freedombone/src/freedombone-app-scuttlebot

542 lines
17 KiB
Bash
Executable File

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# scuttlebot pub application. Enables nat traversal for SSB.
# https://scuttlebot.io
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_ICANN_ADDRESS_ON_ABOUT=0
SCUTTLEBOT_DOMAIN_NAME=
SCUTTLEBOT_CODE=
SCUTTLEBOT_VERSION='10.4.6'
SCUTTLEBOT_PORT=8010
SCUTTLEBOT_ONION_PORT=8623
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719
scuttlebot_variables=(MY_USERNAME
SCUTTLEBOT_DOMAIN_NAME
SCUTTLEBOT_CODE
DEFAULT_DOMAIN_NAME
SYSTEM_TYPE)
function logging_on_scuttlebot {
echo -n ''
}
function logging_off_scuttlebot {
echo -n ''
}
function scuttlebot_create_invite {
invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
clear
echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
# shellcheck disable=SC2034
read -n1 -r -p $"Press any key to continue..." key
}
function configure_interactive_scuttlebot {
W=(1 $"Create an invite")
while true
do
# shellcheck disable=SC2068
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Scuttlebot" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
fi
case $selection in
1) scuttlebot_create_invite;;
esac
done
}
function remove_user_scuttlebot {
echo -n ''
# remove_username="$1"
}
function add_user_scuttlebot {
# new_username="$1"
# new_user_password="$2"
echo '0'
}
function install_interactive_scuttlebot {
if [[ $ONION_ONLY != "no" ]]; then
SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details scuttlebot
fi
APP_INSTALLED=1
}
function change_password_scuttlebot {
# new_username="$1"
# new_user_password="$2"
echo '0'
}
function reconfigure_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
rm -rf /etc/scuttlebot/.ssb
systemctl start scuttlebot
fi
}
function upgrade_scuttlebot {
if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
return
fi
CURR_SCUTTLEBOT_VERSION=$(get_completion_param "scuttlebot version")
echo "scuttlebot current version: ${CURR_SCUTTLEBOT_VERSION}"
echo "scuttlebot app version: ${SCUTTLEBOT_VERSION}"
if [[ "${CURR_SCUTTLEBOT_VERSION}" == "${SCUTTLEBOT_VERSION}" ]]; then
return
fi
if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
return
fi
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
}
function backup_local_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
function_check backup_directory_to_usb
backup_directory_to_usb /etc/scuttlebot/.ssb scuttlebot
systemctl start scuttlebot
fi
}
function restore_local_scuttlebot {
if [ -d /etc/scuttlebot ]; then
systemctl stop scuttlebot
temp_restore_dir=/root/tempscuttlebot
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir scuttlebot
if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
else
cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
fi
systemctl start scuttlebot
rm -rf $temp_restore_dir
fi
}
function backup_remote_scuttlebot {
if [ -d /etc/scuttlebot/.ssb ]; then
systemctl stop scuttlebot
function_check backup_directory_to_friend
backup_directory_to_friend /etc/scuttlebot/.ssb scuttlebot
systemctl start scuttlebot
fi
}
function restore_remote_scuttlebot {
if [ -d /etc/scuttlebot ]; then
systemctl stop scuttlebot
temp_restore_dir=/root/tempscuttlebot
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir scuttlebot
if [ -d $temp_restore_dir/etc/scuttlebot/.ssb ]; then
cp -r $temp_restore_dir/etc/scuttlebot/.ssb /etc/scuttlebot/
else
cp -r $temp_restore_dir/* /etc/scuttlebot/.ssb/*
fi
systemctl start scuttlebot
rm -rf $temp_restore_dir
fi
}
function remove_scuttlebot {
firewall_remove ${SCUTTLEBOT_PORT}
firewall_remove ${GIT_SSB_PORT}
if [ $SCUTTLEBOT_DOMAIN_NAME ]; then
nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
fi
systemctl stop git_ssb
systemctl stop scuttlebot
systemctl disable git_ssb
systemctl disable scuttlebot
rm /etc/systemd/system/git_ssb.service
rm /etc/systemd/system/scuttlebot.service
systemctl daemon-reload
userdel -r scuttlebot
if [ -d /etc/scuttlebot ]; then
rm -rf /etc/scuttlebot
fi
if [ -f /usr/bin/git-ssb-create ]; then
rm /usr/bin/git-ssb-create
fi
remove_completion_param install_scuttlebot
sed -i '/scuttlebot /d' "$COMPLETION_FILE"
}
function git_ssb_script {
if [[ "$1" == "mesh" ]]; then
# shellcheck disable=SC2154
git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
else
git_ssb_script_name=/usr/bin/git-ssb-create
git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
fi
{ echo '#!/bin/bash';
echo "reponame=\"\$1\"";
echo '';
echo "if [[ \"\$reponame\" != \"\" ]]; then";
echo " mkdir \$reponame";
echo " cd \$reponame";
echo ' git init';
echo " git ssb create ssb \$reponame";
echo ' git push --tags ssb master';
echo 'fi';
echo 'exit 0'; } > $git_ssb_script_name
chmod +x $git_ssb_script_name
{ echo '[Unit]';
echo 'Description=Git SSB (SSB git web interface)';
echo 'After=syslog.target';
echo 'After=network.target';
echo 'After=scuttlebot.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
}
function scuttlebot_git_setup {
if [[ "$1" == "mesh" ]]; then
if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
fi
if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
echo $'Could not find foundation.css'
exit 347687245
fi
cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
{ echo 'server {';
echo " listen $NGINX_GIT_SSB_PORT default_server;";
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
else
if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
exit 7357225
fi
if [ ! -d /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
mkdir /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
fi
if [ ! -f /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
echo $'Could not find foundation.css'
exit 347687245
fi
cp /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
function_check nginx_http_redirect
nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $SCUTTLEBOT_DOMAIN_NAME;";
echo ''; } >> $git_ssb_nginx_site
function_check nginx_compress
nginx_compress $SCUTTLEBOT_DOMAIN_NAME
echo '' >> "$git_ssb_nginx_site"
echo ' # Security' >> "$git_ssb_nginx_site"
function_check nginx_ssl
nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
fi
{ echo '';
echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '';
echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '}'; } >> $git_ssb_nginx_site
if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
{ echo '';
echo 'server {';
echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo ' root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
echo '';
echo ' location = / {';
echo " proxy_pass http://localhost:${GIT_SSB_PORT};";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '}'; } >> $git_ssb_nginx_site
fi
if [[ "$1" != "mesh" ]]; then
nginx_ensite git_ssb
fi
}
function mesh_install_dat {
get_npm_arch
cat <<EOF > "$rootdir/usr/bin/install_dat"
#!/bin/bash
npm install --arch=$NPM_ARCH -g dat
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
chroot "$rootdir" /usr/bin/install_dat
rm "$rootdir/usr/bin/install_dat"
}
function install_dat {
npm install -g dat
}
function mesh_install_scuttlebot {
SCUTTLEBOT_ONION_HOSTNAME=
mesh_install_dat
get_npm_arch
cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
#!/bin/bash
npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
npm install --arch=$NPM_ARCH -g git-ssb
npm install --arch=$NPM_ARCH -g git-remote-ssb
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
chroot "$rootdir" /usr/bin/install_scuttlebot
rm "$rootdir/usr/bin/install_scuttlebot"
if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
echo $'Scuttlebot was not installed'
exit 528253
fi
if [ ! -d "$rootdir/etc/scuttlebot" ]; then
mkdir -p "$rootdir/etc/scuttlebot"
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
# daemon
{ echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/usr/local/bin/sbot server';
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
scuttlebot_git_setup mesh
git_ssb_script mesh
}
function install_scuttlebot {
function_check install_nodejs
install_nodejs scuttlebot
npm install -g scuttlebot@${SCUTTLEBOT_VERSION}
if [ ! -f /usr/local/bin/sbot ]; then
exit 528253
fi
install_dat
npm install -g git-ssb
npm install -g git-remote-ssb
if [ ! -d /etc/scuttlebot ]; then
mkdir -p /etc/scuttlebot
fi
npm install -g dat
# an unprivileged user to run as
useradd -d /etc/scuttlebot/ scuttlebot
# daemon
{ echo '[Unit]';
echo 'Description=Scuttlebot (messaging system)';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=scuttlebot';
echo 'Group=scuttlebot';
echo "WorkingDirectory=/etc/scuttlebot";
echo 'ExecStart=/usr/local/bin/sbot server';
echo 'Restart=always';
echo 'Environment="USER=scuttlebot"';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
chown -R scuttlebot:scuttlebot /etc/scuttlebot
# files gw_name myhostname mdns4_minimal [NOTFOUND=return] dns
sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf
# start the daemon
systemctl enable scuttlebot.service
systemctl daemon-reload
systemctl start scuttlebot.service
sleep 3
if [ ! -d /etc/scuttlebot/.ssb ]; then
echo $'Scuttlebot config not generated'
exit 73528
fi
SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
if [[ "$ONION_ONLY" == 'no' ]]; then
{ echo '{';
echo " \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
echo ' "tor-only": false,'; } > /etc/scuttlebot/.ssb/config
else
{ echo '{';
echo " \"host\": \"${SCUTTLEBOT_ONION_HOSTNAME}\",";
echo ' "tor-only": true,'; } > /etc/scuttlebot/.ssb/config
fi
{ echo " \"port\": ${SCUTTLEBOT_PORT},";
echo ' "timeout": 30000,';
echo ' "pub": true,';
echo ' "local": true,';
echo ' "friends": {';
echo ' "dunbar": 150,';
echo ' "hops": 3';
echo ' },';
echo ' "gossip": {';
echo ' "connections": 2';
echo ' },';
echo ' "master": [],';
echo ' "logging": {';
echo ' "level": "error"';
echo ' }';
echo '}'; } >> /etc/scuttlebot/.ssb/config
chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot.service
firewall_add scuttlebot ${SCUTTLEBOT_PORT}
firewall_add git_ssb ${GIT_SSB_PORT}
scuttlebot_git_setup
git_ssb_script
systemctl enable git_ssb.service
systemctl daemon-reload
systemctl start git_ssb.service
function_check create_site_certificate
create_site_certificate ${SCUTTLEBOT_DOMAIN_NAME} 'yes'
systemctl restart nginx
if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
else
sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
fi
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0