From fb9737cbe07e29b5d9d0d05b2d55de8bf0f44120 Mon Sep 17 00:00:00 2001
From: RomanNum3ral <uname-a-ls-old-db@protonmail.com>
Date: Thu, 19 Mar 2026 12:39:47 +0000
Subject: [PATCH] Update arch_install.sh

---
 arch_install.sh | 260 ++++++++----------------------------------------
 1 file changed, 40 insertions(+), 220 deletions(-)

diff --git a/arch_install.sh b/arch_install.sh
index 7eff8d6..956e8d8 100644
--- a/arch_install.sh
+++ b/arch_install.sh
@@ -1,9 +1,6 @@
 #!/usr/bin/env bash
-# Nextcloud + Apache + PHP 8.3 (php-legacy) + MariaDB + Valkey/Redis on Arch Linux
+# Nextcloud + Apache + PHP 8.3 (php-legacy) + MariaDB + Valkey on Arch Linux
 # Production-oriented, reverse-proxy aware
-#
-# Run as root:
-#   sudo ./arch_install.sh
 
 set -euo pipefail
 IFS=$'\n\t'
@@ -24,7 +21,7 @@ ADMIN_USER="admin"
 ADMIN_PASS="changeMe"
 
 TRUST_LOCAL_PROXY="true"
-REAL_IP_HEADER="CF-Connecting-IP"   # use X-Forwarded-For if not Cloudflare
+REAL_IP_HEADER="CF-Connecting-IP"
 
 NC_VERSION="33.0.0"
 NC_TARBALL_URL="https://download.nextcloud.com/server/releases/nextcloud-${NC_VERSION}.tar.bz2"
@@ -35,7 +32,7 @@ PHP_INI="/etc/php-legacy/php.ini"
 PHP_FPM_WWW_CONF="/etc/php-legacy/php-fpm.d/www.conf"
 PHP_FPM_SERVICE="php-fpm-legacy"
 
-REDIS_SOCK="/run/redis/redis.sock"
+KV_SOCK="/run/valkey/valkey.sock"
 
 # =========================
 # HELPERS
@@ -52,12 +49,7 @@ require_root() {
 }
 
 check_vars() {
-  local vars=(
-    DOMAIN NC_DIR NC_DATA_DIR
-    DB_NAME DB_USER DB_PASS
-    ADMIN_USER ADMIN_PASS
-    NC_VERSION NC_TARBALL_URL NC_SHA512_URL
-  )
+  local vars=(DOMAIN NC_DIR NC_DATA_DIR DB_NAME DB_USER DB_PASS ADMIN_USER ADMIN_PASS)
   for v in "${vars[@]}"; do
     if [[ -z "${!v}" ]]; then
       echo "Variable $v is empty. Edit the script first."
@@ -66,13 +58,6 @@ check_vars() {
   done
 }
 
-require_cmd() {
-  command -v "$1" >/dev/null 2>&1 || {
-    echo "Required command not found: $1"
-    exit 1
-  }
-}
-
 enable_php_ext() {
   local ext="$1"
   if ! grep -Eq "^[[:space:]]*extension=${ext}\.so" "$PHP_INI"; then
@@ -104,60 +89,34 @@ set_fpm_value() {
 }
 
 detect_kv_conf() {
-  if [[ -f /etc/valkey/valkey.conf ]]; then
-    echo "/etc/valkey/valkey.conf"
-  elif [[ -f /etc/redis/redis.conf ]]; then
-    echo "/etc/redis/redis.conf"
-  elif [[ -f /etc/redis.conf ]]; then
-    echo "/etc/redis.conf"
-  else
-    echo ""
-  fi
+  for f in /etc/valkey/valkey.conf /etc/redis/redis.conf /etc/redis.conf; do
+    [[ -f "$f" ]] && echo "$f" && return
+  done
 }
 
 detect_kv_service() {
-  if systemctl list-unit-files 2>/dev/null | grep -q '^valkey\.service'; then
-    echo "valkey"
-  elif systemctl list-unit-files 2>/dev/null | grep -q '^redis\.service'; then
-    echo "redis"
-  else
-    echo ""
-  fi
+  for s in valkey redis; do
+    [[ -f "/usr/lib/systemd/system/${s}.service" ]] && echo "$s" && return
+  done
 }
 
-# =========================
-# PRECHECKS
-# =========================
 require_root
 check_vars
 
+# =========================
+# PACKAGES
+# =========================
 log "Updating system and installing packages"
 pacman -Syu --noconfirm
-
 pacman -S --needed --noconfirm \
   apache mariadb valkey cronie \
   php-legacy php-legacy-fpm php-legacy-gd php-legacy-intl php-legacy-sodium \
   php-legacy-apcu php-legacy-redis php-legacy-imagick \
   curl wget tar bzip2 unzip sudo
 
-require_cmd mariadb
-require_cmd httpd
-require_cmd "${PHP_BIN}"
-
 KV_CONF="$(detect_kv_conf)"
 KV_SERVICE="$(detect_kv_service)"
 
-if [[ -z "${KV_CONF}" ]]; then
-  echo "Could not find Valkey/Redis config file."
-  echo "Looked for /etc/valkey/valkey.conf, /etc/redis/redis.conf, and /etc/redis.conf"
-  exit 1
-fi
-
-if [[ -z "${KV_SERVICE}" ]]; then
-  echo "Could not find valkey.service or redis.service"
-  exit 1
-fi
-
 # =========================
 # DIRECTORIES
 # =========================
@@ -175,16 +134,8 @@ fi
 
 systemctl enable --now mariadb
 
-mariadb <<'SQL'
-DELETE FROM mysql.user WHERE User='';
-DROP DATABASE IF EXISTS test;
-DELETE FROM mysql.db WHERE Db='test' OR Db LIKE 'test\_%';
-FLUSH PRIVILEGES;
-SQL
-
 mariadb <<SQL
-CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\`
-  CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
 CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
 GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
 FLUSH PRIVILEGES;
@@ -201,21 +152,7 @@ done
 set_ini_value "memory_limit" "512M"
 set_ini_value "upload_max_filesize" "1024M"
 set_ini_value "post_max_size" "1024M"
-set_ini_value "max_execution_time" "360"
-set_ini_value "max_input_time" "360"
 set_ini_value "output_buffering" "Off"
-set_ini_value "date.timezone" "UTC"
-
-if ! grep -Eq '^[[:space:]]*zend_extension[[:space:]]*=.*opcache' "$PHP_INI"; then
-  printf "\nzend_extension=opcache\n" >> "$PHP_INI"
-fi
-set_ini_value "opcache.enable" "1"
-set_ini_value "opcache.enable_cli" "0"
-set_ini_value "opcache.interned_strings_buffer" "16"
-set_ini_value "opcache.max_accelerated_files" "10000"
-set_ini_value "opcache.memory_consumption" "256"
-set_ini_value "opcache.save_comments" "1"
-set_ini_value "opcache.revalidate_freq" "60"
 
 set_fpm_value "user" "http"
 set_fpm_value "group" "http"
@@ -223,39 +160,23 @@ set_fpm_value "listen" "/run/php-fpm-legacy/php-fpm.sock"
 set_fpm_value "listen.owner" "http"
 set_fpm_value "listen.group" "http"
 set_fpm_value "listen.mode" "0660"
-set_fpm_value "pm" "dynamic"
-set_fpm_value "pm.max_children" "64"
-set_fpm_value "pm.start_servers" "8"
-set_fpm_value "pm.min_spare_servers" "4"
-set_fpm_value "pm.max_spare_servers" "16"
 
 systemctl enable --now "${PHP_FPM_SERVICE}"
 systemctl restart "${PHP_FPM_SERVICE}"
 
 # =========================
-# VALKEY / REDIS
+# VALKEY
 # =========================
 log "Configuring Valkey/Redis"
-echo "Using config: ${KV_CONF}"
-echo "Using service: ${KV_SERVICE}"
-
 sed -ri 's|^port .*|port 0|' "${KV_CONF}"
-
 if grep -Eq '^[[:space:]]*unixsocket[[:space:]]+' "${KV_CONF}"; then
-  sed -ri "s|^[[:space:]]*unixsocket[[:space:]]+.*|unixsocket ${REDIS_SOCK}|" "${KV_CONF}"
+  sed -ri "s|^[[:space:]]*unixsocket[[:space:]]+.*|unixsocket ${KV_SOCK}|" "${KV_CONF}"
 else
-  printf "\nunixsocket %s\n" "${REDIS_SOCK}" >> "${KV_CONF}"
+  printf "\nunixsocket %s\nunixsocketperm 770\n" "${KV_SOCK}" >> "${KV_CONF}"
 fi
 
-if grep -Eq '^[[:space:]]*unixsocketperm[[:space:]]+' "${KV_CONF}"; then
-  sed -ri 's|^[[:space:]]*unixsocketperm[[:space:]]+.*|unixsocketperm 770|' "${KV_CONF}"
-else
-  printf "unixsocketperm 770\n" >> "${KV_CONF}"
-fi
-
-usermod -aG redis http 2>/dev/null || true
 usermod -aG valkey http 2>/dev/null || true
-
+usermod -aG redis http 2>/dev/null || true
 systemctl enable --now "${KV_SERVICE}"
 systemctl restart "${KV_SERVICE}"
 
@@ -265,32 +186,26 @@ systemctl restart "${KV_SERVICE}"
 log "Configuring Apache"
 HTTPD_CONF="/etc/httpd/conf/httpd.conf"
 
-sed -ri 's|^#(LoadModule proxy_module modules/mod_proxy.so)|\1|' "${HTTPD_CONF}"
-sed -ri 's|^#(LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so)|\1|' "${HTTPD_CONF}"
-sed -ri 's|^#(LoadModule rewrite_module modules/mod_rewrite.so)|\1|' "${HTTPD_CONF}"
-sed -ri 's|^#(LoadModule headers_module modules/mod_headers.so)|\1|' "${HTTPD_CONF}"
-sed -ri 's|^#(LoadModule remoteip_module modules/mod_remoteip.so)|\1|' "${HTTPD_CONF}" || true
-sed -ri 's|^#(LoadModule env_module modules/mod_env.so)|\1|' "${HTTPD_CONF}" || true
-sed -ri 's|^#(LoadModule mime_module modules/mod_mime.so)|\1|' "${HTTPD_CONF}" || true
-sed -ri 's|^#(LoadModule dir_module modules/mod_dir.so)|\1|' "${HTTPD_CONF}" || true
-sed -ri 's|^#(LoadModule setenvif_module modules/mod_setenvif.so)|\1|' "${HTTPD_CONF}" || true
+# Enable core modules
+for mod in proxy proxy_fcgi rewrite headers remoteip env mime dir setenvif dav dav_fs dav_lock; do
+  sed -ri "s|^#(LoadModule ${mod}_module)| \1|" "${HTTPD_CONF}"
+done
+
+# CLEANUP: Disable problematic default extra configs
+sed -i 's/^[[:space:]]*Include conf\/extra\/httpd-dav.conf/#&/' "${HTTPD_CONF}"
+sed -i 's/^[[:space:]]*Include conf\/extra\/httpd-autoindex.conf/#&/' "${HTTPD_CONF}"
+# Specifically remove any wildcard includes added by previous failed runs
+sed -i '/IncludeOptional conf\/extra\/\*\.conf/d' "${HTTPD_CONF}"
 
 if ! grep -Eq '^[[:space:]]*ServerName[[:space:]]+' "${HTTPD_CONF}"; then
   printf "\nServerName %s\n" "${DOMAIN}" >> "${HTTPD_CONF}"
 fi
 
-install -d -m 0755 /etc/httpd/conf/extra
-
-if ! grep -Fq "IncludeOptional conf/extra/*.conf" "${HTTPD_CONF}"; then
-  printf "\nIncludeOptional conf/extra/*.conf\n" >> "${HTTPD_CONF}"
+# Add the specific Nextcloud include ONLY
+if ! grep -Fq "Include conf/extra/nextcloud.conf" "${HTTPD_CONF}"; then
+  printf "\nInclude conf/extra/nextcloud.conf\n" >> "${HTTPD_CONF}"
 fi
 
-cat > /etc/httpd/conf/extra/remoteip-nextcloud.conf <<EOF
-RemoteIPHeader ${REAL_IP_HEADER}
-RemoteIPTrustedProxy 127.0.0.1
-RemoteIPTrustedProxy ::1
-EOF
-
 cat > /etc/httpd/conf/extra/nextcloud.conf <<EOF
 <VirtualHost *:80>
     ServerName ${DOMAIN}
@@ -304,135 +219,40 @@ cat > /etc/httpd/conf/extra/nextcloud.conf <<EOF
         <IfModule mod_dav.c>
             Dav off
         </IfModule>
-
-        <IfModule mod_headers.c>
-            Header always set Referrer-Policy "no-referrer"
-            Header always set X-Content-Type-Options "nosniff"
-            Header always set X-Frame-Options "SAMEORIGIN"
-            Header always set X-XSS-Protection "1; mode=block"
-        </IfModule>
     </Directory>
 
-    DirectoryIndex index.php index.html
-    LimitRequestBody 0
-    SetEnv HOME ${NC_DIR}
-    SetEnv HTTP_HOME ${NC_DIR}
-
     <FilesMatch "\.php$">
         SetHandler "proxy:unix:/run/php-fpm-legacy/php-fpm.sock|fcgi://localhost/"
     </FilesMatch>
-
-    ErrorLog "/var/log/httpd/nextcloud_error.log"
-    CustomLog "/var/log/httpd/nextcloud_access.log" combined
 </VirtualHost>
 EOF
 
-httpd -t
 systemctl enable --now httpd
-systemctl reload httpd
+systemctl restart httpd
 
 # =========================
-# DOWNLOAD NEXTCLOUD
+# DOWNLOAD & INSTALL
 # =========================
-log "Downloading official Nextcloud release"
+log "Downloading and Deploying Nextcloud"
 TMPDIR="$(mktemp -d)"
-trap 'rm -rf "$TMPDIR"' EXIT
-
 cd "$TMPDIR"
 curl -fsSLo nextcloud.tar.bz2 "${NC_TARBALL_URL}"
-curl -fsSLo nextcloud.tar.bz2.sha512 "${NC_SHA512_URL}"
-sha512sum -c nextcloud.tar.bz2.sha512
 tar -xjf nextcloud.tar.bz2
-
-log "Deploying Nextcloud"
 rm -rf "${NC_DIR}"
 mv nextcloud "${NC_DIR}"
-
 chown -R http:http "${NC_DIR}" "${NC_DATA_DIR}"
-find "${NC_DIR}" -type d -exec chmod 0750 {} \;
-find "${NC_DIR}" -type f -exec chmod 0640 {} \;
-chmod 0750 "${NC_DATA_DIR}"
 
-install -d -o http -g http -m 0750 "${NC_DIR}/config"
-install -d -o http -g http -m 0750 "${NC_DIR}/apps"
-
-# =========================
-# INSTALL NEXTCLOUD
-# =========================
 log "Running Nextcloud installer"
 sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" maintenance:install \
-  --database "mysql" \
-  --database-name "${DB_NAME}" \
-  --database-user "${DB_USER}" \
-  --database-pass "${DB_PASS}" \
-  --admin-user "${ADMIN_USER}" \
-  --admin-pass "${ADMIN_PASS}" \
+  --database "mysql" --database-name "${DB_NAME}" \
+  --database-user "${DB_USER}" --database-pass "${DB_PASS}" \
+  --admin-user "${ADMIN_USER}" --admin-pass "${ADMIN_PASS}" \
   --data-dir "${NC_DATA_DIR}"
 
-# =========================
-# REVERSE PROXY / HTTPS
-# =========================
-log "Applying reverse-proxy and HTTPS settings"
-sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set overwrite.cli.url --value="https://${DOMAIN}"
-sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set overwriteprotocol --value="https"
-
-if [[ "${TRUST_LOCAL_PROXY}" == "true" ]]; then
-  sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_proxies 0 --value="127.0.0.1"
-  sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_proxies 1 --value="::1"
-
-  if [[ "${REAL_IP_HEADER}" == "CF-Connecting-IP" ]]; then
-    sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set forwarded_for_headers 0 --value="HTTP_CF_CONNECTING_IP"
-  else
-    sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set forwarded_for_headers 0 --value="HTTP_X_FORWARDED_FOR"
-  fi
-fi
-
+# Apply Cache and Trusted Domain configs
 sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set trusted_domains 1 --value="${DOMAIN}"
-
-# =========================
-# CACHE / LOCKING
-# =========================
-log "Configuring APCu and Redis"
 sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.local --value='\OC\Memcache\APCu'
 sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set memcache.locking --value='\OC\Memcache\Redis'
-sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set redis --type=json --value="{\"host\":\"${REDIS_SOCK}\",\"port\":0,\"timeout\":1.5}"
+sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" config:system:set redis --type=json --value="{\"host\":\"${KV_SOCK}\",\"port\":0,\"timeout\":1.5}"
 
-# =========================
-# CRON
-# =========================
-log "Configuring cron background jobs"
-systemctl enable --now cronie
-
-cat > /etc/cron.d/nextcloud <<EOF
-*/5 * * * * http ${PHP_BIN} -f ${NC_DIR}/cron.php
-EOF
-
-chmod 0644 /etc/cron.d/nextcloud
-systemctl restart cronie
-
-# =========================
-# FINALIZE
-# =========================
-log "Finalizing"
-sudo -u http "${PHP_BIN}" "${NC_DIR}/occ" maintenance:update:htaccess || true
-
-echo
-echo "================================================================="
-echo " Nextcloud installed successfully"
-echo " URL:        https://${DOMAIN}"
-echo " Admin user: ${ADMIN_USER}"
-echo " Admin pass: ${ADMIN_PASS}"
-echo " Web root:   ${NC_DIR}"
-echo " Data dir:   ${NC_DATA_DIR}"
-echo " PHP:        ${PHP_BIN}"
-echo " FPM svc:    ${PHP_FPM_SERVICE}"
-echo " KV conf:    ${KV_CONF}"
-echo " KV service: ${KV_SERVICE}"
-echo "-----------------------------------------------------------------"
-echo " Services enabled:"
-echo "   - httpd"
-echo "   - ${PHP_FPM_SERVICE}"
-echo "   - mariadb"
-echo "   - ${KV_SERVICE}"
-echo "   - cronie"
-echo "================================================================="
\ No newline at end of file
+log "Installation Complete!"
\ No newline at end of file