freedombone/src/freedombone-app-lychee

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Lychee photo album
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS="full full-vim writer"

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

LYCHEE_DOMAIN_NAME=
LYCHEE_CODE=
LYCHEE_ONION_PORT=8105
LYCHEE_REPO="https://github.com/electerious/Lychee"
LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'

lychee_variables=(LYCHEE_REPO
                  LYCHEE_DOMAIN_NAME
                  LYCHEE_CODE
                  ONION_ONLY
                  DDNS_PROVIDER
                  MY_USERNAME)

function logging_on_lychee {
    echo -n ''
}

function logging_off_lychee {
    echo -n ''
}

function lychee_create_database {
    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
        LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
        if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
            LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
    if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
    create_database lychee "$LYCHEE_ADMIN_PASSWORD"
}

function remove_user_lychee {
    remove_username="$1"

    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
}

function add_user_lychee {
    if [[ $(app_is_installed lychee) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"

    "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"

    echo '0'
}

function install_interactive_lychee {
    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        LYCHEE_DOMAIN_NAME='lychee.local'
        write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE"
    fi
    APP_INSTALLED=1
}

function configure_interactive_lychee {
    function_check get_mariadb_password
    get_mariadb_password

    dialog --title $"Lychee Configuration" \
           --msgbox $"\\nYou can initially install the system with:\\n\\n  Username: root\\n  Password: $MARIADB_PASSWORD" 10 70
}


function change_password_lychee {
#    LYCHEE_USERNAME="$1"
    LYCHEE_PASSWORD="$2"
    if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
        echo $'Lychee password is too short'
        return
    fi
    # TODO: This doesn't actually change the password
    #${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD"
}

function reconfigure_lychee {
    echo -n ''
}

function upgrade_lychee {
    CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")
    if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then
        return
    fi

    read_config_param "LYCHEE_DOMAIN_NAME"

    function_check set_repo_commit
    set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO
}

function backup_local_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" "$COMPLETION_FILE"; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
    if [ -d "$lychee_path" ]; then
        function_check backup_database_to_usb
        backup_database_to_usb lychee

        backup_directory_to_usb "$lychee_path" lychee
        restart_site
    fi
}

function restore_local_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" "$COMPLETION_FILE"; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi
    if [ "$LYCHEE_DOMAIN_NAME" ]; then
        suspend_site "${LYCHEE_DOMAIN_NAME}"

        function_check lychee_create_database
        lychee_create_database

        function_check restore_database
        restore_database lychee "${LYCHEE_DOMAIN_NAME}"

        if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
            MARIADB_PASSWORD=
        fi

        restart_site
        chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
    fi
}

function backup_remote_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" "$COMPLETION_FILE"; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
    if [ -d "$temp_backup_dir" ]; then
        suspend_site "${LYCHEE_DOMAIN_NAME}"
        backup_database_to_friend lychee
        backup_directory_to_friend "$temp_backup_dir" lychee
        restart_site
    else
        echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
        exit 2578
    fi
}

function restore_remote_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" "$COMPLETION_FILE"; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    suspend_site "${LYCHEE_DOMAIN_NAME}"

    function_check restore_database_from_friend

    function_check lychee_create_database
    lychee_create_database

    restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"

    if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
        MARIADB_PASSWORD=
    fi

    restart_site
    chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
}

function remove_lychee {
    if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then
        return
    fi

    read_config_param "LYCHEE_DOMAIN_NAME"
    nginx_dissite "$LYCHEE_DOMAIN_NAME"
    remove_certs "${LYCHEE_DOMAIN_NAME}"

    drop_database lychee
    remove_backup_database_local lychee

    if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
        rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    fi
    if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
        rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
    fi
    remove_config_param LYCHEE_DOMAIN_NAME
    remove_config_param LYCHEE_CODE
    function_check remove_onion_service
    remove_onion_service lychee "${LYCHEE_ONION_PORT}"
    remove_completion_param "install_lychee"
    sed -i '/Lychee/d' "$COMPLETION_FILE"
    sed -i '/lychee/d' "$COMPLETION_FILE"

    function_check remove_ddns_domain
    remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
}

function install_lychee_website {
    function_check nginx_http_redirect
    nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
    { echo 'server {';
      echo '    listen 443 ssl;';
      echo '    #listen [::]:443 ssl;';
      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
      echo "    server_name $LYCHEE_DOMAIN_NAME;";
      echo '    access_log /dev/null;';
      echo "    error_log /dev/null;";
      echo '    index index.html;';
      echo '    charset utf-8;';
      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    function_check nginx_ssl
    nginx_ssl "$LYCHEE_DOMAIN_NAME"
    function_check nginx_disable_sniffing
    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
    { echo '    add_header Strict-Transport-Security "max-age=0;";';
      echo '';
      echo '    # rewrite to front controller as default rule';
      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    function_check nginx_limits
    nginx_limits "$LYCHEE_DOMAIN_NAME"
    { echo '    }';
      echo '';
      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
      echo '    # or a unix socket';
      echo '    location ~* \.php$ {';
      echo '        # Zero-day exploit defense.';
      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
      echo "        # Won't work properly (404 error) if the file is not stored on this";
      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
      echo "        # another machine. And then cross your fingers that you won't get hacked.";
      echo "        try_files \$uri \$uri/ /index.html;";
      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
      echo '        # With php-cgi alone:';
      echo '        # fastcgi_pass 127.0.0.1:9000;';
      echo '        # With php-fpm:';
      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
      echo '        include fastcgi_params;';
      echo '        fastcgi_read_timeout 30;';
      echo '        fastcgi_index index.html;';
      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
      echo '    }';
      echo '';
      echo '    # deny access to all dot files';
      echo '    location ~ /\. {';
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    #deny access to store';
      echo '    location ~ /store {';
      echo '        deny all;';
      echo '    }';
      echo '    location ~ /(data|conf|bin|inc)/ {';
      echo '      deny all;';
      echo '    }';
      echo '    location ~ /\.ht {';
      echo '      deny  all;';
      echo '    }';
      echo '}';
      echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}

function install_lychee_website_onion {
    { echo 'server {';
      echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
      echo "    server_name $LYCHEE_ONION_HOSTNAME;";
      echo '    access_log /dev/null;';
      echo "    error_log /dev/null;";
      echo '    index index.html;';
      echo '    charset utf-8;';
      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    function_check nginx_disable_sniffing
    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
    { echo '    add_header Strict-Transport-Security "max-age=0;";';
      echo '';
      echo '    # rewrite to front controller as default rule';
      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    function_check nginx_limits
    nginx_limits "$LYCHEE_DOMAIN_NAME"
    { echo '    }';
      echo '';
      echo '    # block these file types';
      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
      echo '    # or a unix socket';
      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    function_check nginx_limits
    nginx_limits "$LYCHEE_DOMAIN_NAME"
    { echo '        # Zero-day exploit defense.';
      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
      echo "        # Won't work properly (404 error) if the file is not stored on this";
      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
      echo "        # another machine. And then cross your fingers that you won't get hacked.";
      echo "        try_files \$uri \$uri/ /index.html;";
      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
      echo '        # With php-cgi alone:';
      echo '        # fastcgi_pass 127.0.0.1:9000;';
      echo '        # With php-fpm:';
      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
      echo '        include fastcgi_params;';
      echo '        fastcgi_read_timeout 30;';
      echo '        fastcgi_index index.html;';
      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
      echo '    }';
      echo '';
      echo '    # deny access to all dot files';
      echo '    location ~ /\. {';
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    #deny access to store';
      echo '    location ~ /store {';
      echo '        deny all;';
      echo '    }';
      echo '    location ~ /(data|conf|bin|inc)/ {';
      echo '      deny all;';
      echo '    }';
      echo '    location ~ /\.ht {';
      echo '      deny  all;';
      echo '    }';
      echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}

function install_lychee_from_repo {
    if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
        mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
    fi

    cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246

    if [ -d /repos/lychee ]; then
        mkdir htdocs
        cp -r -p /repos/lychee/. htdocs
        cd htdocs || exit 963756345
        git pull
    else
        git_clone "$LYCHEE_REPO" htdocs
    fi

    cd htdocs || exit 1437534858
    git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
    set_completion_param "lychee commit" "$LYCHEE_COMMIT"
}

function install_lychee {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
        echo $'The lychee domain name was not specified'
        exit 543672
    fi

    # for the avatar changing command
    apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl

    function_check install_lychee_from_repo
    install_lychee_from_repo

    if [[ $ONION_ONLY == "no" ]]; then
        function_check install_lychee_website
        install_lychee_website
    else
        echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
    fi

    LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})

    function_check install_lychee_website_onion
    install_lychee_website_onion

    function_check create_site_certificate
    create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'

    function_check configure_php
    configure_php

    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
    chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"

    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"

    function_check nginx_ensite
    nginx_ensite "$LYCHEE_DOMAIN_NAME"

    function_check install_mariadb
    install_mariadb

    function_check get_mariadb_password
    get_mariadb_password

    function_check lychee_create_database
    lychee_create_database

    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx

    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"

    function_check add_ddns_domain
    add_ddns_domain "$LYCHEE_DOMAIN_NAME"

    set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0
lychee app 2016-11-08 18:52:49 +01:00			`#!/bin/bash`
			`#`
			`# .---. . .`
			`# \| \| \|`
			`# \|--- .--. .-. .-. .-.\| .-. .--.--. \|.-. .-. .--. .-.`
			`# \| \| (.-' (.-' ( \| ( )\| \| \| \| )( )\| \| (.-'`
			`# ' ' --' --' -' - -' ' ' -' -' -' ' - --'`
			`#`
			`# Freedom in the Cloud`
			`#`
			`# Lychee photo album`
			`#`
			`# License`
			`# =======`
			`#`
Update year 2018-01-25 19:35:39 +01:00			`# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>`
lychee app 2016-11-08 18:52:49 +01:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Affero General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`VARIANTS="full full-vim writer"`

			`IN_DEFAULT_INSTALL=0`
			`SHOW_ON_ABOUT=1`

			`LYCHEE_DOMAIN_NAME=`
			`LYCHEE_CODE=`
			`LYCHEE_ONION_PORT=8105`
			`LYCHEE_REPO="https://github.com/electerious/Lychee"`
Bump Lychee commit 2017-05-12 19:06:51 +02:00			`LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'`
lychee app 2016-11-08 18:52:49 +01:00
			`lychee_variables=(LYCHEE_REPO`
			`LYCHEE_DOMAIN_NAME`
			`LYCHEE_CODE`
			`ONION_ONLY`
			`DDNS_PROVIDER`
			`MY_USERNAME)`

Placeholder functions for turning logging on or off 2017-07-01 20:14:28 +02:00			`function logging_on_lychee {`
			`echo -n ''`
			`}`

			`function logging_off_lychee {`
			`echo -n ''`
			`}`
lychee app 2016-11-08 18:52:49 +01:00
Use onion address 2016-11-08 19:26:06 +01:00			`function lychee_create_database {`
More tidying 2018-02-27 15:11:56 +01:00			`if [ -f "${IMAGE_PASSWORD_FILE}" ]; then`
			`LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"`
Change how the image password is used 2016-11-19 10:37:35 +01:00			`else`
More tidying 2018-02-27 15:11:56 +01:00			`if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then`
			`LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"`
Use onion address 2016-11-08 19:26:06 +01:00			`fi`
			`fi`
More tidying 2018-02-27 15:11:56 +01:00			`if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then`
Use onion address 2016-11-08 19:26:06 +01:00			`return`
			`fi`

			`function_check create_database`
			`create_database lychee "$LYCHEE_ADMIN_PASSWORD"`
			`}`

lychee app 2016-11-08 18:52:49 +01:00			`function remove_user_lychee {`
			`remove_username="$1"`

More tidying 2018-02-27 15:11:56 +01:00			`"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function add_user_lychee {`
			`if [[ $(app_is_installed lychee) == "0" ]]; then`
			`echo '0'`
			`return`
			`fi`

			`new_username="$1"`
			`new_user_password="$2"`

More tidying 2018-02-27 15:11:56 +01:00			`"${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"`
Replace readme with password store 2016-11-19 20:17:33 +01:00
lychee app 2016-11-08 18:52:49 +01:00			`echo '0'`
			`}`

			`function install_interactive_lychee {`
More tidying 2018-02-27 15:11:56 +01:00			`if [ ! "$ONION_ONLY" ]; then`
lychee app 2016-11-08 18:52:49 +01:00			`ONION_ONLY='no'`
			`fi`

			`if [[ $ONION_ONLY != "no" ]]; then`
			`LYCHEE_DOMAIN_NAME='lychee.local'`
			`write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME"`
			`else`
			`function_check interactive_site_details`
			`interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE"`
			`fi`
			`APP_INSTALLED=1`
			`}`

Lychee setup advice 2016-11-20 19:37:17 +01:00			`function configure_interactive_lychee {`
			`function_check get_mariadb_password`
			`get_mariadb_password`

			`dialog --title $"Lychee Configuration" \`
More tidying 2018-02-27 15:11:56 +01:00			`--msgbox $"\\nYou can initially install the system with:\\n\\n Username: root\\n Password: $MARIADB_PASSWORD" 10 70`
Lychee setup advice 2016-11-20 19:37:17 +01:00			`}`


lychee app 2016-11-08 18:52:49 +01:00			`function change_password_lychee {`
More tidying 2018-02-27 15:11:56 +01:00			`# LYCHEE_USERNAME="$1"`
lychee app 2016-11-08 18:52:49 +01:00			`LYCHEE_PASSWORD="$2"`
			`if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then`
			`echo $'Lychee password is too short'`
			`return`
			`fi`
Changing app passwords 2016-11-20 13:37:13 +01:00			`# TODO: This doesn't actually change the password`
			`#${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD"`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function reconfigure_lychee {`
			`echo -n ''`
			`}`

			`function upgrade_lychee {`
Improve upgrades So that commit changes are checked 2017-06-12 23:59:25 +02:00			`CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")`
			`if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then`
			`return`
			`fi`

lychee app 2016-11-08 18:52:49 +01:00			`read_config_param "LYCHEE_DOMAIN_NAME"`

			`function_check set_repo_commit`
			`set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO`
			`}`

			`function backup_local_lychee {`
			`LYCHEE_DOMAIN_NAME='lychee.local'`
More tidying 2018-02-27 15:11:56 +01:00			`if grep -q "lychee domain" "$COMPLETION_FILE"; then`
lychee app 2016-11-08 18:52:49 +01:00			`LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")`
			`fi`

More tidying 2018-02-27 15:11:56 +01:00			`lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"`
			`if [ -d "$lychee_path" ]; then`
Use onion address 2016-11-08 19:26:06 +01:00			`function_check backup_database_to_usb`
			`backup_database_to_usb lychee`
lychee app 2016-11-08 18:52:49 +01:00
More tidying 2018-02-27 15:11:56 +01:00			`backup_directory_to_usb "$lychee_path" lychee`
lychee app 2016-11-08 18:52:49 +01:00			`restart_site`
			`fi`
			`}`

			`function restore_local_lychee {`
			`LYCHEE_DOMAIN_NAME='lychee.local'`
More tidying 2018-02-27 15:11:56 +01:00			`if grep -q "lychee domain" "$COMPLETION_FILE"; then`
lychee app 2016-11-08 18:52:49 +01:00			`LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")`
			`fi`
More tidying 2018-02-27 15:11:56 +01:00			`if [ "$LYCHEE_DOMAIN_NAME" ]; then`
			`suspend_site "${LYCHEE_DOMAIN_NAME}"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00
Use onion address 2016-11-08 19:26:06 +01:00			`function_check lychee_create_database`
			`lychee_create_database`

			`function_check restore_database`
More tidying 2018-02-27 15:11:56 +01:00			`restore_database lychee "${LYCHEE_DOMAIN_NAME}"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00
More tidying 2018-02-27 15:11:56 +01:00			`if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then`
			`MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)`
			`sed -i "s\|dbPassword.*\|dbPassword = '$MARIADB_PASSWORD';\|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00			`MARIADB_PASSWORD=`
			`fi`

			`restart_site`
More tidying 2018-02-27 15:11:56 +01:00			`chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"`
lychee app 2016-11-08 18:52:49 +01:00			`fi`
			`}`

			`function backup_remote_lychee {`
Use onion address 2016-11-08 19:26:06 +01:00			`LYCHEE_DOMAIN_NAME='lychee.local'`
More tidying 2018-02-27 15:11:56 +01:00			`if grep -q "lychee domain" "$COMPLETION_FILE"; then`
lychee app 2016-11-08 18:52:49 +01:00			`LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")`
Use onion address 2016-11-08 19:26:06 +01:00			`fi`

			`temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs`
More tidying 2018-02-27 15:11:56 +01:00			`if [ -d "$temp_backup_dir" ]; then`
			`suspend_site "${LYCHEE_DOMAIN_NAME}"`
Use onion address 2016-11-08 19:26:06 +01:00			`backup_database_to_friend lychee`
More tidying 2018-02-27 15:11:56 +01:00			`backup_directory_to_friend "$temp_backup_dir" lychee`
Use onion address 2016-11-08 19:26:06 +01:00			`restart_site`
			`else`
			`echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"`
			`exit 2578`
lychee app 2016-11-08 18:52:49 +01:00			`fi`
			`}`

			`function restore_remote_lychee {`
Use onion address 2016-11-08 19:26:06 +01:00			`LYCHEE_DOMAIN_NAME='lychee.local'`
More tidying 2018-02-27 15:11:56 +01:00			`if grep -q "lychee domain" "$COMPLETION_FILE"; then`
lychee app 2016-11-08 18:52:49 +01:00			`LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")`
			`fi`
Use onion address 2016-11-08 19:26:06 +01:00
More tidying 2018-02-27 15:11:56 +01:00			`suspend_site "${LYCHEE_DOMAIN_NAME}"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00
Use onion address 2016-11-08 19:26:06 +01:00			`function_check restore_database_from_friend`

			`function_check lychee_create_database`
			`lychee_create_database`

More tidying 2018-02-27 15:11:56 +01:00			`restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00
More tidying 2018-02-27 15:11:56 +01:00			`if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then`
			`MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)`
			`sed -i "s\|dbPassword.*\|dbPassword = '$MARIADB_PASSWORD';\|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"`
Restoring lychee from backup 2018-01-21 13:02:13 +01:00			`MARIADB_PASSWORD=`
			`fi`

Use onion address 2016-11-08 19:26:06 +01:00			`restart_site`
More tidying 2018-02-27 15:11:56 +01:00			`chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function remove_lychee {`
			`if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then`
			`return`
			`fi`

			`read_config_param "LYCHEE_DOMAIN_NAME"`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_dissite "$LYCHEE_DOMAIN_NAME"`
			`remove_certs "${LYCHEE_DOMAIN_NAME}"`
Use onion address 2016-11-08 19:26:06 +01:00
			`drop_database lychee`
			`remove_backup_database_local lychee`

More tidying 2018-02-27 15:11:56 +01:00			`if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then`
			`rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`fi`
More tidying 2018-02-27 15:11:56 +01:00			`if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then`
			`rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`fi`
			`remove_config_param LYCHEE_DOMAIN_NAME`
			`remove_config_param LYCHEE_CODE`
			`function_check remove_onion_service`
More tidying 2018-02-27 15:11:56 +01:00			`remove_onion_service lychee "${LYCHEE_ONION_PORT}"`
lychee app 2016-11-08 18:52:49 +01:00			`remove_completion_param "install_lychee"`
More tidying 2018-02-27 15:11:56 +01:00			`sed -i '/Lychee/d' "$COMPLETION_FILE"`
			`sed -i '/lychee/d' "$COMPLETION_FILE"`
lychee app 2016-11-08 18:52:49 +01:00
			`function_check remove_ddns_domain`
More tidying 2018-02-27 15:11:56 +01:00			`remove_ddns_domain "$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function install_lychee_website {`
			`function_check nginx_http_redirect`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_http_redirect "$LYCHEE_DOMAIN_NAME"`
			`{ echo 'server {';`
			`echo ' listen 443 ssl;';`
			`echo ' #listen [::]:443 ssl;';`
			`echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";`
			`echo " server_name $LYCHEE_DOMAIN_NAME;";`
			`echo ' access_log /dev/null;';`
			`echo " error_log /dev/null;";`
			`echo ' index index.html;';`
			`echo ' charset utf-8;';`
			`echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_ssl`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_ssl "$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_disable_sniffing`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"`
			`{ echo ' add_header Strict-Transport-Security "max-age=0;";';`
			`echo '';`
			`echo ' # rewrite to front controller as default rule';`
			`echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_limits`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_limits "$LYCHEE_DOMAIN_NAME"`
			`{ echo ' }';`
			`echo '';`
			`echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';`
			`echo ' # or a unix socket';`
			`echo ' location ~* \.php$ {';`
			`echo ' # Zero-day exploit defense.';`
			`echo ' # http://forum.nginx.org/read.php?2,88845,page=3';`
			`echo " # Won't work properly (404 error) if the file is not stored on this";`
			`echo " # server, which is entirely possible with php-fpm/php-fcgi.";`
			`echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";`
			`echo " # another machine. And then cross your fingers that you won't get hacked.";`
			`echo " try_files \$uri \$uri/ /index.html;";`
			`echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';`
			`echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';`
			`echo ' # With php-cgi alone:';`
			`echo ' # fastcgi_pass 127.0.0.1:9000;';`
			`echo ' # With php-fpm:';`
			`echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';`
			`echo ' include fastcgi_params;';`
			`echo ' fastcgi_read_timeout 30;';`
			`echo ' fastcgi_index index.html;';`
			`echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";`
			`echo ' }';`
			`echo '';`
			`echo ' # deny access to all dot files';`
			`echo ' location ~ /\. {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo '';`
			`echo ' #deny access to store';`
			`echo ' location ~ /store {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo ' location ~ /(data\|conf\|bin\|inc)/ {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo ' location ~ /\.ht {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo '}';`
			`echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function install_lychee_website_onion {`
More tidying 2018-02-27 15:11:56 +01:00			`{ echo 'server {';`
			`echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";`
			`echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";`
			`echo " server_name $LYCHEE_ONION_HOSTNAME;";`
			`echo ' access_log /dev/null;';`
			`echo " error_log /dev/null;";`
			`echo ' index index.html;';`
			`echo ' charset utf-8;';`
			`echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_disable_sniffing`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"`
			`{ echo ' add_header Strict-Transport-Security "max-age=0;";';`
			`echo '';`
			`echo ' # rewrite to front controller as default rule';`
			`echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_limits`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_limits "$LYCHEE_DOMAIN_NAME"`
			`{ echo ' }';`
			`echo '';`
			`echo ' # block these file types';`
			`echo ' location ~* \.(tpl\|md\|tgz\|log\|out)$ {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo '';`
			`echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';`
			`echo ' # or a unix socket';`
			`echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_limits`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_limits "$LYCHEE_DOMAIN_NAME"`
			`{ echo ' # Zero-day exploit defense.';`
			`echo ' # http://forum.nginx.org/read.php?2,88845,page=3';`
			`echo " # Won't work properly (404 error) if the file is not stored on this";`
			`echo " # server, which is entirely possible with php-fpm/php-fcgi.";`
			`echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";`
			`echo " # another machine. And then cross your fingers that you won't get hacked.";`
			`echo " try_files \$uri \$uri/ /index.html;";`
			`echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';`
			`echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';`
			`echo ' # With php-cgi alone:';`
			`echo ' # fastcgi_pass 127.0.0.1:9000;';`
			`echo ' # With php-fpm:';`
			`echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';`
			`echo ' include fastcgi_params;';`
			`echo ' fastcgi_read_timeout 30;';`
			`echo ' fastcgi_index index.html;';`
			`echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";`
			`echo ' }';`
			`echo '';`
			`echo ' # deny access to all dot files';`
			`echo ' location ~ /\. {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo '';`
			`echo ' #deny access to store';`
			`echo ' location ~ /store {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo ' location ~ /(data\|conf\|bin\|inc)/ {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo ' location ~ /\.ht {';`
			`echo ' deny all;';`
			`echo ' }';`
			`echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`}`

			`function install_lychee_from_repo {`
More tidying 2018-02-27 15:11:56 +01:00			`if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then`
			`mkdir "/var/www/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`fi`

More tidying 2018-02-27 15:11:56 +01:00			`cd "/var/www/$LYCHEE_DOMAIN_NAME" \|\| exit 682468246`
Include repos within the image 2017-06-15 13:33:16 +02:00
			`if [ -d /repos/lychee ]; then`
			`mkdir htdocs`
Copying with hidden files 2017-06-17 19:37:06 +02:00			`cp -r -p /repos/lychee/. htdocs`
More tidying 2018-02-27 15:11:56 +01:00			`cd htdocs \|\| exit 963756345`
Include repos within the image 2017-06-15 13:33:16 +02:00			`git pull`
			`else`
More tidying 2018-02-27 15:11:56 +01:00			`git_clone "$LYCHEE_REPO" htdocs`
Include repos within the image 2017-06-15 13:33:16 +02:00			`fi`

More tidying 2018-02-27 15:11:56 +01:00			`cd htdocs \|\| exit 1437534858`
			`git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"`
lychee app 2016-11-08 18:52:49 +01:00			`set_completion_param "lychee commit" "$LYCHEE_COMMIT"`
			`}`

			`function install_lychee {`
			`if [ ! $ONION_ONLY ]; then`
			`ONION_ONLY='no'`
			`fi`

More tidying 2018-02-27 15:11:56 +01:00			`if [ ! "$LYCHEE_DOMAIN_NAME" ]; then`
lychee app 2016-11-08 18:52:49 +01:00			`echo $'The lychee domain name was not specified'`
			`exit 543672`
			`fi`

			`# for the avatar changing command`
Extra package 2017-06-03 18:42:22 +02:00			`apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl`
lychee app 2016-11-08 18:52:49 +01:00
			`function_check install_lychee_from_repo`
			`install_lychee_from_repo`

			`if [[ $ONION_ONLY == "no" ]]; then`
			`function_check install_lychee_website`
			`install_lychee_website`
			`else`
More tidying 2018-02-27 15:11:56 +01:00			`echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00			`fi`
Use onion address 2016-11-08 19:26:06 +01:00
			`LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})`

lychee app 2016-11-08 18:52:49 +01:00			`function_check install_lychee_website_onion`
			`install_lychee_website_onion`

			`function_check create_site_certificate`
More tidying 2018-02-27 15:11:56 +01:00			`create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'`
lychee app 2016-11-08 18:52:49 +01:00
			`function_check configure_php`
			`configure_php`

More tidying 2018-02-27 15:11:56 +01:00			`chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"`
			`chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"`
			`chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"`
lychee app 2016-11-08 18:52:49 +01:00
More tidying 2018-02-27 15:11:56 +01:00			`chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"`
			`chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"`
			`chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"`
			`chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"`
			`chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"`
Set lychee permissions 2016-11-30 14:55:41 +01:00
lychee app 2016-11-08 18:52:49 +01:00			`function_check nginx_ensite`
More tidying 2018-02-27 15:11:56 +01:00			`nginx_ensite "$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00
Use onion address 2016-11-08 19:26:06 +01:00			`function_check install_mariadb`
			`install_mariadb`

			`function_check get_mariadb_password`
			`get_mariadb_password`

			`function_check lychee_create_database`
			`lychee_create_database`

Restart mariadb after installations 2017-06-06 15:26:57 +02:00			`systemctl restart mariadb`
php daemon 2017-06-01 20:05:15 +02:00			`systemctl restart php7.0-fpm`
lychee app 2016-11-08 18:52:49 +01:00			`systemctl restart nginx`

More tidying 2018-02-27 15:11:56 +01:00			`"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"`
lychee app 2016-11-08 18:52:49 +01:00
			`function_check add_ddns_domain`
More tidying 2018-02-27 15:11:56 +01:00			`add_ddns_domain "$LYCHEE_DOMAIN_NAME"`
lychee app 2016-11-08 18:52:49 +01:00
			`set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"`
			`APP_INSTALLED=1`
			`}`

			`# NOTE: deliberately no exit 0`