2018-01-10 22:00:56 +01:00
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# privatebin application
#
# License
# =======
#
# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
PRIVATEBIN_DOMAIN_NAME=
PRIVATEBIN_CODE=
PRIVATEBIN_ONION_PORT=8150
PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin"
PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb'
PRIVATEBIN_ADMIN_PASSWORD=
privatebin_variables=(ONION_ONLY
PRIVATEBIN_DOMAIN_NAME
PRIVATEBIN_CODE
DDNS_PROVIDER
MY_USERNAME)
function secure_privatebin {
pbpath="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
pbdata="/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
htgroup='www-data'
rootuser='root'
find "${pbpath}/" -type f -print0 | xargs -0 chmod 0640
find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
find "${pbdata}/" -type f -print0 | xargs -0 chmod 0640
find "${pbdata}/" -type d -print0 | xargs -0 chmod 0750
chown -R ${rootuser}:${htgroup} "${pbpath}/"
}
function logging_on_privatebin {
echo -n ''
}
function logging_off_privatebin {
echo -n ''
}
function remove_user_privatebin {
remove_username="$1"
}
function add_user_privatebin {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_privatebin {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
PRIVATEBIN_DOMAIN_NAME='privatebin.local'
else
PRIVATEBIN_DETAILS_COMPLETE=
while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \
2018-01-10 22:08:24 +01:00
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
2018-01-10 22:00:56 +01:00
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2018-01-10 22:08:24 +01:00
$"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2018-01-10 22:00:56 +01:00
2> $data
else
dialog --backtitle $"Freedombone Configuration" \
--title $"PrivateBin Configuration" \
2018-01-10 22:08:24 +01:00
--form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
2018-01-10 22:00:56 +01:00
$"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
PRIVATEBIN_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
PRIVATEBIN_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
validate_freedns_code "$PRIVATEBIN_CODE"
if [ ! $VALID_CODE ]; then
PRIVATEBIN_DOMAIN_NAME=
fi
fi
fi
fi
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
PRIVATEBIN_DETAILS_COMPLETE="yes"
fi
done
write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
fi
write_config_param "PRIVATEBIN_DOMAIN_NAME" "$PRIVATEBIN_DOMAIN_NAME"
APP_INSTALLED=1
}
function change_password_privatebin {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_privatebin {
echo -n ''
}
function upgrade_privatebin {
CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit")
if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then
return
fi
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
secure_privatebin
}
function backup_local_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME}
function_check backup_directory_to_usb
dest_directory=privatebin
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
}
function restore_local_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then
return
fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
echo $"Restoring privatebin"
temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
else
cp -rp $temp_restore_dir/* $privatebin_dir/
fi
secure_privatebin
rm -rf $temp_restore_dir
fi
echo $"Restore of privatebin complete"
fi
}
function backup_remote_privatebin {
PRIVATEBIN_DOMAIN_NAME='privatebin'
if grep -q "privatebin domain" $COMPLETION_FILE; then
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
fi
source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check suspend_site
suspend_site ${PRIVATEBIN_DOMAIN_NAME}
function_check backup_directory_to_friend
dest_directory=privatebin
backup_directory_to_friend $source_directory $dest_directory
function_check restart_site
restart_site
}
function restore_remote_privatebin {
if ! grep -q "privatebin domain" $COMPLETION_FILE; then
return
fi
PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
if [ $PRIVATEBIN_DOMAIN_NAME ]; then
temp_restore_dir=/root/tempprivatebin
privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir privatebin
if [ -d $temp_restore_dir ]; then
if [ -d cp $temp_restore_dir$privatebin_dir ]; then
cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
else
cp -rp $temp_restore_dir/* $privatebin_dir/
fi
secure_privatebin
rm -rf $temp_restore_dir
fi
fi
}
function remove_privatebin {
if [ ${#PRIVATEBIN_DOMAIN_NAME} -eq 0 ]; then
return
fi
read_config_param "PRIVATEBIN_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $PRIVATEBIN_DOMAIN_NAME"
nginx_dissite $PRIVATEBIN_DOMAIN_NAME
remove_certs $PRIVATEBIN_DOMAIN_NAME
if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
fi
if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
fi
function_check remove_onion_service
remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
if grep -q "privatebin" /etc/crontab; then
sed -i "/privatebin/d" /etc/crontab
fi
remove_app privatebin
remove_completion_param install_privatebin
sed -i '/privatebin/d' $COMPLETION_FILE
function_check remove_ddns_domain
remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
}
function install_privatebin {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
echo $'No domain name was given for privatebin'
exit 7359
fi
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
if [ -d /repos/privatebin ]; then
mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
git pull
else
function_check git_clone
git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone privatebin repo'
exit 63763873
fi
fi
cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
function_check add_ddns_domain
add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
echo 'server {' >> $privatebin_nginx_site
echo ' listen 443 ssl;' >> $privatebin_nginx_site
echo ' listen [::]:443 ssl;' >> $privatebin_nginx_site
echo " server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
echo ' # Security' >> $privatebin_nginx_site
function_check nginx_ssl
nginx_ssl $PRIVATEBIN_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Logs' >> $privatebin_nginx_site
echo ' access_log /dev/null;' >> $privatebin_nginx_site
echo ' error_log /dev/null;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' index index.php;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' location ~ \.php {' >> $privatebin_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Location' >> $privatebin_nginx_site
echo ' location / {' >> $privatebin_nginx_site
function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site
echo ' deny all;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '}' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
else
echo -n '' > $privatebin_nginx_site
fi
echo 'server {' >> $privatebin_nginx_site
echo " listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
echo " server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
function_check nginx_compress
nginx_compress $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
echo '' >> $privatebin_nginx_site
echo ' # Logs' >> $privatebin_nginx_site
echo ' access_log /dev/null;' >> $privatebin_nginx_site
echo ' error_log /dev/null;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo " root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' index index.php;' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' location ~ \.php {' >> $privatebin_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
echo ' fastcgi_read_timeout 30;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Location' >> $privatebin_nginx_site
echo ' location / {' >> $privatebin_nginx_site
function_check nginx_limits
nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '' >> $privatebin_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
echo ' location ~ /\.(ht|git) {' >> $privatebin_nginx_site
echo ' deny all;' >> $privatebin_nginx_site
echo ' }' >> $privatebin_nginx_site
echo '}' >> $privatebin_nginx_site
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
function_check nginx_ensite
nginx_ensite $PRIVATEBIN_DOMAIN_NAME
cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
# Change some defaults
sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|limit =.*|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
sed -i 's|defaultformatter =.*|defaultformatter = "Markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
secure_privatebin
systemctl restart php7.0-fpm
systemctl restart nginx
set_completion_param "privatebin domain" "$PRIVATEBIN_DOMAIN_NAME"
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"
