From 9929a7055b00e248ce6a26282fb9fe28f84e22e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20T=C3=A2che?= Date: Thu, 21 May 2026 21:09:34 +0200 Subject: [PATCH] Adds safe-reboot and safe-shutdown, removes all .sh extensions to scripts --- files/{add-secrets.sh => add-secrets} | 0 files/{backup-postgres.sh => backup-postgres} | 0 files/copy-music.service | 2 +- files/move-downloads-nextcloud.service | 2 +- files/poweroff | 2 +- files/rclone-parents.service | 2 +- files/rotation.conf | 4 ++ files/safe-reboot | 11 +++++ files/safe-shutdown | 12 +++++ generate-config.sh => generate-config | 0 ...nerate-preview.sh => pre-generate-preview} | 0 home/pihole/{update-hints.sh => update-hints} | 0 home/pihole/{update-root.sh => update-root} | 0 home/root/{copy-music.sh => copy-music} | 0 ...-nextcloud.sh => move-downloads-nextcloud} | 0 .../{rclone-parents.sh => rclone-parents} | 0 home/tga/{dyndns.sh => dyndns} | 0 ...custom-entrypoint.sh => custom-entrypoint} | 0 ...igure-firewalld.sh => configure-firewalld} | 0 init/configure-firewalld.service | 2 +- ...le-all-quadlets.sh => enable-all-quadlets} | 4 +- init/enable-all-quadlets.service | 2 +- pi4.bu | 48 +++++++++++++------ quadlets/wallabag/wallabag.container | 4 +- services/gitea/backup-database.service | 2 +- services/immich/backup-database.service | 2 +- services/nextcloud/backup-database.service | 2 +- .../nextcloud/pre-generate-preview.service | 2 +- services/paperless/backup-database.service | 2 +- services/pihole/update-hints.service | 2 +- services/pihole/update-root.service | 2 +- services/synapse/backup-database.service | 2 +- services/tga/update-dyndns.service | 2 +- services/wallabag/backup-database.service | 2 +- users/nextcloud.bu | 4 +- users/pihole.bu | 8 ++-- users/tga.bu | 4 +- users/wallabag.bu | 4 +- 38 files changed, 91 insertions(+), 44 deletions(-) rename files/{add-secrets.sh => add-secrets} (100%) rename files/{backup-postgres.sh => backup-postgres} (100%) create mode 100644 files/rotation.conf create mode 100644 files/safe-reboot create mode 100644 files/safe-shutdown rename generate-config.sh => generate-config (100%) rename home/nextcloud/{pre-generate-preview.sh => pre-generate-preview} (100%) rename home/pihole/{update-hints.sh => update-hints} (100%) rename home/pihole/{update-root.sh => update-root} (100%) rename home/root/{copy-music.sh => copy-music} (100%) rename home/root/{move-downloads-nextcloud.sh => move-downloads-nextcloud} (100%) rename home/root/{rclone-parents.sh => rclone-parents} (100%) rename home/tga/{dyndns.sh => dyndns} (100%) rename home/wallabag/{custom-entrypoint.sh => custom-entrypoint} (100%) rename init/{configure-firewalld.sh => configure-firewalld} (100%) rename init/{enable-all-quadlets.sh => enable-all-quadlets} (94%) diff --git a/files/add-secrets.sh b/files/add-secrets similarity index 100% rename from files/add-secrets.sh rename to files/add-secrets diff --git a/files/backup-postgres.sh b/files/backup-postgres similarity index 100% rename from files/backup-postgres.sh rename to files/backup-postgres diff --git a/files/copy-music.service b/files/copy-music.service index 8548612..14195d4 100644 --- a/files/copy-music.service +++ b/files/copy-music.service @@ -3,4 +3,4 @@ Description=Copies the music from Nextcloud to Navidrome [Service] Type=oneshot -ExecStart=/root/scripts/copy-music.sh +ExecStart=/root/scripts/copy-music diff --git a/files/move-downloads-nextcloud.service b/files/move-downloads-nextcloud.service index cc4f263..4fc2bd5 100644 --- a/files/move-downloads-nextcloud.service +++ b/files/move-downloads-nextcloud.service @@ -3,4 +3,4 @@ Description=Move the completed torrents and jdownloader downloads to nextcloud [Service] Type=oneshot -ExecStart=/root/scripts/move-downloads-nextcloud.sh +ExecStart=/root/scripts/move-downloads-nextcloud diff --git a/files/poweroff b/files/poweroff index 59b4a03..3daf598 100644 --- a/files/poweroff +++ b/files/poweroff @@ -1 +1 @@ -homeassistant ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown +homeassistant ALL=(ALL) NOPASSWD: /opt/bin/safe-reboot, /opt/bin/safe-shutdown diff --git a/files/rclone-parents.service b/files/rclone-parents.service index e84d108..a50e2fb 100644 --- a/files/rclone-parents.service +++ b/files/rclone-parents.service @@ -3,4 +3,4 @@ Description=Runs rclone to copy the NAS content to the parents NAS [Service] Type=oneshot -ExecStart=/usr/bin/flock -n /run/rclone-parents.lock /root/scripts/rclone-parents.sh +ExecStart=/usr/bin/flock -n /run/rclone-parents.lock /root/scripts/rclone-parents diff --git a/files/rotation.conf b/files/rotation.conf new file mode 100644 index 0000000..907aa10 --- /dev/null +++ b/files/rotation.conf @@ -0,0 +1,4 @@ +[Journal] +SystemMaxUse=256M # Maximum total journal size +RuntimeMaxUse=128M # Maximum journal size in temporary storage +MaxFileSec=1month # Maximum time to retain log files diff --git a/files/safe-reboot b/files/safe-reboot new file mode 100644 index 0000000..c4f2bdc --- /dev/null +++ b/files/safe-reboot @@ -0,0 +1,11 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +users=(arr gitea homeassistant immich jdownloader kiwix komga navidrome nextcloud nginx pairdrop paperless pihole qbittorrent synapse wallabag) +for user in "${users[@]}"; do + readarray -t units <<< "$(systemctl --user -M "${user}@" list-units | grep container | grep running | grep service | awk '{print $1}')" || true + if [[ "${#units[@]}" -gt 0 && -n "${units[0]:-}" ]]; then + systemctl --user -M "${user}@" stop "${units[@]}" + fi +done +systemctl reboot diff --git a/files/safe-shutdown b/files/safe-shutdown new file mode 100644 index 0000000..d241a20 --- /dev/null +++ b/files/safe-shutdown @@ -0,0 +1,12 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +users=(arr gitea homeassistant immich jdownloader kiwix komga navidrome nextcloud nginx pairdrop paperless pihole qbittorrent synapse wallabag) +for user in "${users[@]}"; do + readarray -t units <<< "$(systemctl --user -M "${user}@" list-units | grep container | grep running | grep service | awk '{print $1}')" || true + if [[ "${#units[@]}" -gt 0 && -n "${units[0]:-}" ]]; then + systemctl --user -M "${user}@" stop "${units[@]}" + fi +done + +systemctl poweroff diff --git a/generate-config.sh b/generate-config similarity index 100% rename from generate-config.sh rename to generate-config diff --git a/home/nextcloud/pre-generate-preview.sh b/home/nextcloud/pre-generate-preview similarity index 100% rename from home/nextcloud/pre-generate-preview.sh rename to home/nextcloud/pre-generate-preview diff --git a/home/pihole/update-hints.sh b/home/pihole/update-hints similarity index 100% rename from home/pihole/update-hints.sh rename to home/pihole/update-hints diff --git a/home/pihole/update-root.sh b/home/pihole/update-root similarity index 100% rename from home/pihole/update-root.sh rename to home/pihole/update-root diff --git a/home/root/copy-music.sh b/home/root/copy-music similarity index 100% rename from home/root/copy-music.sh rename to home/root/copy-music diff --git a/home/root/move-downloads-nextcloud.sh b/home/root/move-downloads-nextcloud similarity index 100% rename from home/root/move-downloads-nextcloud.sh rename to home/root/move-downloads-nextcloud diff --git a/home/root/rclone-parents.sh b/home/root/rclone-parents similarity index 100% rename from home/root/rclone-parents.sh rename to home/root/rclone-parents diff --git a/home/tga/dyndns.sh b/home/tga/dyndns similarity index 100% rename from home/tga/dyndns.sh rename to home/tga/dyndns diff --git a/home/wallabag/custom-entrypoint.sh b/home/wallabag/custom-entrypoint similarity index 100% rename from home/wallabag/custom-entrypoint.sh rename to home/wallabag/custom-entrypoint diff --git a/init/configure-firewalld.sh b/init/configure-firewalld similarity index 100% rename from init/configure-firewalld.sh rename to init/configure-firewalld diff --git a/init/configure-firewalld.service b/init/configure-firewalld.service index d5fbbe4..44512d1 100644 --- a/init/configure-firewalld.service +++ b/init/configure-firewalld.service @@ -6,7 +6,7 @@ ConditionPathExists=!/var/lib/configure-firewalld [Service] Type=oneshot -ExecStart=/opt/bin/configure-firewalld.sh +ExecStart=/opt/bin/configure-firewalld ExecStartPost=/usr/bin/touch /var/lib/configure-firewalld RemainAfterExit=true diff --git a/init/enable-all-quadlets.sh b/init/enable-all-quadlets similarity index 94% rename from init/enable-all-quadlets.sh rename to init/enable-all-quadlets index be478e3..bae4b18 100644 --- a/init/enable-all-quadlets.sh +++ b/init/enable-all-quadlets @@ -11,7 +11,7 @@ for user in "${users[@]}"; do chown -R "${user}:${user}" "/var/home/${user}" secrets_file="/var/home/${user}/.secrets" if [[ -f "${secrets_file}" ]];then - sudo -u "${user}" /opt/bin/add-secrets.sh "${secrets_file}" + sudo -u "${user}" /opt/bin/add-secrets "${secrets_file}" fi systemctl --user -M "${user}@" daemon-reload systemctl --user -M "${user}@" enable --now "podman-auto-update.timer" || true @@ -38,6 +38,6 @@ systemctl --user -M "wallabag@" enable "backup-database.timer" systemctl enable --now "podman-auto-update.timer" || true -/opt/bin/add-secrets.sh /root/.secrets +/opt/bin/add-secrets /root/.secrets systemctl daemon-reload systemctl start samba.service diff --git a/init/enable-all-quadlets.service b/init/enable-all-quadlets.service index 48cace4..a99316e 100644 --- a/init/enable-all-quadlets.service +++ b/init/enable-all-quadlets.service @@ -7,7 +7,7 @@ ConditionPathExists=!/var/lib/quadlets-enabled [Service] Type=oneshot -ExecStart=/opt/bin/enable-all-quadlets.sh +ExecStart=/opt/bin/enable-all-quadlets ExecStartPost=/usr/bin/touch /var/lib/quadlets-enabled RemainAfterExit=true diff --git a/pi4.bu b/pi4.bu index 1af42c3..2b439ea 100644 --- a/pi4.bu +++ b/pi4.bu @@ -30,6 +30,13 @@ passwd: - wheel - name: zero storage: + directories: + - path: /etc/systemd/journald.conf.d + mode: 0755 + user: + name: root + group: + name: root disks: - device: /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B wipe_table: false @@ -62,21 +69,29 @@ storage: - compress=zstd:3 with_mount_unit: true files: - - path: /opt/bin/enable-all-quadlets.sh + - path: /opt/bin/enable-all-quadlets contents: - local: init/enable-all-quadlets.sh + local: init/enable-all-quadlets mode: 0755 - - path: /opt/bin/configure-firewalld.sh + - path: /opt/bin/configure-firewalld contents: - local: init/configure-firewalld.sh + local: init/configure-firewalld mode: 0755 - - path: /opt/bin/add-secrets.sh + - path: /opt/bin/add-secrets contents: - local: files/add-secrets.sh + local: files/add-secrets mode: 0755 - - path: /opt/bin/backup-postgres.sh + - path: /opt/bin/backup-postgres contents: - local: files/backup-postgres.sh + local: files/backup-postgres + mode: 0755 + - path: /opt/bin/safe-reboot + contents: + local: files/safe-reboot + mode: 0755 + - path: /opt/bin/safe-shutdown + contents: + local: files/safe-shutdown mode: 0755 - path: /etc/containers/systemd/samba.container contents: @@ -85,18 +100,18 @@ storage: mode: 0600 contents: local: /home/root/.secrets - - path: /root/scripts/move-downloads-nextcloud.sh + - path: /root/scripts/move-downloads-nextcloud mode: 0755 contents: - local: /home/root/move-downloads-nextcloud.sh - - path: /root/scripts/rclone-parents.sh + local: /home/root/move-downloads-nextcloud + - path: /root/scripts/rclone-parents mode: 0755 contents: - local: /home/root/rclone-parents.sh - - path: /root/scripts/copy-music.sh + local: /home/root/rclone-parents + - path: /root/scripts/copy-music mode: 0755 contents: - local: /home/root/copy-music.sh + local: /home/root/copy-music - path: /etc/ssh/sshd_config.d/99-custom mode: 0644 contents: @@ -106,6 +121,11 @@ storage: overwrite: true contents: local: files/smartd.conf + - path: /etc/systemd/journald.conf.d/rotation.conf + mode: 0644 + overwrite: true + contents: + local: files/rotation.conf - path: /etc/sudoers.d/99-poweroff mode: 0644 contents: diff --git a/quadlets/wallabag/wallabag.container b/quadlets/wallabag/wallabag.container index 1e563e3..1f55c4b 100644 --- a/quadlets/wallabag/wallabag.container +++ b/quadlets/wallabag/wallabag.container @@ -8,7 +8,7 @@ Requires=wallabag-redis.container [Container] AutoUpdate=registry ContainerName=wallabag -Entrypoint=/custom-entrypoint.sh +Entrypoint=/custom-entrypoint Environment=POSTGRES_DB=wallabag Environment=POSTGRES_USER=wallabag Environment=SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql @@ -35,7 +35,7 @@ StartWithPod=true Timezone=Europe/Zurich Volume=wallabag-data.volume:/var/www/wallabag/data Volume=wallabag-images.volume:/var/www/wallabag/web/assets/images -Volume=/var/mnt/nas/containers/wallabag/storage/custom-entrypoint.sh:/custom-entrypoint.sh +Volume=/var/mnt/nas/containers/wallabag/storage/custom-entrypoint:/custom-entrypoint [Service] Restart=always diff --git a/services/gitea/backup-database.service b/services/gitea/backup-database.service index 7cae1e2..b93d37f 100644 --- a/services/gitea/backup-database.service +++ b/services/gitea/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the Gitea database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/services/immich/backup-database.service b/services/immich/backup-database.service index 3403c52..d09284f 100644 --- a/services/immich/backup-database.service +++ b/services/immich/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the Immich database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/services/nextcloud/backup-database.service b/services/nextcloud/backup-database.service index e6dd3e3..7edc186 100644 --- a/services/nextcloud/backup-database.service +++ b/services/nextcloud/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the Nextcloud database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/services/nextcloud/pre-generate-preview.service b/services/nextcloud/pre-generate-preview.service index 9103667..91a44d0 100644 --- a/services/nextcloud/pre-generate-preview.service +++ b/services/nextcloud/pre-generate-preview.service @@ -3,4 +3,4 @@ Description=Pre-generates previews for Nextcloud [Service] Type=oneshot -ExecStart=/var/home/nextcloud/pre-generate-preview.sh +ExecStart=/var/home/nextcloud/pre-generate-preview diff --git a/services/paperless/backup-database.service b/services/paperless/backup-database.service index 1f722b0..2143cad 100644 --- a/services/paperless/backup-database.service +++ b/services/paperless/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the paperless database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/services/pihole/update-hints.service b/services/pihole/update-hints.service index 0474b00..4e01712 100644 --- a/services/pihole/update-hints.service +++ b/services/pihole/update-hints.service @@ -3,4 +3,4 @@ Description=Update the unbound root hints [Service] Type=oneshot -ExecStart=/var/home/pihole/update-hints.sh +ExecStart=/var/home/pihole/update-hints diff --git a/services/pihole/update-root.service b/services/pihole/update-root.service index 5b3c64e..8baa868 100644 --- a/services/pihole/update-root.service +++ b/services/pihole/update-root.service @@ -3,4 +3,4 @@ Description=Update the unbound root entries [Service] Type=oneshot -ExecStart=/var/home/pihole/update-root.sh +ExecStart=/var/home/pihole/update-root diff --git a/services/synapse/backup-database.service b/services/synapse/backup-database.service index 88a0786..244ed7e 100644 --- a/services/synapse/backup-database.service +++ b/services/synapse/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the Synapse database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/services/tga/update-dyndns.service b/services/tga/update-dyndns.service index 6f0a605..f3d203d 100644 --- a/services/tga/update-dyndns.service +++ b/services/tga/update-dyndns.service @@ -3,4 +3,4 @@ Description=Update the DynDns entries [Service] Type=oneshot -ExecStart=/var/home/tga/dyndns.sh +ExecStart=/var/home/tga/dyndns diff --git a/services/wallabag/backup-database.service b/services/wallabag/backup-database.service index 4d24766..1542d8d 100644 --- a/services/wallabag/backup-database.service +++ b/services/wallabag/backup-database.service @@ -3,4 +3,4 @@ Description=Backups the Wallabag database [Service] Type=oneshot -ExecStart=/opt/bin/backup-postgres.sh +ExecStart=/opt/bin/backup-postgres diff --git a/users/nextcloud.bu b/users/nextcloud.bu index f8b74f6..1f07123 100644 --- a/users/nextcloud.bu +++ b/users/nextcloud.bu @@ -183,10 +183,10 @@ storage: name: nextcloud group: name: nextcloud - - path: /var/home/nextcloud/pre-generate-preview.sh + - path: /var/home/nextcloud/pre-generate-preview mode: 0755 contents: - local: home/nextcloud/pre-generate-preview.sh + local: home/nextcloud/pre-generate-preview user: name: nextcloud group: diff --git a/users/pihole.bu b/users/pihole.bu index 9c96a70..2a39605 100644 --- a/users/pihole.bu +++ b/users/pihole.bu @@ -205,18 +205,18 @@ storage: name: pihole group: name: pihole - - path: /var/home/pihole/update-hints.sh + - path: /var/home/pihole/update-hints mode: 0755 contents: - local: home/pihole/update-hints.sh + local: home/pihole/update-hints user: name: pihole group: name: pihole - - path: /var/home/pihole/update-root.sh + - path: /var/home/pihole/update-root mode: 0755 contents: - local: home/pihole/update-root.sh + local: home/pihole/update-root user: name: pihole group: diff --git a/users/tga.bu b/users/tga.bu index 260a80a..0bb12ac 100644 --- a/users/tga.bu +++ b/users/tga.bu @@ -29,10 +29,10 @@ storage: name: tga group: name: tga - - path: /var/home/tga/dyndns.sh + - path: /var/home/tga/dyndns mode: 0755 contents: - local: home/tga/dyndns.sh + local: home/tga/dyndns user: name: tga group: diff --git a/users/wallabag.bu b/users/wallabag.bu index b6ce15d..5012959 100644 --- a/users/wallabag.bu +++ b/users/wallabag.bu @@ -89,10 +89,10 @@ storage: name: wallabag group: name: wallabag - - path: /var/home/wallabag/custom-entrypoint.sh + - path: /var/home/wallabag/custom-entrypoint mode: 0755 contents: - local: home/wallabag/custom-entrypoint.sh + local: home/wallabag/custom-entrypoint user: name: wallabag group: