Apply critical security fixes and major improvements to all scripts

Security (CRITICAL): - Add .env.example with strong password generation instructions - Fix path traversal validation in restore.sh (now detects all .. patterns) - Secure .env loading with set -a/set +a in all scripts - Add logs/ to .gitignore to prevent credential leaks Backup & Restore (IMPORTANT): - Add file locking system to prevent concurrent backups - Add disk space verification before backup operations - Generate SHA256 checksums for all backups - Verify checksums before restoration - Create safety database backup before restore - Implement comprehensive logging to ./logs/ directory - Fix BACKUP_RETENTION_DAYS inconsistency - Replace dangerous find -delete with safe iteration Update & Recovery: - Backup docker-compose.yml before updates with auto-rollback - Add version display before/after updates - Increase timeouts to 120s for slow containers - Dynamic backup suggestion in recover.sh Compatibility: - Add Docker Compose v2 support with v1 fallback in all scripts - Standardized log() function across all scripts New Features: - Add check-health.sh: comprehensive system health monitoring - Add SECURITY.md: complete security documentation - Update Makefile with check-health and recover commands - Centralized logging with timestamps and levels 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 18:27:00 +01:00
parent 701513ce15
commit c6de550329
10 changed files with 1037 additions and 201 deletions
--- a/scripts/occ.sh
+++ b/scripts/occ.sh
@@ -3,14 +3,20 @@

 set -euo pipefail

-# Vérifier que docker-compose est disponible
-if ! command -v docker-compose >/dev/null 2>&1; then
-  echo "❌ Erreur: docker-compose n'est pas installé"
+# Détecter docker-compose v1 ou docker compose v2
+DOCKER_COMPOSE=""
+if command -v docker >/dev/null 2>&1 && docker compose version >/dev/null 2>&1; then
+  DOCKER_COMPOSE="docker compose"
+elif command -v docker-compose >/dev/null 2>&1; then
+  DOCKER_COMPOSE="docker-compose"
+else
+  echo "❌ Erreur: Ni 'docker compose' (v2) ni 'docker-compose' (v1) n'est disponible"
+  echo "   Installez Docker Compose: https://docs.docker.com/compose/install/"
  exit 1
 fi

 # Vérifier que le container nextcloud est actif
-if ! docker-compose ps nextcloud | grep -q "Up"; then
+if ! $DOCKER_COMPOSE ps nextcloud 2>/dev/null | grep -q "Up"; then
  echo "❌ Erreur: Le container nextcloud n'est pas actif"
  echo "   Démarrez-le avec: make up"
  exit 1
@@ -18,4 +24,4 @@ fi

 # Exécuter la commande OCC
 # Le "$@" est sûr ici car il est passé directement à PHP OCC qui gère la validation
-docker-compose exec -u www-data nextcloud php occ "$@"
+$DOCKER_COMPOSE exec -u www-data nextcloud php occ "$@"