#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Wekan kanban # # License # ======= # # Copyright (C) 2017 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='' IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=0 WEKAN_DOMAIN_NAME= WEKAN_CODE= WEKAN_PORT=8081 WEKAN_ONION_PORT=8120 WEKAN_REPO="https://github.com/wekan/wekan" WEKAN_COMMIT='dc547c38d1f5ca72729f6d8f81eb03671ca15934' FLOW_ROUTER_REPO="git://github.com/wekan/flow-router.git" FLOW_ROUTER_COMMIT='0c1f6423ed9b68eb00cfb1a19492438917a38956' WEKAN_DIR=/etc/wekan wekan_variables=(ONION_ONLY WEKAN_DOMAIN_NAME WEKAN_CODE DDNS_PROVIDER MY_USERNAME) function logging_on_wekan { echo -n '' } function logging_off_wekan { echo -n '' } function remove_user_wekan { remove_username="$1" } function add_user_wekan { new_username="$1" new_user_password="$2" echo '0' } function install_interactive_wekan { if [[ $ONION_ONLY != "no" ]]; then GIT_DOMAIN_NAME='wekan.local' write_config_param "WEKAN_DOMAIN_NAME" "$WEKAN_DOMAIN_NAME" else function_check interactive_site_details interactive_site_details wekan fi APP_INSTALLED=1 } function change_password_wekan { curr_username="$1" new_user_password="$2" } function reconfigure_wekan { echo -n '' } function upgrade_wekan { CURR_WEKAN_COMMIT=$(get_completion_param "wekan commit") if [[ "$CURR_WEKAN_COMMIT" == "$WEKAN_COMMIT" ]]; then return fi systemctl stop wekan # update to the next commit function_check set_repo_commit set_repo_commit $WEKAN_DIR "wekan commit" "$WEKAN_COMMIT" $WEKAN_REPO systemctl start wekan } function backup_local_wekan { source_directory=$WEKAN_DIR/data if [ -d $source_directory ]; then systemctl stop wekan dest_directory=wekan function_check suspend_site suspend_site wekan function_check backup_database_to_usb backup_database_to_usb wekan function_check backup_directory_to_usb backup_directory_to_usb $source_directory $dest_directory function_check restart_site restart_site systemctl start wekan fi } function restore_local_wekan { if [ -d $WEKAN_DIR ]; then systemctl stop wekan function_check restore_database restore_database gogs ${WEKAN_DOMAIN_NAME} temp_restore_dir=/root/tempwekan function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir wekan if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/ else cp -r $temp_restore_dir/* $WEKAN_DIR/data/ fi rm -rf $temp_restore_dir systemctl start wekan fi } function backup_remote_wekan { if grep -q "wekan domain" $COMPLETION_FILE; then temp_backup_dir=$WEKAN_DIR/data if [ -d $temp_backup_dir ]; then systemctl stop wekan function_check suspend_site suspend_site wekan echo $"Backing up Wekan installation" function_check backup_database_to_friend backup_database_to_friend wekan function_check backup_directory_to_friend backup_directory_to_friend $temp_backup_dir wekan function_check restart_site restart_site systemctl start wekan else echo $"wekan domain specified but not found in ${temp_backup_dir}" fi fi } function restore_remote_wekan { if [ -d $WEKAN_DIR ]; then systemctl stop wekan function_check restore_database_from_friend restore_database_from_friend wekan temp_restore_dir=/root/tempwekan function_check restore_directory_from_usb restore_directory_from_friend $temp_restore_dir wekan if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/ else cp -r $temp_restore_dir/* $WEKAN_DIR/data/ fi rm -rf $temp_restore_dir systemctl start wekan fi } function remove_wekan { systemctl stop wekan systemctl disable wekan if [ -f /etc/systemd/system/wekan.service ]; then rm /etc/systemd/system/wekan.service fi systemctl daemon-reload function_check remove_nodejs remove_nodejs wekan nginx_dissite wekan if [ -d $WEKAN_DIR ]; then rm -rf $WEKAN_DIR fi if [ -f /etc/nginx/sites-available/wekan ]; then rm /etc/nginx/sites-available/wekan fi function_check drop_database drop_database wekan function_check remove_onion_service remove_onion_service wekan ${WEKAN_ONION_PORT} remove_app wekan remove_completion_param install_wekan sed -i '/wekan/d' $COMPLETION_FILE groupdel -f wekan userdel -r wekan remove_meteor } function wekan_create_database { if [ -f ${IMAGE_PASSWORD_FILE} ]; then WEKAN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" else if [ ! ${GIT_ADMIN_PASSWORD} ]; then WEKAN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi fi if [ ! $WEKAN_ADMIN_PASSWORD ]; then return fi function_check create_database create_database gogs "$WEKAN_ADMIN_PASSWORD" } function install_wekan_main { if [[ $(app_is_installed wekan_main) == "1" ]]; then return fi if [ ! -d /var/www/wekan ]; then mkdir /var/www/wekan fi if [ -d $WEKAN_DIR ]; then rm -rf $WEKAN_DIR fi if [ -d /repos/wekan ]; then mkdir -p $WEKAN_DIR cp -r -p /repos/wekan/. $WEKAN_DIR cd $WEKAN_DIR git pull else function_check git_clone git_clone $WEKAN_REPO $WEKAN_DIR fi if [ ! -d $WEKAN_DIR ]; then echo $'Unable to clone wekan repo' exit 783251 fi # an unprivileged user to run as groupadd wekan useradd -c "Wekan account" -d $WEKAN_DIR/ -m -r -g wekan wekan cd $WEKAN_DIR git checkout $WEKAN_COMMIT -b $WEKAN_COMMIT set_completion_param "wekan commit" "$WEKAN_COMMIT" chown -R wekan:wekan $WEKAN_DIR WEKAN_ONION_HOSTNAME=$(add_onion_service wekan 80 ${WEKAN_ONION_PORT}) set_completion_param "wekan onion domain" "$WEKAN_ONION_HOSTNAME" wekan_nginx_site=/etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} if [[ ${ONION_ONLY} == "no" ]]; then function_check nginx_http_redirect nginx_http_redirect ${WEKAN_DOMAIN_NAME} echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' listen [::]:443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " root /var/www/${WEKAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " server_name ${WEKAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} function_check nginx_ssl nginx_ssl ${WEKAN_DOMAIN_NAME} function_check nginx_disable_sniffing nginx_disable_sniffing ${WEKAN_DOMAIN_NAME} echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} function_check nginx_limits nginx_limits ${WEKAN_DOMAIN_NAME} '15m' echo " proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} nginx_keybase ${WEKAN_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} else echo -n '' > /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} fi echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " listen 127.0.0.1:${WEKAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " root /var/www/$WEKAN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " server_name $WEKAN_DOMAIN_NAME;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo " error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} function_check nginx_disable_sniffing nginx_disable_sniffing ${WEKAN_DOMAIN_NAME} echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} function_check nginx_limits nginx_limits ${WEKAN_DOMAIN_NAME} '15m' echo " proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} nginx_keybase ${WEKAN_DOMAIN_NAME} echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME} function_check nginx_ensite nginx_ensite wekan install_completed wekan_main } function install_wekan { apt-get -qy install build-essential c++ capnproto curl function_check install_nodejs install_nodejs wekan install_wekan_main install_meteor cd $WEKAN_DIR su -c 'npm install babel-runtime' - wekan su -c 'npm install node-gyp' - wekan su -c 'npm install node-pre-gyp' - wekan su -c 'npm install fibers' - wekan su -c 'npm install bcrypt' - wekan su -c 'npm install bson' - wekan su -c 'npm install es6-promise' - wekan su -c 'npm install meteor-node-stubs' - wekan su -c 'npm install winston' - wekan su -c 'npm install winston-zulip' - wekan su -c 'npm install xss' - wekan # Remove any directories from previous installs if [ -d $WEKAN_DIR/.meteor ]; then rm -rf $WEKAN_DIR/.meteor fi if [ -d $WEKAN_DIR/app ]; then rm -rf $WEKAN_DIR/app fi if [ -d $WEKAN_DIR/app_build ]; then rm -rf $WEKAN_DIR/app_build fi # Get additional packages mkdir -p $WEKAN_DIR/.meteor/packages chown wekan:wekan --recursive $WEKAN_DIR/.meteor cd $WEKAN_DIR/.meteor/packages if [ ! -d /repos/flowrouter ]; then su -c "git clone --depth 1 -b master $FLOW_ROUTER_REPO kadira-flow-router" - wekan else mkdir kadira-flow-router cp -r -p /repos/flowrouter/. kadira-flow-router cd kadira-flow-router git pull cd .. fi cd kadira-flow-router git checkout $FLOW_ROUTER_COMMIT -b $FLOW_ROUTER_COMMIT cd .. if [ ! -d /repos/meteoruseraccounts ]; then su -c "git clone --depth 1 -b master $METEOR_USERACCOUNTS_REPO meteor-useraccounts-core" - wekan else mkdir meteor-useraccounts-core cp -r -p /repos/meteoruseraccounts/. meteor-useraccounts-core cd meteor-useraccounts-core git pull cd .. fi cd meteor-useraccounts-core git checkout $METEOR_USERACCOUNTS_COMMIT -b $METEOR_USERACCOUNTS_COMMIT cd .. if [ ! -f $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js ]; then echo $"File not found: $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js" exit 7289529 fi sed -i 's/api\.versionsFrom/\/\/api.versionsFrom/' $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js cd $WEKAN_DIR/.meteor su -c "$WEKAN_DIR/.meteor/meteor -- help" - wekan # Build app if [ ! -d $WEKAN_DIR/app ]; then echo $'No app subdirectory found' exit 294569 fi cd $WEKAN_DIR/app su -c "$WEKAN_DIR/.meteor/meteor add standard-minifier-js" - wekan su -c "$WEKAN_DIR/.meteor/meteor npm install" - wekan su -c "$WEKAN_DIR/.meteor/meteor build --directory $WEKAN_DIR/app_build" - wekan cp $WEKAN_DIR/app/fix-download-unicode/cfs_access-point.txt $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js chown wekan:wekan $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js sed -i "s|build\/Release\/bson|browser_build\/bson|g" $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/cfs_gridfs/node_modules/mongodb/node_modules/bson/ext/index.js if [ ! -d $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt ]; then echo $"No subdirectory found: $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt" exit 479832 fi cd $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt su -c 'rm -rf node_modules/bcrypt' - wekan su -c 'npm install bcrypt' - wekan cd $WEKAN_DIR/app_build/bundle/programs/server/ su -c 'npm install' - wekan mv $WEKAN_DIR/app_build/bundle ../build if [ ! -f $WEKAN_DIR/build/main.js ]; then echo $'main.js not found' exit 7828252 fi # Cleanup rm -R $WEKAN_DIR/.meteor rm -R $WEKAN_DIR/app rm -R $WEKAN_DIR/app_build chown -R wekan:wekan $WEKAN_DIR function_check install_mariadb install_mariadb function_check get_mariadb_password get_mariadb_password function_check wekan_create_database wekan_create_database # daemon echo '[Unit]' > /etc/systemd/system/wekan.service echo 'Description=Wekan' >> /etc/systemd/system/wekan.service echo 'After=syslog.target' >> /etc/systemd/system/wekan.service echo 'After=network.target' >> /etc/systemd/system/wekan.service echo '' >> /etc/systemd/system/wekan.service echo '[Service]' >> /etc/systemd/system/wekan.service echo 'User=wekan' >> /etc/systemd/system/wekan.service echo 'Group=wekan' >> /etc/systemd/system/wekan.service echo "WorkingDirectory=$WEKAN_DIR" >> /etc/systemd/system/wekan.service echo "ExecStart=/usr/local/bin/node $WEKAN_DIR/build/main.js" >> /etc/systemd/system/wekan.service echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/wekan.service echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/wekan.service echo 'Restart=on-failure' >> /etc/systemd/system/wekan.service echo '' >> /etc/systemd/system/wekan.service echo '[Install]' >> /etc/systemd/system/wekan.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wekan.service systemctl enable wekan.service systemctl daemon-reload systemctl start wekan.service systemctl restart nginx set_completion_param "wekan domain" "$WEKAN_DOMAIN_NAME" APP_INSTALLED=1 } # NOTE: deliberately there is no "exit 0"