free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More tidying

This commit is contained in:
Bob Mottram 2018-02-27 14:11:56 +00:00
parent 8848ea40ef
commit 5479d49dc9
18 changed files with 3558 additions and 3517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

463
src/freedombone-app-etherpad
View File

@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite"
ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6'
ETHERPAD_ADMIN_PASSWORD=
ETHERPAD_TITLE=$'Freedombone Docs'
ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
etherpad_variables=(ONION_ONLY
DEFAULT_DOMAIN_NAME
@ -67,109 +67,109 @@ function change_password_etherpad {
read_config_param ETHERPAD_DOMAIN_NAME
if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json")
if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
else
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
fi
${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
"${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2"
systemctl restart etherpad
fi
}
function etherpad_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME
create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME"
}
function create_etherpad_settings {
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
echo '{' > $settings_file
echo " \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file
echo ' "favicon": "favicon.ico",' >> $settings_file
settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
{ echo '{';
echo " \"title\": \"${ETHERPAD_TITLE}\",";
echo ' "favicon": "favicon.ico",';
echo ' "ip": "127.0.0.1",' >> $settings_file
echo " \"port\" : ${ETHERPAD_PORT}," >> $settings_file
echo ' "ip": "127.0.0.1",';
echo " \"port\" : ${ETHERPAD_PORT},";
echo ' "showSettingsInAdminPage" : true,' >> $settings_file
echo ' "dbType" : "mysql",' >> $settings_file
echo ' "dbSettings" : {' >> $settings_file
echo ' "user" : "root",' >> $settings_file
echo ' "host" : "localhost",' >> $settings_file
echo " \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file
echo ' "database": "etherpad",' >> $settings_file
echo ' "charset" : "utf8mb4"' >> $settings_file
echo ' },' >> $settings_file
echo ' "showSettingsInAdminPage" : true,';
echo ' "dbType" : "mysql",';
echo ' "dbSettings" : {';
echo ' "user" : "root",';
echo ' "host" : "localhost",';
echo " \"password\": \"${MARIADB_PASSWORD}\",";
echo ' "database": "etherpad",';
echo ' "charset" : "utf8mb4"';
echo ' },';
echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file
echo " \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\",";
echo ' "padOptions": {' >> $settings_file
echo ' "noColors": false,' >> $settings_file
echo ' "showControls": true,' >> $settings_file
echo ' "showChat": true,' >> $settings_file
echo ' "showLineNumbers": false,' >> $settings_file
echo ' "useMonospaceFont": false,' >> $settings_file
echo ' "userName": false,' >> $settings_file
echo ' "userColor": true,' >> $settings_file
echo ' "rtl": false,' >> $settings_file
echo ' "alwaysShowChat": true,' >> $settings_file
echo ' "chatAndUsers": true,' >> $settings_file
echo ' "lang": "en-gb"' >> $settings_file
echo ' },' >> $settings_file
echo ' "padOptions": {';
echo ' "noColors": false,';
echo ' "showControls": true,';
echo ' "showChat": true,';
echo ' "showLineNumbers": false,';
echo ' "useMonospaceFont": false,';
echo ' "userName": false,';
echo ' "userColor": true,';
echo ' "rtl": false,';
echo ' "alwaysShowChat": true,';
echo ' "chatAndUsers": true,';
echo ' "lang": "en-gb"';
echo ' },';
echo ' "suppressErrorsInPadText" : true,' >> $settings_file
echo ' "requireSession" : false,' >> $settings_file
echo ' "editOnly" : false,' >> $settings_file
echo ' "sessionNoPassword" : false,' >> $settings_file
echo ' "minify" : true,' >> $settings_file
echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file
echo ' "abiword" : null,' >> $settings_file
echo ' "soffice" : null,' >> $settings_file
echo ' "tidyHtml" : null,' >> $settings_file
echo ' "allowUnknownFileEnds" : false,' >> $settings_file
echo ' "requireAuthentication" : true,' >> $settings_file
echo ' "requireAuthorization" : true,' >> $settings_file
echo ' "trustProxy" : false,' >> $settings_file
echo ' "disableIPlogging" : true,' >> $settings_file
echo ' "suppressErrorsInPadText" : true,';
echo ' "requireSession" : false,';
echo ' "editOnly" : false,';
echo ' "sessionNoPassword" : false,';
echo ' "minify" : true,';
echo ' "maxAge" : 21600, // 60 * 60 * 6 = 6 hours';
echo ' "abiword" : null,';
echo ' "soffice" : null,';
echo ' "tidyHtml" : null,';
echo ' "allowUnknownFileEnds" : false,';
echo ' "requireAuthentication" : true,';
echo ' "requireAuthorization" : true,';
echo ' "trustProxy" : false,';
echo ' "disableIPlogging" : true,';
echo ' "users": {' >> $settings_file
echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
echo ' },' >> $settings_file
echo ' "users": {';
echo " \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }";
echo ' },';
echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
echo ' "loadTest": false,' >> $settings_file
echo ' "indentationOnNewLine": false,' >> $settings_file
echo ' "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],';
echo ' "loadTest": false,';
echo ' "indentationOnNewLine": false,';
echo ' "toolbar": {' >> $settings_file
echo ' "left": [' >> $settings_file
echo ' ["bold", "italic", "underline", "strikethrough"],' >> $settings_file
echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file
echo ' ["undo", "redo"],' >> $settings_file
echo ' ["clearauthorship"]' >> $settings_file
echo ' ],' >> $settings_file
echo ' "right": [' >> $settings_file
echo ' ["importexport", "timeslider", "savedrevision"],' >> $settings_file
echo ' ["settings", "embed"],' >> $settings_file
echo ' ["showusers"]' >> $settings_file
echo ' ],' >> $settings_file
echo ' "timeslider": [' >> $settings_file
echo ' ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file
echo ' ]' >> $settings_file
echo ' },' >> $settings_file
echo ' "loglevel": "INFO"' >> $settings_file
echo '}' >> $settings_file
echo ' "toolbar": {';
echo ' "left": [';
echo ' ["bold", "italic", "underline", "strikethrough"],';
echo ' ["orderedlist", "unorderedlist", "indent", "outdent"],';
echo ' ["undo", "redo"],';
echo ' ["clearauthorship"]';
echo ' ],';
echo ' "right": [';
echo ' ["importexport", "timeslider", "savedrevision"],';
echo ' ["settings", "embed"],';
echo ' ["showusers"]';
echo ' ],';
echo ' "timeslider": [';
echo ' ["timeslider_export", "timeslider_returnToPad"]';
echo ' ]';
echo ' },';
echo ' "loglevel": "INFO"';
echo '}'; } > $settings_file
chmod 600 $settings_file
}
@ -177,7 +177,7 @@ function remove_user_etherpad {
remove_username="$1"
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad
if grep -q "\"$remove_username\": {" $settings_file; then
sed -i "/\"$remove_username\": {/d" $settings_file
@ -191,7 +191,7 @@ function add_user_etherpad {
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
if ! grep -q "\"$new_username\": {" $settings_file; then
${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2"
sed -i "/\"users\": {/a \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
if grep -q "\"$new_username\": {" $settings_file; then
systemctl restart etherpad
@ -204,11 +204,11 @@ function add_user_etherpad {
}
function install_interactive_etherpad {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
ETHERPAD_DOMAIN_NAME='etherpad.local'
write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME"
else
@ -220,18 +220,17 @@ function install_interactive_etherpad {
function etherpad_set_title {
read_config_param "ETHERPAD_TITLE"
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Etherpad Title" \
--backtitle $"Freedombone Control Panel" \
--inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data
--inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data"
sel=$?
case $sel in
0)
temp_title=$(<$data)
temp_title=$(<"$data")
if [ ${#temp_title} -gt 0 ]; then
ETHERPAD_TITLE="$temp_title"
settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE"
sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file
@ -241,22 +240,22 @@ function etherpad_set_title {
fi
;;
esac
rm -f "$data"
}
function etherpad_set_welcome_message {
read_config_param "ETHERPAD_WELCOME_MESSAGE"
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Etherpad Welcome Message" \
--backtitle $"Freedombone Control Panel" \
--inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data
--inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data"
sel=$?
case $sel in
0)
temp_welcome=$(<$data)
temp_welcome=$(<"$data")
if [ ${#temp_welcome} -gt 0 ]; then
ETHERPAD_WELCOME_MESSAGE="$temp_welcome"
settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE"
sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file
@ -266,29 +265,33 @@ function etherpad_set_welcome_message {
fi
;;
esac
rm -f "$data"
}
function configure_interactive_etherpad {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Etherpad Settings" \
--radiolist $"Choose an operation:" 12 70 3 \
1 $"Set Title" off \
2 $"Set a welcome message" off \
3 $"Exit" on 2> $data
3 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
case $(cat $data) in
case $(cat "$data") in
1) etherpad_set_title;;
2) etherpad_set_welcome_message;;
3) break;;
3) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -311,18 +314,18 @@ function upgrade_etherpad {
function backup_local_etherpad {
ETHERPAD_DOMAIN_NAME='etherpad'
if grep -q "etherpad domain" $COMPLETION_FILE; then
if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
fi
source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
if [ -d "$source_directory" ]; then
dest_directory=etherpad
function_check suspend_site
suspend_site ${ETHERPAD_DOMAIN_NAME}
suspend_site "${ETHERPAD_DOMAIN_NAME}"
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb
backup_database_to_usb etherpad
@ -333,50 +336,50 @@ function backup_local_etherpad {
}
function restore_local_etherpad {
if ! grep -q "etherpad domain" $COMPLETION_FILE; then
if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then
return
fi
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
if [ $ETHERPAD_DOMAIN_NAME ]; then
if [ "$ETHERPAD_DOMAIN_NAME" ]; then
temp_restore_dir=/root/tempetherpad
etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
#etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
function_check etherpad_create_database
etherpad_create_database
restore_database etherpad ${ETHERPAD_DOMAIN_NAME}
restore_database etherpad "${ETHERPAD_DOMAIN_NAME}"
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
MARIADB_PASSWORD=
fi
}
function backup_remote_etherpad {
if grep -q "etherpad domain" $COMPLETION_FILE; then
if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -d "$temp_backup_dir" ]; then
function_check suspend_site
suspend_site ${ETHERPAD_DOMAIN_NAME}
suspend_site "${ETHERPAD_DOMAIN_NAME}"
function_check backup_database_to_friend
backup_database_to_friend etherpad
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir etherpad
backup_directory_to_friend "$temp_backup_dir" etherpad
function_check restart_site
restart_site
@ -387,29 +390,29 @@ function backup_remote_etherpad {
}
function restore_remote_etherpad {
if grep -q "etherpad domain" $COMPLETION_FILE; then
if grep -q "etherpad domain" "$COMPLETION_FILE"; then
ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
function_check etherpad_create_database
etherpad_create_database
function_check restore_database_from_friend
restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME}
restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}"
if [ -d /root/tempetherpad ]; then
rm -rf /root/tempetherpad
fi
chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
MARIADB_PASSWORD=
fi
}
@ -427,13 +430,13 @@ function remove_etherpad {
rm /etc/systemd/system/etherpad.service
fi
systemctl daemon-reload
nginx_dissite $ETHERPAD_DOMAIN_NAME
remove_certs $ETHERPAD_DOMAIN_NAME
if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
rm -rf /var/www/$ETHERPAD_DOMAIN_NAME
nginx_dissite "$ETHERPAD_DOMAIN_NAME"
remove_certs "$ETHERPAD_DOMAIN_NAME"
if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME"
fi
function_check drop_database
drop_database etherpad
@ -441,7 +444,7 @@ function remove_etherpad {
remove_onion_service etherpad ${ETHERPAD_ONION_PORT}
remove_app etherpad
remove_completion_param install_etherpad
sed -i '/etherpad/d' $COMPLETION_FILE
sed -i '/etherpad/d' "$COMPLETION_FILE"
remove_backup_database_local etherpad
remove_nodejs etherpad
@ -449,22 +452,22 @@ function remove_etherpad {
userdel -r etherpad
function_check remove_ddns_domain
remove_ddns_domain $ETHERPAD_DOMAIN_NAME
remove_ddns_domain "$ETHERPAD_DOMAIN_NAME"
}
function install_etherpad {
if [ ! $ETHERPAD_DOMAIN_NAME ]; then
if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then
echo $'No domain name was given for etherpad'
exit 7359
fi
check_ram_availability 2000
if [ -f $IMAGE_PASSWORD_FILE ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
@ -484,133 +487,133 @@ function install_etherpad {
function_check install_nodejs
install_nodejs etherpad
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
mkdir /var/www/$ETHERPAD_DOMAIN_NAME
if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
mkdir "/var/www/$ETHERPAD_DOMAIN_NAME"
fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/etherpad ]; then
mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346
git pull
else
function_check git_clone
git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
fi
if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone etherpad repo'
exit 56382
fi
fi
cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT
cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824
git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT"
set_completion_param "etherpad commit" "$ETHERPAD_COMMIT"
chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
function_check etherpad_create_database
etherpad_create_database
function_check add_ddns_domain
add_ddns_domain $ETHERPAD_DOMAIN_NAME
add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
create_etherpad_settings
adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad
chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/
adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad
chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/"
echo '[Unit]' > /etc/systemd/system/etherpad.service
echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service
echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service
echo '' >> /etc/systemd/system/etherpad.service
echo '[Service]' >> /etc/systemd/system/etherpad.service
echo 'Type=simple' >> /etc/systemd/system/etherpad.service
echo 'User=etherpad' >> /etc/systemd/system/etherpad.service
echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service
echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service
echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service
echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service
echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service
echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service
echo '' >> /etc/systemd/system/etherpad.service
echo '[Install]' >> /etc/systemd/system/etherpad.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service
{ echo '[Unit]';
echo 'Description=etherpad-lite (real-time collaborative document editing)';
echo 'After=syslog.target network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=etherpad';
echo 'Group=etherpad';
echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs";
echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh";
echo 'Restart=on-failure';
echo 'SuccessExitStatus=3 4';
echo 'RestartForceExitStatus=3 4';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service
chmod +x /etc/systemd/system/etherpad.service
etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $ETHERPAD_DOMAIN_NAME
echo 'server {' >> $etherpad_nginx_site
echo ' listen 443 ssl;' >> $etherpad_nginx_site
echo ' #listen [::]:443 ssl;' >> $etherpad_nginx_site
echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' # Security' >> $etherpad_nginx_site
nginx_http_redirect "$ETHERPAD_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $ETHERPAD_DOMAIN_NAME;";
echo '';
echo ' # Security'; } >> "$etherpad_nginx_site"
function_check nginx_ssl
nginx_ssl $ETHERPAD_DOMAIN_NAME
nginx_ssl "$ETHERPAD_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' # Logs' >> $etherpad_nginx_site
echo ' access_log /dev/null;' >> $etherpad_nginx_site
echo ' error_log /dev/null;' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' # Root' >> $etherpad_nginx_site
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' location / {' >> $etherpad_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
echo '';
echo ' location / {'; } >> "$etherpad_nginx_site"
function_check nginx_limits
nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site
echo '}' >> $etherpad_nginx_site
nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
{ echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;";
echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;';
echo ' }';
echo '}'; } >> "$etherpad_nginx_site"
else
echo -n '' > $etherpad_nginx_site
echo -n '' > "$etherpad_nginx_site"
fi
echo 'server {' >> $etherpad_nginx_site
echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site
echo " server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
echo " server_name $ETHERPAD_ONION_HOSTNAME;";
echo ''; } >> "$etherpad_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
echo '' >> $etherpad_nginx_site
echo ' # Logs' >> $etherpad_nginx_site
echo ' access_log /dev/null;' >> $etherpad_nginx_site
echo ' error_log /dev/null;' >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' # Root' >> $etherpad_nginx_site
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
echo '' >> $etherpad_nginx_site
echo ' location / {' >> $etherpad_nginx_site
nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
echo '';
echo ' location / {'; } >> "$etherpad_nginx_site"
function_check nginx_limits
nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
echo ' proxy_buffering off;' >> $etherpad_nginx_site
echo ' }' >> $etherpad_nginx_site
echo '}' >> $etherpad_nginx_site
nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
{ echo " proxy_pass http://localhost:${ETHERPAD_PORT}/;";
echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;';
echo ' }';
echo '}'; } >> "$etherpad_nginx_site"
function_check create_site_certificate
create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes'
create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes'
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then
mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then
mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi
if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
fi
if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
fi
usermod -a -G ssl-cert etherpad
@ -623,14 +626,14 @@ function install_etherpad {
backup_database_local etherpad
function_check nginx_ensite
nginx_ensite $ETHERPAD_DOMAIN_NAME
nginx_ensite "$ETHERPAD_DOMAIN_NAME"
ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT})
${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain $ETHERPAD_DOMAIN_NAME
add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"

241
src/freedombone-app-fedwiki
View File

@ -127,7 +127,7 @@ function add_user_fedwiki {
}
function install_interactive_fedwiki {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -148,7 +148,7 @@ function change_password_fedwiki {
echo $'Fedwiki password is too short'
return
fi
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
"${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
systemctl daemon-reload
@ -177,12 +177,12 @@ function upgrade_fedwiki {
function backup_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME}
suspend_site "${FEDWIKI_DOMAIN_NAME}"
fedwiki_path=$FEDWIKI_DATA
if [ -d $fedwiki_path ]; then
@ -195,11 +195,11 @@ function backup_local_fedwiki {
function restore_local_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
if [ $FEDWIKI_DOMAIN_NAME ]; then
suspend_site ${FEDWIKI_DOMAIN_NAME}
if [ "$FEDWIKI_DOMAIN_NAME" ]; then
suspend_site "${FEDWIKI_DOMAIN_NAME}"
systemctl stop fedwiki
temp_restore_dir=/root/tempfedwiki
@ -215,8 +215,8 @@ function restore_local_fedwiki {
rm -rf $temp_restore_dir
fi
FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
"${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
systemctl daemon-reload
@ -227,12 +227,12 @@ function restore_local_fedwiki {
function backup_remote_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME}
suspend_site "${FEDWIKI_DOMAIN_NAME}"
temp_backup_dir=$FEDWIKI_DATA
if [ -d $temp_backup_dir ]; then
@ -248,12 +248,12 @@ function backup_remote_fedwiki {
function restore_remote_fedwiki {
FEDWIKI_DOMAIN_NAME='fedwiki.local'
if grep -q "fedwiki domain" $COMPLETION_FILE; then
if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
fi
systemctl stop fedwiki
suspend_site ${FEDWIKI_DOMAIN_NAME}
suspend_site "${FEDWIKI_DOMAIN_NAME}"
temp_restore_dir=/root/tempfedwiki
function_check restore_directory_from_friend
@ -268,8 +268,8 @@ function restore_remote_fedwiki {
rm -rf $temp_restore_dir
fi
FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
"${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
systemctl daemon-reload
@ -294,20 +294,20 @@ function remove_fedwiki {
remove_nodejs fedwiki
read_config_param "FEDWIKI_DOMAIN_NAME"
nginx_dissite $FEDWIKI_DOMAIN_NAME
remove_certs ${FEDWIKI_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
nginx_dissite "$FEDWIKI_DOMAIN_NAME"
remove_certs "${FEDWIKI_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
fi
if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then
rm -rf /var/www/$FEDWIKI_DOMAIN_NAME
if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
fi
remove_config_param FEDWIKI_DOMAIN_NAME
remove_config_param FEDWIKI_CODE
function_check remove_onion_service
remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
remove_completion_param "install_fedwiki"
sed -i '/fedwiki/d' $COMPLETION_FILE
sed -i '/fedwiki/d' "$COMPLETION_FILE"
groupdel -f fedwiki
userdel -r fedwiki
@ -317,101 +317,102 @@ function remove_fedwiki {
fi
function_check remove_ddns_domain
remove_ddns_domain $FEDWIKI_DOMAIN_NAME
remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
}
function fedwiki_setup_web {
fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > $fedwiki_nginx_file
echo ' listen 80;' >> $fedwiki_nginx_file
echo ' listen [::]:80;' >> $fedwiki_nginx_file
echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file
echo '}' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo 'server {' >> $fedwiki_nginx_file
echo ' listen 443 ssl;' >> $fedwiki_nginx_file
echo ' #listen [::]:443 ssl;' >> $fedwiki_nginx_file
echo " server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
if [[ "$ONION_ONLY" == "no" ]]; then
{ echo 'server {';
echo ' listen 80;';
echo ' listen [::]:80;';
echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo " rewrite ^ https://\$server_name\$request_uri? permanent;";
echo '}';
echo '';
echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $FEDWIKI_DOMAIN_NAME;";
echo ''; } > "$fedwiki_nginx_file"
function_check nginx_ssl
nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
sed -i '/X-Download-Options/d' $fedwiki_nginx_file
sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file
sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
echo ' }' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location / {' >> $fedwiki_nginx_file
echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file
echo ' }' >> $fedwiki_nginx_file
echo '}' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
{ echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }';
echo '';
echo ' location / {';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;';
echo ' }';
echo '}';
echo ''; } >> "$fedwiki_nginx_file"
else
echo -n '' > $fedwiki_nginx_file
echo -n '' > "$fedwiki_nginx_file"
fi
echo 'server {' >> $fedwiki_nginx_file
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
echo " server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
echo ' alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
echo ' }' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location / {' >> $fedwiki_nginx_file
echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
echo ' proxy_set_header Host $host;' >> $fedwiki_nginx_file
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file
echo ' }' >> $fedwiki_nginx_file
echo '}' >> $fedwiki_nginx_file
{ echo 'server {';
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
echo " server_name $FEDWIKI_ONION_HOSTNAME;";
echo '';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo '';
echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;';
echo ' }';
echo '';
echo ' location / {';
echo " proxy_pass http://localhost:${FEDWIKI_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' client_max_body_size 1M;';
echo ' }';
echo '}'; } >> "$fedwiki_nginx_file"
function_check create_site_certificate
create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes'
create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
function_check nginx_ensite
nginx_ensite $FEDWIKI_DOMAIN_NAME
nginx_ensite "$FEDWIKI_DOMAIN_NAME"
}
function install_fedwiki {
if [[ $VARIANT == "mesh"* ]]; then
# shellcheck disable=SC2153
if [[ "$VARIANT" == "mesh"* ]]; then
return
fi
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [ ! $FEDWIKI_DOMAIN_NAME ]; then
if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
echo $'The fedwiki domain name was not specified'
exit 893635
fi
if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then
mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs
if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
fi
if [ ! -d $FEDWIKI_DATA ]; then
@ -429,14 +430,12 @@ function install_fedwiki {
apt-get -yq install fonts-font-awesome
npm install -g wiki@$FEDWIKI_VERSION
if [ ! "$?" = "0" ]; then
if ! npm install -g wiki@$FEDWIKI_VERSION; then
echo $'Failed to install fedwiki'
exit 6293523
fi
npm install -g wiki-security-friends@0.1.0
if [ ! "$?" = "0" ]; then
if ! npm install -g wiki-security-friends@0.1.0; then
echo $'Failed to install wiki-security-friends'
exit 783533
fi
@ -457,44 +456,44 @@ function install_fedwiki {
FEDWIKI_COOKIE="$(create_password 20)"
fi
echo '[Unit]' > /etc/systemd/system/fedwiki.service
echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service
echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service
echo 'After=network.target' >> /etc/systemd/system/fedwiki.service
echo '' >> /etc/systemd/system/fedwiki.service
echo '[Service]' >> /etc/systemd/system/fedwiki.service
echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
echo 'Restart=always' >> /etc/systemd/system/fedwiki.service
echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service
echo '' >> /etc/systemd/system/fedwiki.service
echo '[Install]' >> /etc/systemd/system/fedwiki.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
{ echo '[Unit]';
echo 'Description=Fedwiki federated wiki';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=fedwiki';
echo 'Group=fedwiki';
echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
echo 'StandardOutput=syslog';
echo 'StandardError=syslog';
echo 'SyslogIdentifier=fedwiki';
echo 'Restart=always';
echo "Environment=NODE_ENV=production";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
if [ ! -d ${FEDWIKI_DATA}/status ]; then
mkdir -p ${FEDWIKI_DATA}/status
fi
fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
echo '{' > $fedwiki_auth_file
echo " \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
echo ' "friend": {' >> $fedwiki_auth_file
echo " \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
echo ' }' >> $fedwiki_auth_file
echo '}' >> $fedwiki_auth_file
{ echo '{';
echo " \"name\": \"${MY_USERNAME}\",";
echo ' "friend": {';
echo " \"secret\": \"${FEDWIKI_COOKIE}\"";
echo ' }';
echo '}'; } > $fedwiki_auth_file
chown -R fedwiki:fedwiki $FEDWIKI_DATA
fedwiki_setup_web
${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
function_check add_ddns_domain
add_ddns_domain $FEDWIKI_DOMAIN_NAME
add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
fedwiki_remove_bad_links

498
src/freedombone-app-friendica
View File

@ -60,7 +60,7 @@ function logging_off_friendica {
function remove_user_friendica {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica
}
function add_user_friendica {
@ -71,27 +71,26 @@ function add_user_friendica {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password"
echo '0'
}
function friendica_renew_cert {
dialog --title $"Renew SSL certificate" \
--backtitle $"Freedombone Control Panel" \
--yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
--yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
sel=$?
case $sel in
1) return;;
255) return;;
esac
FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Renew SSL certificate" \
--msgbox $"Friendica install directory not found" 6 40
return
fi
${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt'
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then
any_key
else
dialog --title $"Renew SSL certificate" \
@ -100,52 +99,54 @@ function friendica_renew_cert {
}
function friendica_channel_directory_server {
if ! grep -q "friendica domain" $COMPLETION_FILE; then
if ! grep -q "friendica domain" "$COMPLETION_FILE"; then
dialog --title $"Friendica channel directory server" \
--msgbox $"Friendica is not installed on this system" 6 40
return
fi
FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Friendica channel directory server" \
--msgbox $"Friendica install directory not found" 6 40
return
fi
CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}')
CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}')
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Friendica channel directory server" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data
sel=$?
case $sel in
0)
friendica_domain_server=$(<$data)
friendica_domain_server=$(<"$data")
if [[ "$friendica_domain_server" != *"."* ]]; then
rm -f "$data"
return
fi
if [[ "$friendica_domain_server" != "http"* ]]; then
dialog --title $"Friendica channel directory server" \
--msgbox $"Invalid domain - include the https://" 6 40
rm -f "$data"
return
fi
sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica channel directory server" \
--msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40
;;
esac
rm -f "$data"
}
function friendica_close_registrations {
sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica Account Registrations" \
--msgbox $"New registrations are now closed" 6 40
}
function friendica_allow_registrations {
sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
dialog --title $"Friendica Account Registrations" \
--msgbox $"New registrations are permitted" 6 40
}
@ -153,8 +154,7 @@ function friendica_allow_registrations {
function configure_interactive_friendica {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Friendica" \
--radiolist $"Choose an operation:" 15 70 6 \
@ -162,19 +162,21 @@ function configure_interactive_friendica {
2 $"Renew SSL certificate" off \
3 $"Close new account registrations" off \
4 $"Allow new account registrations" off \
5 $"Back to main menu" on 2> $data
5 $"Back to main menu" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) friendica_channel_directory_server;;
2) friendica_renew_cert;;
3) friendica_close_registrations;;
4) friendica_allow_registrations;;
5) break;;
5) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -190,7 +192,7 @@ function install_interactive_friendica {
}
function change_password_friendica {
FRIENDICA_USERNAME="$1"
#FRIENDICA_USERNAME="$1"
FRIENDICA_PASSWORD="$2"
if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then
echo $'Friendica password is too short'
@ -201,14 +203,14 @@ function change_password_friendica {
}
function friendica_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi
if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
return
fi
@ -229,17 +231,17 @@ function upgrade_friendica {
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
function_check set_repo_commit
set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
}
function backup_local_friendica {
friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
if [ -d $friendica_path ]; then
friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
if [ -d "$friendica_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb friendica
backup_directory_to_usb $friendica_path friendica
backup_directory_to_usb "$friendica_path" friendica
fi
}
@ -250,31 +252,31 @@ function restore_local_friendica {
function_check friendica_create_database
friendica_create_database
restore_database friendica ${FRIENDICA_DOMAIN_NAME}
if [ -d $USB_MOUNT/backup/friendica ]; then
if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then
mkdir -p $friendica_dir/store/[data]/smarty3
restore_database friendica "${FRIENDICA_DOMAIN_NAME}"
if [ -d "$USB_MOUNT/backup/friendica" ]; then
if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then
mkdir -p "$friendica_dir/store/[data]/smarty3"
fi
chmod 1777 $friendica_dir/store/[data]/smarty3
chown -R www-data:www-data $friendica_dir/*
chmod 1777 "$friendica_dir/store/[data]/smarty3"
chown -R www-data:www-data "$friendica_dir/*"
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
MARIADB_PASSWORD=
fi
}
function backup_remote_friendica {
temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
suspend_site ${FRIENDICA_DOMAIN_NAME}
temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
if [ -d "$temp_backup_dir" ]; then
suspend_site "${FRIENDICA_DOMAIN_NAME}"
backup_database_to_friend friendica
echo "Backing up Friendica installation"
backup_directory_to_friend $temp_backup_dir friendica
backup_directory_to_friend "$temp_backup_dir" friendica
restart_site
echo "Backup of Friendica complete"
else
@ -289,21 +291,21 @@ function restore_remote_friendica {
function_check friendica_create_database
friendica_create_database
restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME}
if [ -d $SERVER_DIRECTORY/backup/friendica ]; then
if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}"
if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then
if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
fi
chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*
chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*"
fi
if [ -d /root/tempfriendica ]; then
rm -rf /root/tempfriendica
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
MARIADB_PASSWORD=
}
@ -311,35 +313,35 @@ function remove_friendica {
if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then
return
fi
nginx_dissite $FRIENDICA_DOMAIN_NAME
remove_certs ${FRIENDICA_DOMAIN_NAME}
if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
rm -rf /var/www/$FRIENDICA_DOMAIN_NAME
nginx_dissite "$FRIENDICA_DOMAIN_NAME"
remove_certs "${FRIENDICA_DOMAIN_NAME}"
if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
fi
function_check drop_database
drop_database friendica
function_check remove_onion_service
remove_onion_service friendica ${FRIENDICA_ONION_PORT}
sed -i '/friendica/d' $COMPLETION_FILE
sed -i '/friendica/d' "$COMPLETION_FILE"
sed -i '/poller.php/d' /etc/crontab
function_check remove_ddns_domain
remove_ddns_domain $FRIENDICA_DOMAIN_NAME
remove_ddns_domain "$FRIENDICA_DOMAIN_NAME"
}
function install_friendica {
if [ ! $FRIENDICA_DOMAIN_NAME ]; then
if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
return
fi
FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
function_check install_mariadb
install_mariadb
@ -354,38 +356,38 @@ function install_friendica {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached
if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
mkdir /var/www/$FRIENDICA_DOMAIN_NAME
if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
mkdir "/var/www/$FRIENDICA_DOMAIN_NAME"
fi
if [ ! -d $FRIENDICA_PATH ]; then
mkdir $FRIENDICA_PATH
if [ ! -d "$FRIENDICA_PATH" ]; then
mkdir "$FRIENDICA_PATH"
fi
if [ ! -f $FRIENDICA_PATH/index.php ]; then
cd $INSTALL_DIR
if [ ! -f "$FRIENDICA_PATH/index.php" ]; then
cd "$INSTALL_DIR" || exit 2346824864
if [ -d /repos/friendica ]; then
mkdir friendica
cp -r -p /repos/friendica/. friendica
cd friendica
cd friendica || exit 24682462
git pull
else
function_check git_clone
git_clone $FRIENDICA_REPO friendica
git_clone "$FRIENDICA_REPO" friendica
fi
git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
rm -rf $FRIENDICA_PATH
mv friendica $FRIENDICA_PATH
rm -rf "$FRIENDICA_PATH"
mv friendica "$FRIENDICA_PATH"
git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon
cd $FRIENDICA_PATH/addon
git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT
git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon"
cd "$FRIENDICA_PATH/addon" || exit 34835685
git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT"
set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT"
chown -R www-data:www-data $FRIENDICA_PATH
chown -R www-data:www-data "$FRIENDICA_PATH"
fi
FRIENDICA_ONION_HOSTNAME=
@ -400,158 +402,158 @@ function install_friendica {
fi
function_check add_ddns_domain
add_ddns_domain $FRIENDICA_DOMAIN_NAME
add_ddns_domain "$FRIENDICA_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then
if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $FRIENDICA_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_http_redirect "$FRIENDICA_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root $FRIENDICA_PATH;";
echo " server_name $FRIENDICA_DOMAIN_NAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl $FRIENDICA_DOMAIN_NAME
nginx_ssl "$FRIENDICA_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $FRIENDICA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_limits "$FRIENDICA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $FRIENDICA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_limits "$FRIENDICA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
else
echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_limits $FRIENDICA_DOMAIN_NAME
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
nginx_limits $FRIENDICA_DOMAIN_NAME
nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
{ echo 'server {';
echo " listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;";
echo " root $FRIENDICA_PATH;";
echo " server_name $FRIENDICA_ONION_HOSTNAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo ' try_files $uri $uri/ /index.php;';
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
fi
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes'
create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes'
if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then
mkdir $FRIENDICA_PATH/view/tpl/smarty3
if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then
mkdir "$FRIENDICA_PATH/view/tpl/smarty3"
fi
if [ ! -d "$FRIENDICA_PATH/store" ]; then
mkdir "$FRIENDICA_PATH/store"
@ -563,9 +565,9 @@ function install_friendica {
mkdir "$FRIENDICA_PATH/store/[data]/smarty3"
chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3"
fi
chmod 1777 $FRIENDICA_PATH/view/tpl
chmod 1777 "$FRIENDICA_PATH/view/tpl"
chown -R www-data:www-data "$FRIENDICA_PATH/store"
chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3
chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3"
# Ensure that the database gets backed up locally, if remote
# backups are not being used
@ -575,55 +577,55 @@ function install_friendica {
function_check backup_database_local
backup_database_local friendica
chown -R www-data:www-data $FRIENDICA_PATH
chown -R www-data:www-data "$FRIENDICA_PATH"
function_check nginx_ensite
nginx_ensite $FRIENDICA_DOMAIN_NAME
nginx_ensite "$FRIENDICA_DOMAIN_NAME"
# initialize the database
if [ ! -f $FRIENDICA_PATH/database.sql ]; then
if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then
echo $'No database schema found for friendica'
exit 252782
fi
function_check initialise_database
initialise_database friendica $FRIENDICA_PATH/database.sql
initialise_database friendica "$FRIENDICA_PATH/database.sql"
# create the config file
echo '<?php' > $FRIENDICA_PATH/.htconfig.php
echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php
{ echo '<?php';
echo "\$db_host = 'localhost';";
echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'friendica';";
echo "\$default_timezone = 'Europe/London';"; } > "$FRIENDICA_PATH/.htconfig.php"
if [[ $ONION_ONLY == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
else
echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
fi
echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php
echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php
chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
chmod 755 $FRIENDICA_PATH/.htconfig.php
{ echo "\$a->config['sitename'] = \"Friendica\";";
echo "\$a->config['register_policy'] = REGISTER_OPEN;";
echo "\$a->config['register_text'] = '';";
echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';";
echo "\$a->config['system']['no_regfullname'] = true;";
echo "\$a->config['max_import_size'] = 200000;";
echo "\$a->config['system']['maximagesize'] = 800000;";
echo "\$a->config['php_path'] = '/usr/bin/php';";
echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';";
echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';";
echo "\$a->config['system']['theme'] = 'vier';";
echo "\$a->config['system']['huburl'] = '[internal]';";
echo "\$a->config['system']['language'] = 'en';";
echo "\$a->config['system']['rino_encrypt'] = 2;";
echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php"
chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php"
chmod 755 "$FRIENDICA_PATH/.htconfig.php"
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
systemctl restart cron
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
"${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}"
APP_INSTALLED=1

380
src/freedombone-app-ghost
View File

@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
function ghost_bust {
# kill the started ghost process
kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1)
kill -9 $kill_pid
kill_pid=$(pgrep "ghost run" | head -n 1)
kill -9 "$kill_pid"
kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
kill -9 $kill_pid
kill_pid=$(pgrep "ghost" | head -n 1)
kill -9 "$kill_pid"
kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
kill -9 $kill_pid
kill_pid=$(pgrep "ghost" | head -n 1)
kill -9 "$kill_pid"
}
function logging_on_ghost {
@ -77,9 +77,9 @@ function ghost_replace_jquery {
sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current
find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \;
find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \;
cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
}
function ghost_rss_button {
@ -98,14 +98,14 @@ function ghost_remove_offsite_links {
ghost_rss_button
# remove google font links
cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \;
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
# copy jquery locally
previous_jquery_version='1.12.0'
jquery_version='1.12.4'
if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
wget https://code.jquery.com/jquery-${jquery_version}.js
jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@ -119,27 +119,27 @@ function ghost_remove_offsite_links {
}
function ghost_replace_proprietary_services {
replace_file=$1
replace_file="$1"
sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file
sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file
sed -i 's|Twitter Username|GNU Social Username|g' $replace_file
sed -i 's|twitter.com|quitter.se|g' $replace_file
sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file
sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file
sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file
sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file
sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file
sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file
sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file
sed -i 's|facebook value|hubzilla value|g' $replace_file
sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
sed -i 's|twitter.com|quitter.se|g' "$replace_file"
sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
sed -i 's|facebook value|hubzilla value|g' "$replace_file"
sed -i '/<section class="share">/,/<\/section>/d' $replace_file
sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
}
function ghost_replace_services {
@ -163,7 +163,7 @@ function add_user_ghost {
}
function install_interactive_ghost {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -178,13 +178,13 @@ function install_interactive_ghost {
}
function change_password_ghost {
GHOST_USERNAME="$1"
#GHOST_USERNAME="$1"
GHOST_PASSWORD="$2"
if [ ${#GHOST_PASSWORD} -lt 8 ]; then
echo $'Ghost password is too short'
return
fi
#${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD"
#"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
}
function reconfigure_ghost {
@ -206,7 +206,7 @@ function upgrade_ghost {
systemctl stop ghost
ghost_bust
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
npm i -g ghost-cli
/usr/local/bin/ghost update &
@ -220,26 +220,26 @@ function upgrade_ghost {
chown -R root:root /usr/local/lib
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
systemctl restart ghost
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
}
function backup_local_ghost {
GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then
if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
suspend_site ${GHOST_DOMAIN_NAME}
suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcontent
if [ -d "$ghost_path" ]; then
backup_directory_to_usb "$ghost_path" ghostcontent
fi
ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $ghost_path ]; then
backup_directory_to_usb $ghost_path ghostcurrent
if [ -d "$ghost_path" ]; then
backup_directory_to_usb "$ghost_path" ghostcurrent
fi
systemctl start ghost
@ -248,26 +248,26 @@ function backup_local_ghost {
function restore_local_ghost {
GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then
if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
if [ $GHOST_DOMAIN_NAME ]; then
suspend_site ${GHOST_DOMAIN_NAME}
if [ "$GHOST_DOMAIN_NAME" ]; then
suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost
temp_restore_dir=/root/tempghostcontent
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcontent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
rm -rf $temp_restore_dir
fi
@ -275,15 +275,15 @@ function restore_local_ghost {
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
fi
chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
rm -rf $temp_restore_dir
fi
@ -294,15 +294,15 @@ function restore_local_ghost {
function backup_remote_ghost {
GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then
if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
suspend_site ${GHOST_DOMAIN_NAME}
suspend_site "${GHOST_DOMAIN_NAME}"
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
if [ -d $temp_backup_dir ]; then
backup_directory_to_friend $temp_backup_dir ghostcontent
if [ -d "$temp_backup_dir" ]; then
backup_directory_to_friend "$temp_backup_dir" ghostcontent
else
restart_site
echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
@ -310,8 +310,8 @@ function backup_remote_ghost {
fi
temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
if [ -d $temp_backup_dir ]; then
backup_directory_to_friend $temp_backup_dir ghostcurrent
if [ -d "$temp_backup_dir" ]; then
backup_directory_to_friend "$temp_backup_dir" ghostcurrent
else
restart_site
echo $"Ghost domain specified but not found in $temp_backup_dir"
@ -323,10 +323,10 @@ function backup_remote_ghost {
function restore_remote_ghost {
GHOST_DOMAIN_NAME='ghost.local'
if grep -q "ghost domain" $COMPLETION_FILE; then
if grep -q "ghost domain" "$COMPLETION_FILE"; then
GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
fi
suspend_site ${GHOST_DOMAIN_NAME}
suspend_site "${GHOST_DOMAIN_NAME}"
systemctl stop ghost
@ -334,15 +334,15 @@ function restore_remote_ghost {
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcontent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
rm -rf $temp_restore_dir
fi
@ -350,15 +350,15 @@ function restore_remote_ghost {
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ghostcurrent
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
else
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
fi
cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
fi
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
rm -rf $temp_restore_dir
fi
@ -382,27 +382,27 @@ function remove_ghost {
remove_nodejs ghost
read_config_param "GHOST_DOMAIN_NAME"
nginx_dissite $GHOST_DOMAIN_NAME
remove_certs ${GHOST_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
nginx_dissite "$GHOST_DOMAIN_NAME"
remove_certs "${GHOST_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
fi
if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
rm -rf /var/www/$GHOST_DOMAIN_NAME
if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
rm -rf "/var/www/$GHOST_DOMAIN_NAME"
fi
remove_config_param GHOST_DOMAIN_NAME
remove_config_param GHOST_CODE
function_check remove_onion_service
remove_onion_service ghost ${GHOST_ONION_PORT}
remove_completion_param "install_ghost"
sed -i '/Ghost/d' $COMPLETION_FILE
sed -i '/ghost/d' $COMPLETION_FILE
sed -i '/Ghost/d' "$COMPLETION_FILE"
sed -i '/ghost/d' "$COMPLETION_FILE"
groupdel -f ghost
userdel -r ghost
function_check remove_ddns_domain
remove_ddns_domain $GHOST_DOMAIN_NAME
remove_ddns_domain "$GHOST_DOMAIN_NAME"
}
function install_ghost {
@ -412,7 +412,7 @@ function install_ghost {
ONION_ONLY='no'
fi
if [ ! $GHOST_DOMAIN_NAME ]; then
if [ ! "$GHOST_DOMAIN_NAME" ]; then
echo $'The ghost domain name was not specified'
exit 5062
fi
@ -420,10 +420,10 @@ function install_ghost {
# for the avatar changing command
apt-get -yq install unzip wget
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
fi
cd /var/www/$GHOST_DOMAIN_NAME/htdocs
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
function_check install_nodejs
install_nodejs ghost
@ -440,66 +440,66 @@ function install_ghost {
npm install -g yarn
yarn install --no-emoji --no-progress
yarn cache clean
adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
rm -rf /var/www/$GHOST_DOMAIN_NAME/htdocs/*
adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/*"
printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/versions ]; then
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
echo $'versions directory was not found'
exit 782523462
fi
if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
echo $'content directory was not found'
exit 68352682
fi
npm install -g knex-migrator
if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js ]; then
if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
echo $'MigratorConfig.js was not found'
exit 62783538
fi
cp /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js /var/www/$GHOST_DOMAIN_NAME/htdocs
chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
knex-migrator init
ghost_bust
echo '{' > /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
if [[ "$ONION_ONLY" == 'no' ]]; then
# NOTE: url must be http, not https
echo " \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo " \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
else
echo " \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo " \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
fi
echo ' "paths": {' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo " \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"" >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo ' }' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
echo '}' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
{ echo ' "paths": {';
echo " \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
echo ' }';
echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
echo '[Unit]' > /etc/systemd/system/ghost.service
echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
echo 'After=network.target' >> /etc/systemd/system/ghost.service
echo '' >> /etc/systemd/system/ghost.service
echo '[Service]' >> /etc/systemd/system/ghost.service
echo 'Type=simple' >> /etc/systemd/system/ghost.service
echo 'User=ghost' >> /etc/systemd/system/ghost.service
echo 'Group=ghost' >> /etc/systemd/system/ghost.service
echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
echo "ExecStart=/usr/local/bin/ghost run -D" >> /etc/systemd/system/ghost.service
echo "ExecStop=/usr/local/bin/ghost stop" >> /etc/systemd/system/ghost.service
echo "ExecRestart=/usr/local/bin/ghost restart" >> /etc/systemd/system/ghost.service
echo 'Restart=always' >> /etc/systemd/system/ghost.service
echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
echo '' >> /etc/systemd/system/ghost.service
echo '[Install]' >> /etc/systemd/system/ghost.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service
{ echo '[Unit]';
echo 'Description=Ghost Blog';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=ghost';
echo 'Group=ghost';
echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
echo "ExecStart=/usr/local/bin/ghost run -D";
echo "ExecStop=/usr/local/bin/ghost stop";
echo "ExecRestart=/usr/local/bin/ghost restart";
echo 'Restart=always';
echo 'RestartSec=60';
echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
ghost_remove_offsite_links
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
systemctl enable ghost
systemctl daemon-reload
@ -507,94 +507,94 @@ function install_ghost {
if [[ ${ONION_ONLY} == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect ${GHOST_DOMAIN_NAME}
echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_http_redirect "${GHOST_DOMAIN_NAME}"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
echo " server_name ${GHOST_DOMAIN_NAME};";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl ${GHOST_DOMAIN_NAME}
nginx_ssl "${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_limits
nginx_limits ${GHOST_DOMAIN_NAME} '10G'
echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
{ echo " proxy_pass http://localhost:${GHOST_PORT};";
echo ' }';
echo '';
echo ' fastcgi_buffers 64 4K;';
echo '';
echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;';
echo '';
echo ' location = /robots.txt {';
echo ' allow all;';
echo ' log_not_found off;';
echo ' access_log /dev/null;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
else
echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
fi
echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
{ echo 'server {';
echo " listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
echo " root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
echo " server_name $GHOST_ONION_HOSTNAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_limits
nginx_limits ${GHOST_DOMAIN_NAME} '10G'
echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
{ echo " proxy_pass http://localhost:${GHOST_PORT};";
echo ' }';
echo '';
echo ' fastcgi_buffers 64 4K;';
echo '';
echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;';
echo '';
echo ' location = /robots.txt {';
echo ' allow all;';
echo ' log_not_found off;';
echo ' access_log /dev/null;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check create_site_certificate
create_site_certificate $GHOST_DOMAIN_NAME 'yes'
create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
ghost_replace_services
function_check nginx_ensite
nginx_ensite $GHOST_DOMAIN_NAME
nginx_ensite "$GHOST_DOMAIN_NAME"
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain $GHOST_DOMAIN_NAME
add_ddns_domain "$GHOST_DOMAIN_NAME"
chown root:root /usr/local/bin/ghost
chown -R root:root /usr/local/lib
chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}
if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
else
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
fi
APP_INSTALLED=1

564
src/freedombone-app-gnusocial
View File

File diff suppressed because it is too large Load Diff

435
src/freedombone-app-gogs
View File

@ -127,14 +127,14 @@ function gogs_parameters {
}
function gogs_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! ${GIT_ADMIN_PASSWORD} ]; then
GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $GIT_ADMIN_PASSWORD ]; then
if [ ! "$GIT_ADMIN_PASSWORD" ]; then
return
fi
@ -147,7 +147,7 @@ function reconfigure_gogs {
}
function upgrade_gogs {
if ! grep -q 'gogs version:' $COMPLETION_FILE; then
if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
return
fi
@ -160,24 +160,24 @@ function upgrade_gogs {
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
cp $GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini
cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
if [ -d $INSTALL_DIR/gogs-repositories ]; then
rm -rf $INSTALL_DIR/gogs-repositories
if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
rm -rf "$INSTALL_DIR/gogs-repositories"
fi
if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR
mv "/home/${GOGS_USERNAME}/gogs-repositories" "$INSTALL_DIR"
fi
gogs_parameters
echo "gogs binary upgrade: ${GOGS_BIN}"
if [ ! -d ${INSTALL_DIR} ]; then
mkdir -p ${INSTALL_DIR}
if [ ! -d "${INSTALL_DIR}" ]; then
mkdir -p "${INSTALL_DIR}"
fi
cd ${INSTALL_DIR}
if [ -d ${INSTALL_DIR}/gogs ]; then
rm -rf ${INSTALL_DIR}/gogs
cd "${INSTALL_DIR}" || exit 26784427
if [ -d "${INSTALL_DIR}/gogs" ]; then
rm -rf "${INSTALL_DIR}/gogs"
fi
GOGS_FILE=linux_${CURR_ARCH}.tar.gz
if [ ! -f ${GOGS_FILE} ]; then
@ -196,13 +196,13 @@ function upgrade_gogs {
unzip -o ${GOGS_FILE}
fi
else
tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
fi
if [ ! -d ${INSTALL_DIR}/gogs ]; then
if [ ! -d "${INSTALL_DIR}/gogs" ]; then
exit 37823
fi
rm -rf /home/${GOGS_USERNAME}/*
cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
rm -rf "/home/${GOGS_USERNAME:?}/"*
cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
if [ -f ${GOGS_FILE} ]; then
rm ${GOGS_FILE}
fi
@ -211,31 +211,31 @@ function upgrade_gogs {
mkdir -p ${GOGS_CONFIG_PATH}
fi
cp $INSTALL_DIR/gogs_config.ini $GOGS_CONFIG_FILE
cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
if [ ! -f $GOGS_CONFIG_FILE ]; then
echo $'Gogs ini file not upgraded'
exit 873535
fi
rm $INSTALL_DIR/gogs_config.ini
rm "$INSTALL_DIR/gogs_config.ini"
if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
rm -rf /home/${GOGS_USERNAME}/gogs-repositories
fi
if [ -d $INSTALL_DIR/gogs-repositories ]; then
mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories
if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
mv "$INSTALL_DIR/gogs-repositories" "/home/${GOGS_USERNAME}/gogs-repositories"
fi
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
systemctl restart mariadb
systemctl restart gogs
}
function backup_local_gogs {
if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
return
fi
if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
return
fi
@ -245,15 +245,15 @@ function backup_local_gogs {
backup_database_to_usb gogs
function_check backup_directory_to_usb
backup_directory_to_usb /home/${GOGS_USERNAME}/custom gogs
backup_directory_to_usb /home/${GOGS_USERNAME}/gogs-repositories gogsrepos
backup_directory_to_usb /home/${GOGS_USERNAME}/.ssh gogsssh
backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh
echo $"Gogs backup complete"
}
function restore_local_gogs {
if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
return
fi
@ -261,22 +261,23 @@ function restore_local_gogs {
function_check gogs_create_database
gogs_create_database
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
function_check restore_database
restore_database gogs ${GIT_DOMAIN_NAME}
restore_database gogs "${GIT_DOMAIN_NAME}"
temp_restore_dir=/root/tempgogs
if [ -d ${USB_MOUNT}/backup/gogs ]; then
if [ -d "${USB_MOUNT}/backup/gogs" ]; then
echo $"Restoring Gogs settings"
if [ ! -d $GOGS_CONFIG_PATH ]; then
mkdir -p $GOGS_CONFIG_PATH
fi
if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then
cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/
if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/*" "/home/${GOGS_USERNAME}/custom/"
else
cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
cp -r "/root/tempgogs/*" "/home/${GOGS_USERNAME}/custom/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
@ -286,15 +287,16 @@ function restore_local_gogs {
fi
echo $"Restoring Gogs repos"
function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir}repos gogsrepos
if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
mkdir /home/${GOGS_USERNAME}/gogs-repositories
restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
fi
if [ -d ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories ]; then
cp -r ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/
if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
else
cp -r ${temp_restore_dir}repos/* /home/${GOGS_USERNAME}/gogs-repositories/
cp -r "${temp_restore_dir}repos/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
@ -313,6 +315,7 @@ function restore_local_gogs {
else
cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
@ -326,7 +329,7 @@ function restore_local_gogs {
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD=
systemctl restart gogs
@ -363,7 +366,7 @@ function backup_remote_gogs {
}
function restore_remote_gogs {
if grep -q "gogs domain" $COMPLETION_FILE; then
if grep -q "gogs domain" "$COMPLETION_FILE"; then
GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
function_check gogs_create_database
@ -373,8 +376,8 @@ function restore_remote_gogs {
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
function_check restore_database_from_friend
restore_database_from_friend gogs ${GIT_DOMAIN_NAME}
if [ -d ${SERVER_DIRECTORY}/backup/gogs ]; then
restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
if [ ! -d $GOGS_CONFIG_PATH ]; then
mkdir -p $GOGS_CONFIG_PATH
fi
@ -383,6 +386,7 @@ function restore_remote_gogs {
else
cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 58852
fi
@ -396,6 +400,7 @@ function restore_remote_gogs {
else
cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 7649
fi
@ -409,6 +414,7 @@ function restore_remote_gogs {
else
cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 74239
fi
@ -419,7 +425,7 @@ function restore_remote_gogs {
echo $"Restore of Gogs complete"
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
MARIADB_PASSWORD=
systemctl restart gogs
@ -433,33 +439,33 @@ function remove_gogs {
systemctl stop gogs
systemctl disable gogs
nginx_dissite ${GIT_DOMAIN_NAME}
remove_certs ${GIT_DOMAIN_NAME}
if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
rm -rf /var/www/${GIT_DOMAIN_NAME}
nginx_dissite "${GIT_DOMAIN_NAME}"
remove_certs "${GIT_DOMAIN_NAME}"
if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
rm -rf "/var/www/${GIT_DOMAIN_NAME}"
fi
if [ -f /etc/nginx/sites-available/${GIT_DOMAIN_NAME} ]; then
rm /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
fi
function_check drop_database
drop_database gogs
rm /etc/systemd/system/gogs.service
systemctl daemon-reload
rm -rf /home/${GOGS_USERNAME}/*
rm -rf "/home/${GOGS_USERNAME:?}/"*
remove_onion_service gogs ${GIT_ONION_PORT} 9418
remove_completion_param "install_gogs"
sed -i '/gogs /d' $COMPLETION_FILE
sed -i '/gogs /d' "$COMPLETION_FILE"
remove_backup_database_local gogs
groupdel -f gogs
userdel -r gogs
function_check remove_ddns_domain
remove_ddns_domain $GIT_DOMAIN_NAME
remove_ddns_domain "$GIT_DOMAIN_NAME"
}
function install_gogs {
if [ ! $GIT_DOMAIN_NAME ]; then
if [ ! "$GIT_DOMAIN_NAME" ]; then
return
fi
@ -474,14 +480,14 @@ function install_gogs {
gogs_parameters
if [ ! -d ${INSTALL_DIR} ]; then
mkdir -p ${INSTALL_DIR}
if [ ! -d "${INSTALL_DIR}" ]; then
mkdir -p "${INSTALL_DIR}"
fi
cd ${INSTALL_DIR}
if [ -d $INSTALL_DIR/gogs ]; then
rm -rf $INSTALL_DIR/gogs
cd "${INSTALL_DIR}" || exit 24682467284
if [ -d "$INSTALL_DIR/gogs" ]; then
rm -rf "$INSTALL_DIR/gogs"
fi
GOGS_FILE=linux_${CURR_ARCH}.tar.gz
GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
if [ ! -f ${GOGS_FILE} ]; then
wget ${GOGS_BIN}
fi
@ -496,13 +502,13 @@ function install_gogs {
unzip -o ${GOGS_FILE}
fi
else
tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
fi
if [ ! -d ${INSTALL_DIR}/gogs ]; then
if [ ! -d "${INSTALL_DIR}/gogs" ]; then
exit 37823
fi
rm -rf /home/${GOGS_USERNAME}/*
cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
rm -rf "/home/${GOGS_USERNAME:?}/"*
cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
if [ -f ${GOGS_FILE} ]; then
rm ${GOGS_FILE}
fi
@ -512,9 +518,10 @@ function install_gogs {
exit 345562
fi
echo "export GOROOT=/home/go" >> /home/${GOGS_USERNAME}/.bashrc
echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> /home/${GOGS_USERNAME}/.bashrc
echo 'export PATH=$PATH:$GOPATH' >> /home/${GOGS_USERNAME}/.bashrc
{ echo "export GOROOT=/home/go";
# shellcheck disable=SC2153
echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
function_check install_mariadb
@ -536,122 +543,122 @@ function install_gogs {
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
echo '[Unit]' > /etc/systemd/system/gogs.service
echo 'Description=Gogs (Go Git Service)' >> /etc/systemd/system/gogs.service
echo 'After=syslog.target' >> /etc/systemd/system/gogs.service
echo 'After=network.target' >> /etc/systemd/system/gogs.service
echo 'After=mysqld.service' >> /etc/systemd/system/gogs.service
echo '' >> /etc/systemd/system/gogs.service
echo '[Service]' >> /etc/systemd/system/gogs.service
echo '#LimitMEMLOCK=infinity' >> /etc/systemd/system/gogs.service
echo '#LimitNOFILE=65535' >> /etc/systemd/system/gogs.service
echo 'Type=simple' >> /etc/systemd/system/gogs.service
echo 'User=gogs' >> /etc/systemd/system/gogs.service
echo 'Group=gogs' >> /etc/systemd/system/gogs.service
echo "WorkingDirectory=/home/${GOGS_USERNAME}" >> /etc/systemd/system/gogs.service
echo "ExecStart=/home/${GOGS_USERNAME}/gogs web" >> /etc/systemd/system/gogs.service
echo 'Restart=always' >> /etc/systemd/system/gogs.service
echo 'RestartSec=10' >> /etc/systemd/system/gogs.service
echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"" >> /etc/systemd/system/gogs.service
echo '' >> /etc/systemd/system/gogs.service
echo '[Install]' >> /etc/systemd/system/gogs.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gogs.service
{ echo '[Unit]';
echo 'Description=Gogs (Go Git Service)';
echo 'After=syslog.target';
echo 'After=network.target';
echo 'After=mysqld.service';
echo '';
echo '[Service]';
echo '#LimitMEMLOCK=infinity';
echo '#LimitNOFILE=65535';
echo 'Type=simple';
echo 'User=gogs';
echo 'Group=gogs';
echo "WorkingDirectory=/home/${GOGS_USERNAME}";
echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
echo 'Restart=always';
echo 'RestartSec=10';
echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service
systemctl enable gogs
systemctl daemon-reload
systemctl start gogs
if [ ! -d /var/www/${GIT_DOMAIN_NAME} ]; then
mkdir /var/www/${GIT_DOMAIN_NAME}
if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
mkdir "/var/www/${GIT_DOMAIN_NAME}"
fi
if [ -d /var/www/${GIT_DOMAIN_NAME}/htdocs ]; then
rm -rf /var/www/${GIT_DOMAIN_NAME}/htdocs
if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
fi
if [[ ${ONION_ONLY} == "no" ]]; then
if [[ "${ONION_ONLY}" == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect ${GIT_DOMAIN_NAME}
echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " root /var/www/${GIT_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " server_name ${GIT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_http_redirect "${GIT_DOMAIN_NAME}"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
echo " server_name ${GIT_DOMAIN_NAME};";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl ${GIT_DOMAIN_NAME}
nginx_ssl "${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing ${GIT_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_limits
nginx_limits ${GIT_DOMAIN_NAME} '10G'
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_limits "${GIT_DOMAIN_NAME}" '10G'
{ echo ' proxy_pass http://localhost:3000;';
echo ' }';
echo '';
echo ' fastcgi_buffers 64 4K;';
echo '';
echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;';
echo '';
echo ' location = /robots.txt {';
echo ' allow all;';
echo ' log_not_found off;';
echo ' access_log /dev/null;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
else
echo -n '' > /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
fi
echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo " error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
{ echo 'server {';
echo " listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
echo " root /var/www/$GIT_DOMAIN_NAME/htdocs;";
echo " server_name $GIT_DOMAIN_NAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing ${GIT_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_limits
nginx_limits ${GIT_DOMAIN_NAME} '10G'
echo ' proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
nginx_limits "${GIT_DOMAIN_NAME}" '10G'
{ echo ' proxy_pass http://localhost:3000;';
echo ' }';
echo '';
echo ' fastcgi_buffers 64 4K;';
echo '';
echo ' error_page 403 /core/templates/403.php;';
echo ' error_page 404 /core/templates/404.php;';
echo '';
echo ' location = /robots.txt {';
echo ' allow all;';
echo ' log_not_found off;';
echo ' access_log /dev/null;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate ${GIT_DOMAIN_NAME} 'yes'
create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
nginx_ensite ${GIT_DOMAIN_NAME}
nginx_ensite "${GIT_DOMAIN_NAME}"
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. Gogs onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
echo 'HiddenServiceVersion 3';
echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
echo $'Added onion site for Gogs'
fi
@ -670,34 +677,34 @@ function install_gogs {
set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
function_check add_ddns_domain
add_ddns_domain ${GIT_DOMAIN_NAME}
add_ddns_domain "${GIT_DOMAIN_NAME}"
# obtain the secret key
GOGS_SECRET_KEY="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
${PROJECT_NAME}-pass -u $MY_USERNAME -a gogs -p "*"
GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"
# create the configuration
GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
if [ ! -d ${GOGS_CONFIG_PATH} ]; then
mkdir -p ${GOGS_CONFIG_PATH}
fi
GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
echo "RUN_USER = $GOGS_USERNAME" > ${GOGS_CONFIG_FILE}
echo 'RUN_MODE = prod' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[database]' >> ${GOGS_CONFIG_FILE}
echo 'DB_TYPE = mysql' >> ${GOGS_CONFIG_FILE}
echo 'HOST = 127.0.0.1:3306' >> ${GOGS_CONFIG_FILE}
echo 'NAME = gogs' >> ${GOGS_CONFIG_FILE}
echo 'USER = root' >> ${GOGS_CONFIG_FILE}
echo "PASSWD = $MARIADB_PASSWORD" >> ${GOGS_CONFIG_FILE}
echo 'SSL_MODE = disable' >> ${GOGS_CONFIG_FILE}
echo 'PATH = data/gogs.db' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[repository]' >> ${GOGS_CONFIG_FILE}
echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories" >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[server]' >> ${GOGS_CONFIG_FILE}
{ echo "RUN_USER = $GOGS_USERNAME";
echo 'RUN_MODE = prod';
echo '';
echo '[database]';
echo 'DB_TYPE = mysql';
echo 'HOST = 127.0.0.1:3306';
echo 'NAME = gogs';
echo 'USER = root';
echo "PASSWD = $MARIADB_PASSWORD";
echo 'SSL_MODE = disable';
echo 'PATH = data/gogs.db';
echo '';
echo '[repository]';
echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
echo '';
echo '[server]'; } >> ${GOGS_CONFIG_FILE}
if [[ ${ONION_ONLY} == 'no' ]]; then
echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
@ -705,51 +712,51 @@ function install_gogs {
echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
fi
echo 'HTTP_PORT = 3000' >> ${GOGS_CONFIG_FILE}
echo "SSH_PORT = $SSH_PORT" >> ${GOGS_CONFIG_FILE}
echo 'SSH_DOMAIN = %(DOMAIN)s' >> ${GOGS_CONFIG_FILE}
echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem" >> ${GOGS_CONFIG_FILE}
echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key" >> ${GOGS_CONFIG_FILE}
echo 'DISABLE_ROUTER_LOG = true' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[session]' >> ${GOGS_CONFIG_FILE}
echo 'PROVIDER = file' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[log]' >> ${GOGS_CONFIG_FILE}
echo 'MODE = file' >> ${GOGS_CONFIG_FILE}
echo 'LEVEL = Info' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[security]' >> ${GOGS_CONFIG_FILE}
echo 'INSTALL_LOCK = true' >> ${GOGS_CONFIG_FILE}
echo "SECRET_KEY = $GOGS_SECRET_KEY" >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[service]' >> ${GOGS_CONFIG_FILE}
echo 'DISABLE_REGISTRATION = false' >> ${GOGS_CONFIG_FILE}
echo 'SHOW_REGISTRATION_BUTTON = true' >> ${GOGS_CONFIG_FILE}
echo 'REQUIRE_SIGNIN_VIEW = false' >> ${GOGS_CONFIG_FILE}
echo 'ENABLE_CAPTCHA = false' >> ${GOGS_CONFIG_FILE}
echo '' >> ${GOGS_CONFIG_FILE}
echo '[other]' >> ${GOGS_CONFIG_FILE}
echo 'SHOW_FOOTER_BRANDING = false' >> ${GOGS_CONFIG_FILE}
echo 'SHOW_FOOTER_VERSION = false' >> ${GOGS_CONFIG_FILE}
{ echo 'HTTP_PORT = 3000';
echo "SSH_PORT = $SSH_PORT";
echo 'SSH_DOMAIN = %(DOMAIN)s';
echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
echo 'DISABLE_ROUTER_LOG = true';
echo '';
echo '[session]';
echo 'PROVIDER = file';
echo '';
echo '[log]';
echo 'MODE = file';
echo 'LEVEL = Info';
echo '';
echo '[security]';
echo 'INSTALL_LOCK = true';
echo "SECRET_KEY = $GOGS_SECRET_KEY";
echo '';
echo '[service]';
echo 'DISABLE_REGISTRATION = false';
echo 'SHOW_REGISTRATION_BUTTON = true';
echo 'REQUIRE_SIGNIN_VIEW = false';
echo 'ENABLE_CAPTCHA = false';
echo '';
echo '[other]';
echo 'SHOW_FOOTER_BRANDING = false';
echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}
chmod 750 ${GOGS_CONFIG_FILE}
chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
systemctl restart gogs
if ! grep -q "gogs domain:" ${COMPLETION_FILE}; then
echo "gogs domain:${GIT_DOMAIN_NAME}" >> ${COMPLETION_FILE}
if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
else
sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" ${COMPLETION_FILE}
sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
fi
function_check configure_firewall_for_git
configure_firewall_for_git
if ! grep -q "gogs version:" ${COMPLETION_FILE}; then
echo "gogs version:${GOGS_VERSION}" >> ${COMPLETION_FILE}
if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
else
sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" ${COMPLETION_FILE}
sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
fi
APP_INSTALLED=1
}

545
src/freedombone-app-htmly
View File

@ -69,18 +69,18 @@ function set_avatar_from_url {
fi
# download the image
cd $BASE_DIR/customimages
cd "$BASE_DIR/customimages" || exit 2468246
# convert to png
wget $AVATAR -O avatar
if [[ $AVATAR == *".gif" ]]; then
wget "$AVATAR" -O avatar
if [[ "$AVATAR" == *".gif" ]]; then
mv avatar avatar.gif
mogrify -format png avatar.gif
fi
if [[ $AVATAR == *".jpg" ]]; then
if [[ "$AVATAR" == *".jpg" ]]; then
mv avatar avatar.jpg
mogrify -format png avatar.jpg
fi
if [[ $AVATAR == *".jpeg" ]]; then
if [[ "$AVATAR" == *".jpeg" ]]; then
mv avatar avatar.jpeg
mogrify -format png avatar.jpeg
fi
@ -101,10 +101,10 @@ function set_avatar_from_url {
function remove_user_htmly {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp htmly
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp htmly
if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
if [ -f "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini" ]; then
rm "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini"
fi
}
@ -117,39 +117,38 @@ function add_user_htmly {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a htmly -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a htmly -p "$new_user_password"
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
echo '2'
return
fi
NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password")
NEW_USER_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$new_user_password")
if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
echo '3'
return
fi
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
{ echo ';Password';
echo "password = $NEW_USER_PASSWORD_HASH";
echo 'encryption = password_hash';
echo ';Role';
echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini"
echo '0'
}
function configure_interactive_htmly {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Change htmly avatar" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data
--inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>"$data"
sel=$?
case $sel in
0)
IMAGE_URL=$(<$data)
IMAGE_URL=$(<"$data")
if [ ${#IMAGE_URL} -gt 5 ]; then
clear
AVATAR_SET=
set_avatar_from_url $IMAGE_URL
set_avatar_from_url "$IMAGE_URL"
if [ $AVATAR_SET ]; then
dialog --title $"Change htmly avatar" \
--msgbox $"Your htmly avatar has been changed" 6 40
@ -157,10 +156,11 @@ function configure_interactive_htmly {
fi
;;
esac
rm -f "$data"
}
function install_interactive_htmly {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -186,13 +186,13 @@ function change_password_htmly {
echo $'Htmly password is too short'
return
fi
${PROJECT_NAME}-pass -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD")
"${PROJECT_NAME}-pass" -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
HTMLY_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_PASSWORD")
if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then
echo $'Htmly admin password could not be hashed'
exit 625728
fi
sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini"
}
function reconfigure_htmly {
@ -208,23 +208,23 @@ function upgrade_htmly {
read_config_param "HTMLY_DOMAIN_NAME"
function_check set_repo_commit
set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
set_repo_commit "/var/www/$HTMLY_DOMAIN_NAME/htdocs" "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
}
function backup_local_htmly {
HTMLY_DOMAIN_NAME='htmly.local'
if grep -q "htmly domain" $COMPLETION_FILE; then
if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi
source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
source_directory="/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
if [ -d "$source_directory" ]; then
dest_directory=htmly
function_check suspend_site
suspend_site ${HTMLY_DOMAIN_NAME}
suspend_site "${HTMLY_DOMAIN_NAME}"
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check restart_site
restart_site
@ -233,73 +233,74 @@ function backup_local_htmly {
function restore_local_htmly {
HTMLY_DOMAIN_NAME='htmly.local'
if grep -q "htmly domain" $COMPLETION_FILE; then
if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
fi
if [ $HTMLY_DOMAIN_NAME ]; then
if [ "$HTMLY_DOMAIN_NAME" ]; then
temp_restore_dir=/root/temphtmly
if [ -d $USB_MOUNT/backup/htmly ]; then
if [ -d "$USB_MOUNT/backup/htmly" ]; then
restore_directory_from_usb $temp_restore_dir htmly
else
restore_directory_from_usb $temp_restore_dir blog
fi
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi
if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
else
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi
cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi
set_user_permissions
backup_unmount_drive
exit 54675
fi
rm -rf ${temp_restore_dir}
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
echo $"No content directory found after restoring htmly"
set_user_permissions
backup_unmount_drive
exit 34578
fi
chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs
chown -R www-data:www-data "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
fi
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
fi
fi
done
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
fi
fi
}
function backup_remote_htmly {
if grep -q "htmly domain" $COMPLETION_FILE; then
if grep -q "htmly domain" "$COMPLETION_FILE"; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
if [ -d "$temp_backup_dir" ]; then
echo $"Backing up htmly"
backup_directory_to_friend $temp_backup_dir htmly
backup_directory_to_friend "$temp_backup_dir" htmly
echo $"Backup of htmly complete"
else
echo $"Htmly domain specified but not found in $temp_backup_dir"
@ -309,56 +310,57 @@ function backup_remote_htmly {
}
function restore_remote_htmly {
if [ -d $SERVER_DIRECTORY/backup/htmly ]; then
if [ -d "$SERVER_DIRECTORY/backup/htmly" ]; then
HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
temp_restore_dir=/root/temphtmly
mkdir $temp_restore_dir
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir htmly
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
fi
if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
else
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi
cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
fi
exit 593
fi
rm -rf ${temp_restore_dir}
if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
echo $"No content directory found after restoring htmly"
exit 287
fi
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
fi
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
fi
fi
done
if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
fi
echo $"Restore of htmly complete"
fi
@ -370,258 +372,264 @@ function remove_htmly {
fi
read_config_param "HTMLY_DOMAIN_NAME"
nginx_dissite $HTMLY_DOMAIN_NAME
remove_certs ${HTMLY_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_dissite "$HTMLY_DOMAIN_NAME"
remove_certs "${HTMLY_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
fi
if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then
rm -rf /var/www/$HTMLY_DOMAIN_NAME
if [ -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
rm -rf "/var/www/$HTMLY_DOMAIN_NAME"
fi
remove_config_param HTMLY_DOMAIN_NAME
remove_config_param HTMLY_CODE
function_check remove_onion_service
remove_onion_service htmly ${HTMLY_ONION_PORT}
remove_completion_param "install_htmly"
sed -i '/Htmly/d' $COMPLETION_FILE
sed -i '/htmly/d' $COMPLETION_FILE
sed -i '/Htmly/d' "$COMPLETION_FILE"
sed -i '/htmly/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain $HTMLY_DOMAIN_NAME
remove_ddns_domain "$HTMLY_DOMAIN_NAME"
}
function install_htmly_social_networks {
# set social networks
if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
if grep -q "social.hubzilla" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
sed -i "s|;social.hubzilla|social.hubzilla|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
fi
if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
if grep -q "social.gnusocial" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
sed -i "s|;social.gnusocial|social.gnusocial|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
fi
# clear proprietary social network strings
sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.facebook.*|social.facebook = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|social.twitter.*|social.twitter = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|social.google.*|social.google = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
}
function install_htmly_user {
# create a user password
if [ -f $IMAGE_PASSWORD_FILE ]; then
HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
HTMLY_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
HTMLY_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
# create a user
HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD")
HTMLY_ADMIN_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_ADMIN_PASSWORD")
if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
echo $'Htmly admin password could not be hashed'
exit 625728
fi
echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
{ echo ';Password';
echo "password = $HTMLY_ADMIN_PASSWORD_HASH";
echo 'encryption = password_hash';
echo ';Role';
echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini"
}
function install_htmly_settings {
cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
cp "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|site.url.*|site.url = '/'|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i 's|timezone.*|timezone = "Europe/London"|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
sed -i "s|Your name|$MY_NAME|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
}
function install_htmly_website {
function_check nginx_http_redirect
nginx_http_redirect $HTMLY_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_http_redirect "$HTMLY_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;";
echo " server_name $HTMLY_DOMAIN_NAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl $HTMLY_DOMAIN_NAME
nginx_ssl "$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $HTMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_limits "$HTMLY_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {';
echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
}
function install_htmly_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
{ echo 'server {';
echo " listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;";
echo " root /var/www/$HTMLY_DOMAIN_NAME/htdocs;"; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
if [[ "$ONION_ONLY" != 'yes' ]]; then
echo " server_name $HTMLY_DOMAIN_NAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
else
echo " server_name $HTMLY_ONION_HOSTNAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
fi
{ echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $HTMLY_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_limits "$HTMLY_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $HTMLY_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
nginx_limits "$HTMLY_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
}
function install_htmly_from_repo {
if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then
mkdir /var/www/$HTMLY_DOMAIN_NAME
if [ ! -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
mkdir "/var/www/$HTMLY_DOMAIN_NAME"
fi
cd /var/www/$HTMLY_DOMAIN_NAME
cd "/var/www/$HTMLY_DOMAIN_NAME" || exit 34684682
if [ -d /repos/htmly ]; then
mkdir htdocs
cp -r -p /repos/htmly/. htdocs
cd htdocs
cd htdocs || exit 3468735
git pull
else
git_clone $HTMLY_REPO htdocs
fi
cd htdocs
cd htdocs || exit 3479835
git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
set_completion_param "htmly commit" "$HTMLY_COMMIT"
}
function install_htmly {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
if [ ! $HTMLY_DOMAIN_NAME ]; then
if [ ! "$HTMLY_DOMAIN_NAME" ]; then
echo $'The htmly domain name was not specified'
exit 5062
fi
@ -636,13 +644,14 @@ function install_htmly {
function_check install_htmly_website
install_htmly_website
else
echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
echo -n '' > "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
fi
HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
function_check install_htmly_website_onion
install_htmly_website_onion
function_check create_site_certificate
create_site_certificate $HTMLY_DOMAIN_NAME 'yes'
create_site_certificate "$HTMLY_DOMAIN_NAME" 'yes'
function_check configure_php
configure_php
@ -656,20 +665,18 @@ function install_htmly {
function_check install_htmly_user
install_htmly_user
chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs
HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
chown -R www-data:www-data "/var/www/$HTMLY_DOMAIN_NAME/htdocs"
function_check nginx_ensite
nginx_ensite $HTMLY_DOMAIN_NAME
nginx_ensite "$HTMLY_DOMAIN_NAME"
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a htmly -p "$HTMLY_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain $HTMLY_DOMAIN_NAME
add_ddns_domain "$HTMLY_DOMAIN_NAME"
set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
APP_INSTALLED=1

510
src/freedombone-app-hubzilla
View File

@ -60,7 +60,7 @@ function logging_off_hubzilla {
function remove_user_hubzilla {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hubzilla
}
function add_user_hubzilla {
@ -71,27 +71,26 @@ function add_user_hubzilla {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a hubzilla -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a hubzilla -p "$new_user_password"
echo '0'
}
function hubzilla_renew_cert {
dialog --title $"Renew SSL certificate" \
--backtitle $"Freedombone Control Panel" \
--yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
--yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
sel=$?
case $sel in
1) return;;
255) return;;
esac
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Renew SSL certificate" \
--msgbox $"Hubzilla install directory not found" 6 40
return
fi
${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt'
if [ ! "$?" = "0" ]; then
if ! "${PROJECT_NAME}-renew-cert" -h "$HUBZILLA_DOMAIN_NAME" -p 'letsencrypt'; then
any_key
else
dialog --title $"Renew SSL certificate" \
@ -100,68 +99,71 @@ function hubzilla_renew_cert {
}
function hubzilla_channel_directory_server {
if ! grep -q "hubzilla domain" $COMPLETION_FILE; then
if ! grep -q "hubzilla domain" "$COMPLETION_FILE"; then
dialog --title $"Hubzilla channel directory server" \
--msgbox $"Hubzilla is not installed on this system" 6 40
return
fi
HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
dialog --title $"Hubzilla channel directory server" \
--msgbox $"Hubzilla install directory not found" 6 40
return
fi
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Hubzilla channel directory server" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data
--inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>"$data"
sel=$?
case $sel in
0)
hubzilla_domain_server=$(<$data)
hubzilla_domain_server=$(<"$data")
if [[ $hubzilla_domain_server != *"."* ]]; then
rm -f "$data"
return
fi
if [[ $hubzilla_domain_server != "https"* ]]; then
dialog --title $"Hubzilla channel directory server" \
--msgbox $"\nInvalid domain - include the https://" 7 60
--msgbox $"\\nInvalid domain - include the https://" 7 60
rm -f "$data"
return
fi
./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server
"./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config" system directory_server "$hubzilla_domain_server"
dialog --title $"Hubzilla channel directory server" \
--msgbox $"\nDomain channel directory server changed to\n\n $hubzilla_domain_server" 10 60
--msgbox $"\\nDomain channel directory server changed to\\n\\n $hubzilla_domain_server" 10 60
;;
esac
rm -f "$data"
}
function configure_interactive_hubzilla {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Hubzilla" \
--radiolist $"Choose an operation:" 13 70 4 \
1 $"Set channel directory server" off \
2 $"Renew SSL certificate" off \
3 $"Back to main menu" on 2> $data
3 $"Back to main menu" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) hubzilla_channel_directory_server;;
2) hubzilla_renew_cert;;
3) break;;
3) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
function install_interactive_hubzilla {
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
return
fi
@ -172,7 +174,7 @@ function install_interactive_hubzilla {
}
function change_password_hubzilla {
HUBZILLA_USERNAME="$1"
# HUBZILLA_USERNAME="$1"
HUBZILLA_PASSWORD="$2"
if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then
echo $'Hubzilla password is too short'
@ -183,14 +185,14 @@ function change_password_hubzilla {
}
function hubzilla_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
HUBZILLA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
fi
if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
HUBZILLA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
return
fi
@ -211,25 +213,25 @@ function upgrade_hubzilla {
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
function_check set_repo_commit
set_repo_commit $HUBZILLA_PATH "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
set_repo_commit $HUBZILLA_PATH/addon "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
cd $HUBZILLA_PATH/redmatrix-themes1
set_repo_commit "$HUBZILLA_PATH" "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
set_repo_commit "$HUBZILLA_PATH/addon" "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
if [ -d "$HUBZILLA_PATH/redmatrix-themes1" ]; then
cd "$HUBZILLA_PATH/redmatrix-themes1" || exit 246782456
git merge --abort
git stash
git pull
cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
chown -R www-data:www-data $HUBZILLA_PATH
cp -r "$HUBZILLA_PATH/redmatrix-themes1/*" "$HUBZILLA_PATH/view/theme/"
chown -R www-data:www-data "$HUBZILLA_PATH"
fi
}
function backup_local_hubzilla {
hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
if [ -d $hubzilla_path ]; then
if [ -d "$hubzilla_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb hubzilla
backup_directory_to_usb $hubzilla_path hubzilla
backup_directory_to_usb "$hubzilla_path" hubzilla
fi
}
@ -240,31 +242,31 @@ function restore_local_hubzilla {
function_check hubzilla_create_database
hubzilla_create_database
restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
if [ -d $USB_MOUNT/backup/hubzilla ]; then
if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
mkdir -p $hubzilla_dir/store/[data]/smarty3
restore_database hubzilla "${HUBZILLA_DOMAIN_NAME}"
if [ -d "$USB_MOUNT/backup/hubzilla" ]; then
if [ ! -d "$hubzilla_dir/store/[data]/smarty3" ]; then
mkdir -p "$hubzilla_dir/store/[data]/smarty3"
fi
chmod 1777 $hubzilla_dir/store/[data]/smarty3
chown -R www-data:www-data $hubzilla_dir/*
chmod 1777 "$hubzilla_dir/store/[data]/smarty3"
chown -R www-data:www-data "$hubzilla_dir/*"
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
MARIADB_PASSWORD=
fi
}
function backup_remote_hubzilla {
temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
suspend_site ${HUBZILLA_DOMAIN_NAME}
temp_backup_dir="/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs"
if [ -d "$temp_backup_dir" ]; then
suspend_site "${HUBZILLA_DOMAIN_NAME}"
backup_database_to_friend hubzilla
echo "Backing up Hubzilla installation"
backup_directory_to_friend $temp_backup_dir hubzilla
backup_directory_to_friend "$temp_backup_dir" hubzilla
restart_site
echo "Backup of Hubzilla complete"
else
@ -279,21 +281,21 @@ function restore_remote_hubzilla {
function_check hubzilla_create_database
hubzilla_create_database
restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
restore_database_from_friend hubzilla "${HUBZILLA_DOMAIN_NAME}"
if [ -d "$SERVER_DIRECTORY/backup/hubzilla" ]; then
if [ ! -d "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
mkdir -p "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
fi
chmod 1777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
chmod 1777 "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
chown -R www-data:www-data "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*"
fi
if [ -d /root/temphubzilla ]; then
rm -rf /root/temphubzilla
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
MARIADB_PASSWORD=
}
@ -301,41 +303,41 @@ function remove_hubzilla {
if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then
return
fi
nginx_dissite $HUBZILLA_DOMAIN_NAME
remove_certs ${HUBZILLA_DOMAIN_NAME}
if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
nginx_dissite "$HUBZILLA_DOMAIN_NAME"
remove_certs "${HUBZILLA_DOMAIN_NAME}"
if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
rm -rf "/var/www/$HUBZILLA_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
fi
function_check drop_database
drop_database hubzilla
function_check remove_onion_service
remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
sed -i '/hubzilla/d' $COMPLETION_FILE
sed -i '/hubzilla/d' "$COMPLETION_FILE"
sed -i '/poller.php/d' /etc/crontab
function_check remove_ddns_domain
remove_ddns_domain $HUBZILLA_DOMAIN_NAME
remove_ddns_domain "$HUBZILLA_DOMAIN_NAME"
}
function install_hubzilla {
if [ ! $HUBZILLA_DOMAIN_NAME ]; then
if [ ! "$HUBZILLA_DOMAIN_NAME" ]; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
if [[ "$ONION_ONLY" != "no" ]]; then
echo $"Hubzilla won't work on an onion address"
exit 529925
fi
HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
function_check install_mariadb
install_mariadb
if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
remove_hubzilla
fi
@ -349,44 +351,44 @@ function install_hubzilla {
apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
apt-get -yq install php-memcached memcached
if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
mkdir /var/www/$HUBZILLA_DOMAIN_NAME
if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
mkdir "/var/www/$HUBZILLA_DOMAIN_NAME"
fi
if [ ! -d $HUBZILLA_PATH ]; then
mkdir -p $HUBZILLA_PATH
if [ ! -d "$HUBZILLA_PATH" ]; then
mkdir -p "$HUBZILLA_PATH"
fi
if [ ! -f $HUBZILLA_PATH/index.php ]; then
if [ ! -f "$HUBZILLA_PATH/index.php" ]; then
if [ -d /repos/hubzilla ]; then
mkdir $HUBZILLA_PATH
cp -r -p /repos/hubzilla/. $HUBZILLA_PATH
cd $HUBZILLA_PATH
mkdir "$HUBZILLA_PATH"
cp -r -p /repos/hubzilla/. "$HUBZILLA_PATH"
cd "$HUBZILLA_PATH" || exit 245672478
git pull
else
function_check git_clone
git_clone $HUBZILLA_REPO $HUBZILLA_PATH
git_clone "$HUBZILLA_REPO" "$HUBZILLA_PATH"
fi
git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
git checkout "$HUBZILLA_COMMIT" -b "$HUBZILLA_COMMIT"
set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
if [ -d /repos/hubzilla-addons ]; then
mkdir $HUBZILLA_PATH/addon
cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
cd $HUBZILLA_PATH/addon
mkdir "$HUBZILLA_PATH/addon"
cp -r -p /repos/hubzilla-addons/. "$HUBZILLA_PATH/addon"
cd "$HUBZILLA_PATH/addon" || exit 24682464
git pull
else
git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
git_clone "$HUBZILLA_ADDONS_REPO" "$HUBZILLA_PATH/addon"
fi
cd $HUBZILLA_PATH/addon
git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
cd "$HUBZILLA_PATH/addon" || exit 24982468
git checkout "$HUBZILLA_ADDONS_COMMIT" -b "$HUBZILLA_ADDONS_COMMIT"
set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
chown -R www-data:www-data $HUBZILLA_PATH
chown -R www-data:www-data "$HUBZILLA_PATH"
fi
if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
if [ ! -f "$HUBZILLA_PATH/install/schema_mysql.sql" ]; then
echo $'No database schema found for hubzilla'
exit 252782
fi
@ -403,156 +405,156 @@ function install_hubzilla {
fi
function_check add_ddns_domain
add_ddns_domain $HUBZILLA_DOMAIN_NAME
add_ddns_domain "$HUBZILLA_DOMAIN_NAME"
if [[ $ONION_ONLY == "no" ]]; then
if [[ "$ONION_ONLY" == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $HUBZILLA_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_http_redirect "$HUBZILLA_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root $HUBZILLA_PATH;";
echo " server_name $HUBZILLA_DOMAIN_NAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl $HUBZILLA_DOMAIN_NAME
nginx_ssl "$HUBZILLA_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_limits "$HUBZILLA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $HUBZILLA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_limits "$HUBZILLA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
else
echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_limits $HUBZILLA_DOMAIN_NAME
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
nginx_limits $HUBZILLA_DOMAIN_NAME
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
{ echo 'server {';
echo " listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;";
echo " root $HUBZILLA_PATH;";
echo " server_name $HUBZILLA_ONION_HOSTNAME;";
echo " error_log /dev/null;";
echo ' index index.php;';
echo ' charset utf-8;';
echo ' access_log /dev/null;';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
echo ' # statically serve these file types when possible';
echo ' # otherwise fall back to front controller';
echo ' # allow browser to cache them';
echo ' # added .htm for advanced source code editor library';
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
echo ' expires 30d;';
echo " try_files \$uri /index.php?q=\$uri&\$args;";
echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.php;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_index index.php;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' fastcgi_read_timeout 300;';
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
fi
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
create_site_certificate "$HUBZILLA_DOMAIN_NAME" 'yes'
if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
mkdir $HUBZILLA_PATH/view/tpl/smarty3
if [ ! -d "$HUBZILLA_PATH/view/tpl/smarty3" ]; then
mkdir "$HUBZILLA_PATH/view/tpl/smarty3"
fi
if [ ! -d "$HUBZILLA_PATH/store" ]; then
mkdir "$HUBZILLA_PATH/store"
@ -564,9 +566,9 @@ function install_hubzilla {
mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3"
fi
chmod 1777 $HUBZILLA_PATH/view/tpl
chmod 1777 "$HUBZILLA_PATH/view/tpl"
chown -R www-data:www-data "$HUBZILLA_PATH/store"
chmod 1777 $HUBZILLA_PATH/view/tpl/smarty3
chmod 1777 "$HUBZILLA_PATH/view/tpl/smarty3"
# Ensure that the database gets backed up locally, if remote
# backups are not being used
@ -576,50 +578,50 @@ function install_hubzilla {
function_check backup_database_local
backup_database_local hubzilla
chown -R www-data:www-data $HUBZILLA_PATH
chown -R www-data:www-data "$HUBZILLA_PATH"
function_check nginx_ensite
nginx_ensite $HUBZILLA_DOMAIN_NAME
nginx_ensite "$HUBZILLA_DOMAIN_NAME"
function_check initialise_database
initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
initialise_database hubzilla "$HUBZILLA_PATH/install/schema_mysql.sql"
# create the config file
echo '<?php' > $HUBZILLA_PATH/.htconfig.php
echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
if [[ $ONION_ONLY == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
{ echo '<?php';
echo "\$db_host = 'localhost';";
echo "\$db_port = '0';";
echo "\$db_user = 'root';";
echo "\$db_pass = '${MARIADB_PASSWORD}';";
echo "\$db_data = 'hubzilla';";
echo "\$db_type = '0';";
echo "\$default_timezone = 'Europe/London';"; } > "$HUBZILLA_PATH/.htconfig.php"
if [[ "$ONION_ONLY" == 'no' ]]; then
echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
else
echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
fi
echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$HUBZILLA_PATH/.htconfig.php"
HUBZILLA_LOCATION_HASH="$(create_password 30)"
echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
chmod 755 $HUBZILLA_PATH/.htconfig.php
{ echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';";
echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
echo "\$a->config['system']['register_text'] = '';";
echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
echo "\$a->config['system']['verify_email'] = 1;";
echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
echo "\$a->config['system']['sellpage'] = '';";
echo "\$a->config['system']['max_import_size'] = 200000;";
echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
echo "\$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;";
echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$HUBZILLA_PATH/.htconfig.php"
chown www-data:www-data "$HUBZILLA_PATH/.htconfig.php"
chmod 755 "$HUBZILLA_PATH/.htconfig.php"
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
systemctl restart cron
${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
"${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
APP_INSTALLED=1

436
src/freedombone-app-icecast
View File

@ -68,36 +68,36 @@ function icecast_update_daemon {
rm /etc/init.d/icecast2
fi
echo '#!/bin/sh' > /usr/bin/stop_icecast
echo 'kill $(pidof ices2)' >> /usr/bin/stop_icecast
echo 'systemctl stop icecast2' >> /usr/bin/stop_icecast
{ echo '#!/bin/sh';
echo "kill \$(pidof ices2)";
echo 'systemctl stop icecast2'; } > /usr/bin/stop_icecast
chmod +x /usr/bin/stop_icecast
# Note that the sleep here actually is important
echo '#!/bin/bash' > /usr/bin/start_icecast
echo 'isrunning=$(ps aux | grep ices2)' >> /usr/bin/start_icecast
echo 'if [[ "$isrunning" != *"ices-playlist"* ]]; then' >> /usr/bin/start_icecast
echo ' systemctl start icecast2' >> /usr/bin/start_icecast
echo ' sleep 3' >> /usr/bin/start_icecast
echo ' cd /etc/ices2' >> /usr/bin/start_icecast
echo ' ices2 ices-playlist.xml' >> /usr/bin/start_icecast
echo 'fi' >> /usr/bin/start_icecast
{ echo '#!/bin/bash';
echo "isrunning=\$(ps aux | grep ices2)";
echo "if [[ \"\$isrunning\" != *\"ices-playlist\"* ]]; then";
echo ' systemctl start icecast2';
echo ' sleep 3';
echo ' cd /etc/ices2';
echo ' ices2 ices-playlist.xml';
echo 'fi'; } > /usr/bin/start_icecast
chmod +x /usr/bin/start_icecast
echo '[Unit]' > /etc/systemd/system/icecast2.service
echo 'Description=Icecast' >> /etc/systemd/system/icecast2.service
echo 'After=network.target' >> /etc/systemd/system/icecast2.service
echo 'After=tor.service' >> /etc/systemd/system/icecast2.service
echo '' >> /etc/systemd/system/icecast2.service
echo '[Service]' >> /etc/systemd/system/icecast2.service
echo 'User=icecast2' >> /etc/systemd/system/icecast2.service
echo 'Group=icecast' >> /etc/systemd/system/icecast2.service
echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml' >> /etc/systemd/system/icecast2.service
echo 'Restart=on-failure' >> /etc/systemd/system/icecast2.service
echo 'RestartSec=10' >> /etc/systemd/system/icecast2.service
echo '' >> /etc/systemd/system/icecast2.service
echo '[Install]' >> /etc/systemd/system/icecast2.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/icecast2.service
{ echo '[Unit]';
echo 'Description=Icecast';
echo 'After=network.target';
echo 'After=tor.service';
echo '';
echo '[Service]';
echo 'User=icecast2';
echo 'Group=icecast';
echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml';
echo 'Restart=on-failure';
echo 'RestartSec=10';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/icecast2.service
chown -R icecast2:icecast /etc/ices2
chown -R icecast2:icecast /etc/icecast2
@ -121,7 +121,7 @@ function change_password_icecast {
/etc/icecast2/icecast.xml
sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml
${PROJECT_NAME}-pass -u "$curr_username" -a icecast -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$curr_username" -a icecast -p "$new_user_password"
start_icecast
}
@ -139,7 +139,7 @@ function reconfigure_icecast {
function icecast_convert_files {
clear
cd ${1}
cd "${1}" || exit 2346824648
echo $'Converting any mp3 files to ogg format'
find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \;
@ -153,20 +153,20 @@ function icecast_convert_files {
}
function icecast_add_file_to_playlist {
files_dir=${1}
if [ ! -d $files_dir ]; then
files_dir="${1}"
if [ ! -d "$files_dir" ]; then
return
fi
echo $'Adding ogg files to playlist'
find $files_dir -type f -name '*.ogg' -print0 | while read -d $'\0' file; do
find "$files_dir" -type f -name '*.ogg' -print0 | while read -r -d $'\0' file; do
if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
echo "$file" >> $ICECAST_PLAYLIST_FILE
fi
done
echo $'Adding ogv files to playlist'
find $files_dir -type f -name '*.ogv' -print0 | while read -d $'\0' file; do
find "$files_dir" -type f -name '*.ogv' -print0 | while read -r -d $'\0' file; do
if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
echo "$file" >> $ICECAST_PLAYLIST_FILE
fi
@ -178,14 +178,14 @@ function icecast_add_file_to_playlist {
}
function icecast_import_from_directory {
data=$(tempfile 2>/dev/null)
dialog --title "Choose a directory containing stream files" --dselect /home/$MY_USERNAME/ 30 60 2> $data
selected_dir=$(cat $data)
rm $data
data=$(mktemp 2>/dev/null)
dialog --title "Choose a directory containing stream files" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
selected_dir=$(cat "$data")
rm -f "$data"
if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then
return
fi
if [ ! -d $selected_dir ]; then
if [ ! -d "$selected_dir" ]; then
return
fi
if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@ -201,7 +201,7 @@ function icecast_import_from_directory {
dialog --title $"Import stream files directory into Icecast" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nImport the directory:\n\n $selected_dir" 12 75
--yesno $"\\nImport the directory:\\n\\n $selected_dir" 12 75
sel=$?
case $sel in
1) return;;
@ -215,8 +215,8 @@ function icecast_import_from_directory {
dest_dir=$(basename "$selected_dir")
mv "$selected_dir" $ICECAST_DIR
icecast_convert_files $ICECAST_DIR/$dest_dir
icecast_add_file_to_playlist $ICECAST_DIR/$dest_dir
icecast_convert_files "$ICECAST_DIR/$dest_dir"
icecast_add_file_to_playlist "$ICECAST_DIR/$dest_dir"
dialog --title $"Import stream files directory into Icecast" \
--msgbox $"Import success" 6 40
@ -226,18 +226,18 @@ function icecast_import_from_usb {
clear
detect_usb_drive
if [ ! -b $USB_DRIVE ]; then
if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50
return
fi
backup_mount_drive ${USB_DRIVE}
if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
backup_mount_drive "${USB_DRIVE}"
if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50
backup_unmount_drive ${USB_DRIVE}
backup_unmount_drive "${USB_DRIVE}"
fi
cp -ru $USB_MOUNT$ICECAST_DIR/* $ICECAST_DIR
backup_unmount_drive ${USB_DRIVE}
cp -ru "$USB_MOUNT$ICECAST_DIR/*" $ICECAST_DIR
backup_unmount_drive "${USB_DRIVE}"
icecast_convert_files $ICECAST_DIR
dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
}
@ -246,40 +246,41 @@ function icecast_export_to_usb {
clear
detect_usb_drive
if [ ! -b $USB_DRIVE ]; then
if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50
return
fi
backup_mount_drive ${USB_DRIVE}
if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
mkdir -p $USB_MOUNT$ICECAST_DIR
backup_mount_drive "${USB_DRIVE}"
if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
mkdir -p "$USB_MOUNT$ICECAST_DIR"
fi
cp -ru $ICECAST_DIR/* $USB_MOUNT$ICECAST_DIR
backup_unmount_drive ${USB_DRIVE}
cp -ru "$ICECAST_DIR/*" "$USB_MOUNT$ICECAST_DIR"
backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
}
function icecast_format_drive {
detect_usb_drive
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nPlease confirm that you wish to format drive\n\n ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
--yesno $"\\nPlease confirm that you wish to format drive\\n\\n ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
rm $data
rm -f "$data"
clear
echo ''
echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
echo ''
${PROJECT_NAME}-format $USB_DRIVE
"${PROJECT_NAME}-format" "$USB_DRIVE"
dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50
}
@ -290,42 +291,41 @@ function icecast_edit_playlist {
}
function icecast_change_login {
read_config_param $MY_USERNAME
ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
read_config_param "$MY_USERNAME"
ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Change Icecast stream visitor login" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>$data
--inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>"$data"
sel=$?
case $sel in
0) ICECAST_USER_PASSWORD=$(<$data)
0) ICECAST_USER_PASSWORD=$(<"$data")
if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then
if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p $ICECAST_USER_PASSWORD
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
dialog --title $"Change Icecast stream visitor login" \
--msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75
fi
fi
;;
esac
rm $data
rm -f "$data"
}
function icecast_enable_login {
dialog --title $"Enable Icecast login" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nDo you want to add a login so that random web users can't access your stream?" 10 60
--yesno $"\\nDo you want to add a login so that random web users can't access your stream?" 10 60
sel=$?
case $sel in
0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then
sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast
systemctl restart nginx
fi
read_config_param $MY_USERNAME
ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
read_config_param "$MY_USERNAME"
ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
dialog --title $"Enable Icecast login" \
--msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65
ICECAST_USER_PASSWORD=
@ -341,23 +341,24 @@ function icecast_enable_login {
}
function icecast_set_stream_name {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Change Icecast stream details" \
--form "\n" 8 60 4 \
--form "\\n" 8 60 4 \
$"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \
$"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \
$"Genre:" 3 1 "Example genre" 3 18 40 1000 \
2> $data
2> "$data"
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
stream_name=$(cat $data | sed -n 1p)
stream_description=$(cat $data | sed -n 2p)
stream_genre=$(cat $data | sed -n 3p)
stream_name=$(sed -n 1p < "$data")
stream_description=$(sed -n 2p < "$data")
stream_genre=$(sed -n 3p < "$data")
if [ ${#stream_name} -gt 2 ]; then
sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml
fi
@ -367,42 +368,41 @@ function icecast_set_stream_name {
if [ ${#stream_genre} -gt 2 ]; then
sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml
fi
rm $data
rm -f "$data"
stop_icecast
start_icecast
}
function icecast_set_maximum_streams {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Set the maximum clients" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Maximum number of clients" 8 40 "10" 2>$data
--inputbox $"Maximum number of clients" 8 40 "10" 2>"$data"
sel=$?
case $sel in
0)
max_clients=$(<$data)
max_clients=$(<"$data")
if [ ${#max_clients} -gt 0 ]; then
if [[ "$max_clients" != *' '* ]]; then
if [[ $max_clients =~ '^[0-9]+$' ]] ; then
# shellcheck disable=SC2076
if [[ "$max_clients" =~ '^[0-9]+$' ]] ; then
sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml
stop_icecast
start_icecast
dialog --title $"Set the maximum clients" \
--msgbox $"\nMaximum Icecast clients was set to ${max_clients}" 8 50
--msgbox $"\\nMaximum Icecast clients was set to ${max_clients}" 8 50
fi
fi
fi
;;
esac
rm $data
rm -f "$data"
}
function configure_interactive_icecast {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Icecast" \
--radiolist $"Choose an operation:" 19 70 12 \
@ -417,13 +417,15 @@ function configure_interactive_icecast {
9 $"Restart stream" off \
10 $"Set Stream Name/Description/Genre" off \
11 $"Set maximum number of clients/streams" off \
12 $"Exit" on 2> $data
12 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
1) rm -f "$data"
break;;
255) rm -f "$data"
break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) icecast_import_from_directory;;
2) icecast_import_from_usb;;
3) icecast_format_drive;;
@ -440,8 +442,10 @@ function configure_interactive_icecast {
start_icecast;;
10) icecast_set_stream_name;;
11) icecast_set_maximum_streams;;
12) break;;
12) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -556,7 +560,7 @@ function remove_icecast {
fi
function_check remove_onion_service
remove_onion_service icecast ${ICECAST_ONION_PORT}
sed -i '/icecast/d' $COMPLETION_FILE
sed -i '/icecast/d' "$COMPLETION_FILE"
}
function install_icecast {
@ -572,11 +576,11 @@ function install_icecast {
exit 7923528
fi
if [ ! ${ICECAST_PASSWORD} ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
ICECAST_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ ! "${ICECAST_PASSWORD}" ]; then
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
ICECAST_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
ICECAST_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
ICECAST_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
@ -600,22 +604,22 @@ function install_icecast {
fi
icecast_nginx_site=/etc/nginx/sites-available/icecast
echo 'server {' > $icecast_nginx_site
echo " listen 127.0.0.1:$ICECAST_ONION_PORT default_server;" >> $icecast_nginx_site
echo " server_name $ICECAST_ONION_HOSTNAME;" >> $icecast_nginx_site
echo '' >> $icecast_nginx_site
echo ' # Logs' >> $icecast_nginx_site
echo ' access_log /dev/null;' >> $icecast_nginx_site
echo ' error_log /dev/null;' >> $icecast_nginx_site
echo '' >> $icecast_nginx_site
echo ' location / {' >> $icecast_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$ICECAST_ONION_PORT default_server;";
echo " server_name $ICECAST_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' location / {'; } > $icecast_nginx_site
function_check nginx_limits
nginx_limits $ICECAST_ONION_HOSTNAME '15m'
echo " proxy_pass http://localhost:$ICECAST_PORT;" >> $icecast_nginx_site
echo " #auth_basic \"${ICECAST_LOGIN_TEXT}\";" >> $icecast_nginx_site
echo ' #auth_basic_user_file /etc/nginx/.icepasswd;' >> $icecast_nginx_site
echo ' }' >> $icecast_nginx_site
echo '}' >> $icecast_nginx_site
nginx_limits "$ICECAST_ONION_HOSTNAME" '15m'
{ echo " proxy_pass http://localhost:$ICECAST_PORT;";
echo " #auth_basic \"${ICECAST_LOGIN_TEXT}\";";
echo ' #auth_basic_user_file /etc/nginx/.icepasswd;';
echo ' }';
echo '}'; } >> $icecast_nginx_site
if [ ! -d /var/log/ices ]; then
mkdir -p /var/log/ices
@ -624,105 +628,105 @@ function install_icecast {
mkdir -p /etc/ices2
fi
echo '<?xml version="1.0"?>' > /etc/ices2/ices-playlist.xml
echo '<ices>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- run in background -->' >> /etc/ices2/ices-playlist.xml
echo ' <background>1</background>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- where logs, etc go. -->' >> /etc/ices2/ices-playlist.xml
echo ' <logpath>/var/log/ices</logpath>' >> /etc/ices2/ices-playlist.xml
echo ' <logfile>ices.log</logfile>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- 1=error,2=warn,3=info,4=debug -->' >> /etc/ices2/ices-playlist.xml
echo ' <loglevel>1</loglevel>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- set this to 1 to log to the console instead of to the file above -->' >> /etc/ices2/ices-playlist.xml
echo ' <consolelog>0</consolelog>' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <!-- optional filename to write process id to -->' >> /etc/ices2/ices-playlist.xml
echo ' <!-- <pidfile>/home/ices/ices.pid</pidfile> -->' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <stream>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- metadata used for stream listing (not currently used) -->' >> /etc/ices2/ices-playlist.xml
echo ' <metadata>' >> /etc/ices2/ices-playlist.xml
echo ' <name>Example stream name</name>' >> /etc/ices2/ices-playlist.xml
echo ' <genre>Example genre</genre>' >> /etc/ices2/ices-playlist.xml
echo ' <description>A short description of your stream</description>' >> /etc/ices2/ices-playlist.xml
echo ' </metadata>' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <!-- input module' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' The module used here is the playlist module - it has ' >> /etc/ices2/ices-playlist.xml
echo ' "submodules" for different types of playlist. There are' >> /etc/ices2/ices-playlist.xml
echo ' two currently implemented, "basic", which is a simple' >> /etc/ices2/ices-playlist.xml
echo ' file-based playlist, and "script" which invokes a command' >> /etc/ices2/ices-playlist.xml
echo ' to returns a filename to start playing. -->' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <input>' >> /etc/ices2/ices-playlist.xml
echo ' <module>playlist</module>' >> /etc/ices2/ices-playlist.xml
echo ' <param name="type">basic</param>' >> /etc/ices2/ices-playlist.xml
echo " <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>" >> /etc/ices2/ices-playlist.xml
echo ' <!-- random play -->' >> /etc/ices2/ices-playlist.xml
echo ' <param name="random">0</param>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- if the playlist get updated that start at the beginning -->' >> /etc/ices2/ices-playlist.xml
echo ' <param name="restart-after-reread">0</param>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- if set to 1 , plays once through, then exits. -->' >> /etc/ices2/ices-playlist.xml
echo ' <param name="once">0</param>' >> /etc/ices2/ices-playlist.xml
echo ' </input>' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <!-- Stream instance' >> /etc/ices2/ices-playlist.xml
echo ' You may have one or more instances here. This allows you to ' >> /etc/ices2/ices-playlist.xml
echo ' send the same input data to one or more servers (or to different' >> /etc/ices2/ices-playlist.xml
echo ' mountpoints on the same server). Each of them can have different' >> /etc/ices2/ices-playlist.xml
echo ' parameters. This is primarily useful for a) relaying to multiple' >> /etc/ices2/ices-playlist.xml
echo ' independent servers, and b) encoding/reencoding to multiple' >> /etc/ices2/ices-playlist.xml
echo ' bitrates.' >> /etc/ices2/ices-playlist.xml
echo ' If one instance fails (for example, the associated server goes' >> /etc/ices2/ices-playlist.xml
echo ' down, etc), the others will continue to function correctly.' >> /etc/ices2/ices-playlist.xml
echo ' This example defines two instances as two mountpoints on the' >> /etc/ices2/ices-playlist.xml
echo ' same server. -->' >> /etc/ices2/ices-playlist.xml
echo ' <instance>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- Server details:' >> /etc/ices2/ices-playlist.xml
echo ' You define hostname and port for the server here, along with' >> /etc/ices2/ices-playlist.xml
echo ' the source password and mountpoint. -->' >> /etc/ices2/ices-playlist.xml
echo ' <hostname>localhost</hostname>' >> /etc/ices2/ices-playlist.xml
echo " <port>$ICECAST_PORT</port>" >> /etc/ices2/ices-playlist.xml
echo " <password>$ICECAST_PASSWORD</password>" >> /etc/ices2/ices-playlist.xml
echo ' <mount>/example1.ogg</mount>' >> /etc/ices2/ices-playlist.xml
echo ' <!-- Reconnect parameters:' >> /etc/ices2/ices-playlist.xml
echo ' When something goes wrong (e.g. the server crashes, or the' >> /etc/ices2/ices-playlist.xml
echo ' network drops) and ices disconnects from the server, these' >> /etc/ices2/ices-playlist.xml
echo ' control how often it tries to reconnect, and how many times' >> /etc/ices2/ices-playlist.xml
echo ' it tries to reconnect. Delay is in seconds.' >> /etc/ices2/ices-playlist.xml
echo ' If you set reconnectattempts to -1, it will continue ' >> /etc/ices2/ices-playlist.xml
echo ' indefinately. Suggest setting reconnectdelay to a large value' >> /etc/ices2/ices-playlist.xml
echo ' if you do this.' >> /etc/ices2/ices-playlist.xml
echo ' -->' >> /etc/ices2/ices-playlist.xml
echo ' <reconnectdelay>2</reconnectdelay>' >> /etc/ices2/ices-playlist.xml
echo ' <reconnectattempts>5</reconnectattempts> ' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <!-- maxqueuelength:' >> /etc/ices2/ices-playlist.xml
echo ' This describes how long the internal data queues may be. This' >> /etc/ices2/ices-playlist.xml
echo ' basically lets you control how much data gets buffered before' >> /etc/ices2/ices-playlist.xml
echo ' ices decides it cant send to the server fast enough, and ' >> /etc/ices2/ices-playlist.xml
echo ' either shuts down or flushes the queue (dropping the data)' >> /etc/ices2/ices-playlist.xml
echo ' and continues. ' >> /etc/ices2/ices-playlist.xml
echo ' For advanced users only.' >> /etc/ices2/ices-playlist.xml
echo ' -->' >> /etc/ices2/ices-playlist.xml
echo ' <maxqueuelength>80</maxqueuelength>' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' <!-- Live encoding/reencoding:' >> /etc/ices2/ices-playlist.xml
echo ' Currrently, the parameters given here for encoding MUST' >> /etc/ices2/ices-playlist.xml
echo ' match the input data for channels and sample rate. That ' >> /etc/ices2/ices-playlist.xml
echo ' restriction will be relaxed in the future.' >> /etc/ices2/ices-playlist.xml
echo ' Remove this section if you dont want your files getting reencoded.' >> /etc/ices2/ices-playlist.xml
echo ' -->' >> /etc/ices2/ices-playlist.xml
echo ' <encode> ' >> /etc/ices2/ices-playlist.xml
echo ' <nominal-bitrate>64000</nominal-bitrate>' >> /etc/ices2/ices-playlist.xml
echo ' <samplerate>22050</samplerate>' >> /etc/ices2/ices-playlist.xml
echo ' <channels>1</channels>' >> /etc/ices2/ices-playlist.xml
echo ' </encode>' >> /etc/ices2/ices-playlist.xml
echo ' </instance>' >> /etc/ices2/ices-playlist.xml
echo '' >> /etc/ices2/ices-playlist.xml
echo ' </stream>' >> /etc/ices2/ices-playlist.xml
echo '</ices>' >> /etc/ices2/ices-playlist.xml
{ echo '<?xml version="1.0"?>';
echo '<ices>';
echo ' <!-- run in background -->';
echo ' <background>1</background>';
echo ' <!-- where logs, etc go. -->';
echo ' <logpath>/var/log/ices</logpath>';
echo ' <logfile>ices.log</logfile>';
echo ' <!-- 1=error,2=warn,3=info,4=debug -->';
echo ' <loglevel>1</loglevel>';
echo ' <!-- set this to 1 to log to the console instead of to the file above -->';
echo ' <consolelog>0</consolelog>';
echo '';
echo ' <!-- optional filename to write process id to -->';
echo ' <!-- <pidfile>/home/ices/ices.pid</pidfile> -->';
echo '';
echo ' <stream>';
echo ' <!-- metadata used for stream listing (not currently used) -->';
echo ' <metadata>';
echo ' <name>Example stream name</name>';
echo ' <genre>Example genre</genre>';
echo ' <description>A short description of your stream</description>';
echo ' </metadata>';
echo '';
echo ' <!-- input module';
echo '';
echo ' The module used here is the playlist module - it has ';
echo ' "submodules" for different types of playlist. There are';
echo ' two currently implemented, "basic", which is a simple';
echo ' file-based playlist, and "script" which invokes a command';
echo ' to returns a filename to start playing. -->';
echo '';
echo ' <input>';
echo ' <module>playlist</module>';
echo ' <param name="type">basic</param>';
echo " <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>";
echo ' <!-- random play -->';
echo ' <param name="random">0</param>';
echo ' <!-- if the playlist get updated that start at the beginning -->';
echo ' <param name="restart-after-reread">0</param>';
echo ' <!-- if set to 1 , plays once through, then exits. -->';
echo ' <param name="once">0</param>';
echo ' </input>';
echo '';
echo ' <!-- Stream instance';
echo ' You may have one or more instances here. This allows you to ';
echo ' send the same input data to one or more servers (or to different';
echo ' mountpoints on the same server). Each of them can have different';
echo ' parameters. This is primarily useful for a) relaying to multiple';
echo ' independent servers, and b) encoding/reencoding to multiple';
echo ' bitrates.';
echo ' If one instance fails (for example, the associated server goes';
echo ' down, etc), the others will continue to function correctly.';
echo ' This example defines two instances as two mountpoints on the';
echo ' same server. -->';
echo ' <instance>';
echo ' <!-- Server details:';
echo ' You define hostname and port for the server here, along with';
echo ' the source password and mountpoint. -->';
echo ' <hostname>localhost</hostname>';
echo " <port>$ICECAST_PORT</port>";
echo " <password>$ICECAST_PASSWORD</password>";
echo ' <mount>/example1.ogg</mount>';
echo ' <!-- Reconnect parameters:';
echo ' When something goes wrong (e.g. the server crashes, or the';
echo ' network drops) and ices disconnects from the server, these';
echo ' control how often it tries to reconnect, and how many times';
echo ' it tries to reconnect. Delay is in seconds.';
echo ' If you set reconnectattempts to -1, it will continue ';
echo ' indefinately. Suggest setting reconnectdelay to a large value';
echo ' if you do this.';
echo ' -->';
echo ' <reconnectdelay>2</reconnectdelay>';
echo ' <reconnectattempts>5</reconnectattempts> ';
echo '';
echo ' <!-- maxqueuelength:';
echo ' This describes how long the internal data queues may be. This';
echo ' basically lets you control how much data gets buffered before';
echo ' ices decides it cant send to the server fast enough, and ';
echo ' either shuts down or flushes the queue (dropping the data)';
echo ' and continues. ';
echo ' For advanced users only.';
echo ' -->';
echo ' <maxqueuelength>80</maxqueuelength>';
echo '';
echo ' <!-- Live encoding/reencoding:';
echo ' Currrently, the parameters given here for encoding MUST';
echo ' match the input data for channels and sample rate. That ';
echo ' restriction will be relaxed in the future.';
echo ' Remove this section if you dont want your files getting reencoded.';
echo ' -->';
echo ' <encode> ';
echo ' <nominal-bitrate>64000</nominal-bitrate>';
echo ' <samplerate>22050</samplerate>';
echo ' <channels>1</channels>';
echo ' </encode>';
echo ' </instance>';
echo '';
echo ' </stream>';
echo '</ices>'; } > /etc/ices2/ices-playlist.xml
sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2
@ -733,18 +737,18 @@ function install_icecast {
# create a password for users
ICECAST_USER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
ICECAST_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then
sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd
fi
echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd $MY_USERNAME
echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd "$MY_USERNAME"
if [ ! -f /etc/nginx/.icepasswd ]; then
echo $'/etc/nginx/.icepasswd not found'
exit 73528235
fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecast -p "$ICECAST_PASSWORD"
${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p "$ICECAST_USER_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecast -p "$ICECAST_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
groupadd icecast
useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2

284
src/freedombone-app-ipfs
View File

@ -76,7 +76,7 @@ function upgrade_ipfs_go {
fi
function_check set_repo_commit
set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
set_repo_commit "$GOPATH/src/github.com/ipfs/go-ipfs" "ipfs commit" "$IPFS_COMMIT" "$IPFS_REPO"
}
function upgrade_ipfs_js {
@ -97,33 +97,34 @@ function upgrade_ipfs {
}
function backup_local_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then
if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return
fi
ADMIN_USERNAME=$(get_completion_param "Admin user")
source_directory=/home/$ADMIN_USERNAME/.ipfs
if [ -d $source_directory ]; then
source_directory="/home/$ADMIN_USERNAME/.ipfs"
if [ -d "$source_directory" ]; then
dest_directory=ipfs
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
fi
}
function restore_local_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then
if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return
fi
if [ -d $USB_MOUNT/backup/ipfs ]; then
if [ -d "$USB_MOUNT/backup/ipfs" ]; then
echo $"Restoring IPFS"
temp_restore_dir=/root/tempipfs
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir ipfs
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
else
cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir
function_check set_user_permissions
@ -138,28 +139,29 @@ function restore_local_ipfs {
}
function backup_remote_ipfs {
if ! grep -q "Admin user" $COMPLETION_FILE; then
if ! grep -q "Admin user" "$COMPLETION_FILE"; then
return
fi
ADMIN_USERNAME=$(get_completion_param "Admin user")
if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
if [ -d "/home/$ADMIN_USERNAME/.ipfs" ]; then
echo $"Backing up IPFS"
backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
backup_directory_to_friend "/home/$ADMIN_USERNAME/.ipfs" ipfs
echo $"Backup of IPFS complete"
fi
}
function restore_remote_ipfs {
if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
if [ -d "$SERVER_DIRECTORY/backup/ipfs" ]; then
echo $"Restoring IPFS"
temp_restore_dir=/root/tempipfs
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir ipfs
if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
else
cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
@ -177,11 +179,11 @@ function remove_ipfs_go {
systemctl daemon-reload
rm /etc/systemd/system/ipfs.service
systemctl daemon-reload
rm -rf $GOPATH/src/github.com/ipfs
rm -rf "$GOPATH/src/github.com/ipfs"
firewall_remove $IPFS_PORT tcp
remove_completion_param install_ipfs
remove_completion_param configure_firewall_for_ipfs
sed -i '/ipfs/d' $COMPLETION_FILE
sed -i '/ipfs/d' "$COMPLETION_FILE"
}
function remove_ipfs_js {
@ -194,9 +196,9 @@ function remove_ipfs_js {
npm uninstall ronin --global
firewall_remove $IPFS_PORT tcp
sed -i '/install_ipfs/d' $COMPLETION_FILE
sed -i '/ipfs/d' $COMPLETION_FILE
sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
sed -i '/install_ipfs/d' "$COMPLETION_FILE"
sed -i '/ipfs/d' "$COMPLETION_FILE"
sed -i '/configure_firewall_for_ipfs/d' "$COMPLETION_FILE"
}
function remove_ipfs {
@ -221,14 +223,15 @@ function mesh_install_ipfs_js {
return
fi
chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
# shellcheck disable=SC2154
chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse
if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
echo $'nodejs was not installed'
exit 63962
fi
cat <<EOF > ${rootdir}/root/install-ipfs.sh
cat <<EOF > "${rootdir}/root/install-ipfs.sh"
#!/bin/bash
PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin"
NODE_PATH="/usr/lib/node_modules"
@ -241,57 +244,57 @@ npm install -g ronin@${IPFS_JS_RONIN_VERSION} --save
npm install -g ipfs@${IPFS_JS_VERSION} --save
exit 0
EOF
chroot ${rootdir} /bin/chmod +x /root/install-ipfs.sh
chroot ${rootdir} /root/install-ipfs.sh
rm -f ${rootdir}/root/install-ipfs.sh
chroot "${rootdir}" /bin/chmod +x /root/install-ipfs.sh
chroot "${rootdir}" /root/install-ipfs.sh
rm -f "${rootdir}/root/install-ipfs.sh"
IPFS_PATH=/usr/bin
if [ ! -f ${rootdir}$IPFS_PATH/jsipfs ]; then
if [ ! -f "${rootdir}$IPFS_PATH/jsipfs" ]; then
exit 637292
fi
# directories to mount to
if [ ! -d ${rootdir}/ipfs ]; then
chroot ${rootdir} /bin/mkdir /ipfs
chroot ${rootdir} /bin/mkdir /ipns
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipfs
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipns
if [ ! -d "${rootdir}/ipfs" ]; then
chroot "${rootdir}" /bin/mkdir /ipfs
chroot "${rootdir}" /bin/mkdir /ipns
chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi
if [ -f ${rootdir}/etc/fuse.conf ]; then
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
if [ -f "${rootdir}/etc/fuse.conf" ]; then
chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi
if [ -f ${rootdir}/dev/fuse ]; then
chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /dev/fuse
if [ -f "${rootdir}/dev/fuse" ]; then
chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi
IPFS_DAEMON_NAME=ipfs
IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service
echo '[Unit]' > $IPFS_DAEMON_FILE
echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
echo 'After=network.target' >> $IPFS_DAEMON_FILE
echo '' >> $IPFS_DAEMON_FILE
echo '[Service]' >> $IPFS_DAEMON_FILE
echo 'Type=simple' >> $IPFS_DAEMON_FILE
echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
echo '' >> $IPFS_DAEMON_FILE
echo '[Install]' >> $IPFS_DAEMON_FILE
echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
{ echo '[Unit]';
echo 'Description=IPFS javascript daemon';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$IPFS_DAEMON_FILE"
chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
chroot "${rootdir}" systemctl enable ${IPFS_DAEMON_NAME}
mark_completed "${FUNCNAME[0]}"
}
function install_ipfs_js {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_install_ipfs_js
return
fi
@ -321,8 +324,8 @@ function install_ipfs_js {
fi
# initialise
su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - $MY_USERNAME
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - "$MY_USERNAME"
if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358
fi
@ -331,35 +334,35 @@ function install_ipfs_js {
if [ ! -d /ipfs ]; then
mkdir /ipfs
mkdir /ipns
chown $MY_USERNAME:$MY_USERNAME /ipfs
chown $MY_USERNAME:$MY_USERNAME /ipns
chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi
if [ -f /etc/fuse.conf ]; then
chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi
if [ -f /dev/fuse ]; then
chown $MY_USERNAME:$MY_USERNAME /dev/fuse
chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi
IPFS_DAEMON_NAME=ipfs
IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service
echo '[Unit]' > $IPFS_DAEMON_FILE
echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
echo 'After=network.target' >> $IPFS_DAEMON_FILE
echo '' >> $IPFS_DAEMON_FILE
echo '[Service]' >> $IPFS_DAEMON_FILE
echo 'Type=simple' >> $IPFS_DAEMON_FILE
echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
echo '' >> $IPFS_DAEMON_FILE
echo '[Install]' >> $IPFS_DAEMON_FILE
echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
{ echo '[Unit]';
echo 'Description=IPFS javascript daemon';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > $IPFS_DAEMON_FILE
systemctl enable ${IPFS_DAEMON_NAME}
systemctl daemon-reload
@ -387,17 +390,17 @@ function install_ipfs_js {
}
function mesh_install_ipfs_go {
chroot ${rootdir} apt-get -yq install libpam0g-dev fuse wget
chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse wget
mesh_upgrade_golang
IPFS_ARCH=
IPFS_PATH=/usr/bin
if [ ! -d $rootdir$INSTALL_DIR/ipfs ]; then
mkdir -p $rootdir$INSTALL_DIR/ipfs
if [ ! -d "$rootdir$INSTALL_DIR/ipfs" ]; then
mkdir -p "$rootdir$INSTALL_DIR/ipfs"
fi
cd $rootdir$INSTALL_DIR/ipfs
cd "$rootdir$INSTALL_DIR/ipfs" || exit 23468264
if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
IPFS_ARCH=386
@ -431,42 +434,42 @@ function mesh_install_ipfs_go {
IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz
wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE}
if [ ! -f $rootdir$INSTALL_DIR/ipfs/${IPFS_FILE} ]; then
if [ ! -f "$rootdir$INSTALL_DIR/ipfs/${IPFS_FILE}" ]; then
echo $'IPFS package could not be downloaded'
exit 63725
fi
tar -xzvf ${IPFS_FILE}
if [ ! -f $rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs ]; then
if [ ! -f "$rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs" ]; then
echo $"ipfs was not found in downloaded package"
exit 638235
fi
chroot "$rootdir" /bin/cp $INSTALL_DIR/ipfs/go-ipfs/ipfs $IPFS_PATH
if [ ! -f $rootdir$IPFS_PATH/ipfs ]; then
chroot "$rootdir" /bin/cp "$INSTALL_DIR/ipfs/go-ipfs/ipfs" $IPFS_PATH
if [ ! -f "$rootdir$IPFS_PATH/ipfs" ]; then
echo $'IPFS was not installed'
exit 63722
fi
IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service
mkdir -p ${rootdir}/home/${MY_USERNAME}/.config/systemd/user
mkdir -p "${rootdir}/home/${MY_USERNAME}/.config/systemd/user"
echo '[Unit]' > $IPFS_USER_DAEMON
echo 'Description=IPFS go daemon' >> $IPFS_USER_DAEMON
echo 'After=syslog.target' >> $IPFS_USER_DAEMON
echo 'After=network.target' >> $IPFS_USER_DAEMON
echo '' >> $IPFS_USER_DAEMON
echo '[Service]' >> $IPFS_USER_DAEMON
echo 'Type=simple' >> $IPFS_USER_DAEMON
echo "ExecStart=$IPFS_PATH/ipfs daemon" >> $IPFS_USER_DAEMON
echo 'Restart=on-failure' >> $IPFS_USER_DAEMON
echo 'RestartSec=60' >> $IPFS_USER_DAEMON
echo '' >> $IPFS_USER_DAEMON
echo '[Install]' >> $IPFS_USER_DAEMON
echo 'WantedBy=default.target' >> $IPFS_USER_DAEMON
chroot ${rootdir} /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/${MY_USERNAME}/.config
{ echo '[Unit]';
echo 'Description=IPFS go daemon';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo "ExecStart=$IPFS_PATH/ipfs daemon";
echo 'Restart=on-failure';
echo 'RestartSec=60';
echo '';
echo '[Install]';
echo 'WantedBy=default.target'; } > "$IPFS_USER_DAEMON"
chroot "${rootdir}" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/${MY_USERNAME}/.config"
}
function install_ipfs_go {
if [ $INSTALLING_MESH ]; then
if [ "$INSTALLING_MESH" ]; then
mesh_install_ipfs_go
return
fi
@ -490,61 +493,58 @@ function install_ipfs_go {
else
sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
fi
systemctl set-environment GOPATH=$GOPATH
systemctl set-environment GOPATH="$GOPATH"
if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
else
sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
fi
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
if [ ! -d "$GOPATH" ]; then
mkdir -p "$GOPATH"
fi
fi
IPFS_PATH=$GOPATH/bin
export PATH="$GOPATH/bin:$PATH:"
if ! grep -q 'GOPATH/bin' ~/.bashrc; then
echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> ~/.bashrc
else
sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
fi
# set gopath for the user
if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
if ! grep -q "GOPATH=" "/home/$MY_USERNAME/.bashrc"; then
echo "export GOPATH=$GOPATH" >> "/home/$MY_USERNAME/.bashrc"
echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> "/home/$MY_USERNAME/.bashrc"
else
sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" "/home/$MY_USERNAME/.bashrc"
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.bashrc"
go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs
if [ ! "$?" = "0" ]; then
if ! go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs; then
exit 8242
fi
if [ ! -d $GOPATH/src/$IPFS_GO_REPO_BASE ]; then
if [ ! -d "$GOPATH/src/$IPFS_GO_REPO_BASE" ]; then
echo $'go get failed to get ipfs'
exit 63923
fi
cd $GOPATH/src/$IPFS_GO_REPO_BASE
git checkout $IPFS_COMMIT -b $IPFS_COMMIT
if [ ! "$?" = "0" ]; then
cd "$GOPATH/src/$IPFS_GO_REPO_BASE" || exit 346824
if ! git checkout $IPFS_COMMIT -b $IPFS_COMMIT; then
exit 735639
fi
set_completion_param "ipfs commit" "$IPFS_COMMIT"
make install
if [ ! "$?" = "0" ]; then
if ! make install; then
exit 547242
fi
# initialise
chmod 755 $IPFS_PATH/ipfs
su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
chmod 755 "$IPFS_PATH/ipfs"
su -c "$IPFS_PATH/ipfs init -b 2048" - "$MY_USERNAME"
if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
echo "IPFS could not be initialised for user $MY_USERNAME"
exit 7358
fi
@ -553,33 +553,33 @@ function install_ipfs_go {
if [ ! -d /ipfs ]; then
mkdir /ipfs
mkdir /ipns
chown $MY_USERNAME:$MY_USERNAME /ipfs
chown $MY_USERNAME:$MY_USERNAME /ipns
chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
chown "$MY_USERNAME":"$MY_USERNAME" /ipns
fi
if [ -f /etc/fuse.conf ]; then
chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
fi
if [ -f /dev/fuse ]; then
chown $MY_USERNAME:$MY_USERNAME /dev/fuse
chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
fi
echo '[Unit]' > /etc/systemd/system/ipfs.service
echo 'Description=IPFS go daemon' >> /etc/systemd/system/ipfs.service
echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
echo 'After=network.target' >> /etc/systemd/system/ipfs.service
echo '' >> /etc/systemd/system/ipfs.service
echo '[Service]' >> /etc/systemd/system/ipfs.service
echo 'Type=simple' >> /etc/systemd/system/ipfs.service
echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
echo '' >> /etc/systemd/system/ipfs.service
echo '[Install]' >> /etc/systemd/system/ipfs.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
{ echo '[Unit]';
echo 'Description=IPFS go daemon';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo "User=$MY_USERNAME";
echo "Group=$MY_USERNAME";
echo "WorkingDirectory=/home/$MY_USERNAME";
echo "ExecStart=$IPFS_PATH/ipfs daemon --mount";
echo 'Restart=on-failure';
echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"";
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ipfs.service
systemctl enable ipfs
systemctl daemon-reload

403
src/freedombone-app-irc
View File

@ -63,7 +63,7 @@ function logging_off_irc {
}
function irc_get_global_password {
echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
grep "Password =" /etc/ngircd/ngircd.conf | head -n 1 | awk -F '=' '{print $2}'
}
function start_irc_bouncer {
@ -93,70 +93,70 @@ function create_irssi_config {
new_name="$new_username"
fi
echo 'servers = (' > /home/${new_username}/.irssi/config
echo ' {' >> /home/${new_username}/.irssi/config
echo ' address = "chat.freenode.net";' >> /home/${new_username}/.irssi/config
echo ' chatnet = "Freenode";' >> /home/${new_username}/.irssi/config
echo ' port = "6667";' >> /home/${new_username}/.irssi/config
echo ' autoconnect = "no";' >> /home/${new_username}/.irssi/config
echo ' },' >> /home/${new_username}/.irssi/config
echo ' {' >> /home/${new_username}/.irssi/config
echo ' address = "irc.oftc.net";' >> /home/${new_username}/.irssi/config
echo ' chatnet = "OFTC";' >> /home/${new_username}/.irssi/config
echo ' port = "6667";' >> /home/${new_username}/.irssi/config
echo ' autoconnect = "no";' >> /home/${new_username}/.irssi/config
echo ' },' >> /home/${new_username}/.irssi/config
echo ' {' >> /home/${new_username}/.irssi/config
echo " address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config
echo ' ssl_verify = "no";' >> /home/${new_username}/.irssi/config
{ echo 'servers = (';
echo ' {';
echo ' address = "chat.freenode.net";';
echo ' chatnet = "Freenode";';
echo ' port = "6667";';
echo ' autoconnect = "no";';
echo ' },';
echo ' {';
echo ' address = "irc.oftc.net";';
echo ' chatnet = "OFTC";';
echo ' port = "6667";';
echo ' autoconnect = "no";';
echo ' },';
echo ' {';
echo " address = \"127.0.0.1\";";
echo ' ssl_verify = "no";'; } > "/home/${new_username}/.irssi/config"
if [[ ${ONION_ONLY} == 'no' ]]; then
echo ' use_ssl = "yes";' >> /home/${new_username}/.irssi/config
echo " port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config
echo ' use_ssl = "yes";' >> "/home/${new_username}/.irssi/config"
echo " port = \"${IRC_BOUNCER_PORT}\";" >> "/home/${new_username}/.irssi/config"
else
echo ' use_ssl = "no";' >> /home/${new_username}/.irssi/config
IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}')
echo " port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config
echo ' use_ssl = "no";' >> "/home/${new_username}/.irssi/config"
IRC_ONION_HOSTNAME=$(grep "irc onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}')
echo " port = \"${IRC_ONION_PORT}\";" >> "/home/${new_username}/.irssi/config"
fi
echo ' chatnet = "Freedombone";' >> /home/${new_username}/.irssi/config
echo ' autoconnect = "yes";' >> /home/${new_username}/.irssi/config
if [ ${IRC_PASSWORD} ]; then
echo " password = \"${IRC_PASSWORD}\";" >> /home/${new_username}/.irssi/config
echo ' chatnet = "Freedombone";' >> "/home/${new_username}/.irssi/config"
echo ' autoconnect = "yes";' >> "/home/${new_username}/.irssi/config"
if [ "${IRC_PASSWORD}" ]; then
echo " password = \"${IRC_PASSWORD}\";" >> "/home/${new_username}/.irssi/config"
fi
echo ' }' >> /home/${new_username}/.irssi/config
echo ');' >> /home/${new_username}/.irssi/config
echo '' >> /home/${new_username}/.irssi/config
echo 'chatnets = {' >> /home/${new_username}/.irssi/config
echo ' Freedombone = {' >> /home/${new_username}/.irssi/config
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config
echo ' max_msgs = "4";' >> /home/${new_username}/.irssi/config
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config
echo ' };' >> /home/${new_username}/.irssi/config
echo ' Freenode = {' >> /home/${new_username}/.irssi/config
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config
echo ' max_msgs = "4";' >> /home/${new_username}/.irssi/config
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config
echo ' };' >> /home/${new_username}/.irssi/config
echo ' OFTC = {' >> /home/${new_username}/.irssi/config
echo ' type = "IRC";' >> /home/${new_username}/.irssi/config
echo ' max_kicks = "1";' >> /home/${new_username}/.irssi/config
echo ' max_msgs = "1";' >> /home/${new_username}/.irssi/config
echo ' max_whois = "1";' >> /home/${new_username}/.irssi/config
echo ' };' >> /home/${new_username}/.irssi/config
echo '};' >> /home/${new_username}/.irssi/config
echo '' >> /home/${new_username}/.irssi/config
echo 'channels = (' >> /home/${new_username}/.irssi/config
echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/${new_username}/.irssi/config
echo ');' >> /home/${new_username}/.irssi/config
echo '' >> /home/${new_username}/.irssi/config
echo 'settings = {' >> /home/${new_username}/.irssi/config
echo " core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };" >> /home/${new_username}/.irssi/config
echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/${new_username}/.irssi/config
echo '};' >> /home/${new_username}/.irssi/config
echo 'ignores = ( { level = "CTCPS"; } );' >> /home/${new_username}/.irssi/config
{ echo ' }';
echo ');';
echo '';
echo 'chatnets = {';
echo ' Freedombone = {';
echo ' type = "IRC";';
echo ' max_kicks = "1";';
echo ' max_msgs = "4";';
echo ' max_whois = "1";';
echo ' };';
echo ' Freenode = {';
echo ' type = "IRC";';
echo ' max_kicks = "1";';
echo ' max_msgs = "4";';
echo ' max_whois = "1";';
echo ' };';
echo ' OFTC = {';
echo ' type = "IRC";';
echo ' max_kicks = "1";';
echo ' max_msgs = "1";';
echo ' max_whois = "1";';
echo ' };';
echo '};';
echo '';
echo 'channels = (';
echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },';
echo ');';
echo '';
echo 'settings = {';
echo " core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };";
echo ' "fe-text" = { actlist_sort = "refnum"; };';
echo '};';
echo 'ignores = ( { level = "CTCPS"; } );'; } >> "/home/${new_username}/.irssi/config"
chown -R ${new_username}:${new_username} /home/${new_username}/.irssi
chown -R "${new_username}":"${new_username}" "/home/${new_username}/.irssi"
}
function remove_user_irc_bouncer {
@ -172,14 +172,14 @@ function remove_user_irc_bouncer {
function remove_user_irc {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp irc
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp irc
remove_user_irc_bouncer ${remove_username}
if [ -d /home/${remove_username}/.irssi ]; then
rm -rf /home/${remove_username}/.irssi
remove_user_irc_bouncer "${remove_username}"
if [ -d "/home/${remove_username}/.irssi" ]; then
rm -rf "/home/${remove_username}/.irssi"
fi
if [ -d /home/${remove_username}/irclogs ]; then
rm -rf /home/${remove_username}/irclogs
if [ -d "/home/${remove_username}/irclogs" ]; then
rm -rf "/home/${remove_username}/irclogs"
fi
}
@ -192,9 +192,9 @@ function irc_set_global_password_base {
for d in /home/*/ ; do
IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then
if [ -f /home/${IRC_USERNAME}/.irssi/config ]; then
sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/${IRC_USERNAME}/.irssi/config
chown -R ${IRC_USERNAME}:${IRC_USERNAME} /home/${IRC_USERNAME}/.irssi
if [ -f "/home/${IRC_USERNAME}/.irssi/config" ]; then
sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" "/home/${IRC_USERNAME}/.irssi/config"
chown -R "${IRC_USERNAME}":"${IRC_USERNAME}" "/home/${IRC_USERNAME}/.irssi"
fi
fi
done
@ -217,11 +217,11 @@ function irc_set_global_password_base {
sed -i "s|Server = 127.0.0.1.*|Server = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf
# Update the password
${PROJECT_NAME}-pass -u $MY_USERNAME -a irc -p "$NEW_IRC_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a irc -p "$NEW_IRC_PASSWORD"
# matrix bridge to irc
if [ -f $INSTALL_DIR/matrix_irc_bridge/config.yaml ]; then
sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" $INSTALL_DIR/matrix_irc_bridge/config.yaml
if [ -f "$INSTALL_DIR/matrix_irc_bridge/config.yaml" ]; then
sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" "$INSTALL_DIR/matrix_irc_bridge/config.yaml"
systemctl restart matrix_irc_bridge
fi
@ -244,7 +244,7 @@ function add_user_irc_bouncer {
new_user_password=$(irc_get_global_password)
IRC_PASSWORD="$new_user_password"
is_admin='true'
if [ ! $3 ]; then
if [ ! "$3" ]; then
is_admin='false'
fi
@ -255,7 +255,7 @@ function add_user_irc_bouncer {
read_config_param IRC_PORT
read_config_param DEFAULT_DOMAIN_NAME
${PROJECT_NAME}-pass -u $new_username -a irc -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a irc -p "$new_user_password"
stop_irc_bouncer
@ -269,73 +269,73 @@ function add_user_irc_bouncer {
return
fi
echo "<User ${new_username}>" >> /home/znc/.znc/configs/znc.conf
echo " Admin = ${is_admin}" >> /home/znc/.znc/configs/znc.conf
echo " AltNick = ${new_username}_" >> /home/znc/.znc/configs/znc.conf
echo ' AppendTimestamp = false' >> /home/znc/.znc/configs/znc.conf
echo ' AutoClearChanBuffer = true' >> /home/znc/.znc/configs/znc.conf
echo ' AutoClearQueryBuffer = true' >> /home/znc/.znc/configs/znc.conf
echo " Buffer = ${IRC_BUFFER_LENGTH}" >> /home/znc/.znc/configs/znc.conf
echo ' DenyLoadMod = false' >> /home/znc/.znc/configs/znc.conf
echo ' DenySetBindHost = false' >> /home/znc/.znc/configs/znc.conf
echo " Ident = ${new_username}" >> /home/znc/.znc/configs/znc.conf
echo ' JoinTries = 10' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = controlpanel' >> /home/znc/.znc/configs/znc.conf
echo ' MaxJoins = 10' >> /home/znc/.znc/configs/znc.conf
echo ' MaxNetworks = 10' >> /home/znc/.znc/configs/znc.conf
echo ' MaxQueryBuffers = 50' >> /home/znc/.znc/configs/znc.conf
echo ' MultiClients = true' >> /home/znc/.znc/configs/znc.conf
echo " Nick = ${new_username}" >> /home/znc/.znc/configs/znc.conf
echo ' PrependTimestamp = true' >> /home/znc/.znc/configs/znc.conf
echo ' QuitMsg = Bye' >> /home/znc/.znc/configs/znc.conf
echo " RealName = ${new_username}" >> /home/znc/.znc/configs/znc.conf
echo ' StatusPrefix = *' >> /home/znc/.znc/configs/znc.conf
echo ' TimestampFormat = [%H:%M:%S]' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo " <Network ${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo " Server = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}" >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo " <Chan #${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
echo ' </Chan>' >> /home/znc/.znc/configs/znc.conf
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo ' <Network oftc>' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
echo ' FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
echo ' FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
echo ' IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
echo ' Server = irc.oftc.net 6697' >> /home/znc/.znc/configs/znc.conf
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo ' <Network freenode>' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
echo ' LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
echo ' FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
echo ' FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
echo ' IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
echo ' Server = irc.freenode.net 6697' >> /home/znc/.znc/configs/znc.conf
echo ' </Network>' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo ' <Pass password>' >> /home/znc/.znc/configs/znc.conf
echo " Hash = ${new_user_hash}" >> /home/znc/.znc/configs/znc.conf
echo ' Method = sha256' >> /home/znc/.znc/configs/znc.conf
echo " Salt = ${ZNC_SALT}" >> /home/znc/.znc/configs/znc.conf
echo ' </Pass>' >> /home/znc/.znc/configs/znc.conf
echo '</User>' >> /home/znc/.znc/configs/znc.conf
{ echo "<User ${new_username}>";
echo " Admin = ${is_admin}";
echo " AltNick = ${new_username}_";
echo ' AppendTimestamp = false';
echo ' AutoClearChanBuffer = true';
echo ' AutoClearQueryBuffer = true';
echo " Buffer = ${IRC_BUFFER_LENGTH}";
echo ' DenyLoadMod = false';
echo ' DenySetBindHost = false';
echo " Ident = ${new_username}";
echo ' JoinTries = 10';
echo ' LoadModule = chansaver';
echo ' LoadModule = controlpanel';
echo ' MaxJoins = 10';
echo ' MaxNetworks = 10';
echo ' MaxQueryBuffers = 50';
echo ' MultiClients = true';
echo " Nick = ${new_username}";
echo ' PrependTimestamp = true';
echo ' QuitMsg = Bye';
echo " RealName = ${new_username}";
echo ' StatusPrefix = *';
echo ' TimestampFormat = [%H:%M:%S]';
echo '';
echo " <Network ${PROJECT_NAME}>";
echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away';
echo '';
echo " Server = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}";
echo '';
echo " <Chan #${PROJECT_NAME}>";
echo ' </Chan>';
echo ' </Network>';
echo '';
echo ' <Network oftc>';
echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away';
echo ' FloodBurst = 4';
echo ' FloodRate = 1.00';
echo ' IRCConnectEnabled = true';
echo ' Server = irc.oftc.net 6697';
echo ' </Network>';
echo '';
echo ' <Network freenode>';
echo ' LoadModule = chansaver';
echo ' LoadModule = simple_away';
echo ' FloodBurst = 4';
echo ' FloodRate = 1.00';
echo ' IRCConnectEnabled = true';
echo ' Server = irc.freenode.net 6697';
echo ' </Network>';
echo '';
echo ' <Pass password>';
echo " Hash = ${new_user_hash}";
echo ' Method = sha256';
echo " Salt = ${ZNC_SALT}";
echo ' </Pass>';
echo '</User>'; } >> /home/znc/.znc/configs/znc.conf
mkdir -p /home/znc/.znc/users/${new_username}/moddata
mkdir -p /home/znc/.znc/users/${new_username}/networks
mkdir /home/znc/.znc/users/${new_username}/moddata/chanserver
mkdir /home/znc/.znc/users/${new_username}/moddata/controlpanel
mkdir /home/znc/.znc/users/${new_username}/moddata/perform
mkdir /home/znc/.znc/users/${new_username}/moddata/webadmin
mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver
mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away
mkdir -p "/home/znc/.znc/users/${new_username}/moddata"
mkdir -p "/home/znc/.znc/users/${new_username}/networks"
mkdir "/home/znc/.znc/users/${new_username}/moddata/chanserver"
mkdir "/home/znc/.znc/users/${new_username}/moddata/controlpanel"
mkdir "/home/znc/.znc/users/${new_username}/moddata/perform"
mkdir "/home/znc/.znc/users/${new_username}/moddata/webadmin"
mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver"
mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away"
mkdir -p /home/znc/.znc/moddata/webadmin
@ -353,8 +353,8 @@ function add_user_irc {
IRC_PASSWORD=
fi
if [ ! -d /home/${new_username}/.irssi ]; then
mkdir /home/${new_username}/.irssi
if [ ! -d "/home/${new_username}/.irssi" ]; then
mkdir "/home/${new_username}/.irssi"
fi
create_irssi_config "${new_username}"
@ -374,19 +374,21 @@ function irc_show_password {
function irc_set_global_password {
EXISTING_IRC_PASSWORD=$(irc_get_global_password)
data=$(mktemp 2>/dev/null)
dialog --title $"IRC Password" \
--clear \
--backtitle $"Freedombone Control Panel" \
--passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> $data
--passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> "$data"
sel=$?
case $sel in
0)
NEW_IRC_PASSWORD=$(<$data)
NEW_IRC_PASSWORD=$(<"$data")
irc_set_global_password_base "$NEW_IRC_PASSWORD"
dialog --title $"IRC Password" \
--msgbox $"The IRC password was changed" 6 40
;;
esac
rm -f "$data"
}
function configure_interactive_irc {
@ -398,24 +400,26 @@ function configure_interactive_irc {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"IRC Menu" \
--radiolist $"Choose an operation:" 14 70 4 \
1 $"Set a password for all IRC users" off \
2 $"Show current IRC login password" off \
3 $"Exit" on 2> $data
3 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
1) rm -f "$data"
break;;
255) rm -f "$data"
break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) irc_set_global_password;;
2) irc_show_password;;
3) break;;
esac
rm -f "$data"
done
}
@ -466,7 +470,7 @@ function remove_irc {
remove_onion_service irc ${IRC_ONION_PORT}
remove_completion_param install_irc
remove_completion_param configure_firewall_for_irc
sed -i '/IRC /d' ${COMPLETION_FILE}
sed -i '/IRC /d' "${COMPLETION_FILE}"
sed -i '/znc 2> /d' /etc/crontab
stop_irc_bouncer
if [ -d /home/znc ]; then
@ -496,7 +500,7 @@ function configure_firewall_for_irc {
save_firewall_settings
firewall_add IRC ${IRC_BOUNCER_PORT} tcp
echo 'configure_firewall_for_irc' >> ${COMPLETION_FILE}
echo 'configure_firewall_for_irc' >> "${COMPLETION_FILE}"
}
function install_irc_server {
@ -511,29 +515,29 @@ function install_irc_server {
fi
# obtain a cert for the default domain
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
fi
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "0" ]]; then
${PROJECT_NAME}-addcert -h ngircd --dhkey ${DH_KEYLENGTH}
if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
"${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
function_check check_certificates
check_certificates ngircd
fi
DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME}
IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
IRC_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
set_password_for_all_users irc "$IRC_PASSWORD"
echo '**************************************************' > /etc/ngircd/motd
echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
{ echo '**************************************************';
echo $'* F R E E D O M B O N E I R C *';
echo '* *';
echo $'* Freedom in the Cloud *';
echo '**************************************************'; } > /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
@ -541,7 +545,7 @@ function install_irc_server {
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf
if [[ $ONION_ONLY == 'no' ]]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
else
sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
@ -562,10 +566,10 @@ function install_irc_server {
sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
IRC_SALT="$(create_password 30)"
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
IRC_OPERATOR_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
IRC_OPERATOR_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
@ -574,7 +578,7 @@ function install_irc_server {
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
if [ ${IRC_PASSWORD} ]; then
if [ "${IRC_PASSWORD}" ]; then
sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
fi
# upgrade a cypher
@ -585,7 +589,8 @@ function install_irc_server {
touch /var/run/ngircd/ngircd.pid
chown -R irc:irc /var/run/ngircd
IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_BOUNCER_PORT} ${IRC_ONION_PORT})
# shellcheck disable=SC2034
IRC_ONION_HOSTNAME=$(add_onion_service irc "${IRC_BOUNCER_PORT}" "${IRC_ONION_PORT}")
if [ ! -d /var/run/ircd ]; then
mkdir /var/run/ircd
@ -608,8 +613,8 @@ function install_irc_client {
fi
apt-get -yq install irssi
if [ ! -d /home/${MY_USERNAME}/.irssi ]; then
mkdir /home/${MY_USERNAME}/.irssi
if [ ! -d "/home/${MY_USERNAME}/.irssi" ]; then
mkdir "/home/${MY_USERNAME}/.irssi"
fi
create_irssi_config "${MY_USERNAME}" "$MY_NAME"
@ -632,41 +637,41 @@ function install_irc_bouncer {
mkdir -p /home/znc/.znc/configs
mkdir -p /home/znc/.znc/users
echo 'AnonIPLimit = 10' > /home/znc/.znc/configs/znc.conf
echo 'ConnectDelay = 5' >> /home/znc/.znc/configs/znc.conf
echo 'HideVersion = false' >> /home/znc/.znc/configs/znc.conf
echo 'MaxBufferSize = 500' >> /home/znc/.znc/configs/znc.conf
echo 'ProtectWebSessions = true' >> /home/znc/.znc/configs/znc.conf
echo 'SSLCertFile = /home/znc/.znc/znc.pem' >> /home/znc/.znc/configs/znc.conf
echo 'ServerThrottle = 30' >> /home/znc/.znc/configs/znc.conf
echo 'Version = 1.6.2' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
echo '<Listener listener0>' >> /home/znc/.znc/configs/znc.conf
echo ' AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
echo ' AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
echo ' IPv4 = true' >> /home/znc/.znc/configs/znc.conf
echo ' IPv6 = true' >> /home/znc/.znc/configs/znc.conf
echo ' Port = 6697' >> /home/znc/.znc/configs/znc.conf
if [[ ${ONION_ONLY} == 'no' ]]; then
{ echo 'AnonIPLimit = 10';
echo 'ConnectDelay = 5';
echo 'HideVersion = false';
echo 'MaxBufferSize = 500';
echo 'ProtectWebSessions = true';
echo 'SSLCertFile = /home/znc/.znc/znc.pem';
echo 'ServerThrottle = 30';
echo 'Version = 1.6.2';
echo '';
echo '<Listener listener0>';
echo ' AllowIRC = true';
echo ' AllowWeb = false';
echo ' IPv4 = true';
echo ' IPv6 = true';
echo ' Port = 6697'; } > /home/znc/.znc/configs/znc.conf
if [[ "${ONION_ONLY}" == 'no' ]]; then
echo ' SSL = true' >> /home/znc/.znc/configs/znc.conf
else
echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf
fi
echo ' URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
{ echo ' URIPrefix = /';
echo '</Listener>';
echo ''; } >> /home/znc/.znc/configs/znc.conf
if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then
echo '<Listener listener1>' >> /home/znc/.znc/configs/znc.conf
echo ' AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
echo ' AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
echo ' IPv4 = true' >> /home/znc/.znc/configs/znc.conf
echo ' IPv6 = true' >> /home/znc/.znc/configs/znc.conf
echo " Port = ${IRC_ONION_PORT}" >> /home/znc/.znc/configs/znc.conf
echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf
echo ' URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
echo '' >> /home/znc/.znc/configs/znc.conf
{ echo '<Listener listener1>';
echo ' AllowIRC = true';
echo ' AllowWeb = false';
echo ' IPv4 = true';
echo ' IPv6 = true';
echo " Port = ${IRC_ONION_PORT}";
echo ' SSL = false';
echo ' URIPrefix = /';
echo '</Listener>';
echo ''; } >> /home/znc/.znc/configs/znc.conf
fi
chown -R znc:znc /home/znc/.znc

167
src/freedombone-app-jitsi
View File

@ -105,7 +105,7 @@ function add_user_jitsi {
}
function install_interactive_jitsi {
if [ ! ${ONION_ONLY} ]; then
if [ ! "${ONION_ONLY}" ]; then
ONION_ONLY='no'
fi
@ -202,7 +202,7 @@ function remove_jitsi {
remove_app jitsi
remove_completion_param install_jitsi
sed -i '/jitsi/d' ${COMPLETION_FILE}
sed -i '/jitsi/d' "${COMPLETION_FILE}"
function_check remove_ddns_domain
remove_ddns_domain $JITSI_DOMAIN_NAME
@ -233,8 +233,7 @@ function install_jitsi {
jitsi_deb_repo=unstable #binary
apt-get -yq install wget debconf-utils default-jre
install_nodejs jitsi
npm install -g browserify@13.1.1
if [ ! "$?" = "0" ]; then
if ! npm install -g browserify@13.1.1; then
remove_nodejs jitsi
exit 638352
fi
@ -272,17 +271,17 @@ function install_jitsi {
echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
if [[ $ONION_ONLY == "no" ]]; then
echo '' >> $jitsi_nginx_site
echo 'server {' >> $jitsi_nginx_site
echo ' listen 80;' >> $jitsi_nginx_site
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
echo ' return 301 https://$host$request_uri;' >> $jitsi_nginx_site
echo '}' >> $jitsi_nginx_site
echo 'server {' >> $jitsi_nginx_site
echo ' listen 443 ssl;' >> $jitsi_nginx_site
echo ' #listen [::]:443 ssl;' >> $jitsi_nginx_site
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
{ echo '';
echo 'server {';
echo ' listen 80;';
echo " server_name ${JITSI_DOMAIN_NAME};";
echo " return 301 https://\$host\$request_uri;";
echo '}';
echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name ${JITSI_DOMAIN_NAME};";
echo ''; } >> $jitsi_nginx_site
function_check nginx_ssl
nginx_ssl ${JITSI_DOMAIN_NAME}
@ -290,80 +289,80 @@ function install_jitsi {
function_check nginx_disable_sniffing
nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
echo ' index index.html index.htm;' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location /config.js {' >> $jitsi_nginx_site
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location / {' >> $jitsi_nginx_site
echo ' ssi on;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # Backward compatibility' >> $jitsi_nginx_site
echo ' location ~ /external_api.* {' >> $jitsi_nginx_site
echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # Logs' >> $jitsi_nginx_site
echo ' access_log /dev/null;' >> $jitsi_nginx_site
echo ' error_log /dev/null;' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # BOSH' >> $jitsi_nginx_site
echo ' location /http-bind {' >> $jitsi_nginx_site
echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '}' >> $jitsi_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' root /usr/share/jitsi-meet;';
echo ' index index.html index.htm;';
echo '';
echo ' location /config.js {';
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
echo ' }';
echo '';
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {';
echo ' rewrite ^/(.*)$ / break;';
echo ' }';
echo '';
echo ' location / {';
echo ' ssi on;';
echo ' }';
echo '';
echo ' # Backward compatibility';
echo ' location ~ /external_api.* {';
echo ' root /usr/share/jitsi-meet/libs;';
echo ' }';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # BOSH';
echo ' location /http-bind {';
echo ' proxy_pass http://localhost:5280/http-bind;';
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo " proxy_set_header Host \$http_host;";
echo ' }';
echo '}'; } >> $jitsi_nginx_site
fi
echo '' >> $jitsi_nginx_site
echo 'server {' >> $jitsi_nginx_site
echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site
{ echo '';
echo 'server {';
echo " listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site
if [[ $ONION_ONLY == 'no' ]]; then
echo " server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
else
echo " server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
fi
echo '' >> $jitsi_nginx_site
echo ' root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
echo ' index index.html index.htm;' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location /config.js {' >> $jitsi_nginx_site
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
echo ' rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' location / {' >> $jitsi_nginx_site
echo ' ssi off;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # Backward compatibility' >> $jitsi_nginx_site
echo ' location ~ /external_api.* {' >> $jitsi_nginx_site
echo ' root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # Logs' >> $jitsi_nginx_site
echo ' access_log /dev/null;' >> $jitsi_nginx_site
echo ' error_log /dev/null;' >> $jitsi_nginx_site
echo '' >> $jitsi_nginx_site
echo ' # BOSH' >> $jitsi_nginx_site
echo ' location /http-bind {' >> $jitsi_nginx_site
echo ' proxy_pass http://localhost:5280/http-bind;' >> $jitsi_nginx_site
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
echo ' proxy_set_header Host $http_host;' >> $jitsi_nginx_site
echo ' }' >> $jitsi_nginx_site
echo '}' >> $jitsi_nginx_site
{ echo '';
echo ' root /usr/share/jitsi-meet;';
echo ' index index.html index.htm;';
echo '';
echo ' location /config.js {';
echo " alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
echo ' }';
echo '';
echo ' location ~ ^/([a-zA-Z0-9=\?]+)$ {';
echo ' rewrite ^/(.*)$ / break;';
echo ' }';
echo '';
echo ' location / {';
echo ' ssi off;';
echo ' }';
echo '';
echo ' # Backward compatibility';
echo ' location ~ /external_api.* {';
echo ' root /usr/share/jitsi-meet/libs;';
echo ' }';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # BOSH';
echo ' location /http-bind {';
echo ' proxy_pass http://localhost:5280/http-bind;';
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo " proxy_set_header Host \$http_host;";
echo ' }';
echo '}'; } >> $jitsi_nginx_site
sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
@ -376,7 +375,7 @@ function install_jitsi {
fi
function_check create_site_certificate
create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
if [[ $ONION_ONLY == "no" ]]; then
if [[ "$ONION_ONLY" == "no" ]]; then
if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
exit 678363
fi

391
src/freedombone-app-kanboard
View File

@ -70,19 +70,19 @@ function logging_off_kanboard {
function remove_user_kanboard {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp kanboard
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp kanboard
}
function add_user_kanboard {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a kanboard -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a kanboard -p "$new_user_password"
echo '0'
}
function install_interactive_kanboard {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -92,42 +92,43 @@ function install_interactive_kanboard {
KANBOARD_DETAILS_COMPLETE=
while [ ! $KANBOARD_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"KanBoard Configuration" \
--form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
--form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
$"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
$"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
2> $data
2> "$data"
else
dialog --backtitle $"Freedombone Configuration" \
--title $"KanBoard Configuration" \
--form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
--form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
$"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
2> $data
2> "$data"
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
KANBOARD_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $KANBOARD_DOMAIN_NAME ]; then
KANBOARD_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$KANBOARD_DOMAIN_NAME" ]; then
if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
KANBOARD_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $KANBOARD_DOMAIN_NAME ]]; then
if [[ "$TEST_DOMAIN_NAME" != "$KANBOARD_DOMAIN_NAME" ]]; then
KANBOARD_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
KANBOARD_CODE=$(cat $data | sed -n 2p)
KANBOARD_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$KANBOARD_CODE"
if [ ! $VALID_CODE ]; then
if [ ! "$VALID_CODE" ]; then
KANBOARD_DOMAIN_NAME=
fi
fi
@ -136,6 +137,7 @@ function install_interactive_kanboard {
if [ $KANBOARD_DOMAIN_NAME ]; then
KANBOARD_DETAILS_COMPLETE="yes"
fi
rm -f "$data"
done
# save the results in the config file
@ -151,23 +153,23 @@ function change_password_kanboard {
read_config_param 'KANBOARD_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a kanboard -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$curr_username" -a kanboard -p "$new_user_password"
}
function kanboard_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
KANBOARD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
KANBOARD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
KANBOARD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
KANBOARD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database kanboard "$KANBOARD_ADMIN_PASSWORD" $MY_USERNAME
create_database kanboard "$KANBOARD_ADMIN_PASSWORD" "$MY_USERNAME"
}
function reconfigure_kanboard {
@ -180,40 +182,40 @@ function upgrade_kanboard {
return
fi
if grep -q "kanboard domain" $COMPLETION_FILE; then
if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$KANBOARD_DOMAIN_NAME/htdocs "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
set_repo_commit "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
}
function backup_local_kanboard {
KANBOARD_DOMAIN_NAME='kanboard'
if grep -q "kanboard domain" $COMPLETION_FILE; then
if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
if [ ! -d "$source_directory" ]; then
mkdir "$source_directory"
fi
cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
function_check suspend_site
suspend_site ${KANBOARD_DOMAIN_NAME}
suspend_site "${KANBOARD_DOMAIN_NAME}"
function_check backup_directory_to_usb
dest_directory=kanboardconfig
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
dest_directory=kanboardfile
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb
backup_database_to_usb kanboard
@ -223,11 +225,11 @@ function backup_local_kanboard {
}
function restore_local_kanboard {
if ! grep -q "kanboard domain" $COMPLETION_FILE; then
if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
return
fi
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
if [ $KANBOARD_DOMAIN_NAME ]; then
if [ "$KANBOARD_DOMAIN_NAME" ]; then
echo $"Restoring kanboard"
temp_restore_dir=/root/tempkanboard
kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@ -243,30 +245,30 @@ function restore_local_kanboard {
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir kanboardconfig
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
else
cp $temp_restore_dir/config.php $kanboard_dir/
cp "$temp_restore_dir/config.php" "$kanboard_dir/"
fi
chown www-data:www-data $kanboard_dir/config.php
chown www-data:www-data "$kanboard_dir/config.php"
rm -rf $temp_restore_dir
fi
restore_directory_from_usb $temp_restore_dir kanboardfile
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/data ]; then
cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
else
if [ ! -d $kanboard_dir/data ]; then
mkdir $kanboard_dir/data
if [ ! -d "$kanboard_dir/data" ]; then
mkdir "$kanboard_dir/data"
fi
cp -rp $temp_restore_dir/* $kanboard_dir/data/
cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
fi
chown -R www-data:www-data $kanboard_dir/data
chown -R www-data:www-data "$kanboard_dir/data"
rm -rf $temp_restore_dir
fi
kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
echo $"Restore of kanboard complete"
fi
@ -274,26 +276,26 @@ function restore_local_kanboard {
function backup_remote_kanboard {
KANBOARD_DOMAIN_NAME='kanboard'
if grep -q "kanboard domain" $COMPLETION_FILE; then
if grep -q "kanboard domain" "$COMPLETION_FILE"; then
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
fi
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
if [ ! -d $source_directory ]; then
mkdir $source_directory
if [ ! -d "$source_directory" ]; then
mkdir "$source_directory"
fi
cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
function_check suspend_site
suspend_site ${KANBOARD_DOMAIN_NAME}
suspend_site "${KANBOARD_DOMAIN_NAME}"
function_check backup_directory_to_friend
dest_directory=kanboardconfig
backup_directory_to_friend $source_directory $dest_directory
backup_directory_to_friend "$source_directory" "$dest_directory"
source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
dest_directory=kanboardfile
backup_directory_to_friend $source_directory $dest_directory
backup_directory_to_friend "$source_directory" "$dest_directory"
function_check backup_database_to_friend
backup_database_to_friend kanboard
@ -303,11 +305,11 @@ function backup_remote_kanboard {
}
function restore_remote_kanboard {
if ! grep -q "kanboard domain" $COMPLETION_FILE; then
if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
return
fi
KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
if [ $KANBOARD_DOMAIN_NAME ]; then
if [ "$KANBOARD_DOMAIN_NAME" ]; then
echo $"Restoring kanboard"
temp_restore_dir=/root/tempkanboard
kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@ -324,30 +326,30 @@ function restore_remote_kanboard {
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir kanboardconfig
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
else
cp $temp_restore_dir/config.php $kanboard_dir/
cp "$temp_restore_dir/config.php" "$kanboard_dir/"
fi
chown www-data:www-data $kanboard_dir/config.php
chown www-data:www-data "$kanboard_dir/config.php"
rm -rf $temp_restore_dir
fi
restore_directory_from_friend $temp_restore_dir kanboardfile
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$kanboard_dir/data ]; then
cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
else
if [ ! -d $kanboard_dir/data ]; then
mkdir $kanboard_dir/data
if [ ! -d "$kanboard_dir/data" ]; then
mkdir "$kanboard_dir/data"
fi
cp -rp $temp_restore_dir/* $kanboard_dir/data/
cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
fi
chown -R www-data:www-data $kanboard_dir/data
chown -R www-data:www-data "$kanboard_dir/data"
rm -rf $temp_restore_dir
fi
kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
echo $"Restore of kanboard complete"
fi
@ -360,14 +362,14 @@ function remove_kanboard {
read_config_param "KANBOARD_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $KANBOARD_DOMAIN_NAME"
nginx_dissite $KANBOARD_DOMAIN_NAME
remove_certs $KANBOARD_DOMAIN_NAME
nginx_dissite "$KANBOARD_DOMAIN_NAME"
remove_certs "$KANBOARD_DOMAIN_NAME"
if [ -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
rm -rf /var/www/$KANBOARD_DOMAIN_NAME
if [ -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
rm -rf "/var/www/$KANBOARD_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME"
fi
function_check drop_database
drop_database kanboard
@ -375,11 +377,11 @@ function remove_kanboard {
remove_onion_service kanboard ${KANBOARD_ONION_PORT}
remove_app kanboard
remove_completion_param install_kanboard
sed -i '/kanboard/d' $COMPLETION_FILE
sed -i '/kanboard/d' "$COMPLETION_FILE"
remove_backup_database_local kanboard
function_check remove_ddns_domain
remove_ddns_domain $KANBOARD_DOMAIN_NAME
remove_ddns_domain "$KANBOARD_DOMAIN_NAME"
}
function install_kanboard {
@ -387,12 +389,12 @@ function install_kanboard {
ONION_ONLY='no'
fi
if [ ! $KANBOARD_DOMAIN_NAME ]; then
if [ ! "$KANBOARD_DOMAIN_NAME" ]; then
echo $'No domain name was given for kanboard'
exit 73478
fi
kanboard_hourly_script kanboard $KANBOARD_DOMAIN_NAME
kanboard_hourly_script kanboard "$KANBOARD_DOMAIN_NAME"
function_check install_mariadb
install_mariadb
@ -406,34 +408,34 @@ function install_kanboard {
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
mkdir /var/www/$KANBOARD_DOMAIN_NAME
if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
mkdir "/var/www/$KANBOARD_DOMAIN_NAME"
fi
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/kanboard ]; then
mkdir /var/www/$KANBOARD_DOMAIN_NAME/htdocs
cp -r -p /repos/kanboard/. /var/www/$KANBOARD_DOMAIN_NAME/htdocs
cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
mkdir "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
cp -r -p /repos/kanboard/. "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 2468274
git pull
else
function_check git_clone
git_clone $KANBOARD_REPO /var/www/$KANBOARD_DOMAIN_NAME/htdocs
git_clone "$KANBOARD_REPO" "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
fi
if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone kanboard repo'
exit 89365
fi
fi
cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 234682642
git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT
set_completion_param "kanboard commit" "$KANBOARD_COMMIT"
chmod g+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs
chmod a+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs/data
chown -R www-data:www-data /var/www/$KANBOARD_DOMAIN_NAME/htdocs
chmod g+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
chmod a+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs/data"
chown -R www-data:www-data "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
function_check kanboard_create_database
kanboard_create_database
@ -446,118 +448,118 @@ function install_kanboard {
fi
function_check add_ddns_domain
add_ddns_domain $KANBOARD_DOMAIN_NAME
add_ddns_domain "$KANBOARD_DOMAIN_NAME"
KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT})
kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $KANBOARD_DOMAIN_NAME "index index.php"
echo 'server {' >> $kanboard_nginx_site
echo ' listen 443 ssl;' >> $kanboard_nginx_site
echo ' #listen [::]:443 ssl;' >> $kanboard_nginx_site
echo " server_name $KANBOARD_DOMAIN_NAME;" >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
nginx_http_redirect "$KANBOARD_DOMAIN_NAME" "index index.php"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $KANBOARD_DOMAIN_NAME;";
echo ''; } >> "$kanboard_nginx_site"
function_check nginx_compress
nginx_compress $KANBOARD_DOMAIN_NAME
echo '' >> $kanboard_nginx_site
echo ' # Security' >> $kanboard_nginx_site
nginx_compress "$KANBOARD_DOMAIN_NAME"
echo '' >> "$kanboard_nginx_site"
echo ' # Security' >> "$kanboard_nginx_site"
function_check nginx_ssl
nginx_ssl $KANBOARD_DOMAIN_NAME
nginx_ssl "$KANBOARD_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Logs' >> $kanboard_nginx_site
echo ' access_log /dev/null;' >> $kanboard_nginx_site
echo ' error_log /dev/null;' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Root' >> $kanboard_nginx_site
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Index' >> $kanboard_nginx_site
echo ' index index.php;' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # PHP' >> $kanboard_nginx_site
echo ' location ~ \.php {' >> $kanboard_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
echo ' fastcgi_read_timeout 30;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Location' >> $kanboard_nginx_site
echo ' location / {' >> $kanboard_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$kanboard_nginx_site"
function_check nginx_limits
nginx_limits $KANBOARD_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Fancy URLs' >> $kanboard_nginx_site
echo ' location @kanboard {' >> $kanboard_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
echo ' deny all;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '}' >> $kanboard_nginx_site
nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @kanboard;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @kanboard {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "$kanboard_nginx_site"
else
echo -n '' > $kanboard_nginx_site
echo -n '' > "$kanboard_nginx_site"
fi
echo 'server {' >> $kanboard_nginx_site
echo " listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;" >> $kanboard_nginx_site
echo " server_name $KANBOARD_ONION_HOSTNAME;" >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;";
echo " server_name $KANBOARD_ONION_HOSTNAME;";
echo ''; } >> "$kanboard_nginx_site"
function_check nginx_compress
nginx_compress $KANBOARD_DOMAIN_NAME
echo '' >> $kanboard_nginx_site
nginx_compress "$KANBOARD_DOMAIN_NAME"
echo '' >> "$kanboard_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
echo '' >> $kanboard_nginx_site
echo ' # Logs' >> $kanboard_nginx_site
echo ' access_log /dev/null;' >> $kanboard_nginx_site
echo ' error_log /dev/null;' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Root' >> $kanboard_nginx_site
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Index' >> $kanboard_nginx_site
echo ' index index.php;' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # PHP' >> $kanboard_nginx_site
echo ' location ~ \.php {' >> $kanboard_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
echo ' fastcgi_read_timeout 30;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Location' >> $kanboard_nginx_site
echo ' location / {' >> $kanboard_nginx_site
nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$kanboard_nginx_site"
function_check nginx_limits
nginx_limits $KANBOARD_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Fancy URLs' >> $kanboard_nginx_site
echo ' location @kanboard {' >> $kanboard_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '' >> $kanboard_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
echo ' deny all;' >> $kanboard_nginx_site
echo ' }' >> $kanboard_nginx_site
echo '}' >> $kanboard_nginx_site
nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @kanboard;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @kanboard {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "$kanboard_nginx_site"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $KANBOARD_DOMAIN_NAME 'yes'
create_site_certificate "$KANBOARD_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote
# backups are not being used
@ -568,36 +570,31 @@ function install_kanboard {
backup_database_local kanboard
function_check nginx_ensite
nginx_ensite $KANBOARD_DOMAIN_NAME
KANBOARD_SERVER=${KANBOARD_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
KANBOARD_SERVER=${KANBOARD_ONION_HOSTNAME}
fi
nginx_ensite "$KANBOARD_DOMAIN_NAME"
# Create the configuration
kanboard_configfile=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php
cp /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php $kanboard_configfile
sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" $kanboard_configfile
sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" $kanboard_configfile
sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" $kanboard_configfile
sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" $kanboard_configfile
sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" $kanboard_configfile
sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" $kanboard_configfile
sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" $kanboard_configfile
kanboard_configfile="/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php"
cp "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php" "$kanboard_configfile"
sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" "$kanboard_configfile"
sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" "$kanboard_configfile"
sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" "$kanboard_configfile"
sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" "$kanboard_configfile"
sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" "$kanboard_configfile"
sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" "$kanboard_configfile"
sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" "$kanboard_configfile"
logging_off_kanboard
initialise_database kanboard /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql
chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
initialise_database kanboard "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql"
chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
cd /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
cd "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs" || exit 24582468
install_composer
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME"

401
src/freedombone-app-keyserver
View File

@ -49,7 +49,7 @@ keyserver_variables=(ONION_ONLY
function check_keyserver_directory_size {
dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
# 500M
if [ $dirsize -gt 500000 ]; then
if [ "$dirsize" -gt 500000 ]; then
echo "1"
return
fi
@ -57,7 +57,7 @@ function check_keyserver_directory_size {
}
function keyserver_watchdog {
ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."
@ -67,19 +67,19 @@ function keyserver_watchdog {
# check database size hourly
keyserver_watchdog_script=/tmp/keyserver-watchdog
echo '#!/bin/bash' > $keyserver_watchdog_script
echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
{ echo '#!/bin/bash';
echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')";
echo "if [ \$dirsize -gt 450000 ]; then";
echo " echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
echo " echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS";
echo ' if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
echo " nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
echo ' systemctl stop sks' >> $keyserver_watchdog_script
echo ' systemctl disable sks' >> $keyserver_watchdog_script
echo " echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
echo ' fi' >> $keyserver_watchdog_script
echo 'fi' >> $keyserver_watchdog_script
echo " if [ \$dirsize -gt 500000 ]; then";
echo " nginx_dissite $KEYSERVER_DOMAIN_NAME";
echo ' systemctl stop sks';
echo ' systemctl disable sks';
echo " echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS";
echo ' fi';
echo 'fi'; } > $keyserver_watchdog_script
chmod +x $keyserver_watchdog_script
if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
@ -134,18 +134,18 @@ function upgrade_keyserver {
return
fi
if grep -q "keyserver domain" $COMPLETION_FILE; then
if grep -q "keyserver domain" "$COMPLETION_FILE"; then
KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
set_repo_commit "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
read_config_param MY_USERNAME
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
if [ ! $GPG_ID ]; then
USER_EMAIL_ADDRESS="$MY_USERNAME@$HOSTNAME"
GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
if [ ! "$GPG_ID" ]; then
echo $'No GPG ID for admin user'
exit 846336
fi
@ -157,17 +157,17 @@ function upgrade_keyserver {
echo $'GPG ID not retrieved for admin user due to error'
exit 74825
fi
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
chown -R www-data:www-data "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs"
}
function backup_local_keyserver {
# remove any unused log files
cd /var/lib/sks/DB
cd /var/lib/sks/DB || exit 2468245
db_archive -d
source_directory=/etc/sks
@ -223,6 +223,7 @@ function restore_local_keyserver {
fi
cp -r $temp_restore_dir/* /var/lib/sks/DB
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
@ -243,12 +244,12 @@ function restore_local_keyserver {
systemctl enable sks
systemctl start sks
nginx_ensite $KEYSERVER_DOMAIN_NAME
nginx_ensite "$KEYSERVER_DOMAIN_NAME"
}
function backup_remote_keyserver {
# remove any unused log files
cd /var/lib/sks/DB
cd /var/lib/sks/DB || exit 734624
db_archive -d
source_directory=/etc/sks
@ -304,6 +305,7 @@ function restore_remote_keyserver {
fi
cp -r $temp_restore_dir/* /var/lib/sks/DB
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
@ -322,7 +324,7 @@ function restore_remote_keyserver {
systemctl enable sks
systemctl start sks
nginx_ensite $KEYSERVER_DOMAIN_NAME
nginx_ensite "$KEYSERVER_DOMAIN_NAME"
}
function remove_keyserver {
@ -333,21 +335,21 @@ function remove_keyserver {
apt-get -qy remove sks dirmngr
read_config_param "KEYSERVER_DOMAIN_NAME"
nginx_dissite $KEYSERVER_DOMAIN_NAME
remove_certs ${KEYSERVER_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
nginx_dissite "$KEYSERVER_DOMAIN_NAME"
remove_certs "${KEYSERVER_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME"
fi
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
if [ -d "/var/www/$KEYSERVER_DOMAIN_NAME" ]; then
rm -rf "/var/www/$KEYSERVER_DOMAIN_NAME"
fi
function_check remove_ddns_domain
remove_ddns_domain $KEYSERVER_DOMAIN_NAME
remove_ddns_domain "$KEYSERVER_DOMAIN_NAME"
remove_config_param KEYSERVER_DOMAIN_NAME
remove_config_param KEYSERVER_CODE
function_check remove_onion_service
remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
remove_onion_service keyserver "${KEYSERVER_ONION_PORT}"
remove_onion_service sks 11370 11371 11372
remove_completion_param "install_keyserver"
@ -355,15 +357,15 @@ function remove_keyserver {
firewall_remove 11371 tcp
firewall_remove 11372 tcp
sed -i '/keyserver/d' $COMPLETION_FILE
sed -i '/sks onion/d' $COMPLETION_FILE
sed -i '/keyserver/d' "$COMPLETION_FILE"
sed -i '/sks onion/d' "$COMPLETION_FILE"
if [ -d /var/lib/sks ]; then
rm -rf /var/lib/sks
fi
}
function install_interactive_keyserver {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -388,12 +390,12 @@ function keyserver_create_membership {
return
fi
systemctl stop sks
echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership
echo '#' >> /etc/sks/membership
echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership
echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership
echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership
echo '' >> /etc/sks/membership
{ echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with.";
echo '#';
echo $"# Don't add major keyservers here, because it will take an";
echo $'# Infeasible amount of time to sync and backups will become';
echo $'# absurdly long and probably break your system. You have been warned.';
echo ''; } > /etc/sks/membership
chown -Rc debian-sks: /etc/sks/membership
systemctl start sks
}
@ -403,7 +405,7 @@ function keyserver_import_keys {
dialog --title $"Import public keys database" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
--yesno $"\\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\\n\\nContinue?" 10 60
sel=$?
case $sel in
1) return;;
@ -412,36 +414,38 @@ function keyserver_import_keys {
if [ ! -d /var/lib/sks/dump ]; then
mkdir -p /var/lib/sks/dump
fi
cd /var/lib/sks/dump
cd /var/lib/sks/dump || exit 59242684
echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
rm -rf /var/lib/sks/dump/*
KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-A pgp,txt $KEYSERVER_DUMP_URL
-A pgp,txt "$KEYSERVER_DUMP_URL"
cd /var/lib/sks
cd /var/lib/sks || exit 936572424
echo $'Building the keyserver database from the downloaded dump'
keyserver_reset_database
}
function keyserver_sync {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Sync with other keyserver" \
--form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \
$"Domain:" 1 1 "" 1 25 32 64 \
$"Port:" 2 1 "11370" 2 25 6 6 \
$"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \
2> $data
2> "$data"
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
other_keyserver_domain=$(cat $data | sed -n 1p)
other_keyserver_port=$(cat $data | sed -n 2p)
other_keyserver_email=$(cat $data | sed -n 3p)
other_keyserver_domain=$(sed -n 1p < "$data")
other_keyserver_port=$(sed -n 2p < "$data")
other_keyserver_email=$(sed -n 3p < "$data")
rm -f "$data"
if [[ "$other_keyserver_domain" != *'.'* ]]; then
return
fi
@ -464,7 +468,7 @@ function keyserver_sync {
# Warn if trying to sync
if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then
dialog --title $"Sync with other keyserver" \
--msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
--msgbox $"\\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
return
fi
@ -508,47 +512,50 @@ function keyserver_edit {
}
function keyserver_remove_key {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --title $"Remove a key" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data
--inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>"$data"
sel=$?
case $sel in
0)
remove_key_id=$(<$data)
remove_key_id=$(<"$data")
if [ ${#remove_key_id} -gt 8 ]; then
sks drop $remove_key_id
sks drop "$remove_key_id"
dialog --title $"Remove a key" \
--msgbox $"The key was removed" 6 40
fi
;;
esac
rm -f "$data"
}
function configure_interactive_keyserver {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"SKS Keyserver" \
--radiolist $"Choose an operation:" 12 70 4 \
1 $"Remove a key" off \
2 $"Sync with other keyserver" off \
3 $"Edit sync keyservers" off \
4 $"Exit" on 2> $data
4 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) return;;
255) return;;
1) rm -f "$data"
return;;
255) rm -f "$data"
return;;
esac
case $(cat $data) in
case $(cat "$data") in
1) keyserver_remove_key;;
2) keyserver_sync;;
3) keyserver_edit;;
4) break;;
4) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
@ -563,7 +570,7 @@ function install_keyserver {
mkdir /var/www/$KEYSERVER_DOMAIN_NAME
fi
cd /var/www/$KEYSERVER_DOMAIN_NAME
cd "/var/www/$KEYSERVER_DOMAIN_NAME" || exit 25427642847
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
fi
@ -571,7 +578,7 @@ function install_keyserver {
if [ -d /repos/keyserverweb ]; then
mkdir htdocs
cp -r -p /repos/keyserverweb/. htdocs
cd htdocs
cd htdocs || exit 379584659
git pull
else
git_clone $KEYSERVER_WEB_REPO htdocs
@ -581,14 +588,14 @@ function install_keyserver {
exit 6539230
fi
cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
cd "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" || exit 264824528
git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
if [ ! $GPG_ID ]; then
GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
if [ ! "$GPG_ID" ]; then
echo $'No GPG ID for admin user'
exit 846336
fi
@ -659,11 +666,11 @@ function install_keyserver {
chown debian-sks: $sksconf_file
if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
{ echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
echo 'HiddenServiceVersion 3';
echo "HiddenServicePort 11370 127.0.0.1:11370";
echo "HiddenServicePort 11373 127.0.0.1:11371";
echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
echo $'Added onion site for sks'
fi
@ -682,141 +689,141 @@ function install_keyserver {
if [[ $ONION_ONLY == "no" ]]; then
# NOTE: without http active on port 80 the keyserver doesn't work
# from the commandline
echo 'server {' > $keyserver_nginx_site
echo ' listen 80;' >> $keyserver_nginx_site
echo ' listen 0.0.0.0:11371;' >> $keyserver_nginx_site
echo ' listen [::]:80;' >> $keyserver_nginx_site
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location / {' >> $keyserver_nginx_site
{ echo 'server {';
echo ' listen 80;';
echo ' listen 0.0.0.0:11371;';
echo ' listen [::]:80;';
echo " server_name $KEYSERVER_DOMAIN_NAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '';
echo ' location / {'; } > $keyserver_nginx_site
function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo ' proxy_pass http://127.0.0.1:11373;' >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo 'server {' >> $keyserver_nginx_site
echo ' listen 443 ssl;' >> $keyserver_nginx_site
echo ' listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
echo ' #listen [::]:443 ssl;' >> $keyserver_nginx_site
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
echo ' deny all;' >> $keyserver_nginx_site
echo ' return 404;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Security' >> $keyserver_nginx_site
nginx_limits "$KEYSERVER_DOMAIN_NAME" '128k'
{ echo ' }';
echo '';
echo ' location /pks {';
echo ' proxy_pass http://127.0.0.1:11373;';
echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";";
echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;';
echo ' }';
echo '}';
echo '';
echo 'server {';
echo ' listen 443 ssl;';
echo ' listen 0.0.0.0:11372 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $KEYSERVER_DOMAIN_NAME;";
echo '';
echo ' error_page 404 /404.html;';
echo '';
echo ' location ~ (.git|LICENSE|readme.md) {';
echo ' deny all;';
echo ' return 404;';
echo ' }';
echo '';
echo ' # Security'; } >> $keyserver_nginx_site
function_check nginx_ssl
nginx_ssl $KEYSERVER_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location / {' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '';
echo ' location / {'; } >> $keyserver_nginx_site
function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
{ echo ' }';
echo '';
echo ' location /pks {';
echo " proxy_pass http://127.0.0.1:11373;";
echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";";
echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;';
echo ' }';
echo '}';
echo ''; } >> $keyserver_nginx_site
else
echo -n '' > $keyserver_nginx_site
fi
echo 'server {' >> $keyserver_nginx_site
echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
echo " server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
echo ' deny all;' >> $keyserver_nginx_site
echo ' return 404;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;";
echo " server_name $KEYSERVER_ONION_HOSTNAME;";
echo '';
echo ' error_page 404 /404.html;';
echo '';
echo ' location ~ (.git|LICENSE|readme.md) {';
echo ' deny all;';
echo ' return 404;';
echo ' }';
echo ''; } >> $keyserver_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location / {' >> $keyserver_nginx_site
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/mail;";
echo '';
echo ' rewrite ^/stats /pks/lookup?op=stats;';
echo " rewrite ^/s/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/search/(.*) /pks/lookup?search=\$1;";
echo " rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
echo " rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo " rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
echo '';
echo ' location / {'; } >> $keyserver_nginx_site
function_check nginx_limits
nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' client_body_buffer_size 128k;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
{ echo ' }';
echo '';
echo ' location /pks {';
echo " proxy_pass http://127.0.0.1:11373;";
echo ' proxy_pass_header Server;';
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";";
echo ' proxy_ignore_client_abort on;';
echo ' client_max_body_size 8m;';
echo ' client_body_buffer_size 128k;';
echo ' }';
echo '}'; } >> $keyserver_nginx_site
function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then

493
src/freedombone-app-koel
View File

@ -58,7 +58,7 @@ function logging_off_koel {
}
function koel_remove_gravatar {
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 8345374534
sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js
if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then
@ -69,19 +69,19 @@ function koel_remove_gravatar {
function remove_user_koel {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp koel
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp koel
}
function add_user_koel {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a koel -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a koel -p "$new_user_password"
echo '0'
}
function install_interactive_koel {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -91,42 +91,43 @@ function install_interactive_koel {
KOEL_DETAILS_COMPLETE=
while [ ! $KOEL_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"Koel Configuration" \
--form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
--form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data
2> "$data"
else
dialog --backtitle $"Freedombone Configuration" \
--title $"Koel Configuration" \
--form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
--form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data
2> "$data"
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
KOEL_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $KOEL_DOMAIN_NAME ]; then
if [[ $KOEL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
KOEL_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$KOEL_DOMAIN_NAME" ]; then
if [[ "$KOEL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
KOEL_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $KOEL_DOMAIN_NAME ]]; then
if [[ "$TEST_DOMAIN_NAME" != "$KOEL_DOMAIN_NAME" ]]; then
KOEL_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
KOEL_CODE=$(cat $data | sed -n 2p)
KOEL_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$KOEL_CODE"
if [ ! $VALID_CODE ]; then
if [ ! "$VALID_CODE" ]; then
KOEL_DOMAIN_NAME=
fi
fi
@ -135,6 +136,7 @@ function install_interactive_koel {
if [ $KOEL_DOMAIN_NAME ]; then
KOEL_DETAILS_COMPLETE="yes"
fi
rm -f "$data"
done
# save the results in the config file
@ -150,23 +152,23 @@ function change_password_koel {
read_config_param 'KOEL_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a koel -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$curr_username" -a koel -p "$new_user_password"
}
function koel_create_database {
if [ -f $IMAGE_PASSWORD_FILE ]; then
KOEL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
KOEL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! $KOEL_ADMIN_PASSWORD ]; then
KOEL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
KOEL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $KOEL_ADMIN_PASSWORD ]; then
if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database koel "$KOEL_ADMIN_PASSWORD" $MY_USERNAME
create_database koel "$KOEL_ADMIN_PASSWORD" "$MY_USERNAME"
}
function reconfigure_koel {
@ -174,14 +176,14 @@ function reconfigure_koel {
}
function koel_import_from_directory {
data=$(tempfile 2>/dev/null)
dialog --title "Choose a directory containing music" --dselect /home/$MY_USERNAME/ 30 60 2> $data
selected_dir=$(cat $data)
rm $data
data=$(mktemp 2>/dev/null)
dialog --title "Choose a directory containing music" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
selected_dir=$(cat "$data")
rm -f "$data"
if [[ "$selected_dir" == '/music' ]]; then
return
fi
if [ ! -d $selected_dir ]; then
if [ ! -d "$selected_dir" ]; then
return
fi
if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@ -197,7 +199,7 @@ function koel_import_from_directory {
dialog --title $"Import music directory" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nImport the directory:\n\n $selected_dir" 12 75
--yesno $"\\nImport the directory:\\n\\n $selected_dir" 12 75
sel=$?
case $sel in
1) return;;
@ -214,18 +216,18 @@ function koel_import_from_usb {
clear
detect_usb_drive
if [ ! -b $USB_DRIVE ]; then
if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50
return
fi
backup_mount_drive ${USB_DRIVE}
if [ ! -d $USB_MOUNT/Music ]; then
backup_mount_drive "${USB_DRIVE}"
if [ ! -d "$USB_MOUNT/Music" ]; then
dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50
backup_unmount_drive ${USB_DRIVE}
backup_unmount_drive "${USB_DRIVE}"
fi
cp -ru $USB_MOUNT/Music/* /music
backup_unmount_drive ${USB_DRIVE}
cp -ru "$USB_MOUNT/Music/*" /music
backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
}
@ -233,28 +235,26 @@ function koel_export_to_usb {
clear
detect_usb_drive
if [ ! -b $USB_DRIVE ]; then
if [ ! -b "$USB_DRIVE" ]; then
dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50
return
fi
backup_mount_drive ${USB_DRIVE}
if [ ! -d $USB_MOUNT/Music ]; then
mkdir -p $USB_MOUNT/Music
backup_mount_drive "${USB_DRIVE}"
if [ ! -d "$USB_MOUNT/Music" ]; then
mkdir -p "$USB_MOUNT/Music"
fi
cp -ru /music/* $USB_MOUNT/Music
backup_unmount_drive ${USB_DRIVE}
cp -ru /music/* "$USB_MOUNT/Music"
backup_unmount_drive "${USB_DRIVE}"
dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
}
function format_music_drive {
detect_usb_drive
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Format USB drive $USB_DRIVE for music storage" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nPlease confirm that you wish to format drive\n\n ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
--yesno $"\\nPlease confirm that you wish to format drive\\n\\n ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
sel=$?
case $sel in
1) return;;
@ -265,7 +265,7 @@ function format_music_drive {
echo ''
echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
echo ''
${PROJECT_NAME}-format $USB_DRIVE
"${PROJECT_NAME}-format" "$USB_DRIVE"
dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50
}
@ -273,8 +273,7 @@ function format_music_drive {
function configure_interactive_koel {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
data=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Koel" \
--radiolist $"Choose an operation:" 12 70 5 \
@ -282,24 +281,28 @@ function configure_interactive_koel {
2 $"Import music from USB drive" off \
3 $"Export music to USB drive" off \
4 $"Format a USB drive for music storage" off \
5 $"Exit" on 2> $data
5 $"Exit" on 2> "$data"
sel=$?
case $sel in
1) break;;
255) break;;
1) rm -f "$data"
break;;
255) rm -f "$data"
break;;
esac
case $(cat $data) in
case $(cat "$data") in
1) koel_import_from_directory;;
2) koel_import_from_usb;;
3) koel_export_to_usb;;
4) format_music_drive;;
5) break;;
5) rm -f "$data"
break;;
esac
rm -f "$data"
done
}
function upgrade_koel {
if grep -q "koel domain" $COMPLETION_FILE; then
if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
fi
@ -312,12 +315,12 @@ function upgrade_koel {
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$KOEL_DOMAIN_NAME/htdocs "koel commit" "$KOEL_COMMIT" $KOEL_REPO
set_repo_commit "/var/www/$KOEL_DOMAIN_NAME/htdocs" "koel commit" "$KOEL_COMMIT" $KOEL_REPO
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 7345346358
php artisan koel:init
koel_remove_gravatar
chown -R www-data:www-data *
chown -R www-data:www-data "/var/www/${KOEL_DOMAIN_NAME}/htdocs/*"
systemctl start koel
}
@ -325,20 +328,20 @@ function upgrade_koel {
function backup_local_koel {
KOEL_DOMAIN_NAME='koel'
if grep -q "koel domain" $COMPLETION_FILE; then
if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
fi
source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
source_directory="/var/www/${KOEL_DOMAIN_NAME}/htdocs"
if [ -d "$source_directory" ]; then
systemctl stop koel
dest_directory=koel
function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME}
suspend_site "${KOEL_DOMAIN_NAME}"
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb
backup_database_to_usb koel
@ -351,27 +354,26 @@ function backup_local_koel {
}
function restore_local_koel {
if ! grep -q "koel domain" $COMPLETION_FILE; then
if ! grep -q "koel domain" "$COMPLETION_FILE"; then
return
fi
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
if [ $KOEL_DOMAIN_NAME ]; then
if [ "$KOEL_DOMAIN_NAME" ]; then
echo $"Restoring koel"
systemctl stop koel
temp_restore_dir=/root/tempkoel
koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
function_check koel_create_database
koel_create_database
restore_database koel ${KOEL_DOMAIN_NAME}
restore_database koel "${KOEL_DOMAIN_NAME}"
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 274825424
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD=
@ -380,14 +382,14 @@ function restore_local_koel {
}
function backup_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then
if grep -q "koel domain" "$COMPLETION_FILE"; then
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
if [ -d "$temp_backup_dir" ]; then
systemctl stop koel
function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME}
suspend_site "${KOEL_DOMAIN_NAME}"
function_check backup_database_to_friend
backup_database_to_friend koel
@ -395,7 +397,7 @@ function backup_remote_koel {
echo $"Backing up Koel installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir koel
backup_directory_to_friend "$temp_backup_dir" koel
function_check restart_site
restart_site
@ -408,7 +410,7 @@ function backup_remote_koel {
}
function restore_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then
if grep -q "koel domain" "$COMPLETION_FILE"; then
echo $"Restoring koel"
systemctl stop koel
@ -419,13 +421,13 @@ function restore_remote_koel {
koel_create_database
function_check restore_database_from_friend
restore_database_from_friend koel ${KOEL_DOMAIN_NAME}
restore_database_from_friend koel "${KOEL_DOMAIN_NAME}"
if [ -d /root/tempkoel ]; then
rm -rf /root/tempkoel
fi
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 53743682
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
MARIADB_PASSWORD=
@ -453,14 +455,14 @@ function remove_koel {
read_config_param "KOEL_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $KOEL_DOMAIN_NAME"
nginx_dissite $KOEL_DOMAIN_NAME
remove_certs $KOEL_DOMAIN_NAME
nginx_dissite "$KOEL_DOMAIN_NAME"
remove_certs "$KOEL_DOMAIN_NAME"
if [ -d /var/www/$KOEL_DOMAIN_NAME ]; then
rm -rf /var/www/$KOEL_DOMAIN_NAME
if [ -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
rm -rf "/var/www/$KOEL_DOMAIN_NAME"
fi
if [ -f /etc/nginx/sites-available/$KOEL_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$KOEL_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME"
fi
function_check drop_database
drop_database koel
@ -468,15 +470,15 @@ function remove_koel {
remove_onion_service koel ${KOEL_ONION_PORT}
remove_app koel
remove_completion_param install_koel
sed -i '/koel/d' $COMPLETION_FILE
sed -i '/koel/d' "$COMPLETION_FILE"
remove_backup_database_local koel
function_check remove_ddns_domain
remove_ddns_domain $KOEL_DOMAIN_NAME
remove_ddns_domain "$KOEL_DOMAIN_NAME"
}
function install_koel_main {
if [ ! $KOEL_DOMAIN_NAME ]; then
if [ ! "$KOEL_DOMAIN_NAME" ]; then
echo $'No domain name was given for koel'
exit 7359
fi
@ -498,177 +500,186 @@ function install_koel_main {
apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
apt-get -yq install ffmpeg
if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME
if [ ! -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
mkdir "/var/www/$KOEL_DOMAIN_NAME"
fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/koel ]; then
mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
mkdir "/var/www/$KOEL_DOMAIN_NAME/htdocs"
cp -r -p /repos/koel/. "/var/www/$KOEL_DOMAIN_NAME/htdocs"
cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 23924295
git pull
else
function_check git_clone
git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
git_clone "$KOEL_REPO" "/var/www/$KOEL_DOMAIN_NAME/htdocs"
fi
if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone koel repo'
exit 365735
fi
fi
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
git checkout $KOEL_COMMIT -b $KOEL_COMMIT
cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 834567242
git checkout "$KOEL_COMMIT" -b "$KOEL_COMMIT"
set_completion_param "koel commit" "$KOEL_COMMIT"
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
function_check koel_create_database
koel_create_database
function_check add_ddns_domain
add_ddns_domain $KOEL_DOMAIN_NAME
add_ddns_domain "$KOEL_DOMAIN_NAME"
KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $KOEL_DOMAIN_NAME "index index.php"
echo 'server {' >> $koel_nginx_site
echo ' listen 443 ssl;' >> $koel_nginx_site
echo ' #listen [::]:443 ssl;' >> $koel_nginx_site
echo " server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
echo '' >> $koel_nginx_site
nginx_http_redirect "$KOEL_DOMAIN_NAME" "index index.php"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $KOEL_DOMAIN_NAME;";
echo ''; } >> "$koel_nginx_site"
function_check nginx_compress
nginx_compress $KOEL_DOMAIN_NAME
echo ' gzip_comp_level 9;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Security' >> $koel_nginx_site
nginx_compress "$KOEL_DOMAIN_NAME"
{ echo ' gzip_comp_level 9;';
echo '';
echo ' # Security'; } >> "$koel_nginx_site"
function_check nginx_ssl mobile
nginx_ssl $KOEL_DOMAIN_NAME
nginx_ssl "$KOEL_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $KOEL_DOMAIN_NAME
nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Logs' >> $koel_nginx_site
echo ' access_log /dev/null;' >> $koel_nginx_site
echo ' error_log /dev/null;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Root' >> $koel_nginx_site
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Index' >> $koel_nginx_site
echo ' index index.php;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
echo ' return 404;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' location /media/ {' >> $koel_nginx_site
echo ' internal;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # PHP' >> $koel_nginx_site
echo ' location ~ \.php {' >> $koel_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Location' >> $koel_nginx_site
echo ' location / {' >> $koel_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/';
echo " if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
echo ' return 404;';
echo ' }';
echo '';
echo ' location /media/ {';
echo ' internal;';
echo '';
echo ' # A X-Media-Root should be set to media_path settings from upstream';
echo " alias \$upstream_http_x_media_root;";
echo '';
echo ' }';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$koel_nginx_site"
function_check nginx_limits
nginx_limits $KOEL_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Fancy URLs' >> $koel_nginx_site
echo ' location @koel {' >> $koel_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site
echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site
echo ' deny all;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo '}' >> $koel_nginx_site
nginx_limits "$KOEL_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @koel;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @koel {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '';
echo '}'; } >> "$koel_nginx_site"
else
echo -n '' > $koel_nginx_site
echo -n '' > "$koel_nginx_site"
fi
if [[ "$ONION_ONLY" == 'no' ]]; then
{ echo 'server {';
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
echo " server_name $KOEL_DOMAIN_NAME;";
echo ''; } >> "$koel_nginx_site"
else
{ echo 'server {';
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
echo " server_name $KOEL_ONION_HOSTNAME;";
echo ''; } >> "$koel_nginx_site"
fi
echo 'server {' >> $koel_nginx_site
echo " listen 127.0.0.1:$KOEL_ONION_PORT default_server;" >> $koel_nginx_site
echo " server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
echo '' >> $koel_nginx_site
function_check nginx_compress
nginx_compress $KOEL_DOMAIN_NAME
echo ' gzip_comp_level 9;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Logs' >> $koel_nginx_site
echo ' access_log /dev/null;' >> $koel_nginx_site
echo ' error_log /dev/null;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Root' >> $koel_nginx_site
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Index' >> $koel_nginx_site
echo ' index index.php;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
echo ' if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
echo ' return 404;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' location /media/ {' >> $koel_nginx_site
echo ' internal;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
echo ' alias $upstream_http_x_media_root;' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # PHP' >> $koel_nginx_site
echo ' location ~ \.php {' >> $koel_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $koel_nginx_site
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
echo ' fastcgi_read_timeout 30;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Location' >> $koel_nginx_site
echo ' location / {' >> $koel_nginx_site
nginx_compress "$KOEL_DOMAIN_NAME"
{ echo ' gzip_comp_level 9;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
echo ' # Whitelist only index.php, robots.txt, and those start with public/ or api/';
echo " if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
echo ' return 404;';
echo ' }';
echo '';
echo ' location /media/ {';
echo ' internal;';
echo '';
echo ' # A X-Media-Root should be set to media_path settings from upstream';
echo " alias \$upstream_http_x_media_root;";
echo '';
echo ' }';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$koel_nginx_site"
function_check nginx_limits
nginx_limits $KOEL_DOMAIN_NAME '15m'
echo ' try_files $uri $uri/ @koel;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Fancy URLs' >> $koel_nginx_site
echo ' location @koel {' >> $koel_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $koel_nginx_site
echo ' location ~ /\.(ht|git) {' >> $koel_nginx_site
echo ' deny all;' >> $koel_nginx_site
echo ' }' >> $koel_nginx_site
echo '' >> $koel_nginx_site
echo '}' >> $koel_nginx_site
nginx_limits "$KOEL_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @koel;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @koel {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '';
echo '}'; } >> "$koel_nginx_site"
sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' $koel_nginx_site
sed -i 's|DENY;|SAMEORIGIN;|g' $koel_nginx_site
sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' "$koel_nginx_site"
sed -i 's|DENY;|SAMEORIGIN;|g' "$koel_nginx_site"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $KOEL_DOMAIN_NAME 'yes'
create_site_certificate "$KOEL_DOMAIN_NAME" 'yes'
# Ensure that the database gets backed up locally, if remote
# backups are not being used
@ -679,20 +690,13 @@ function install_koel_main {
backup_database_local koel
function_check nginx_ensite
nginx_ensite $KOEL_DOMAIN_NAME
KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
KOEL_SERVER=${KOEL_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
KOEL_SERVER=${KOEL_ONION_HOSTNAME}
fi
nginx_ensite "$KOEL_DOMAIN_NAME"
systemctl restart mariadb
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a koel -p "$KOEL_ADMIN_PASSWORD"
set_completion_param "koel domain" "$KOEL_DOMAIN_NAME"
@ -709,7 +713,7 @@ function install_koel {
install_koel_main
cd /var/www/$KOEL_DOMAIN_NAME/htdocs
cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 2432848
install_composer
npm install -g yarn
@ -731,30 +735,29 @@ function install_koel {
sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
php artisan koel:init
if [ ! "$?" = "0" ]; then
if ! php artisan koel:init; then
echo $"Can't install koel:init"
exit 78362
fi
koel_remove_gravatar
chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
# daemon
echo '[Unit]' > /etc/systemd/system/koel.service
echo 'Description=Koel (music player)' >> /etc/systemd/system/koel.service
echo 'After=syslog.target' >> /etc/systemd/system/koel.service
echo 'After=network.target' >> /etc/systemd/system/koel.service
echo '' >> /etc/systemd/system/koel.service
echo '[Service]' >> /etc/systemd/system/koel.service
echo 'Type=simple' >> /etc/systemd/system/koel.service
echo 'User=www-data' >> /etc/systemd/system/koel.service
echo 'Group=www-data' >> /etc/systemd/system/koel.service
echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs" >> /etc/systemd/system/koel.service
echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT" >> /etc/systemd/system/koel.service
echo 'Restart=on-failure' >> /etc/systemd/system/koel.service
echo '' >> /etc/systemd/system/koel.service
echo '[Install]' >> /etc/systemd/system/koel.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/koel.service
{ echo '[Unit]';
echo 'Description=Koel (music player)';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=www-data';
echo 'Group=www-data';
echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs";
echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT";
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/koel.service
systemctl enable koel.service
systemctl daemon-reload
systemctl start koel.service

368
src/freedombone-app-lychee
View File

@ -55,14 +55,14 @@ function logging_off_lychee {
}
function lychee_create_database {
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then
LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! $LYCHEE_ADMIN_PASSWORD ]; then
if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
return
fi
@ -73,7 +73,7 @@ function lychee_create_database {
function remove_user_lychee {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp lychee
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
}
function add_user_lychee {
@ -85,13 +85,13 @@ function add_user_lychee {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
echo '0'
}
function install_interactive_lychee {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -110,12 +110,12 @@ function configure_interactive_lychee {
get_mariadb_password
dialog --title $"Lychee Configuration" \
--msgbox $"\nYou can initially install the system with:\n\n Username: root\n Password: $MARIADB_PASSWORD" 10 70
--msgbox $"\\nYou can initially install the system with:\\n\\n Username: root\\n Password: $MARIADB_PASSWORD" 10 70
}
function change_password_lychee {
LYCHEE_USERNAME="$1"
# LYCHEE_USERNAME="$1"
LYCHEE_PASSWORD="$2"
if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
echo $'Lychee password is too short'
@ -143,56 +143,56 @@ function upgrade_lychee {
function backup_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
if [ -d $lychee_path ]; then
lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
if [ -d "$lychee_path" ]; then
function_check backup_database_to_usb
backup_database_to_usb lychee
backup_directory_to_usb $lychee_path lychee
backup_directory_to_usb "$lychee_path" lychee
restart_site
fi
}
function restore_local_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
if [ $LYCHEE_DOMAIN_NAME ]; then
suspend_site ${LYCHEE_DOMAIN_NAME}
if [ "$LYCHEE_DOMAIN_NAME" ]; then
suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check lychee_create_database
lychee_create_database
function_check restore_database
restore_database lychee ${LYCHEE_DOMAIN_NAME}
restore_database lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
fi
}
function backup_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
suspend_site ${LYCHEE_DOMAIN_NAME}
if [ -d "$temp_backup_dir" ]; then
suspend_site "${LYCHEE_DOMAIN_NAME}"
backup_database_to_friend lychee
backup_directory_to_friend $temp_backup_dir lychee
backup_directory_to_friend "$temp_backup_dir" lychee
restart_site
else
echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
@ -202,27 +202,27 @@ function backup_remote_lychee {
function restore_remote_lychee {
LYCHEE_DOMAIN_NAME='lychee.local'
if grep -q "lychee domain" $COMPLETION_FILE; then
if grep -q "lychee domain" "$COMPLETION_FILE"; then
LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
fi
suspend_site ${LYCHEE_DOMAIN_NAME}
suspend_site "${LYCHEE_DOMAIN_NAME}"
function_check restore_database_from_friend
function_check lychee_create_database
lychee_create_database
restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
MARIADB_PASSWORD=
fi
restart_site
chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
}
function remove_lychee {
@ -231,181 +231,181 @@ function remove_lychee {
fi
read_config_param "LYCHEE_DOMAIN_NAME"
nginx_dissite $LYCHEE_DOMAIN_NAME
remove_certs ${LYCHEE_DOMAIN_NAME}
nginx_dissite "$LYCHEE_DOMAIN_NAME"
remove_certs "${LYCHEE_DOMAIN_NAME}"
drop_database lychee
remove_backup_database_local lychee
if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi
if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
rm -rf /var/www/$LYCHEE_DOMAIN_NAME
if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
fi
remove_config_param LYCHEE_DOMAIN_NAME
remove_config_param LYCHEE_CODE
function_check remove_onion_service
remove_onion_service lychee ${LYCHEE_ONION_PORT}
remove_onion_service lychee "${LYCHEE_ONION_PORT}"
remove_completion_param "install_lychee"
sed -i '/Lychee/d' $COMPLETION_FILE
sed -i '/lychee/d' $COMPLETION_FILE
sed -i '/Lychee/d' "$COMPLETION_FILE"
sed -i '/lychee/d' "$COMPLETION_FILE"
function_check remove_ddns_domain
remove_ddns_domain $LYCHEE_DOMAIN_NAME
remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
}
function install_lychee_website {
function_check nginx_http_redirect
nginx_http_redirect $LYCHEE_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_DOMAIN_NAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.html;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl $LYCHEE_DOMAIN_NAME
nginx_ssl "$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {';
echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}';
echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}
function install_lychee_website_onion {
echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
{ echo 'server {';
echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
echo " server_name $LYCHEE_ONION_HOSTNAME;";
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ' index index.html;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' }';
echo '';
echo ' # block these file types';
echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
echo ' deny all;';
echo ' }';
echo '';
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_limits
nginx_limits $LYCHEE_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
nginx_limits "$LYCHEE_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";
echo " # server, which is entirely possible with php-fpm/php-fcgi.";
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
echo " # another machine. And then cross your fingers that you won't get hacked.";
echo " try_files \$uri \$uri/ /index.html;";
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
echo ' # With php-cgi alone:';
echo ' # fastcgi_pass 127.0.0.1:9000;';
echo ' # With php-fpm:';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' include fastcgi_params;';
echo ' fastcgi_read_timeout 30;';
echo ' fastcgi_index index.html;';
echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
echo ' }';
echo '';
echo ' # deny access to all dot files';
echo ' location ~ /\. {';
echo ' deny all;';
echo ' }';
echo '';
echo ' #deny access to store';
echo ' location ~ /store {';
echo ' deny all;';
echo ' }';
echo ' location ~ /(data|conf|bin|inc)/ {';
echo ' deny all;';
echo ' }';
echo ' location ~ /\.ht {';
echo ' deny all;';
echo ' }';
echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
}
function install_lychee_from_repo {
if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
mkdir /var/www/$LYCHEE_DOMAIN_NAME
if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
fi
cd /var/www/$LYCHEE_DOMAIN_NAME
cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
if [ -d /repos/lychee ]; then
mkdir htdocs
cp -r -p /repos/lychee/. htdocs
cd htdocs
cd htdocs || exit 963756345
git pull
else
git_clone $LYCHEE_REPO htdocs
git_clone "$LYCHEE_REPO" htdocs
fi
cd htdocs
git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
cd htdocs || exit 1437534858
git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
set_completion_param "lychee commit" "$LYCHEE_COMMIT"
}
@ -414,7 +414,7 @@ function install_lychee {
ONION_ONLY='no'
fi
if [ ! $LYCHEE_DOMAIN_NAME ]; then
if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
echo $'The lychee domain name was not specified'
exit 543672
fi
@ -429,7 +429,7 @@ function install_lychee {
function_check install_lychee_website
install_lychee_website
else
echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
fi
LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
@ -438,23 +438,23 @@ function install_lychee {
install_lychee_website_onion
function_check create_site_certificate
create_site_certificate $LYCHEE_DOMAIN_NAME 'yes'
create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
function_check configure_php
configure_php
chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/
chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/
chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs
chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html
chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
function_check nginx_ensite
nginx_ensite $LYCHEE_DOMAIN_NAME
nginx_ensite "$LYCHEE_DOMAIN_NAME"
function_check install_mariadb
install_mariadb
@ -469,10 +469,10 @@ function install_lychee {
systemctl restart php7.0-fpm
systemctl restart nginx
${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
function_check add_ddns_domain
add_ddns_domain $LYCHEE_DOMAIN_NAME
add_ddns_domain "$LYCHEE_DOMAIN_NAME"
set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
APP_INSTALLED=1

172
src/freedombone-app-mailpile
View File

@ -58,15 +58,15 @@ function logging_off_mailpile {
function remove_user_mailpile {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp mailpile
}
function add_user_mailpile {
${PROJECT_NAME}-pass -u $1 -a mailpile -p "$2"
"${PROJECT_NAME}-pass" -u "$1" -a mailpile -p "$2"
}
function install_interactive_mailpile {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -93,7 +93,7 @@ function upgrade_mailpile {
read_config_param "MAILPILE_DOMAIN_NAME"
CURR_COMMIT=$MAILPILE_COMMIT
if grep -q "mailpile commit" $COMPLETION_FILE; then
if grep -q "mailpile commit" "$COMPLETION_FILE"; then
CURR_COMMIT=$(get_completion_param "mailpile commit")
fi
if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
@ -103,10 +103,10 @@ function upgrade_mailpile {
function_check set_repo_commit
set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
cd /var/www/$MAILPILE_DOMAIN_NAME/mail
cd "/var/www/$MAILPILE_DOMAIN_NAME/mail" || exit 2346836535
pip install -r requirements.txt
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
}
function backup_local_mailpile {
@ -136,16 +136,16 @@ function remove_mailpile {
systemctl daemon-reload
read_config_param "MAILPILE_DOMAIN_NAME"
nginx_dissite $MAILPILE_DOMAIN_NAME
remove_certs ${MAILPILE_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
nginx_dissite "$MAILPILE_DOMAIN_NAME"
remove_certs "${MAILPILE_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME"
fi
if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
rm -rf /var/www/$MAILPILE_DOMAIN_NAME
if [ -d "/var/www/$MAILPILE_DOMAIN_NAME" ]; then
rm -rf "/var/www/$MAILPILE_DOMAIN_NAME"
fi
function_check remove_ddns_domain
remove_ddns_domain $MAILPILE_DOMAIN_NAME
remove_ddns_domain "$MAILPILE_DOMAIN_NAME"
groupdel -f mailpile
userdel -r mailpile
@ -158,8 +158,8 @@ function remove_mailpile {
enable_email_encryption_at_rest
sed -i '/Mailpile/d' $COMPLETION_FILE
sed -i '/mailpile/d' $COMPLETION_FILE
sed -i '/Mailpile/d' "$COMPLETION_FILE"
sed -i '/mailpile/d' "$COMPLETION_FILE"
}
function install_mailpile {
@ -178,7 +178,7 @@ function install_mailpile {
mkdir /var/www/$MAILPILE_DOMAIN_NAME
fi
cd /var/www/$MAILPILE_DOMAIN_NAME
cd "/var/www/$MAILPILE_DOMAIN_NAME" || exit 264826484
if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
fi
@ -186,13 +186,13 @@ function install_mailpile {
if [ -d /repos/mailpile ]; then
mkdir mail
cp -r -p /repos/mailpile/. mail
cd mail
cd mail || exit 245728482
git pull
else
git_clone $MAILPILE_REPO mail
fi
cd mail
cd mail || exit 246872468
git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
@ -206,8 +206,8 @@ function install_mailpile {
adduser mailpile debian-tor
adduser mailpile www-data
adduser mailpile mail
adduser mailpile $MY_USERNAME
if [[ $ONION_ONLY == 'no' ]]; then
adduser mailpile "$MY_USERNAME"
if [[ "$ONION_ONLY" == 'no' ]]; then
chgrp -R ssl-cert /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt
usermod -a -G ssl-cert mailpile
@ -219,89 +219,89 @@ function install_mailpile {
MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
echo '[Unit]' > /etc/systemd/system/mailpile.service
echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service
echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service
echo '' >> /etc/systemd/system/mailpile.service
echo '[Service]' >> /etc/systemd/system/mailpile.service
echo 'User=mailpile' >> /etc/systemd/system/mailpile.service
echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service
echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service
echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service
echo 'Restart=always' >> /etc/systemd/system/mailpile.service
echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service
echo '' >> /etc/systemd/system/mailpile.service
echo '[Install]' >> /etc/systemd/system/mailpile.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service
{ echo '[Unit]';
echo 'Description=Mailpile Email Client';
echo 'After=syslog.target network.target nginx.target';
echo '';
echo '[Service]';
echo 'User=mailpile';
echo 'Group=mailpile';
echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
echo 'Restart=always';
echo 'RestartSec=10';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mailpile.service
chmod +x /etc/systemd/system/mailpile.service
mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $MAILPILE_DOMAIN_NAME
echo 'server {' >> $mailpile_nginx_site
echo ' listen 443 ssl;' >> $mailpile_nginx_site
echo ' #listen [::]:443 ssl;' >> $mailpile_nginx_site
echo " server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' # Security' >> $mailpile_nginx_site
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $MAILPILE_DOMAIN_NAME;";
echo '';
echo ' # Security'; } >> $mailpile_nginx_site
function_check nginx_ssl
nginx_ssl $MAILPILE_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' # Logs' >> $mailpile_nginx_site
echo ' access_log /dev/null;' >> $mailpile_nginx_site
echo ' error_log /dev/null;' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' # Root' >> $mailpile_nginx_site
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' location / {' >> $mailpile_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
echo '';
echo ' location / {'; } >> $mailpile_nginx_site
function_check nginx_limits
nginx_limits $MAILPILE_DOMAIN_NAME '15m'
echo ' rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
echo ' proxy_set_header Host $http_host;' >> $mailpile_nginx_site
echo ' proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
echo ' proxy_redirect off;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site
echo '}' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
{ echo " rewrite /(.*) /\$1 break;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${MAILPILE_PORT};";
echo ' proxy_redirect off;';
echo ' }';
echo '}';
echo ''; } >> $mailpile_nginx_site
else
echo -n '' > $mailpile_nginx_site
fi
echo 'server {' >> $mailpile_nginx_site
echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site
echo " server_name $MAILPILE_ONION_HOSTNAME;" >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
echo " server_name $MAILPILE_ONION_HOSTNAME;";
echo ''; } >> $mailpile_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
echo '' >> $mailpile_nginx_site
echo ' # Logs' >> $mailpile_nginx_site
echo ' access_log /dev/null;' >> $mailpile_nginx_site
echo ' error_log /dev/null;' >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' # Root' >> $mailpile_nginx_site
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
echo '' >> $mailpile_nginx_site
echo ' location / {' >> $mailpile_nginx_site
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
echo '';
echo ' location / {'; } >> $mailpile_nginx_site
function_check nginx_limits
nginx_limits $MAILPILE_DOMAIN_NAME '15m'
echo ' rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
echo ' proxy_set_header Host $http_host;' >> $mailpile_nginx_site
echo ' proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
echo ' proxy_redirect off;' >> $mailpile_nginx_site
echo ' }' >> $mailpile_nginx_site
echo '}' >> $mailpile_nginx_site
{ echo " rewrite /(.*) /\$1 break;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${MAILPILE_PORT};";
echo ' proxy_redirect off;';
echo ' }';
echo '}'; } >> $mailpile_nginx_site
function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
@ -322,7 +322,7 @@ function install_mailpile {
function_check nginx_ensite
nginx_ensite $MAILPILE_DOMAIN_NAME
${PROJECT_NAME}-pass -u $MY_USERNAME -a mailpile -p "*"
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mailpile -p "*"
function_check add_ddns_domain
add_ddns_domain $MAILPILE_DOMAIN_NAME
@ -336,7 +336,7 @@ function install_mailpile {
if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
fi
cp -r /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
cp -r "/home/$MY_USERNAME/.gnupg" "/var/www/$MAILPILE_DOMAIN_NAME/mail/"
chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
@ -348,8 +348,8 @@ function install_mailpile {
sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
# set ssl certs, just in case we want to use them later
if [[ $ONION_ONLY == "no" ]]; then
if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
if [[ "$ONION_ONLY" == "no" ]]; then
if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf

324
src/freedombone-app-matrix
View File

@ -71,21 +71,21 @@ function matrix_expire_old_posts {
read_config_param MATRIX_PORT
matrix_remove_posts=/usr/bin/matrix-remove
echo '#!/bin/bash' > $matrix_remove_posts
echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_posts
echo 'ROOM=$1' >> $matrix_remove_posts
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_posts
echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'" >> $matrix_remove_posts
echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")" >> $matrix_remove_posts
echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_posts
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")" >> $matrix_remove_posts
echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
{ echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR";
echo "ROOM=\$1";
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'";
echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")";
echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")";
echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')";
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_posts
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x' >> $matrix_remove_posts
echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN" >> $matrix_remove_posts
echo 'set -x';
echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN"; } > $matrix_remove_posts
chmod +x $matrix_remove_posts
}
@ -127,109 +127,109 @@ function logging_off_matrix {
function matrix_nginx {
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > $matrix_nginx_site
echo " listen 0.0.0.0:443;" >> $matrix_nginx_site
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Security' >> $matrix_nginx_site
{ echo 'server {';
echo " listen 0.0.0.0:443;";
echo " server_name ${MATRIX_DOMAIN_NAME};";
echo '';
echo ' # Security'; } > $matrix_nginx_site
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Logs' >> $matrix_nginx_site
echo ' access_log /dev/null;' >> $matrix_nginx_site
echo ' error_log /dev/null;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Index' >> $matrix_nginx_site
echo ' index index.html;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' location /_matrix {' >> $matrix_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /var/lib/matrix/media_store;';
echo '';
echo ' # Index';
echo ' index index.html;';
echo '';
echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
echo ' }' >> $matrix_nginx_site
echo '}' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo 'server {' >> $matrix_nginx_site
echo " listen 0.0.0.0:${MATRIX_HTTP_PORT};" >> $matrix_nginx_site
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Security' >> $matrix_nginx_site
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}';
echo '';
echo 'server {';
echo " listen 0.0.0.0:${MATRIX_HTTP_PORT};";
echo " server_name ${MATRIX_DOMAIN_NAME};";
echo '';
echo ' # Security'; } >> $matrix_nginx_site
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Logs' >> $matrix_nginx_site
echo ' access_log /dev/null;' >> $matrix_nginx_site
echo ' error_log /dev/null;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Index' >> $matrix_nginx_site
echo ' index index.html;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Location' >> $matrix_nginx_site
echo ' location /_matrix {' >> $matrix_nginx_site
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /var/lib/matrix/media_store;';
echo '';
echo ' # Index';
echo ' index index.html;';
echo '';
echo ' # Location';
echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
echo ' }' >> $matrix_nginx_site
echo '}' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}';
echo ''; } >> $matrix_nginx_site
else
echo -n '' > $matrix_nginx_site
fi
echo 'server {' >> $matrix_nginx_site
echo " listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;" >> $matrix_nginx_site
echo " server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
{ echo 'server {';
echo " listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;";
echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME
echo '' >> $matrix_nginx_site
echo ' # Logs' >> $matrix_nginx_site
echo ' access_log /dev/null;' >> $matrix_nginx_site
echo ' error_log /dev/null;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Location' >> $matrix_nginx_site
echo ' location /_matrix {' >> $matrix_nginx_site
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /var/lib/matrix/media_store;';
echo '';
echo ' # Location';
echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
echo ' }' >> $matrix_nginx_site
echo '}' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo 'server {' >> $matrix_nginx_site
echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
echo " server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}';
echo '';
echo 'server {';
echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;";
echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME
echo '' >> $matrix_nginx_site
echo ' # Logs' >> $matrix_nginx_site
echo ' access_log /dev/null;' >> $matrix_nginx_site
echo ' error_log /dev/null;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' root /var/lib/matrix/media_store;' >> $matrix_nginx_site
echo '' >> $matrix_nginx_site
echo ' # Location' >> $matrix_nginx_site
echo ' location /_matrix {' >> $matrix_nginx_site
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /var/lib/matrix/media_store;';
echo '';
echo ' # Location';
echo ' location /_matrix {'; } >> $matrix_nginx_site
function_check nginx_limits
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
echo ' }' >> $matrix_nginx_site
echo '}' >> $matrix_nginx_site
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}'; } >> $matrix_nginx_site
if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
@ -242,7 +242,7 @@ function matrix_nginx {
function matrix_generate_homeserver_file {
local filepath="${1}"
cd /etc/matrix
cd /etc/matrix || exit 468246824
python -m synapse.app.homeserver \
--config-path "${filepath}" \
--generate-config \
@ -251,10 +251,10 @@ function matrix_generate_homeserver_file {
}
function matrix_configure_homeserver_yaml {
local turnkey="${1}"
local filepath="${2}"
turnkey="${1}"
filepath="${2}"
local ymltemp="$(mktemp)"
ymltemp="$(mktemp)"
awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
-v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
@ -272,7 +272,7 @@ function matrix_configure_homeserver_yaml {
print;
}' "${filepath}" > "${ymltemp}"
mv ${ymltemp} "${filepath}"
mv "${ymltemp}" "${filepath}"
if [[ $ONION_ONLY == "no" ]]; then
sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
@ -307,9 +307,10 @@ function matrix_diff {
REPORT_STATS="${REPORT_STATS:-no_or_yes}"
export MATRIX_DOMAIN_NAME REPORT_STATS
matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
rm $INSTALL_DIR/homeserver.synapse.yaml
matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
# shellcheck disable=SC2086
diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
rm "$INSTALL_DIR/homeserver.synapse.yaml"
}
function matrix_generate {
@ -334,15 +335,15 @@ function create_matrix_user_removal_script {
read_config_param MATRIX_DOMAIN_NAME
matrix_remove_user=/usr/bin/matrix-remove-user
echo '#!/bin/bash' > $matrix_remove_user
echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_user
echo 'remove_username=$1' >> $matrix_remove_user
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_user
echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_user
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_user
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_user
echo 'set -x' >> $matrix_remove_user
echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'" >> $matrix_remove_user
{ echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR";
echo "remove_username=\$1";
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x';
echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'"; } > $matrix_remove_user
chmod +x $matrix_remove_user
}
@ -351,7 +352,7 @@ function remove_user_matrix {
remove_username="$1"
create_matrix_user_removal_script
${PROJECT_NAME}-pass -u $remove_username --rmapp matrix
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp matrix
$matrix_remove_user "$remove_username"
}
@ -362,7 +363,7 @@ function add_user_matrix {
read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME
${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password"
"${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
if [[ "$new_username" != "$MY_USERNAME" ]]; then
echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT}
@ -373,7 +374,7 @@ function add_user_matrix {
}
function install_interactive_matrix {
if [ ! $ONION_ONLY ]; then
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
@ -393,7 +394,7 @@ function install_interactive_matrix {
}
function change_password_matrix {
curr_username="$1"
#curr_username="$1"
new_user_password="$2"
#${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
@ -418,7 +419,7 @@ function upgrade_matrix {
function_check set_repo_commit
set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
cd /etc/matrix
cd /etc/matrix || exit 62476724
pip install --upgrade --process-dependency-links .
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
@ -467,6 +468,7 @@ function restore_local_matrix {
else
cp -r $temp_restore_dir/* /etc/matrix/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
@ -482,6 +484,7 @@ function restore_local_matrix {
else
cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
@ -490,7 +493,7 @@ function restore_local_matrix {
rm -rf $temp_restore_dir
chown -R matrix:matrix $MATRIX_DATA_DIR
if [[ $ONION_ONLY == "no" ]]; then
if [[ "$ONION_ONLY" == "no" ]]; then
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi
@ -532,6 +535,7 @@ function restore_remote_matrix {
else
cp -r $temp_restore_dir/* /etc/matrix/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 38935
fi
@ -545,6 +549,7 @@ function restore_remote_matrix {
else
cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 60923
fi
@ -581,7 +586,7 @@ function remove_matrix {
fi
systemctl daemon-reload
apt-get -y remove --purge coturn
cd /etc/matrix
cd /etc/matrix || exit 26472462
pip uninstall .
rm -rf $MATRIX_DATA_DIR
rm -rf /etc/matrix
@ -596,7 +601,7 @@ function remove_matrix {
systemctl restart nginx
remove_completion_param install_matrix
sed -i '/matrix/d' $COMPLETION_FILE
sed -i '/matrix/d' "$COMPLETION_FILE"
rm /etc/avahi/services/matrix.service
systemctl restart avahi-daemon
@ -608,7 +613,7 @@ function install_home_server {
if [ -d /repos/matrix ]; then
mkdir /etc/matrix
cp -r -p /repos/matrix/. /etc/matrix
cd /etc/matrix
cd /etc/matrix || exit 2324962946
git pull
else
function_check git_clone
@ -621,18 +626,17 @@ function install_home_server {
fi
fi
cd /etc/matrix
cd /etc/matrix || exit 7385452724
git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
set_completion_param "matrix commit" "$MATRIX_COMMIT"
if [ ! -d $INSTALL_DIR/matrix ]; then
mkdir -p $INSTALL_DIR/matrix
if [ ! -d "$INSTALL_DIR/matrix" ]; then
mkdir -p "$INSTALL_DIR/matrix"
fi
rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
if [ -d $INSTALL_DIR/matrix ]; then
rm -rf $INSTALL_DIR/matrix/*
if [ -d "$INSTALL_DIR/matrix" ]; then
rm -rf "$INSTALL_DIR/matrix/*"
fi
pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
if [ ! "$?" = "0" ]; then
if ! pip install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
echo $'Failed to install matrix home server'
exit 782542
fi
@ -653,11 +657,6 @@ function install_home_server {
function_check matrix_generate
matrix_generate
if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
echo $'homeserver.yaml is zero size'
exit 783724
fi
# Disable the web client
sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml
sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml
@ -669,20 +668,20 @@ function install_home_server {
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
echo '[Unit]' > /etc/systemd/system/matrix.service
echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service
echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service
echo '' >> /etc/systemd/system/matrix.service
echo '[Service]' >> /etc/systemd/system/matrix.service
echo 'Type=simple' >> /etc/systemd/system/matrix.service
echo 'User=matrix' >> /etc/systemd/system/matrix.service
echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
echo 'Restart=on-failure' >> /etc/systemd/system/matrix.service
echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
echo '' >> /etc/systemd/system/matrix.service
echo '[Install]' >> /etc/systemd/system/matrix.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service
{ echo '[Unit]';
echo 'Description=Synapse Matrix homeserver';
echo 'After=network.target nginx.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=matrix';
echo "WorkingDirectory=/etc/matrix";
echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml";
echo 'Restart=on-failure';
echo 'RestartSec=10';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
systemctl enable matrix
systemctl daemon-reload
systemctl start matrix
@ -701,18 +700,19 @@ function install_home_server {
fi
chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
cd $MATRIX_DATA_DIR
cd "$MATRIX_DATA_DIR" || exit 365856835
sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"
MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
#MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
systemctl restart tor
if [ ! ${MATRIX_PASSWORD} ]; then
if [ -f ${IMAGE_PASSWORD_FILE} ]; then
MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
if [ ! "${MATRIX_PASSWORD}" ]; then
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
@ -733,8 +733,8 @@ function install_matrix {
check_ram_availability 1500
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p "$INSTALL_DIR"
fi
if [[ ${ONION_ONLY} == 'no' ]]; then
@ -806,19 +806,19 @@ function install_matrix {
set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
# Add avahi services
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/matrix.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/matrix.service
echo '<service-group>' >> /etc/avahi/services/matrix.service
echo ' <name replace-wildcards="yes">%h MATRIX</name>' >> /etc/avahi/services/matrix.service
echo ' <service>' >> /etc/avahi/services/matrix.service
echo ' <type>_matrix._tcp</type>' >> /etc/avahi/services/matrix.service
echo " <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
echo ' </service>' >> /etc/avahi/services/matrix.service
echo ' <service>' >> /etc/avahi/services/matrix.service
echo ' <type>_matrix._udp</type>' >> /etc/avahi/services/matrix.service
echo " <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
echo ' </service>' >> /etc/avahi/services/matrix.service
echo '</service-group>' >> /etc/avahi/services/matrix.service
{ echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
echo '<service-group>';
echo ' <name replace-wildcards="yes">%h MATRIX</name>';
echo ' <service>';
echo ' <type>_matrix._tcp</type>';
echo " <port>$MATRIX_HTTP_PORT</port>";
echo ' </service>';
echo ' <service>';
echo ' <type>_matrix._udp</type>';
echo " <port>$MATRIX_HTTP_PORT</port>";
echo ' </service>';
echo '</service-group>'; } > /etc/avahi/services/matrix.service
systemctl restart avahi-daemon