boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailwolt-installer/scripts/88-update-wrapper.sh

216 lines
6.7 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh
log "Update-Wrapper & Sudoers …"
WRAPPER="/usr/local/sbin/mailwolt-update"
LOGFILE="/var/log/mailwolt-update.log"
STATEDIR="/var/lib/mailwolt/update"
SUDOERS="/etc/sudoers.d/mailwolt-update"
VERSION_FILE="/var/lib/mailwolt/version"
SUDOERS_SERVICES="/etc/sudoers.d/mailwolt-services"
SUDOERS_ARTISAN="/etc/sudoers.d/mailwolt-artisan"
# Kandidaten: wo liegt update.sh?
CANDIDATES=(
/opt/mailwolt-installer/scripts/update.sh
/mailwolt-installer/scripts/update.sh
/usr/local/lib/mailwolt/update.sh
)
# State/Log vorbereiten
install -d -m 0755 "$(dirname "$LOGFILE")"
install -d -m 0755 "$STATEDIR"
: > "$LOGFILE" || true
chmod 0644 "$LOGFILE"
# Wrapper erzeugen
cat > "$WRAPPER" <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
LOG="/var/log/mailwolt-update.log"
STATE_DIR="/var/lib/mailwolt/update"
APP_DIR="/var/www/mailwolt"
WEB_USER="www-data"
CANDIDATES=(
/opt/mailwolt-installer/scripts/update.sh
/mailwolt-installer/scripts/update.sh
/usr/local/lib/mailwolt/update.sh
)
install -d -m 0755 "$(dirname "$LOG")" "$STATE_DIR" /var/lib/mailwolt
: > "$LOG" || true
chmod 0644 "$LOG"
echo "running" > "$STATE_DIR/state"
{
echo "===== $(date -Is) :: Update gestartet ====="
# --- Update-Script finden --------------------------------------------------
SCRIPT=""
for p in "${CANDIDATES[@]}"; do
if [[ -x "$p" ]]; then SCRIPT="$p"; break; fi
if [[ -f "$p" && -r "$p" ]]; then SCRIPT="$p"; break; fi
done
if [[ -z "$SCRIPT" ]]; then
echo "[!] update.sh nicht gefunden (versucht: ${CANDIDATES[*]})"
rc=127
else
echo "[i] benutze: $SCRIPT"
if [[ "$(id -u)" -ne 0 ]]; then
echo "[!] Bitte als root ausführen"
rc=1
else
if [[ -x "$SCRIPT" ]]; then
ALLOW_DIRTY=1 "$SCRIPT"
else
ALLOW_DIRTY=1 bash "$SCRIPT"
fi
rc=$?
fi
fi
echo "===== $(date -Is) :: Update-Script beendet (rc=$rc) ====="
# --- Nach dem Update: Assets neu bauen & Laravel optimieren ---------------
if [ -d "$APP_DIR" ]; then
cd "$APP_DIR" || exit 1
echo "[i] Führe Composer aus (falls vorhanden) ..."
if [ -f composer.json ]; then
sudo -u "$WEB_USER" composer install --no-dev --prefer-dist --no-interaction -q || true
fi
echo "[i] Baue Frontend-Assets neu ..."
if command -v npm >/dev/null 2>&1 && [ -f package.json ]; then
sudo -u "$WEB_USER" npm ci --silent || true
sudo -u "$WEB_USER" npm run build --silent || true
fi
echo "[i] Führe Migrationen & Cache-Optimierungen durch ..."
sudo -u "$WEB_USER" php artisan migrate --force || true
sudo -u "$WEB_USER" php artisan config:cache || true
sudo -u "$WEB_USER" php artisan optimize:clear || true
sudo -u "$WEB_USER" php artisan route:cache || true
sudo -u "$WEB_USER" php artisan view:cache || true
echo "[i] Hebe Wartungsmodus auf ..."
sudo -u "$WEB_USER" php artisan up >/dev/null 2>&1 || true
fi
# --- Version aktualisieren -------------------------------------------------
echo "[i] Aktualisiere Version ..."
if command -v git >/dev/null 2>&1; then
SRC="/var/www/mailwolt"
if [ ! -d "$SRC/.git" ]; then
SRC="/opt/mailwolt-installer"
fi
git config --global --add safe.directory "$SRC" || true
if [ -f "$SRC/.git/shallow" ]; then
git -C "$SRC" fetch --unshallow --quiet || true
fi
git -C "$SRC" fetch --tags --quiet origin || true
raw="$(git -C "$SRC" describe --tags --always --dirty 2>/dev/null || echo "unknown")"
norm="$(printf '%s' "$raw" | sed -E 's/^[vV]//; s/-.*$//')"
printf '%s\n' "$raw" > /var/lib/mailwolt/version_raw
printf '%s\n' "$norm" > /var/lib/mailwolt/version
chmod 0644 /var/lib/mailwolt/version_raw /var/lib/mailwolt/version
echo "[i] Version aktualisiert: raw=$raw norm=$norm (Quelle: $SRC)"
else
echo "unknown" > /var/lib/mailwolt/version_raw
echo "0.0.0" > /var/lib/mailwolt/version
chmod 0644 /var/lib/mailwolt/version_raw /var/lib/mailwolt/version
fi
# --- Services neu starten --------------------------------------------------
echo "[i] Starte MailWolt-Dienste neu ..."
sudo -u "$WEB_USER" php artisan mailwolt:restart-services || true
# --- Abschluss -------------------------------------------------------------
printf '%s\n' "$rc" > "$STATE_DIR/rc"
echo "done" > "$STATE_DIR/state"
echo "===== $(date -Is) :: Update beendet ====="
exit "$rc"
} | tee -a "$LOG"
EOF
chmod 0755 "$WRAPPER"
chown root:root "$WRAPPER"
# Sudoers: www-data (Laravel) & mailwolt dürfen den Wrapper laufen lassen
cat > "$SUDOERS" <<'EOF'
Defaults!/usr/local/sbin/mailwolt-update !requiretty
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
mailwolt ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
EOF
chown root:root "$SUDOERS"
chmod 440 "$SUDOERS"
if ! visudo -c -f "$SUDOERS" >/dev/null 2>&1; then
echo "[!] Ungültiger sudoers-Eintrag in $SUDOERS entferne Datei."
rm -f "$SUDOERS"
fi
cat > "$SUDOERS_SERVICES" <<'EOF'
Defaults!/usr/bin/systemctl !requiretty
Cmnd_Alias MW_SERVICES = \
/usr/bin/systemctl reload nginx.service, \
/usr/bin/systemctl try-reload-or-restart nginx.service, \
/usr/bin/systemctl try-reload-or-restart postfix.service, \
/usr/bin/systemctl try-reload-or-restart dovecot.service, \
/usr/bin/systemctl try-reload-or-restart rspamd.service, \
/usr/bin/systemctl try-reload-or-restart opendkim.service, \
/usr/bin/systemctl try-reload-or-restart opendmarc.service, \
/usr/bin/systemctl try-reload-or-restart clamav-daemon.service, \
/usr/bin/systemctl try-reload-or-restart redis-server.service
www-data ALL=(root) NOPASSWD: MW_SERVICES
EOF
chmod 440 "$SUDOERS_SERVICES"
chown root:root "$SUDOERS_SERVICES"
# Prüfen, ob Syntax gültig ist
if ! visudo -c -f "$SUDOERS_SERVICES" >/dev/null 2>&1; then
echo "[!] Ungültiger sudoers-Eintrag in $SUDOERS_SERVICES entferne Datei."
rm -f "$SUDOERS_SERVICES"
else
echo "[✓] Sudoers für Dienststeuerung angelegt: $SUDOERS_SERVICES"
fi
# Version-File initial anlegen, falls nicht existiert
if [[ ! -f "$VERSION_FILE" ]]; then
echo "unknown" > "$VERSION_FILE"
chmod 0644 "$VERSION_FILE"
fi
cat > "$SUDOERS_ARTISAN" <<'EOF'
# mailwolt darf artisan im App-Verzeichnis als www-data ausführen (ohne Passwort)
mailwolt ALL=(www-data) NOPASSWD: /usr/bin/php /var/www/mailwolt/artisan *
EOF
chown root:root "$SUDOERS_ARTISAN"
chmod 440 "$SUDOERS_ARTISAN"
if ! visudo -c -f "$SUDOERS_ARTISAN" >/dev/null 2>&1; then
echo "[!] Ungültiger sudoers-Eintrag in $SUDOERS_ARTISAN entferne Datei."
rm -f "$SUDOERS_ARTISAN"
else
echo "[✓] Sudoers für Artisan-Kommandos angelegt: $SUDOERS_ARTISAN"
fi
log "[✓] Update-Wrapper bereit: $WRAPPER"
log "[✓] Version wird unter $VERSION_FILE gespeichert"
Reference in New Issue View Git Blame Copy Permalink