diff --git a/src/freedombone-app-irc b/src/freedombone-app-irc index f57f6c32..c21d8dde 100755 --- a/src/freedombone-app-irc +++ b/src/freedombone-app-irc @@ -97,11 +97,12 @@ function create_irssi_config { echo ' },' >> /home/${new_username}/.irssi/config echo ' {' >> /home/${new_username}/.irssi/config echo " address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config - echo ' use_ssl = "yes";' >> /home/${new_username}/.irssi/config echo ' ssl_verify = "no";' >> /home/${new_username}/.irssi/config if [[ ${ONION_ONLY} == 'no' ]]; then + echo ' use_ssl = "yes";' >> /home/${new_username}/.irssi/config echo " port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config else + echo ' use_ssl = "no";' >> /home/${new_username}/.irssi/config IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}') echo " port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config fi @@ -517,15 +518,17 @@ function install_irc_server { sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf - if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then - sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf - else - sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf - fi - sed -i "s|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/ngircd/ngircd.conf - sed -i "s|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/ngircd/ngircd.conf sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/1" /etc/ngircd/ngircd.conf - sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/2" /etc/ngircd/ngircd.conf + if [[ $ONION_ONLY == 'no' ]]; then + if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf + else + sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf + fi + sed -i "s|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam|g" /etc/ngircd/ngircd.conf + sed -i "s|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/ngircd/ngircd.conf + sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/2" /etc/ngircd/ngircd.conf + fi sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf @@ -607,7 +610,11 @@ function install_irc_bouncer { echo ' IPv4 = true' >> /home/znc/.znc/configs/znc.conf echo ' IPv6 = true' >> /home/znc/.znc/configs/znc.conf echo ' Port = 6697' >> /home/znc/.znc/configs/znc.conf - echo ' SSL = true' >> /home/znc/.znc/configs/znc.conf + if [[ ${ONION_ONLY} == 'no' ]]; then + echo ' SSL = true' >> /home/znc/.znc/configs/znc.conf + else + echo ' SSL = false' >> /home/znc/.znc/configs/znc.conf + fi echo ' URIPrefix = /' >> /home/znc/.znc/configs/znc.conf echo '' >> /home/znc/.znc/configs/znc.conf echo '' >> /home/znc/.znc/configs/znc.conf diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index 1b1c8806..75f55c35 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -652,78 +652,79 @@ function configure_firewall_for_web_access { function update_default_domain { echo $'Updating default domain' - - if [ -d /etc/prosody ]; then - if [ ! -d /etc/prosody/certs ]; then - mkdir /etc/prosody/certs - fi - - if [[ "$(cert_exists chat.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then - sed -i 's|--Component "conference.|Component "chat.|g' /etc/prosody/prosody.cfg.lua - fi - if [[ "$(cert_exists xmpp.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then - sed -i 's|--Component "conference.|Component "xmpp.|g' /etc/prosody/prosody.cfg.lua - fi - if [[ "$(cert_exists conference.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then - sed -i 's|--Component "conference.|Component "conference.|g' /etc/prosody/prosody.cfg.lua - fi - - cp /etc/ssl/private/xmpp* /etc/prosody/certs - cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs - cp /etc/ssl/certs/xmpp* /etc/prosody/certs - cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs - if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then - if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then - mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem + if [[ $ONION_ONLY == 'no' ]]; then + if [ -d /etc/prosody ]; then + if [ ! -d /etc/prosody/certs ]; then + mkdir /etc/prosody/certs fi - else - sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua - sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua - sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua + if [[ "$(cert_exists chat.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then + sed -i 's|--Component "conference.|Component "chat.|g' /etc/prosody/prosody.cfg.lua + fi + if [[ "$(cert_exists xmpp.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then + sed -i 's|--Component "conference.|Component "xmpp.|g' /etc/prosody/prosody.cfg.lua + fi + if [[ "$(cert_exists conference.${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then + sed -i 's|--Component "conference.|Component "conference.|g' /etc/prosody/prosody.cfg.lua + fi + + cp /etc/ssl/private/xmpp* /etc/prosody/certs + cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs + cp /etc/ssl/certs/xmpp* /etc/prosody/certs + cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs + if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then + if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then + mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem + fi + else + sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua + sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua + + sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua + sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua + fi + chown -R prosody:prosody /etc/prosody + chmod -R 700 /etc/prosody/certs/* + systemctl reload prosody fi - chown -R prosody:prosody /etc/prosody - chmod -R 700 /etc/prosody/certs/* - systemctl reload prosody - fi - if [ -d /var/lib/mumble-server ]; then - if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then - cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem - cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam - cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key - chown -R mumble-server:mumble-server /var/lib/mumble-server - chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.pem - chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.key - chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.dhparam - systemctl reload mumble + if [ -d /var/lib/mumble-server ]; then + if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then + cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem + cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam + cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key + chown -R mumble-server:mumble-server /var/lib/mumble-server + chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.pem + chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.key + chmod -R 700 /var/lib/mumble-server/${DEFAULT_DOMAIN_NAME}.dhparam + systemctl reload mumble + fi fi - fi - if [ -d /home/znc/.znc ]; then - echo $'znc found' - if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then - pkill znc - cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem - chown znc:znc /home/znc/.znc/znc.pem - chmod 700 /home/znc/.znc/znc.pem + if [ -d /home/znc/.znc ]; then + echo $'znc found' + if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then + pkill znc + cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem + chown znc:znc /home/znc/.znc/znc.pem + chmod 700 /home/znc/.znc/znc.pem - sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf - sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf - sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf - echo $'irc certificates updated' + sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf + sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf + sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf + echo $'irc certificates updated' - systemctl restart ngircd - su -c 'znc' - znc + systemctl restart ngircd + su -c 'znc' - znc + fi fi - fi - if [ -d /etc/dovecot ]; then - if ! grep -q "ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then - sed -i "s|#ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf - sed -i "s|ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf - systemctl restart dovecot + if [ -d /etc/dovecot ]; then + if ! grep -q "ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then + sed -i "s|#ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf + sed -i "s|ssl_cert =.*|ssl_cert = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi fi fi }