keycloak: correct use of old variable in update script

even tho it's not complicated and there are multiple correct ways, i think it's better if we have one common update strategy to avoid conflicts or other errors in the future. this shall be expanded for worker support in the future.

.gitignore

@@ -0,0 +1,2 @@
+env
+config.env

rollback/keycloak/config.env.sample

@@ -0,0 +1,27 @@
+# where everything lives,
+# such as ./latest ./themes and so on
+location=$HOME
+
+# to make sure we can use systemctl
+XDG_RUNTIME_DIR=/run/user/$UID
+
+# theme in $HOME/themes to copy
+theme=
+
+# this is used for setting
+# a random new password for a demo user
+#
+# needed to obtain an admin token
+kcadmin=
+kcadminpw=
+# the admin api port
+kcport=38081
+# our user to modify:
+kcuserid=fbe-123-456-ee0oab
+newpw=
+kcrealm=
+
+app=keycloak # service and dumpfile name
+db=
+user=$db
+dump=$HOME/var/db/$app.dump

rollback/keycloak/rollback.sh

@@ -0,0 +1,24 @@
+#/bin/bash
+set -e
+
+source $HOME/scripts/env
+
+echo "stopping $app..."
+systemctl stop --user $app
+
+echo "restoring database..."
+# -c drops all objects that are to be restored
+pg_restore -c -h localhost -U $user -d $db < $dump
+
+systemctl start --user $app
+
+echo "started $app..."
+sleep 2
+
+systemctl --no-pager status --user $app
+
+echo "setting new demouser password"
+echo "waiting a crazy amount of 20s so keycloak has time to open that port..."
+sleep 20
+. $HOME/scripts/set-demopw.sh
+echo "done."

rollback/keycloak/set-demopw.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+. $HOME/scripts/env
+
+echo "obtaining new admin token"
+$HOME/latest/bin/kcadm.sh config credentials --server http://localhost:$kcport --user $kcadmin --password $kcadminpw --realm master
+
+echo "setting password for demo account"
+$HOME/latest/bin/kcadm.sh set-password --server http://localhost:$kcport --userid $kcuserid -r $kcrealm --new-password $newpw # -x (for stacktrace)
+
+echo "demo user now has the password of $newpw"

rollback/keycloak/setstate.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+. $HOME/scripts/env
+
+pg_dump -Fc -U $user -d $db > $dump
+
+echo "state has been made permanent."

rollback/keycloak/update.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+# source: https://git.tchncs.de/tchncs/tchncs-scripts/-/blob/main/updates/keycloak.sh
+
+# Use ./update.sh 1.2.3 to OVERRIDE the release check.
+
+# Without an argument, THIS SCRIPT WILL AUTODETECT the release
+# that was tagged as "latest" by the project.
+set -e
+
+if [ -z "$1" ]
+    then
+        release=`curl -L https://api.github.com/repos/keycloak/keycloak/releases/latest -s | jq -r '.tag_name'`
+        echo ">>> Detected v$release being tagged as the latest release."
+    else
+        release=$1
+fi
+
+current_release=$(cat latest/version.txt)
+current_release=${current_release#'Keycloak - Version '}
+
+if [[ $current_release == "$release" ]]
+    then
+        echo ">>> It appears, are on v$current_release. Nothing to do."
+        exit
+    else
+        read -p "Proceed? With Keycloak ${release}?" -n 1 -r
+        if [[ ! $REPLY =~ ^[Yy]$ ]]
+            then
+                [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
+        fi
+fi
+
+systemctl stop --user keycloak
+
+echo ">>> calling for rollback.sh"
+. $HOME/scripts/rollback.sh
+
+cd $location
+
+wget "https://github.com/keycloak/keycloak/releases/download/$release/keycloak-$release.zip"
+unzip keycloak-$release.zip
+rm keycloak-$release.zip
+
+[ -L latest ] && rm -v latest
+ln -sv $location/keycloak-$release $location/latest
+
+# default config got the same filename!
+rm -v latest/conf/keycloak.conf
+
+ln -sv $location/config/* $location/latest/conf/
+
+bash latest/bin/kc.sh build
+
+cp -r $HOME/themes/$theme $HOME/latest/themes/
+
+systemctl restart --user keycloak
+
+echo ">>> waiting 10s so Keycloak may run migrations..."
+sleep 10
+
+echo ">>> calling setstate.sh to make the update permanent"
+. $HOME/scripts/setstate.sh
+
+echo "Done."

rollback/nextcloud/config.env

@@ -1,5 +0,0 @@
-pac=xyz00
-user=
-db=${pac}_${user}
-dbuser=$db
-dump=$HOME/var/db/nextcloud.dump

rollback/nextcloud/config.env.sample

@@ -0,0 +1,8 @@
+pac=xyz00
+user=
+db=${pac}_${user}
+dbuser=$db
+dump=$HOME/var/db/nextcloud.dump
+# optional version control, if default or configured one is too old
+# do not comment this
+php=php

updates/keycloak.sh

@@ -1,14 +1,14 @@
 #!/bin/bash
 set -e
 
-if [ -z "$1" ]
+#
-then
+# Use ./update.sh 1.2.3 to OVERRIDE the release check.
-        echo "ERROR: Can't continue. Version querying not implemented, because we might not use the latest major release."
+#
-        echo "Usage: bash ./update.sh 9.9.9"
+# Without an argument, THIS SCRIPT WILL AUTODETECT the release
-        exit 1
+# that was tagged as "latest" by the project.
-fi
+#
-export XDG_RUNTIME_DIR=/run/user/$UID
 
+export XDG_RUNTIME_DIR=/run/user/$UID
 location=$HOME
 olddir=`readlink $location/latest`
 
@@ -16,17 +16,40 @@ olddir=`readlink $location/latest`
 # script does not require this to function
 #themename=mytheme
 
+if [ -z "$1" ]
+    then
+        release=`curl -L https://api.github.com/repos/keycloak/keycloak/releases/latest -s | jq -r '.tag_name'`
+        echo ">>> Detected v$release being tagged as the latest release."
+    else
+        release=$1
+fi
+
+current_release=$(cat latest/version.txt)
+current_release=${current_release#'Keycloak - Version '}
+
+if [[ $current_release == "$release" ]]
+    then
+        echo ">>> It appears, are on v$current_release. Nothing to do."
+        exit
+    else
+        read -p "Proceed? With Keycloak ${release}?" -n 1 -r
+        if [[ ! $REPLY =~ ^[Yy]$ ]]
+            then
+                [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
+        fi
+fi
+
 systemctl stop --user keycloak
 
 cd $location
 
 # FIXME: move to rsync or use git tags directly
-wget "https://github.com/keycloak/keycloak/releases/download/$1/keycloak-$1.zip"
+wget "https://github.com/keycloak/keycloak/releases/download/$release/keycloak-$release.zip"
-unzip keycloak-$1.zip
+unzip keycloak-$release.zip
-rm keycloak-$1.zip
+rm keycloak-$release.zip
 
 [ -L $location/latest ] && rm -v $location/latest
-ln -sv $location/keycloak-$1 $location/latest
+ln -sv $location/keycloak-$release $location/latest
 
 # default config got the same filename!
 rm -v $location/latest/conf/keycloak.conf

updates/nextcloud.sh

@@ -4,7 +4,7 @@ set -e
 # +x does not apply
 # use correct order – eg: sudo -u www-data php=php8.2 ...
 if [ -z ${php} ]; then
-        php="php8.1"
+        php="php8.2"
 fi
 
 [ -f cron.log ] && rm -v cron.log && echo "logfiles should not be here and upset the updater. consider the data directory."

updates/sliding-sync.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+export XDG_RUNTIME_DIR=/run/user/$UID
+
+release=`curl -L https://api.github.com/repos/matrix-org/sliding-sync/releases/latest -s | jq -r '.tag_name'`
+
+echo ">>> stopping to avoid binary being busy"
+echo
+systemctl stop --user syncv3
+
+wget --show-progress -q -O $HOME/bin/syncv3 https://github.com/matrix-org/sliding-sync/releases/download/$release/syncv3_linux_amd64
+
+echo
+echo ">>> starting...."
+systemctl start --user syncv3
+sleep 2
+systemctl status --user syncv3

updates/synapse.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+export XDG_RUNTIME_DIR=/run/user/$UID
+
+activate="$HOME/synapse/env/bin/activate"
+domain=`ls $HOME/doms/`
+
+if [ ! -f $activate ];
+then
+        echo ">>> FATAL: Synapse env not detected. Stopping. Please adjust the script."
+        exit 1
+fi
+
+source $activate
+
+pip install --upgrade 'matrix-synapse[postgres]' pip
+
+systemctl --user restart synapse
+
+sleep 2
+echo
+echo ">>> Synapse has been restarted and"
+echo ">>> is now reporting this version:"
+curl -s "https://$domain/_synapse/admin/v1/server_version"|jq
+echo
+
+systemctl --user status synapse