Apply critical security fixes and major improvements to all scripts

Security (CRITICAL): - Add .env.example with strong password generation instructions - Fix path traversal validation in restore.sh (now detects all .. patterns) - Secure .env loading with set -a/set +a in all scripts - Add logs/ to .gitignore to prevent credential leaks Backup & Restore (IMPORTANT): - Add file locking system to prevent concurrent backups - Add disk space verification before backup operations - Generate SHA256 checksums for all backups - Verify checksums before restoration - Create safety database backup before restore - Implement comprehensive logging to ./logs/ directory - Fix BACKUP_RETENTION_DAYS inconsistency - Replace dangerous find -delete with safe iteration Update & Recovery: - Backup docker-compose.yml before updates with auto-rollback - Add version display before/after updates - Increase timeouts to 120s for slow containers - Dynamic backup suggestion in recover.sh Compatibility: - Add Docker Compose v2 support with v1 fallback in all scripts - Standardized log() function across all scripts New Features: - Add check-health.sh: comprehensive system health monitoring - Add SECURITY.md: complete security documentation - Update Makefile with check-health and recover commands - Centralized logging with timestamps and levels 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 18:27:00 +01:00
parent 701513ce15
commit c6de550329
10 changed files with 1037 additions and 201 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,14 +1,24 @@
 # ============================================
 # MODE: dev | prod
 # ============================================
+# Copiez ce fichier vers .env et changez les valeurs
+
 # Base de données
+# IMPORTANT: Utilisez des mots de passe forts (min 32 caractères aléatoires)
+# Générez avec: openssl rand -base64 32
 MYSQL_DATABASE=nextcloud
-MYSQL_ROOT_PASSWORD=
-MYSQL_USER=
-MYSQL_PASSWORD=
+MYSQL_ROOT_USER=root
+MYSQL_ROOT_PASSWORD=CHANGEME_GENERATE_STRONG_PASSWORD
+MYSQL_USER=nextcloud_user
+MYSQL_PASSWORD=CHANGEME_GENERATE_STRONG_PASSWORD

 # Redis
-REDIS_HOST_PASSWORD=
+# IMPORTANT: Utilisez un mot de passe fort
+REDIS_HOST_PASSWORD=CHANGEME_GENERATE_STRONG_PASSWORD
+
+# Backups
+BACKUP_DESTINATION=./backups
+BACKUP_RETENTION_DAYS=7

 # ============================================
 # DÉVELOPPEMENT (localhost)