.onlyoffice.com/repo/debian squeeze main" > "/etc/apt/sources.list.d/onlyoffice-desktopeditors.list"
                 apt-get update -q4 & spinner_loading
                 install_if_not onlyoffice-desktopeditors
                 print_text_in_color "$ICyan" "$SUBTITLE was successfully installed"

not-supported/restic-cloud-backup-wizard.sh

@@ -0,0 +1,510 @@
+#!/bin/bash
+
+# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
+# Sami Nieminen - 2024 https://nenimein.fi
+
+# This script helps creating a backup script for your Nextcloud instance to various cloud storage providers.
+# It uses Restic to back up your configuration, database and optionally your /mnt/ncdata folder.
+# Restic will be downloaded from official binaries to make Azure backups work.
+# Server will be set to maintenance mode during backup. 
+# If you have large amount of files to backup, please run the script interactively before automatic schedule.
+
+true
+
+SCRIPT_NAME="restic-cloud-backup"
+
+# shellcheck source=lib.sh
+source /var/scripts/fetch_lib.sh
+
+# Check for errors + debug code and abort if something isn't right
+# 1 = ON
+# 0 = OFF
+DEBUG=0
+debug_mode
+
+# Check if root
+root_check
+
+# Variables
+BACKUP_SCRIPT_NAME="$SCRIPTS/restic-cloud-backup.sh"
+BACKUP_CONFIG="$HOME/.restic_cloud_backup_config"
+
+# Install restic from official binaries because debian decided to remove Azure backups from binary for some unknown reason :(
+# https://forum.restic.net/t/version-0-16-4-and-azure-blob/7864
+# https://salsa.debian.org/go-team/packages/restic/-/tree/master/debian/patches?ref_type=heads
+install_restic() {
+    # Get latest version from GitHub API
+    print_text_in_color "$ICyan" "Getting latest restic version..."
+    LATEST_VERSION=$(curl -s https://api.github.com/repos/restic/restic/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+    if [ -z "$LATEST_VERSION" ]; then
+        msg_box "Failed to get latest restic version. Please try again later."
+        exit 1
+    fi
+
+    # Remove 'v' prefix from version for comparison and binary download
+    LATEST_VERSION_CLEAN=${LATEST_VERSION#v}
+
+    # Check if restic is already installed with correct version
+    if [ -x "$(command -v restic)" ]; then
+        INSTALLED_VERSION=$(restic version | grep "restic" | awk '{print $2}')
+        print_text_in_color "$ICyan" "Restic $INSTALLED_VERSION is already installed, checking for newer version..."
+    fi
+
+    # Check if we need to upgrade
+    if [ -n "$INSTALLED_VERSION" ] && [ "$INSTALLED_VERSION" = "$LATEST_VERSION_CLEAN" ]; then
+        print_text_in_color "$IGreen" "Latest version $LATEST_VERSION is already installed!"
+        return 0
+    fi
+
+    # Download and install restic
+    print_text_in_color "$ICyan" "Installing restic $LATEST_VERSION..."
+
+    # Create temp directory
+    TMP_DIR=$(mktemp -d)
+
+    # Download binary
+    print_text_in_color "$ICyan" "Downloading restic $LATEST_VERSION..."
+    if ! curl -L "https://github.com/restic/restic/releases/download/$LATEST_VERSION/restic_${LATEST_VERSION#v}_linux_amd64.bz2" -o "$TMP_DIR/restic.bz2"; then
+        msg_box "Failed to download restic. Please try again later."
+        rm -rf "$TMP_DIR"
+        exit 1
+    fi
+
+    # Extract binary
+    print_text_in_color "$ICyan" "Extracting restic binary to $TMP_DIR"
+    if ! bunzip2 "$TMP_DIR/restic.bz2"; then
+        msg_box "Failed to extract restic binary."
+        rm -rf "$TMP_DIR"
+        exit 1
+    fi
+
+    # Make executable and move to /usr/local/bin
+    print_text_in_color "$ICyan" "Moving restic binary to /usr/local/bin/"
+    chmod +x "$TMP_DIR/restic"
+    if ! mv "$TMP_DIR/restic" /usr/local/bin/; then
+        msg_box "Failed to install restic binary."
+        rm -rf "$TMP_DIR"
+        exit 1
+    fi
+
+    # Clean up
+    rm -rf "$TMP_DIR"
+
+    # Verify installation
+    if ! restic version | grep -q "$LATEST_VERSION_CLEAN"; then
+        msg_box "Failed to verify restic installation."
+        exit 1
+    fi
+
+    print_text_in_color "$IGreen" "Successfully installed restic $LATEST_VERSION"
+    return 0
+}
+
+# Functions
+choose_backup_location() {
+    BACKUP_TYPE=$(whiptail --title "$TITLE" --menu \
+        "Choose backup destination" "$WT_HEIGHT" "$WT_WIDTH" 4 \
+        "Backblaze B2" "" \
+        "AWS S3" "" \
+        "Azure Blob" "" 3>&1 1>&2 2>&3)
+
+    case "$BACKUP_TYPE" in
+        "Backblaze B2")
+            B2_ACCOUNT_ID=$(input_box_flow "Enter Backblaze B2 Account ID \nThis is your Application Key keyID:")
+            B2_ACCOUNT_KEY=$(input_box_flow "Enter Backblaze B2 Account Key \nThis is the Application Key Secret:")
+            B2_BUCKET_NAME=$(input_box_flow "Enter Backblaze B2 Bucket Name:")
+            RESTIC_REPOSITORY="b2:$B2_BUCKET_NAME:"
+            ;;
+        "AWS S3")
+            AWS_ACCESS_KEY_ID=$(input_box_flow "Enter AWS Access Key ID:")
+            AWS_SECRET_ACCESS_KEY=$(input_box_flow "Enter AWS Secret Access Key:")
+            AWS_DEFAULT_REGION=$(input_box_flow "Enter AWS Region (e.g., us-east-1):")
+            S3_BUCKET_NAME=$(input_box_flow "Enter S3 Bucket Name:")
+            RESTIC_REPOSITORY="s3:s3.${AWS_DEFAULT_REGION}.amazonaws.com/${S3_BUCKET_NAME}"
+            ;;
+        "Azure Blob")
+            AZURE_ACCOUNT_NAME=$(input_box_flow "Enter Azure Storage Account Name")
+            AZURE_ACCOUNT_KEY=$(input_box_flow "Enter Azure Storage Account Key:")
+            AZURE_CONTAINER_NAME=$(input_box_flow "Enter Azure Storage Account Blob name:")
+            RESTIC_REPOSITORY="azure:${AZURE_CONTAINER_NAME}:/"
+            ;;
+        *)
+            msg_box "Invalid selection"
+            exit 1
+            ;;
+    esac
+
+    # Configure restic password
+    RESTIC_PASSWORD=$(input_box_flow "Enter Restic Repository Password \nSAVE THIS! \nIF YOU LOSE IT YOU WILL NOT BE ABLE TO RESTORE THIS BACKUP:")
+}
+
+choose_backup_scope() {
+    BACKUP_SCOPE=$(whiptail --title "$TITLE" --menu \
+    "Choose what to backup" "$WT_HEIGHT" "$WT_WIDTH" 4 \
+    "Minimal" "(Config files and database only)" \
+    "Full" "(Config, database and /mnt/ncdata)" 3>&1 1>&2 2>&3)
+
+    case "$BACKUP_SCOPE" in
+        "Minimal")
+            BACKUP_NCDATA="no"
+            ;;
+        "Full")
+            BACKUP_NCDATA="yes"
+            ;;
+        *)
+            msg_box "Invalid selection"
+            exit 1
+            ;;
+    esac
+}
+
+setup_restic_excludes() {
+    # Variables
+    RESTIC_EXCLUDES="$HOME/.restic_cloud_backup_excludes"
+
+    # Check if excludes file already exists
+    if [ -f "$RESTIC_EXCLUDES" ]
+    then
+        msg_box "The restic excludes file already exists at $RESTIC_EXCLUDES. It will be used for backups."
+        if yesno_box_yes "Do you want to edit the existing excludes file?"
+        then
+            if [ -x "$(command -v nano)" ]
+            then
+                nano "$RESTIC_EXCLUDES"
+            else
+                vim "$RESTIC_EXCLUDES"
+            fi
+        fi
+        return 0
+    fi
+
+    # Create default excludes file
+    touch "$RESTIC_EXCLUDES"
+    chmod 600 "$RESTIC_EXCLUDES"
+
+    # Add default excludes
+    {
+        echo "# Restic excludes file"
+        echo "# One exclude pattern per line"
+        echo ""
+
+        # Add Nextcloud appdata/preview folder excludes if full backup is selected.
+        if [ "$BACKUP_NCDATA" = "yes" ]
+        then
+            echo ""
+            echo "# Nextcloud preview cache"
+            echo "/mnt/ncdata/appdata*/preview/*"
+            echo "/mnt/ncdata/appdata*/thumbnails/*"
+        fi
+
+    } > "$RESTIC_EXCLUDES"
+
+    msg_box "A default excludes file has been created at $RESTIC_EXCLUDES.
+You can edit this file to add or remove paths that should be excluded from backups.
+Each line should contain one path or pattern to exclude."
+
+    if yesno_box_yes "Do you want to edit the excludes file now?"
+    then
+        if [ -x "$(command -v nano)" ]
+        then
+            nano "$RESTIC_EXCLUDES"
+        else
+            vim "$RESTIC_EXCLUDES"
+        fi
+    fi
+
+    # Return success
+    return 0
+}
+
+# Ask for execution
+msg_box "This script helps creating a backup script for your Nextcloud instance to various cloud storage providers.
+It uses Restic to back up your configuration, database and optionally your /mnt/ncdata folder.
+Restic will be downloaded from official binaries to make Azure backups work.
+Server will be set to maintenance mode during backup. 
+If you have large amount of files to backup, please run the script interactively before automatic schedule."
+
+if ! yesno_box_yes "Do you want to create a backup script?"
+then
+    exit
+fi
+
+# Check if script already exists
+if [ -f "$BACKUP_SCRIPT_NAME" ]
+then
+    msg_box "The backup script already exists. Please rename or delete $BACKUP_SCRIPT_NAME if you want to reconfigure the backup."
+    exit 1
+fi
+
+# Install restic if not installed
+if ! install_restic; then
+    msg_box "Failed to install restic. Cannot continue."
+    exit 1
+fi
+
+# Configure backup destination
+choose_backup_location
+
+# Choose backup scope
+choose_backup_scope
+
+if ! setup_restic_excludes; then
+    msg_box "Failed to set up restic excludes file. Cannot continue."
+    exit 1
+fi
+
+# Configure retention policy
+BACKUP_RETENTION_DAILY=$(input_box_flow "Enter number of daily backups to keep:" "7")
+BACKUP_RETENTION_WEEKLY=$(input_box_flow "Enter number of weekly backups to keep:" "4")
+BACKUP_RETENTION_MONTHLY=$(input_box_flow "Enter number of monthly backups to keep:" "3")
+
+# Configure backup time
+if yesno_box_yes "Do you want to run the backup at the recommended time 4:00 AM?"
+then
+    BACKUP_TIME="00 04"
+else
+    while :
+    do
+        BACKUP_TIME=$(input_box_flow "Enter backup time (mm hh format, e.g. '00 04' for 4:00 AM):")
+        if echo "$BACKUP_TIME" | grep -qE "^[0-5][0-9] ([01][0-9]|2[0-3])$"
+        then
+            break
+        fi
+        msg_box "Invalid time format. Please use mm hh format (e.g. '00 04' for 4:00 AM)"
+    done
+fi
+
+# Save configuration
+cat > "$BACKUP_CONFIG" << EOL
+BACKUP_TYPE="$BACKUP_TYPE"
+BACKUP_SCOPE="$BACKUP_SCOPE"
+BACKUP_NCDATA="$BACKUP_NCDATA"
+RESTIC_PASSWORD="$RESTIC_PASSWORD"
+RESTIC_REPOSITORY="$RESTIC_REPOSITORY"
+RESTIC_EXCLUDES="$RESTIC_EXCLUDES"
+BACKUP_RETENTION_DAILY="$BACKUP_RETENTION_DAILY"
+BACKUP_RETENTION_WEEKLY="$BACKUP_RETENTION_WEEKLY"
+BACKUP_RETENTION_MONTHLY="$BACKUP_RETENTION_MONTHLY"
+
+
+# B2 Configuration
+B2_ACCOUNT_ID="$B2_ACCOUNT_ID"
+B2_ACCOUNT_KEY="$B2_ACCOUNT_KEY"
+B2_BUCKET_NAME="$B2_BUCKET_NAME"
+
+# AWS S3 Configuration
+AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
+AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
+AWS_DEFAULT_REGION="$AWS_DEFAULT_REGION"
+S3_BUCKET_NAME="$S3_BUCKET_NAME"
+
+# Azure Blob Configuration
+AZURE_ACCOUNT_NAME="$AZURE_ACCOUNT_NAME"
+AZURE_ACCOUNT_KEY="$AZURE_ACCOUNT_KEY"
+AZURE_CONTAINER_NAME="$AZURE_CONTAINER_NAME"
+EOL
+chmod 600 "$BACKUP_CONFIG"
+
+# Create backup script
+cat << BACKUP_SCRIPT > "$BACKUP_SCRIPT_NAME"
+#!/bin/bash
+
+true
+# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
+# Sami Nieminen - 2024 https://nenimein.fi
+
+# shellcheck source=lib.sh
+source /var/scripts/fetch_lib.sh
+
+# Check for errors + debug code and abort if something isn't right
+# 1 = ON
+# 0 = OFF
+DEBUG=0
+debug_mode
+
+# Check if root
+root_check
+
+# Get database details
+ncdb
+
+# Ensure VMLOGS directory exists
+if [ ! -d "$VMLOGS/restic" ]; then
+    mkdir -p "$VMLOGS/restic"
+fi
+
+# Define log file
+DATE=\$(date +%Y%m%d-%H%M%S)
+BACKUP_LOG="$VMLOGS/restic/restic-backup_\${DATE}.log"
+
+# Load configuration
+source "$HOME/.restic_cloud_backup_config"
+
+# Export environment variables based on backup type
+case "$BACKUP_TYPE" in
+    "Backblaze B2")
+        export B2_ACCOUNT_ID="$B2_ACCOUNT_ID"
+        export B2_ACCOUNT_KEY="$B2_ACCOUNT_KEY"
+        ;;
+    "AWS S3")
+        export AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
+        export AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
+        export AWS_DEFAULT_REGION="$AWS_DEFAULT_REGION"
+        ;;
+    "Azure Blob")
+        export AZURE_ACCOUNT_NAME="$AZURE_ACCOUNT_NAME"
+        export AZURE_ACCOUNT_KEY="$AZURE_ACCOUNT_KEY"
+        export AZURE_CONTAINER_NAME="$AZURE_CONTAINER_NAME"
+        ;;
+esac
+
+export RESTIC_REPOSITORY="$RESTIC_REPOSITORY"
+export RESTIC_PASSWORD="$RESTIC_PASSWORD"
+
+# Start logging
+{
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Starting Restic backup script"
+    echo "----------------------------------------"
+
+    # Check if we have network connection
+    if ! network_ok
+    then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: No network connection"
+        notify_admin_gui "Unable to execute Restic backup" "No network connection."
+        exit 1
+    fi
+
+    # Load backup config
+    if [ -f "$BACKUP_CONFIG" ]
+    then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Loading Restic backup configuration"
+        # shellcheck disable=SC1090
+        source "$BACKUP_CONFIG"
+    else
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Restic Backup configuration not found"
+        notify_admin_gui "Unable to execute Restic backup" "Configuration file not found."
+        exit 1
+    fi
+
+    # Create backup directory
+    BACKUP_DIR="/tmp/nextcloud_backup"
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Creating backup directory: \$BACKUP_DIR"
+    mkdir -p "\$BACKUP_DIR"
+
+    # Enable maintenance mode
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Enabling maintenance mode"
+    sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
+
+    # Backup PostgreSQL database
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Backing up PostgreSQL database"
+    if PGPASSWORD="\$NCDBPASS" pg_dump -U "\$NCDBUSER" -h "\$NCDBHOST" -d "\$NCDB" > "\$BACKUP_DIR/nextcloud_db.sql"; then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Database backup completed successfully"
+    else
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Nextcloud database backup failed"
+        sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+        notify_admin_gui "Restic backup failed!" "Database backup failed."
+        exit 1
+    fi
+
+    # Backup Nextcloud config
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Backing up Nextcloud configuration"
+    if cp /var/www/nextcloud/config/config.php "\$BACKUP_DIR/"; then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Nextcloud configuration backup completed successfully"
+    else
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Nextcloud configuration backup failed"
+        sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+        notify_admin_gui "Restic backup failed!" "Nextcloud configuration backup failed."
+        exit 1
+    fi
+
+    # Initialize repository if needed
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Checking/Initializing repository"
+    if ! restic snapshots; then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Initializing new repository"
+        if ! restic init; then
+            echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Restic repository initialization failed"
+            sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+            notify_admin_gui "Restic backup failed!" "Repository initialization failed."
+            exit 1
+        fi
+    fi
+
+    # Create backup based on scope
+    if [ "$BACKUP_NCDATA" = "yes" ]
+    then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Creating full backup including /mnt/ncdata"
+        if ! restic backup "\$BACKUP_DIR" /mnt/ncdata --exclude-file="$RESTIC_EXCLUDES"; then
+            echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Restic full backup failed"
+            sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+            notify_admin_gui "Restic backup failed!" "Full backup creation failed."
+            exit 1
+        fi
+    else
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') Creating minimal backup (config and database only)"
+        if ! restic backup "\$BACKUP_DIR"; then
+            echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Restic minimal backup failed"
+            sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+            notify_admin_gui "Restic backup failed!" "Minimal backup creation failed."
+            exit 1
+        fi
+    fi
+
+    # Clean up backup directory
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Cleaning up temporary backup directory"
+    rm -rf "\$BACKUP_DIR"
+
+    # Apply retention policy
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Applying retention policy"
+    if ! restic forget --keep-daily "$BACKUP_RETENTION_DAILY" \
+                      --keep-weekly "$BACKUP_RETENTION_WEEKLY" \
+                      --keep-monthly "$BACKUP_RETENTION_MONTHLY" --prune; then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') WARNING: Failed to apply retention policy"
+        notify_admin_gui \
+            "Restic retention policy not applied!" \
+            "The backup completed but repository retention policy failed.\nPlease check the logs at \$BACKUP_LOG"
+        exit 1
+    fi
+
+    # Check repository
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Checking repository integrity"
+    if ! restic check; then
+        echo "\$(date '+%Y-%m-%d %H:%M:%S') ERROR: Repository check failed"
+        sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+        notify_admin_gui \
+            "Restic repository check failed!" \
+            "The backup completed but repository integrity check failed.\nPlease check the logs at \$BACKUP_LOG"
+        exit 1
+    fi
+
+    # Disable maintenance mode
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Disabling maintenance mode"
+    sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
+
+    echo "----------------------------------------"
+    echo "\$(date '+%Y-%m-%d %H:%M:%S') Backup completed successfully"
+    notify_admin_gui "Restic backup was successful." "Backup log available at: \$BACKUP_LOG"
+
+} 2>&1 | tee -a "\$BACKUP_LOG"
+
+# Check if any errors occurred in the pipeline
+if [ \${PIPESTATUS[0]} -ne 0 ]; then
+    notify_admin_gui "Restic backup failed!" "Please check the logs at \$BACKUP_LOG"
+    exit 1
+fi
+BACKUP_SCRIPT
+
+# Make backup script executable
+chmod 700 "$BACKUP_SCRIPT_NAME"
+
+# Create cron job
+crontab -u root -l | grep -v "$BACKUP_SCRIPT_NAME" | crontab -u root -
+crontab -u root -l | { cat; echo "$BACKUP_TIME * * * $BACKUP_SCRIPT_NAME > /dev/null 2>&1"; } | crontab -u root -
+
+# Final message
+msg_box "The backup script has been created successfully!
+Location: $BACKUP_SCRIPT_NAME
+
+The first backup will run automatically at $BACKUP_TIME.
+Please make sure to keep your configuration, API keys and Restic password safe!"
+
+exit 0

not-supported/restore-backup.sh

@@ -307,6 +307,7 @@ fi
 # Install borg
 print_text_in_color "$ICyan" "Installing borgbackup..."
 install_if_not borgbackup
+apt-get install python3-pyfuse3 --no-install-recommends -y
 
 # Enter password
 while :

not-supported/rsyncbackup.sh

@@ -19,7 +19,6 @@ debug_mode
 root_check
 
 # Variables
-LVM_MOUNT="/system"
 START_TIME=$(date +%s)
 CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S")
 CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S")
@@ -48,14 +47,17 @@ show_drive_usage() {
 send_error_mail() {
     if [ -d "$BACKUP_TARGET_DIRECTORY" ]
     then
-        inform_user "$ICyan" "Unmounting the off-shore backup drive..."
-        umount "$BACKUP_MOUNTPOINT"
+        if [ -z "$DO_NOT_UMOUNT_BACKUP_DRIVES" ]
+        then
+            inform_user "$ICyan" "Unmounting the offshore backup drive..."
+            umount "$BACKUP_MOUNTPOINT"
+        fi
     fi
     if [ -d "$BACKUP_SOURCE_DIRECTORY" ]
     then
-        if [ -z "$DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE" ]
+        if [ -z "$DO_NOT_UMOUNT_BACKUP_DRIVES" ]
         then
-            inform_user "$ICyan" "Unmounting the backup drive..."
+            inform_user "$ICyan" "Unmounting the daily backup drive..."
             umount "$BACKUP_SOURCE_MOUNTPOINT"
         fi
     fi
@@ -124,7 +126,7 @@ fi
 # Check if pending snapshot is existing and cancel the backup in this case.
 if does_snapshot_exist "NcVM-snapshot-pending"
 then
-    DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1
+    DO_NOT_UMOUNT_BACKUP_DRIVES=1
     msg_box "The snapshot pending does exist. Can currently not proceed.
 Please try again later.\n
 If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
@@ -193,7 +195,7 @@ fi
 # Check if pending snapshot is existing and cancel the backup in this case.
 if does_snapshot_exist "NcVM-snapshot-pending"
 then
-    DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1
+    DO_NOT_UMOUNT_BACKUP_DRIVES=1
     msg_box "The snapshot pending does exist. Can currently not proceed.
 Please try again later.\n
 If you are sure that no update or backup is currently running, you can fix this by rebooting your server."

not-supported/tpm2-unlock.sh

@@ -22,8 +22,7 @@ root_check
 # Check if already installed
 if is_this_installed clevis-luks || is_this_installed clevis-tpm2 || is_this_installed clevis-initramfs
 then
-    msg_box "It seems like clevis-luks is already installed.\nThis script can unfortunately not run twice."
-    exit 1
+    msg_box "It seems like clevis-luks is already installed. We are trying to do the configuration again."
 else
     # Ask for installation
     install_popup "$SCRIPT_NAME"
@@ -45,7 +44,7 @@ fi
 
 # Test if device is present
 # https://github.com/noobient/noobuntu/wiki/Full-Disk-Encryption#tpm-2
-if ! dmesg | grep -i "tpm" | grep -q "2\.0"
+if ! dmesg | grep -iq "tpm2"
 then
     msg_box "No TPM 2.0 device found."
     exit 1
@@ -99,7 +98,7 @@ PASSWORD=$(input_box_flow "Please enter a new password that will secure your GRU
 GRUB_PASS="$(echo -e "$PASSWORD\n$PASSWORD" | grub-mkpasswd-pbkdf2 | grep -oP 'grub\.pbkdf2\.sha512\.10000\..*')"
 if [ -n "${PASSWORD##grub.pbkdf2.sha512.10000.}" ]
 then
-    cat << GRUB_CONF >> /etc/grub.d/40_custom
+    cat << GRUB_CONF > /etc/grub.d/40_custom
 
 # Password-protect GRUB
 set superusers="grub"

static/instruction.sh

@@ -28,7 +28,7 @@ cat << INST2
 |                                                                       |
 | This server could be made maintenance free by using automatic updates |
 | with the built in update script. If you want automatic updates on     |
-| a weekly schedule, choose to configure it later during this setup.    |
+| a monthly schedule, choose to configure it later during this setup.   |
 |                                                                       |
 |  ###################### T&M Hansson IT - $(date +"%Y") ######################  |
 +-----------------------------------------------------------------------+

static/nextcloud.sh

@@ -11,7 +11,7 @@ figlet -f small Nextcloud
 echo "https://www.hanssonit.se/nextcloud-vm"
 echo
 echo
-echo "Hostname: $(hostname -s)"
+echo "FQDN: $(hostname -f)"
 echo "WAN IPv4: $WANIP4"
 echo "WAN IPv6: $WANIP6"
 echo "LAN IPv4: $ADDRESS"

torrent/create.sh

@@ -6,12 +6,12 @@
 
 #########
 
-## This doesn't seem to work in current state.
-## Help is welcome!
+## This script will install Transmission, download the latest version of the VM, create a torrent of the file and seed it using Transmission 
+## Improvments to the script are welcome!
 
 # shellcheck source=lib.sh
 # shellcheck disable=SC2046
-source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh)
+source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh)
 
 # Check for errors + debug code and abort if something isn't right
 # 1 = ON
@@ -26,27 +26,40 @@ root_check
 install_if_not transmission-cli
 install_if_not transmission-daemon
 
-# Download the VM
-curl -fSLO --retry 3 https://download.kafit.se/s/dnkWptz8AK4JZDM/download
-mv download NextcloudVM.zip
-chown debian-transmission:debian-transmission NextcloudVM.zip
+TRANSMISSION_DL_DIR="/var/lib/transmission-daemon/downloads"
+NC_OVA="100GB_Nextcloud-VM_www.hanssonit.se.ova"
+VERSION_TAG=30.0.1
+VERSION_HUB=9
+
+# Modify transmission service file to fix https://github.com/transmission/transmission/issues/6991
+sed -i "s|Type=notify|Type=simple|g" /etc/systemd/system/multi-user.target.wants/transmission-daemon.service
+systemctl daemon-reload
+
+# Check if NextcloudVM.zip already exists
+if [ ! -f "$TRANSMISSION_DL_DIR"/"$NC_OVA" ]
+then
+    # Download the VM only if it doesn't exist
+    curl_to_dir "https://download.kafit.se/public.php/dav/files/dnkWptz8AK4JZDM/$VERSION_TAG%20-%20HUB%20$VERSION_HUB" "$NC_OVA" "$TRANSMISSION_DL_DIR"
+else
+    echo "$NC_OVA already exists in transmission default downloads directory, skipping download"
+fi
 
 # Set more memory to sysctl
-echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
-echo "net.core.wmem_max = 4194304" >> /etc/sysctl.conf
-sysctl -p
+#echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
+#echo "net.core.wmem_max = 4194304" >> /etc/sysctl.conf
+#sysctl -p
 
 # Create torrent
 curl_to_dir "$GITHUB_REPO"/torrent trackers.txt /tmp
-transmission-create -o nextcloudvmhanssonit.torrent -c "https://www.hanssonit.se/nextcloud-vm" -t $(cat /tmp/trackers.txt) NextcloudVM.zip
+transmission-create -o $TRANSMISSION_DL_DIR/nextcloudvmhanssonit.torrent -c "https://www.hanssonit.se/nextcloud-vm VERSION: $VERSION_TAG HUB: $VERSION_HUB" -t $(cat /tmp/trackers.txt) "$TRANSMISSION_DL_DIR"/"$NC_OVA"
 
 # Seed it!
-transmission-remote -n 'transmission:transmission' -a nextcloudvmhanssonit.torrent
+transmission-remote -n 'transmission:transmission' --torrent="$TRANSMISSION_DL_DIR/nextcloudvmhanssonit.torrent" -a "$TRANSMISSION_DL_DIR/nextcloudvmhanssonit.torrent" --start --verify
 
 # Copy it to local NC account
 install_if_not rsync
 nextclouduser="$(input_box_flow "Please enter the Nextcloud user that you want to move the finished torrent file to:")"
-rsync -av nextcloudvmhanssonit.torrent /mnt/ncdata/"$nextclouduser"/files/
+rsync -av "$TRANSMISSION_DL_DIR"/nextcloudvmhanssonit.torrent /mnt/ncdata/"$nextclouduser"/files/
 chown www-data:www-data /mnt/ncdata/"$nextclouduser"/files/nextcloudvmhanssonit.torrent
 nextcloud_occ files:scan "$nextclouduser"
 unset nextclouduser

torrent/trackers.txt

@@ -1 +1 @@
-http://atrack.pow7.com/announce -t http://bt.henbt.com:2710/announce -t http://bt.pusacg.org:8080/announce -t http://bt2.careland.com.cn:6969/announce -t http://explodie.org:6969/announce -t http://mgtracker.org:2710/announce -t http://mgtracker.org:6969/announce -t http://open.acgtracker.com:1096/announce -t http://open.lolicon.eu:7777/announce -t http://open.touki.ru/announce.php -t http://p4p.arenabg.ch:1337/announce -t http://p4p.arenabg.com:1337/announce -t http://pow7.com:80/announce -t http://retracker.gorcomnet.ru/announce -t http://retracker.krs-ix.ru/announce -t http://retracker.krs-ix.ru:80/announce -t http://secure.pow7.com/announce -t http://t1.pow7.com/announce -t http://t2.pow7.com/announce -t http://thetracker.org:80/announce -t http://torrent.gresille.org/announce -t http://torrentsmd.com:8080/announce -t http://tracker.aletorrenty.pl:2710/announce -t http://tracker.baravik.org:6970/announce -t http://tracker.bittor.pw:1337/announce -t http://tracker.bittorrent.am/announce -t http://tracker.calculate.ru:6969/announce -t http://tracker.dler.org:6969/announce -t http://tracker.dutchtracking.com/announce -t http://tracker.dutchtracking.com:80/announce -t http://tracker.dutchtracking.nl/announce -t http://tracker.dutchtracking.nl:80/announce -t http://tracker.edoardocolombo.eu:6969/announce -t http://tracker.ex.ua/announce -t http://tracker.ex.ua:80/announce -t http://tracker.filetracker.pl:8089/announce -t http://tracker.flashtorrents.org:6969/announce -t http://tracker.grepler.com:6969/announce -t http://tracker.internetwarriors.net:1337/announce -t http://tracker.kicks-ass.net/announce -t http://tracker.kicks-ass.net:80/announce -t http://tracker.kuroy.me:5944/announce -t http://tracker.mg64.net:6881/announce -t http://tracker.opentrackr.org:1337/announce -t http://tracker.skyts.net:6969/announce -t http://tracker.tfile.me/announce -t http://tracker.tiny-vps.com:6969/announce -t http://tracker.tvunderground.org.ru:3218/announce -t http://tracker.yoshi210.com:6969/announce -t http://tracker1.wasabii.com.tw:6969/announce -t http://tracker2.itzmx.com:6961/announce -t http://tracker2.wasabii.com.tw:6969/announce -t http://www.wareztorrent.com/announce -t http://www.wareztorrent.com:80/announce -t https://www.wareztorrent.com/announce -t udp://9.rarbg.com:2710/announce -t udp://9.rarbg.me:2780/announce -t udp://9.rarbg.to:2730/announce -t udp://91.218.230.81:6969/announce -t udp://94.23.183.33:6969/announce -t udp://bt.xxx-tracker.com:2710/announce -t udp://eddie4.nl:6969/announce -t udp://explodie.org:6969/announce -t udp://mgtracker.org:2710/announce -t udp://open.stealth.si:80/announce -t udp://p4p.arenabg.com:1337/announce -t udp://shadowshq.eddie4.nl:6969/announce -t udp://shadowshq.yi.org:6969/announce -t udp://torrent.gresille.org:80/announce -t udp://tracker.aletorrenty.pl:2710/announce -t udp://tracker.bittor.pw:1337/announce -t udp://tracker.coppersurfer.tk:6969/announce -t udp://tracker.eddie4.nl:6969/announce -t udp://tracker.ex.ua:80/announce -t udp://tracker.filetracker.pl:8089/announce -t udp://tracker.flashtorrents.org:6969/announce -t udp://tracker.grepler.com:6969/announce -t udp://tracker.ilibr.org:80/announce -t udp://tracker.internetwarriors.net:1337/announce -t udp://tracker.kicks-ass.net:80/announce -t udp://tracker.kuroy.me:5944/announce -t udp://tracker.leechers-paradise.org:6969/announce -t udp://tracker.mg64.net:2710/announce -t udp://tracker.mg64.net:6969/announce -t udp://tracker.opentrackr.org:1337/announce -t udp://tracker.piratepublic.com:1337/announce -t udp://tracker.sktorrent.net:6969/announce -t udp://tracker.skyts.net:6969/announce -t udp://tracker.tiny-vps.com:6969/announce -t udp://tracker.yoshi210.com:6969/announce -t udp://tracker2.indowebster.com:6969/announce -t udp://tracker4.piratux.com:6969/announce -t udp://zer0day.ch:1337/announce -t udp://zer0day.to:1337/announce
+udp://tracker.opentrackr.org:1337/announce -t udp://open.demonii.com:1337/announce -t udp://open.stealth.si:80/announce -t udp://tracker.torrent.eu.org:451/announce -t udp://explodie.org:6969/announce -t udp://exodus.desync.com:6969/announce -t udp://tracker.dump.cl:6969/announce -t udp://tracker-udp.gbitt.info:80/announce -t udp://retracker01-msk-virt.corbina.net:80/announce -t udp://opentracker.io:6969/announce -t udp://open.free-tracker.ga:6969/announce -t udp://isk.richardsw.club:6969/announce -t udp://bt.ktrackers.com:6666/announce -t http://www.torrentsnipe.info:2701/announce -t http://www.genesis-sp.org:2710/announce -t http://tracker810.xyz:11450/announce -t http://tracker.xiaoduola.xyz:6969/announce -t http://tracker.vanitycore.co:6969/announce -t http://tracker.sbsub.com:2710/announce -t http://tracker.moxing.party:6969/announce

vagrant/README.md

@@ -1,9 +1,37 @@
 # Nextcloud VM with vagrant
-This subrepo contains all the Vagrant config to get an Ubuntu 20.04 VM with the latest version of Nextcloud installed.
+This subrepo contains all the Vagrant config to get an Ubuntu 24.04 VM with the latest version of Nextcloud installed.
 
 **Please note that this is __not__ the preferred way to install Nextcloud. It's also untested in the current state.**
 
 # Setup
+
+## Host setup
+Running this cloud image requires you to use libvirt.
+Tested working on stock Ubuntu 22.04 LTS
+
+1. Install `qemu-kvm`, `libvirt-daemon-system`, `bridge-utils`, `libvirt-dev` and `libvirt-clients` packages-
+
+Then install the vagrant libvirt plugin: `vagrant plugin install vagrant-libvirt`
+
+Then we need to make sure nested virtualization is initialized, as Nextcloud VM uses QEMU to run apps etc:
+
+Check that nested virtualization is enabled:
+Intel systems: `cat /sys/module/kvm_intel/parameters/nested`
+AMD systems: `/sys/module/kvm_amd/parameters/nested`
+
+Must return Y or 1.
+
+Following must be done after each reboot:
+**Intel setup**
+sudo modprobe -r kvm_intel
+sudo modprobe kvm_intel nested=1
+
+**AMD setup**
+sudo modprobe -r kvm_amd
+sudo modprobe kvm_amd nested=1
+
+
+## VM Setup
 `vagrant up` will install everything
 
 Go to [https://localhost:8080/](https://localhost:8080/) and access Nextcloud with credentials `ncadmin / nextcloud`
@@ -17,5 +45,5 @@ Go to [https://localhost:8080/](https://localhost:8080/) and access Nextcloud wi
 See https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh for default values.
 
 # Special thanks to
-@gjgd for providing https://github.com/gjgd/vagrant-nextcloud which this is based upon
-
+- @gjgd for providing https://github.com/gjgd/vagrant-nextcloud which this is based upon
+- @celeroncool for updating it to 24.04 :)

vagrant/Vagrantfile

@@ -1,11 +1,12 @@
 Vagrant.configure("2") do |config|
-  config.vm.box = "ubuntu/focal64"
-  config.vm.network "forwarded_port", guest: 443, host: 8080
+  config.vagrant.plugins = "vagrant-libvirt"
+  config.vm.box = "cloud-image/ubuntu-24.04"
+  config.vm.network "forwarded_port", guest: 443, host: 8081
   config.vm.provision "shell", path: "install.sh"
-  config.vm.provider "virtualbox" do |vb|
-    vb.memory = "2048"
-  end
-  config.vm.provider "vmware_desktop" do |v|
-    v.vmx["memsize"] = "2048"
+  config.vm.provider "libvirt" do |libvirt|
+    libvirt.memory = 4096
+    libvirt.cpus = 4
+    libvirt.nested = true
+    libvirt.cpu_mode = "host-model"
   end
 end

vagrant/install.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
 
 true
-SCRIPT_NAME="Install NcVM with Vagrant"
-# shellcheck source=lib.sh
-source /var/scripts/fetch_lib.sh
 
-check_command git clone https://github.com/nextcloud/vm.git
+# Clone this repo
+git clone https://github.com/nextcloud/vm.git
 
-cd vm || exit && print_text_in_color "$IRed" "Could not cd into the 'vm' folder."
+# We need a check here due to Shellcheck
+cd vm || exit
 
+# Do the installation
 sudo bash nextcloud_install_production.sh --provisioning