#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # cryptpad application # # License # ======= # # Copyright (C) 2017 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full full-vim writer' IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 CRYPTPAD_DOMAIN_NAME= CRYPTPAD_CODE= CRYPTPAD_ONION_PORT=8119 CRYPTPAD_PORT=9003 CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad" CRYPTPAD_COMMIT='ed5b005216be9b9029c1ccd25a5fdc7908ed8730' CRYPTPAD_ADMIN_PASSWORD= CRYPTPAD_DIR=/etc/cryptpad cryptpad_variables=(ONION_ONLY CRYPTPAD_DOMAIN_NAME CRYPTPAD_CODE DDNS_PROVIDER MY_EMAIL_ADDRESS MY_USERNAME) function remove_user_cryptpad { remove_username="$1" ${PROJECT_NAME}-pass -u $remove_username --rmapp cryptpad } function add_user_cryptpad { new_username="$1" new_user_password="$2" ${PROJECT_NAME}-pass -u $new_username -a cryptpad -p "$new_user_password" echo '0' } function install_interactive_cryptpad { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if [[ $ONION_ONLY != "no" ]]; then CRYPTPAD_DOMAIN_NAME='cryptpad.local' else CRYPTPAD_DETAILS_COMPLETE= while [ ! $CRYPTPAD_DETAILS_COMPLETE ] do data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Cryptpad Configuration" \ --form $"\nPlease enter your Cryptpad details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \ $"Domain:" 1 1 "$(grep 'CRYPTPAD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ $"Code:" 2 1 "$(grep 'CRYPTPAD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \ 2> $data else dialog --backtitle $"Freedombone Configuration" \ --title $"Cryptpad Configuration" \ --form $"\nPlease enter your Cryptpad details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \ $"Domain:" 1 1 "$(grep 'CRYPTPAD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \ 2> $data fi sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac CRYPTPAD_DOMAIN_NAME=$(cat $data | sed -n 1p) if [ $CRYPTPAD_DOMAIN_NAME ]; then if [[ $CRYPTPAD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then CRYPTPAD_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$CRYPTPAD_DOMAIN_NAME validate_domain_name if [[ $TEST_DOMAIN_NAME != $CRYPTPAD_DOMAIN_NAME ]]; then CRYPTPAD_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then CRYPTPAD_CODE=$(cat $data | sed -n 2p) validate_freedns_code "$CRYPTPAD_CODE" if [ ! $VALID_CODE ]; then CRYPTPAD_DOMAIN_NAME= fi fi fi fi if [ $CRYPTPAD_DOMAIN_NAME ]; then CRYPTPAD_DETAILS_COMPLETE="yes" fi done # save the results in the config file write_config_param "CRYPTPAD_CODE" "$CRYPTPAD_CODE" fi write_config_param "CRYPTPAD_DOMAIN_NAME" "$CRYPTPAD_DOMAIN_NAME" APP_INSTALLED=1 } function change_password_cryptpad { curr_username="$1" new_user_password="$2" read_config_param 'CRYPTPAD_DOMAIN_NAME' ${PROJECT_NAME}-pass -u "$curr_username" -a cryptpad -p "$new_user_password" } function reconfigure_cryptpad { if [ -d $CRYPTPAD_DIR/datastore ]; then rm -rf $CRYPTPAD_DIR/datastore fi } function upgrade_cryptpad { if grep -q "cryptpad domain" $COMPLETION_FILE; then CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain") fi CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit") if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then return fi systemctl stop cryptpad # update to the next commit function_check set_repo_commit set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO cd $CRYPTPAD_DIR chown -R cryptpad:cryptpad * systemctl start cryptpad } function backup_local_cryptpad { CRYPTPAD_DOMAIN_NAME='cryptpad' if grep -q "cryptpad domain" $COMPLETION_FILE; then CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain") fi source_directory=$CRYPTPAD_DIR/datastore if [ -d $source_directory ]; then systemctl stop cryptpad dest_directory=cryptpad function_check suspend_site suspend_site ${CRYPTPAD_DOMAIN_NAME} function_check backup_directory_to_usb backup_directory_to_usb $source_directory $dest_directory function_check restart_site restart_site systemctl start cryptpad fi } function restore_local_cryptpad { if [ -d $CRYPTPAD_DIR ]; then systemctl stop cryptpad temp_restore_dir=/root/tempcryptpad function_check restore_directory_from_usb restore_directory_from_usb $temp_restore_dir cryptpad cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/ systemctl start cryptpad fi } function backup_remote_cryptpad { if grep -q "cryptpad domain" $COMPLETION_FILE; then CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain") temp_backup_dir=$CRYPTPAD_DIR/datastore if [ -d $temp_backup_dir ]; then systemctl stop cryptpad function_check suspend_site suspend_site ${CRYPTPAD_DOMAIN_NAME} echo $"Backing up Cryptpad installation" function_check backup_directory_to_friend backup_directory_to_friend $temp_backup_dir cryptpad function_check restart_site restart_site systemctl start cryptpad else echo $"cryptpad domain specified but not found in ${temp_backup_dir}" fi fi } function restore_remote_cryptpad { if [ -d $CRYPTPAD_DIR ]; then systemctl stop cryptpad temp_restore_dir=/root/tempcryptpad function_check restore_directory_from_usb restore_directory_from_friend $temp_restore_dir cryptpad cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/ systemctl start cryptpad fi } function remove_cryptpad { if [ ${#CRYPTPAD_DOMAIN_NAME} -eq 0 ]; then return fi systemctl stop cryptpad systemctl disable cryptpad if [ -f /etc/systemd/system/cryptpad.service ]; then rm /etc/systemd/system/cryptpad.service fi function_check remove_nodejs remove_nodejs cryptpad read_config_param "CRYPTPAD_DOMAIN_NAME" read_config_param "MY_USERNAME" echo "Removing $CRYPTPAD_DOMAIN_NAME" nginx_dissite $CRYPTPAD_DOMAIN_NAME remove_certs $CRYPTPAD_DOMAIN_NAME if [ -d $CRYPTPAD_DIR ]; then rm -rf $CRYPTPAD_DIR fi if [ -f /etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME ]; then rm /etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME fi function_check remove_onion_service remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT} remove_app cryptpad remove_completion_param install_cryptpad sed -i '/cryptpad/d' $COMPLETION_FILE userdel -r cryptpad function_check remove_ddns_domain remove_ddns_domain $CRYPTPAD_DOMAIN_NAME } function install_cryptpad_main { if [ ! $CRYPTPAD_DOMAIN_NAME ]; then echo $'No domain name was given for cryptpad' exit 7359 fi if [[ $(app_is_installed cryptpad_main) == "1" ]]; then return fi if [ ! -d /var/www/$CRYPTPAD_DOMAIN_NAME ]; then mkdir /var/www/$CRYPTPAD_DOMAIN_NAME fi if [ -d $CRYPTPAD_DIR ]; then rm -rf $CRYPTPAD_DIR fi function_check git_clone git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR if [ ! -d $CRYPTPAD_DIR ]; then echo $'Unable to clone cryptpad repo' exit 783251 fi # an unprivileged user to run as useradd -d $CRYPTPAD_DIR/ cryptpad cd $CRYPTPAD_DIR git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT" chown -R cryptpad:cryptpad $CRYPTPAD_COMMIT function_check add_ddns_domain add_ddns_domain $CRYPTPAD_DOMAIN_NAME CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT}) cryptpad_nginx_site=/etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then function_check nginx_http_redirect nginx_http_redirect $CRYPTPAD_DOMAIN_NAME "index index.html" echo 'server {' >> $cryptpad_nginx_site echo ' listen 443 ssl;' >> $cryptpad_nginx_site echo ' listen [::]:443 ssl;' >> $cryptpad_nginx_site echo " server_name $CRYPTPAD_DOMAIN_NAME;" >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # Security' >> $cryptpad_nginx_site function_check nginx_ssl mobile nginx_ssl $CRYPTPAD_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $CRYPTPAD_DOMAIN_NAME echo ' add_header Strict-Transport-Security max-age=15768000;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # Logs' >> $cryptpad_nginx_site echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # Root' >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' index index.html;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' try_files $uri $uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo '}' >> $cryptpad_nginx_site else echo -n '' > $cryptpad_nginx_site fi echo 'server {' >> $cryptpad_nginx_site echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # Logs' >> $cryptpad_nginx_site echo ' access_log /dev/null;' >> $cryptpad_nginx_site echo ' error_log /dev/null;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # Root' >> $cryptpad_nginx_site echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' index index.html;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo ' location = /api/config {' >> $cryptpad_nginx_site echo ' default_type text/javascript;' >> $cryptpad_nginx_site echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site echo ' try_files $uri =404;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site echo ' }' >> $cryptpad_nginx_site echo '' >> $cryptpad_nginx_site echo ' try_files $uri $uri/index.html /customize/$uri;' >> $cryptpad_nginx_site echo '}' >> $cryptpad_nginx_site sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site function_check create_site_certificate create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes' function_check nginx_ensite nginx_ensite $CRYPTPAD_DOMAIN_NAME ${PROJECT_NAME}-pass -u $MY_USERNAME -a cryptpad -p "$CRYPTPAD_ADMIN_PASSWORD" set_completion_param "cryptpad domain" "$CRYPTPAD_DOMAIN_NAME" install_completed cryptpad_main } function install_cryptpad { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi function_check install_nodejs install_nodejs cryptpad install_cryptpad_main cd $CRYPTPAD_DIR npm install npm install -g bower@1.8.0 su -c 'bower install' - cryptpad cp config.example.js config.js if [ ! -f config.js ]; then echo $'Cryptpad config file not found' exit 628252 fi sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" config.js sed -i "s|websocketPath:.*|websocketPath: '/',|g" config.js sed -i "s|// domain:|domain:|g" config.js sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' config.js if [[ $ONION_ONLY == 'no' ]]; then sed -i "s|domain:.*|domain: 'https://$CRYPTPAD_DOMAIN_NAME',|g" config.js else sed -i "s|domain:.*|domain: 'http://$CRYPTPAD_ONION_HOSTNAME',|g" config.js fi chown -R cryptpad:cryptpad $CRYPTPAD_DIR # daemon echo '[Unit]' > /etc/systemd/system/cryptpad.service echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service echo 'After=network.target' >> /etc/systemd/system/cryptpad.service echo '' >> /etc/systemd/system/cryptpad.service echo '[Service]' >> /etc/systemd/system/cryptpad.service echo 'Type=simple' >> /etc/systemd/system/cryptpad.service echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service echo '' >> /etc/systemd/system/cryptpad.service echo '[Install]' >> /etc/systemd/system/cryptpad.service echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service systemctl enable cryptpad.service systemctl daemon-reload systemctl start cryptpad.service systemctl restart nginx APP_INSTALLED=1 } # NOTE: deliberately there is no "exit 0"