still trying to get redis working

5 years ago · 034db8cfbd
20 changed files with 358 additions and 248 deletions
--- a/bin/build
+++ b/bin/build
@ -1,62 +0,0 @@
 #!/bin/bash
 # potential flags: custom tag, no squash, delete/redo, custom dir
 # Parameters
 if [[ $# -eq 0 ]]; then
        echo "Usage: $0 imagedir [containername]"
        exit 0
 fi
 if [[ ! -d $1 ]]; then
        echo "Error: directory \"$1\" not found."
        exit 1
 else
        proj=$1
 fi
 if [[ -n $2 ]]; then
        cont=$2
 else
        cont=$proj
 fi
 fail() {
        podman image rm $proj:$today
        podman rm -f $cont
        echo "Encountered unexpected error. Exiting."
        exit 2
 }
 today=$(date "+%Y-%m-%d-T%H%M")
 tag=latest
 # Main
 set -e
 cd $proj
 # execute install script if it exists
 # install script should be idempotent
 if [[ -f Install ]]; then
        ./Install
 fi
 # build image
 echo "Building container ..."
 podman build -f Containerfile -t $proj:$today -t $proj:$tag || fail
 #--squash
 # start container
 echo "Creating container ..."
 podman create --name $cont $proj:$today || fail
 podman start $cont || fail
 # Systemdfile is for commands that need systemd to execute
 echo "Running build steps that require systemd ..."
 podman exec $cont bash -c "if [ -f /root/Systemdfile ]; then /root/Systemdfile; fi" || fail
 echo "Finished!"
 # get container IP
 printf "Container IP is: "
 podman inspect -f '{{ .NetworkSettings.IPAddress }}' $cont
 #echo "Use this address to configure your reverse proxy"
 # todo: configure autostart service
 # todo: handle volumes
--- a/bin/launch
+++ b/bin/launch
@ -1,13 +0,0 @@
 #!/bin/bash
 if [[ -z $1 ]]; then
        echo "Usage: $0 image [name]"
        exit 1
 fi
 if [[ -z $2 ]]; then
        2=$1
 fi
 podman create --name $2 $1
 podman start $2
--- a/bin/pdm-build
+++ b/bin/pdm-build
@ -0,0 +1,57 @@
 #!/bin/bash
 # potential flags: custom tag, squash, delete/redo, custom dir, debug (don't delete tmp), custom build image
 # todo: configure autostart service
 # todo: handle volumes
 # Variables
 quit() {
        podman rm -f tmp-$epoch 2>&1 > /dev/null
        exit $1
 }
 today=$(date "+%Y-%m-%d-T%H%M")
 epoch=$(date "+%s.%3N")
 tag=latest
 # Handle errors/arguments
 if [[ $# -eq 0 ]]; then
        echo "Usage: $0 directory [image_name]"
        exit 0
 fi
 if [[ ! -d $1 ]]; then
        echo "Error: directory \"$1\" not found."
        exit 1
 fi
 cd $1
 if [[ -n $2 ]]; then
        name=$2
 else
        name=$(basename $(pwd))
 fi
 # Main
 # build image
 echo "Building container ..."
 podman build -f Containerfile -t tmp:$epoch || quit 2
 # start container
 echo "Creating container ..."
 podman create --name tmp-$epoch tmp:$epoch || quit 2
 podman start tmp-$epoch || quit 2
 # Systemdfile is for commands that need systemd to execute
 echo "Running build steps that require systemd ..."
 podman exec tmp-$epoch bash -c "if [ -f /root/Systemdfile ]; then /root/Systemdfile; fi" || quit 2
 # commit finalized container state to image
 echo "Committing container to image ..."
 podman commit tmp-$epoch $name:$today || quit 2
 # tag with latest tag
 podman tag $name:$today $name:$tag
 echo "Finished!"
 quit 0
--- a/bin/pdm-create
+++ b/bin/pdm-create
@ -0,0 +1,22 @@
 #!/bin/bash
 # potential flags: use other deploy config
 if [[ -z $1 ]]; then
        echo "Usage: $0 image [name]"
        exit 1
 fi
 image=$1
 if [[ -n $2 ]]; then
        name=$2
 else
        name=$image
 fi
 podman create --name $name $image
 podman start $name
 # get container IP
 printf "Container IP is: "
 podman inspect -f '{{ .NetworkSettings.IPAddress }}' $cont
--- a/bin/pdm-login
+++ b/bin/pdm-login
@ -0,0 +1,8 @@
 #!/bin/bash
 if [[ -z $1 ]]; then
        echo "Usage: $0 container"
        exit 1
 fi
 podman exec -it $1 su -l root
--- a/src/debian/Containerfile
+++ b/src/debian/Containerfile
@ -1,5 +1,7 @@
-FROM debian:stable
+ARG FROM_IMAGE="debian:stable"
 FROM ${FROM_IMAGE}
 CMD [ "/sbin/init" ]
 ENTRYPOINT [ "/sbin/init" ]
 # We can't use timedatectl because systemd isn't available
 # during the build process, so we have to set it manually
@ -11,6 +13,10 @@ RUN rm /etc/localtime && \
 # Install packages
 RUN apt update -y 
 RUN apt upgrade -y
-RUN apt install -y systemd sudo wget nano less
+RUN apt install -y init sudo wget nano less man-db
 RUN apt autoremove -y --purge
 RUN apt clean -y
 # Set configuration
 COPY resources/nanorc /etc/nanorc
 COPY resources/bash.bashrc /etc/bash.bashrc
--- a/src/debian/resources/bash.bashrc
+++ b/src/debian/resources/bash.bashrc
@ -0,0 +1,86 @@
 # System-wide .bashrc file for interactive bash(1) shells.
 # To enable the settings / commands in this file for login shells as well,
 # this file has to be sourced in /etc/profile.
 # If not running interactively, don't do anything
 [ -z "$PS1" ] && return
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
 shopt -s checkwinsize
 # set variable identifying the chroot you work in (used in the prompt below)
 if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
 fi
 # set purple promt inside container
 if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
    # We have color support; assume it's compliant with Ecma-48
    # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
    # a case would tend to support setf rather than setaf.)
    color_prompt=yes
 else
    color_prompt=
 fi
 if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;35m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
 else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
 fi
 unset color_prompt
 # Commented out, don't overwrite xterm -T "title" -n "icontitle" by default.
 # If this is an xterm set the title to user@host:dir
 #case "$TERM" in
 #xterm*|rxvt*)
 #    PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
 #    ;;
 #*)
 #    ;;
 #esac
 # enable bash completion in interactive shells
 #if ! shopt -oq posix; then
 #  if [ -f /usr/share/bash-completion/bash_completion ]; then
 #    . /usr/share/bash-completion/bash_completion
 #  elif [ -f /etc/bash_completion ]; then
 #    . /etc/bash_completion
 #  fi
 #fi
 # sudo hint
 if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then
    case " $(groups) " in *\ admin\ *|*\ sudo\ *)
    if [ -x /usr/bin/sudo ]; then
 	cat <<-EOF
 	To run a command as administrator (user "root"), use "sudo <command>".
 	See "man sudo_root" for details.
 	EOF
    fi
    esac
 fi
 # if the command-not-found package is installed, use it
 if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then
 	function command_not_found_handle {
 	        # check because c-n-f could've been removed in the meantime
                if [ -x /usr/lib/command-not-found ]; then
 		   /usr/lib/command-not-found -- "$1"
                   return $?
                elif [ -x /usr/share/command-not-found/command-not-found ]; then
 		   /usr/share/command-not-found/command-not-found -- "$1"
                   return $?
 		else
 		   printf "%s: command not found\n" "$1" >&2
 		   return 127
 		fi
 	}
 fi
 alias dir='ls -lFAh'
 alias rsyn='rsync -vaSH'
 alias sudo='sudo -S'
--- a/src/debian/resources/nanorc
+++ b/src/debian/resources/nanorc
@ -0,0 +1,41 @@
 ## Include all existing syntax definitions
 include "/usr/share/nano/*.nanorc"
 ## Use bold text instead of reverse video text.
 set boldtext
 ## Use cut-from-cursor-to-end-of-line by default.
 set cutfromcursor
 ## Display line numbers to the left of the text.
 set linenumbers
 ## Enable vim-style lock-files.
 set locking
 ## Enable soft line wrapping (AKA full-line display).
 set nowrap
 set softwrap
 ## Make the Home key smarter.
 set smarthome
 ## Use smooth scrolling as the default.
 set smooth
 ## Enable soft line wrapping (AKA full-line display).
 set softwrap
 ## Allow nano to be suspended.
 set suspend
 # set suspendable
 ## Convert typed tabs to spaces.
 set tabstospaces
 ## Give nano more "emacs-like" keybindings
 unbind ^G all
 unbind ^C all
 unbind ^Y main
 unbind ^_ main
 unbind M-% main
 unbind ^X main
 unbind ^L main
 unbind ^Q main
 bind ^G cancel all
 bind ^C exit all
 bind ^Y paste main
 bind ^_ undo main
 bind M-% replace main
 bind ^X refresh main
 bind ^L help main
 bind ^Q verbatim main
--- a/src/nextcloud/Containerfile
+++ b/src/nextcloud/Containerfile
@ -1,63 +1,110 @@
-### Meta ###
+###
-FROM localhost/debian
+### Meta Information
-
+###
 ARG FROM_IMAGE="localhost/debian"
 FROM ${FROM_IMAGE}
 # deploy options
 # -p (port) and -v (volume) both go host:container
 LABEL deploy.default="-p 10080:80 \
 -v /tank/files/user/mar:/vol/files/mar/files \
 -v /tank/files/db/nextcloud:/vol/db"
 # php and postgres versions. will depend on version of debian we are running
 ARG phpv=7.3
 ARG psqlv=11
-EXPOSE 80/tcp
+# database variables
 ENV DBUSER=ncadmin
 ENV DBNAME=nextcloud
 ###
 ### General Setup
 ###
-### Basics ###
+# install packages we want
 RUN apt update -y && apt install -y systemd sudo wget apache2 php-fpm \
    php-gd php-zip php-pgsql php-curl php-mbstring php-intl php-imagick \
    php-xml php-json redis-server php-redis postgresql postgresql-doc \
    unzip php-ldap
-RUN mkdir -p /srv/nextcloud/database /srv/nextcloud/files && chown -R www-data:www-data /srv/nextcloud
+# this is a bug workaround b/c testing is currently between versions of php. should be removed ideally
 RUN update-alternatives --set php /usr/bin/php7.3
 # change www-data's UID to the file owner UID
 RUN usermod --uid 5000 www-data && \
    groupmod --gid 5000 www-data && \
    chown -R www-data:www-data /var/www
 # make directories that we will be mounting into 
 RUN mkdir -p /vol/files/mar/files /vol/database && chown -R www-data:www-data /vol
 # copy our custom scripts
 COPY resources/bin/ /usr/local/bin/
-### Apache ###
+###
 ### Apache
 ###
 # enable modules we need
 RUN a2enmod rewrite headers env dir mime proxy_fcgi && a2enconf php${phpv}-fpm
 # copy site config
 COPY resources/apache/nextcloud.conf /etc/apache2/sites-available/
 WORKDIR /etc/apache2/sites-enabled
 RUN rm 000-default.conf && ln -s ../sites-available/nextcloud.conf
-### PHP ###
+###
 ### PHP
 ###
 # enable PHP interpreter
 RUN systemctl enable php${phpv}-fpm
 # copy php configuration
 COPY resources/php/php.ini /etc/php/${phpv}/fpm/
 COPY resources/php/www.conf /etc/php/${phpv}/fpm/pool.d/
-### Redis ###
+###
 ### Redis
 ###
 # copy redis config
 COPY --chown=redis:redis resources/redis.conf /etc/redis/
 # add www-data to redis group so it can use the socket
 RUN usermod -a -G redis www-data
 ###
 ### PostgreSQL ###
-COPY --chown=postgres:postgres resources/postgresql/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
+###
-COPY --chown=postgres:postgres resources/postgresql/redo.sql /usr/local/lib/psql/
+# configure PostgreSQL access
 COPY --chown=postgres:postgres resources/pg_hba.conf /etc/postgresql/${psqlv}/main/pg_hba.conf
-### Nextcloud ###
+###
-WORKDIR /var/www/html
+### Nextcloud
 ###
 # download nextcloud
 WORKDIR /var/www/html
 RUN wget https://download.nextcloud.com/server/releases/latest.zip && \
-    unzip latest.zip && \
+    unzip -q latest.zip && \
    chown -R www-data:www-data nextcloud && \
    rm latest.zip
 # copy nextcloud configuration file
 COPY --chown=www-data:www-data resources/my.config.php nextcloud/config/
-# TODO: install apps via occ
+###
 ### Crontab
 ###
 WORKDIR /root
 COPY resources/crontab .
 RUN crontab -u www-data crontab && rm crontab
-### Systemdfile ###
+###
 ### Systemdfile
 ###
 COPY Systemdfile /root/
 RUN chmod +x /root/Systemdfile
--- a/src/nextcloud/Systemdfile
+++ b/src/nextcloud/Systemdfile
@ -2,16 +2,29 @@
 # fail if any command returns error
 set -e
 set -x
 # wait 5 seconds to make sure all services have finished starting up
 sleep 5
 # make database for nextcloud
-db-redo
+db-make
 # install nextcloud
-nc-occ maintenance:install --data-dir "/srv/nextcloud/files/" --database "pgsql" --database-host "/var/run/postgresql" --database-name "nextcloud" --database-user "ncadmin" --database-pass "" --admin-user "admin" --admin-pass "admin"
+nc-occ maintenance:install --data-dir "/vol/files/" --database "pgsql" --database-host "/var/run/postgresql" --database-name "$DBNAME" --database-user "$DBUSER" --database-pass "" --admin-user "admin" --admin-pass "admin"
-# configure nextcloud options
+# configure nextcloud
 nc-occ maintenance:update:htaccess
 nc-occ db:add-missing-indices
 nc-occ db:convert-filecache-bigint
 # install extra apps we want
 nc-occ app:install calendar
 nc-occ app:install contacts
 nc-occ app:install notes
 # disable apps we don't want
 nc-occ app:disable comments federation files_trashbin files_versions firstrunwizard recommendations support survey_client systemtags
 # configure apps
 # currently set to one day; to set to one hour use 'PT1H'
 nc-occ config:app:set dav calendarSubscriptionRefreshRate --value P1D
--- a/src/nextcloud/resources/bin/db-dump
+++ b/src/nextcloud/resources/bin/db-dump
@ -1,38 +1,2 @@
 #!/bin/bash
-
+pg_dump -O -U $DBUSER -d $DBNAME -f $1
 hour=$(date +%H)
 day=$(date +%d)
 month=$(date +%m)
 year=$(date +%Y)
 dbdir=/srv/nextcloud/database
 dbname=nextcloud
 dbuser=ncadmin
 mkdir -p $dbdir
 cd $dbdir
 if [[ -z "$1" ]]; then
    echo "[$year-$month-$day] Error: called with missing hour parameter. Script exited without running." | tee error.log
    exit 1
 fi
 if [[ $hour == "$1" ]]; then
        nc-occ maintenance:mode --on
 fi
 pg_dump -U $dbuser -d $dbname > $dbname-hourly-$hour.sql 2>> error.log
 if [[ $hour == "$1" ]]; then
        nc-occ maintenance:mode --off
        mv $dbname-hourly-$hour.sql $dbname-daily-$day.sql 2>> error.log
 fi
 if [[ $day == "01" ]]; then
        mv $dbname-daily-$day.sql $dbname-$year-$month-$day.sql 2>> error.log
 fi
 # If error.log is size 0, erase it because I don't like seeing it
 if [[ ! -s ./error.log ]]; then
        rm error.log
 fi
--- a/src/nextcloud/resources/bin/db-load
+++ b/src/nextcloud/resources/bin/db-load
@ -0,0 +1,3 @@
 #!/bin/bash
 db-make
 psql -U $DBUSER -d $DBNAME -f $1
--- a/src/nextcloud/resources/bin/db-make
+++ b/src/nextcloud/resources/bin/db-make
@ -0,0 +1,12 @@
 #!/bin/bash
 cmd() {
        sudo -u postgres psql -c "$1"
 }
 cd /var/lib/postgresql
 cmd "DROP DATABASE IF EXISTS $DBNAME;"
 cmd "DROP USER IF EXISTS $DBUSER;"
 cmd "CREATE USER $DBUSER;"
 cmd "CREATE DATABASE $DBNAME;"
 cmd "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;"
--- a/src/nextcloud/resources/bin/db-redo
+++ b/src/nextcloud/resources/bin/db-redo
@ -1,2 +0,0 @@
 #!/bin/bash
 sudo -u postgres psql -f /usr/local/lib/psql/redo.sql
--- a/src/nextcloud/resources/bin/maint
+++ b/src/nextcloud/resources/bin/maint
@ -0,0 +1,36 @@
 #!/bin/bash
 hour=$(date +%H)
 day=$(date +%d)
 month=$(date +%m)
 year=$(date +%Y)
 dumpdir=/vol/db
 mkdir -p $dumpdir
 cd $dumpdir
 if [[ $# -lt 2 ]]; then
    echo "[$year-$month-$day] Error: called with missing hour and/or day parameter. Script exited without running." | tee error.log
    exit 1
 fi
 if [[ $hour == $1 ]]; then
        nc-occ maintenance:mode --on
 fi
 db-dump $DBNAME-hourly-$hour.sql 2>> error.log
 if [[ $hour == $1 ]]; then
        nc-occ maintenance:mode --off
        mv $DBNAME-hourly-$hour.sql $DBNAME-daily-$day.sql 2>> error.log
        if [[ $day == $2 ]]; then
                mv $DBNAME-daily-$day.sql $DBNAME-$year-$month-$day.sql 2>> error.log
        fi
 fi
 # If error.log is size 0, erase it because I don't like seeing it
 if [[ ! -s ./error.log ]]; then
        rm error.log
 fi
--- a/src/nextcloud/resources/crontab
+++ b/src/nextcloud/resources/crontab
@ -2,6 +2,6 @@
 # Run Nextcloud cron tasks every 5 minutes
 */5 *  *   *   *     php -f /var/www/html/nextcloud/cron.php
 # Dump database every hour
-10  *  *   *   *     /usr/local/bin/db-dump 01
+10  *  *   *   *     /usr/local/bin/maint 01 01
 # Scan for new files every 15 minutes
 */15 * *   *   *     nc-occ files:scan --all
--- a/src/nextcloud/resources/my.config.php
+++ b/src/nextcloud/resources/my.config.php
@ -36,5 +36,4 @@ $CONFIG = array(
    'timeout' => 0.0,
  ),
 **/
 );
--- a/src/nextcloud/resources/pg_hba.conf
+++ b/src/nextcloud/resources/pg_hba.conf
@ -0,0 +1 @@
 local   all             all                                     trust
--- a/src/nextcloud/resources/postgresql/pg_hba.conf
+++ b/src/nextcloud/resources/postgresql/pg_hba.conf
@ -1,102 +0,0 @@
 # PostgreSQL Client Authentication Configuration File
 # ===================================================
 #
 # Refer to the "Client Authentication" section in the PostgreSQL
 # documentation for a complete description of this file.  A short
 # synopsis follows.
 #
 # This file controls: which hosts are allowed to connect, how clients
 # are authenticated, which PostgreSQL user names they can use, which
 # databases they can access.  Records take one of these forms:
 #
 # local      DATABASE  USER  METHOD  [OPTIONS]
 # host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 # hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 # hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 #
 # (The uppercase items must be replaced by actual values.)
 #
 # The first field is the connection type: "local" is a Unix-domain
 # socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
 # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
 # plain TCP/IP socket.
 #
 # DATABASE can be "all", "sameuser", "samerole", "replication", a
 # database name, or a comma-separated list thereof. The "all"
 # keyword does not match "replication". Access to replication
 # must be enabled in a separate record (see example below).
 #
 # USER can be "all", a user name, a group name prefixed with "+", or a
 # comma-separated list thereof.  In both the DATABASE and USER fields
 # you can also write a file name prefixed with "@" to include names
 # from a separate file.
 #
 # ADDRESS specifies the set of hosts the record matches.  It can be a
 # host name, or it is made up of an IP address and a CIDR mask that is
 # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
 # specifies the number of significant bits in the mask.  A host name
 # that starts with a dot (.) matches a suffix of the actual host name.
 # Alternatively, you can write an IP address and netmask in separate
 # columns to specify the set of hosts.  Instead of a CIDR-address, you
 # can write "samehost" to match any of the server's own IP addresses,
 # or "samenet" to match any address in any subnet that the server is
 # directly connected to.
 #
 # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
 # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
 # Note that "password" sends passwords in clear text; "md5" or
 # "scram-sha-256" are preferred since they send encrypted passwords.
 #
 # OPTIONS are a set of options for the authentication in the format
 # NAME=VALUE.  The available options depend on the different
 # authentication methods -- refer to the "Client Authentication"
 # section in the documentation for a list of which options are
 # available for which authentication methods.
 #
 # Database and user names containing spaces, commas, quotes and other
 # special characters must be quoted.  Quoting one of the keywords
 # "all", "sameuser", "samerole" or "replication" makes the name lose
 # its special character, and just match a database or username with
 # that name.
 #
 # This file is read on server startup and when the server receives a
 # SIGHUP signal.  If you edit the file on a running system, you have to
 # SIGHUP the server for the changes to take effect, run "pg_ctl reload",
 # or execute "SELECT pg_reload_conf()".
 #
 # Put your actual configuration here
 # ----------------------------------
 #
 # If you want to allow non-local connections, you need to add more
 # "host" records.  In that case you will also need to make PostgreSQL
 # listen on a non-local interface via the listen_addresses
 # configuration parameter, or via the -i or -h command line switches.
 # DO NOT DISABLE!
 # If you change this first entry you will need to make sure that the
 # database superuser can access the database using some other method.
 # Noninteractive access to all databases is required during automatic
 # maintenance (custom daily cronjobs, replication, and similar tasks).
 #
 # Database administrative login by Unix domain socket
 local   all             postgres                                peer
 # Allow connection to Unix domain socket without authentication
 local   all             ncadmin                                 trust
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 # "local" is for Unix domain socket connections only
 #local   all             all                                     peer
 # IPv4 local connections:
 #host    all             all             127.0.0.1/32            md5
 # IPv6 local connections:
 #host    all             all             ::1/128                 md5
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 #local   replication     all                                     peer
 #host    replication     all             127.0.0.1/32            md5
 #host    replication     all             ::1/128                 md5
--- a/src/nextcloud/resources/postgresql/redo.sql
+++ b/src/nextcloud/resources/postgresql/redo.sql
@ -1,6 +0,0 @@
 DROP DATABASE IF EXISTS nextcloud;
 DROP USER IF EXISTS ncadmin;
 CREATE USER ncadmin;
 CREATE DATABASE nextcloud;
 GRANT ALL PRIVILEGES ON DATABASE nextcloud TO ncadmin;
	`@ -1,2 +0,0 @@`
		`#!/bin/bash`
		`sudo -u postgres psql -f /usr/local/lib/psql/redo.sql`