From 2e7f9427f8493973efa7912153873a0d3227dba8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 17 May 2018 20:20:52 +0100 Subject: [PATCH 01/22] Bump pleroma commit --- src/freedombone-app-pleroma | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma index 86b72a3b..6b2d3dfd 100755 --- a/src/freedombone-app-pleroma +++ b/src/freedombone-app-pleroma @@ -36,7 +36,7 @@ PLEROMA_CODE= PLEROMA_PORT=4000 PLEROMA_ONION_PORT=8011 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git" -PLEROMA_COMMIT='762f6edc29a7a48e3a663e9bedec58e0036ff363' +PLEROMA_COMMIT='1d4bbec6b3239bb83b500a6a90e6686cb682cfac' PLEROMA_ADMIN_PASSWORD= PLEROMA_DIR=/etc/pleroma PLEROMA_SECRET_KEY="" From 5514550f482dffeb8fef2fae633924677e786b34 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 10:01:38 +0100 Subject: [PATCH 02/22] Switch xmpp to v3 onion addresses --- src/freedombone-app-xmpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 0de55ab2..32e2cb4a 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -644,7 +644,7 @@ function remove_xmpp { function_check remove_onion_service remove_onion_service xmpp 5222 5223 5269 - sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE" + sed -i '/HiddenServiceVersion 3/d' "$ONION_SERVICES_FILE" apt-mark -q unhold prosody apt-get -yq remove --purge prosody @@ -1133,7 +1133,7 @@ function install_xmpp { fi if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/'; - echo 'HiddenServiceVersion 2'; + echo 'HiddenServiceVersion 3'; echo "HiddenServicePort 5222 127.0.0.1:5222"; echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE" echo $'Added onion site for xmpp chat' From 4366396c9c32006aec76e777fa54b32fe6a927fd Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 10:03:30 +0100 Subject: [PATCH 03/22] Don't need extra onion removal on removing xmpp --- src/freedombone-app-xmpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 32e2cb4a..7877f17e 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -644,7 +644,6 @@ function remove_xmpp { function_check remove_onion_service remove_onion_service xmpp 5222 5223 5269 - sed -i '/HiddenServiceVersion 3/d' "$ONION_SERVICES_FILE" apt-mark -q unhold prosody apt-get -yq remove --purge prosody From 7ffa98d7fd4d797f44408b0ed912ce30bb257399 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 22:21:26 +0100 Subject: [PATCH 04/22] smolrss app --- src/freedombone-app-smolrss | 395 ++++++++++++++++++++++++++++++++ src/freedombone-image-customise | 1 + 2 files changed, 396 insertions(+) create mode 100755 src/freedombone-app-smolrss diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss new file mode 100755 index 00000000..648d2b89 --- /dev/null +++ b/src/freedombone-app-smolrss @@ -0,0 +1,395 @@ +#!/bin/bash +# +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| +# +# Freedom in the Cloud +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='full full-vim' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 +SHOW_ICANN_ADDRESS_ON_ABOUT=0 + +SMOLRSS_DOMAIN_NAME= +SMOLRSS_CODE= +SMOLRSS_ONION_PORT=9051 +SMOLRSS_REPO="https://github.com/bashrc/smolrss" +SMOLRSS_COMMIT='afa7135651ef87073e366b8ed183917e245ccc0e' + +smolrss_variables=(ONION_ONLY + SMOLRSS_DOMAIN_NAME + SMOLRSS_CODE + DDNS_PROVIDER + MY_USERNAME) + +function logging_on_smolrss { + echo -n '' +} + +function logging_off_smolrss { + echo -n '' +} + +function remove_user_smolrss { + #remove_username="$1" + echo -n '' +} + +function add_user_smolrss { + #new_username="$1" + #new_user_password="$2" + + echo '0' +} + +function install_interactive_smolrss { + echo -n '' + APP_INSTALLED=1 +} + +function change_password_smolrss { + #curr_username="$1" + #new_user_password="$2" + echo -n '' +} + +function reconfigure_smolrss { + # This is used if you need to switch identity. Dump old keys and generate new ones + echo -n '' +} + +function smolrss_add_feed { + data=$(mktemp 2>/dev/null) + dialog --backtitle $"Smol RSS" \ + --title $"Add an RSS feed" \ + --form "\\n" 8 60 3 \ + $"Title:" 1 1 "" 1 12 40 256 \ + $"Feed URL:" 2 1 "" 2 12 40 10000 \ + 2> "$data" + sel=$? + case $sel in + 1) rm -f "$data" + return;; + 255) rm -f "$data" + return;; + esac + title=$(sed -n 1p < "$data") + url=$(sed -n 2p < "$data") + rm -f "$data" + + if [ ! "$title" ]; then + return + fi + + if [ ! "$url" ]; then + return + fi + + if [[ "$url" == *','* ]]; then + return + fi + if [[ "$url" != *'.'* ]]; then + return + fi + + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return + + if grep -q "${title}," feeds.txt; then + sed -i "s|${title},.*|${title},${url}|g" feeds.txt + else + echo "${title},${url}" >> feeds.txt + fi + + ./create_feeds feeds.txt > feeds.xml + chown www-data:www-data feeds.txt + + dialog --title $"Add an RSS feed" \ + --msgbox $"${title} has been added" 6 70 +} + +function smolrss_remove_feed { + data=$(mktemp 2>/dev/null) + dialog --title $"Remove an RSS feed" \ + --backtitle $"Smol RSS" \ + --inputbox $"Enter the title of the feed to remove" 8 60 2>"$data" + sel=$? + case $sel in + 0) + title=$(<"$data") + if [ "$title" ]; then + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return + if grep -q "${title}," feeds.txt; then + sed -i "/${title},/d" feeds.xml + ./create_feeds feeds.txt > feeds.xml + chown www-data:www-data feeds.txt + dialog --title $"Remove an RSS feed" \ + --msgbox $"${title} has been removed" 6 70 + fi + fi + ;; + esac + rm -f "$data" +} + +function configure_interactive_smolrss { + W=(1 $"Add an RSS feed" + 2 $"Remove an RSS feed" + 3 $'Edit all feeds') + + read_config_param SMOLRSS_DOMAIN_NAME + + while true + do + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + case $selection in + 1) smolrss_add_feed + ;; + 2) smolrss_remove_feed + ;; + 3) editor "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs/feeds.txt" + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break + ./create_feeds feeds.txt > feeds.xml + chown www-data:www-data feeds.txt + ;; + esac + done +} + +function upgrade_smolrss { + CURR_SMOLRSS_COMMIT=$(get_completion_param "smolrss commit") + if [[ "$CURR_SMOLRSS_COMMIT" == "$SMOLRSS_COMMIT" ]]; then + return + fi + + if grep -q "smolrss domain" "$COMPLETION_FILE"; then + SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain") + fi + + # update to the next commit + set_repo_commit "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" "smolrss commit" "$SMOLRSS_COMMIT" "$SMOLRSS_REPO" + chown -R www-data:www-data "/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs" +} + +function backup_local_smolrss { + SMOLRSS_DOMAIN_NAME='smolrss' + if grep -q "smolrss domain" "$COMPLETION_FILE"; then + SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain") + fi + + source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs + + suspend_site "${SMOLRSS_DOMAIN_NAME}" + + dest_directory=smolrss + backup_directory_to_usb "$source_directory" $dest_directory + + restart_site +} + +function restore_local_smolrss { + if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then + return + fi + SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain") + if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then + return + fi + suspend_site "${SMOLRSS_DOMAIN_NAME}" + temp_restore_dir=/root/tempsmolrss + smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs + + restore_directory_from_usb $temp_restore_dir smolrss + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$smolrss_dir" ]; then + cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/ + else + if [ ! -d "$smolrss_dir" ]; then + mkdir "$smolrss_dir" + fi + cp -rp "$temp_restore_dir"/* "$smolrss_dir"/ + fi + chown -R www-data:www-data "$smolrss_dir" + rm -rf $temp_restore_dir + fi + restart_site +} + +function backup_remote_smolrss { + SMOLRSS_DOMAIN_NAME='smolrss' + if grep -q "smolrss domain" "$COMPLETION_FILE"; then + SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain") + fi + + source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs + + suspend_site "${SMOLRSS_DOMAIN_NAME}" + + dest_directory=smolrss + backup_directory_to_friend "$source_directory" $dest_directory + + restart_site +} + +function restore_remote_smolrss { + if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then + return + fi + SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain") + if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then + return + fi + suspend_site "${SMOLRSS_DOMAIN_NAME}" + temp_restore_dir=/root/tempsmolrss + smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs + + restore_directory_from_friend $temp_restore_dir smolrss + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$smolrss_dir" ]; then + cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/ + else + if [ ! -d "$smolrss_dir" ]; then + mkdir "$smolrss_dir" + fi + cp -rp $temp_restore_dir/* "$smolrss_dir"/ + fi + chown -R www-data:www-data "$smolrss_dir" + rm -rf $temp_restore_dir + fi + restart_site +} + +function remove_smolrss { + nginx_dissite "$SMOLRSS_DOMAIN_NAME" + remove_certs "$SMOLRSS_DOMAIN_NAME" + + + if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME" ]; then + rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME" + fi + if [ -f "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME" + fi + remove_onion_service smolrss "${SMOLRSS_ONION_PORT}" + if grep -q "smolrss" /etc/crontab; then + sed -i "/smolrss/d" /etc/crontab + fi + remove_app smolrss + remove_completion_param install_smolrss + sed -i '/smolrss/d' "$COMPLETION_FILE" + + remove_ddns_domain "$SMOLRSS_DOMAIN_NAME" +} + +function install_smolrss { + apt-get -yq install php-gettext php-curl php-gd php-mysql git curl + apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl + + if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then + echo $'No domain name was given' + exit 3568356 + fi + + if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then + rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + fi + if [ -d /repos/smolrss ]; then + mkdir "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + cp -r -p /repos/smolrss/. "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 324687356 + git pull + else + git_clone "$SMOLRSS_REPO" "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + fi + + if [ ! -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then + echo $'Unable to clone smolrss repo' + exit 87525 + fi + + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 36587356 + git checkout "$SMOLRSS_COMMIT" -b "$SMOLRSS_COMMIT" + set_completion_param "smolrss commit" "$SMOLRSS_COMMIT" + + cp feeds.example.txt feeds.txt + ./create_feeds feeds.txt > feeds.xml + + chmod g+w "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" + + add_ddns_domain "$SMOLRSS_DOMAIN_NAME" + + SMOLRSS_ONION_HOSTNAME=$(add_onion_service smolrss 80 "${SMOLRSS_ONION_PORT}") + + smolrss_nginx_site=/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME + echo -n '' > "$smolrss_nginx_site" + { echo 'server {'; + echo " listen 127.0.0.1:$SMOLRSS_ONION_PORT default_server;"; + echo " server_name $SMOLRSS_ONION_HOSTNAME;"; + echo ''; } >> "$smolrss_nginx_site" + nginx_compress "$SMOLRSS_DOMAIN_NAME" + echo '' >> "$smolrss_nginx_site" + nginx_security_options "$SMOLRSS_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$SMOLRSS_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.php;'; + echo ' location ~ \.php {'; + echo ' include snippets/fastcgi-php.conf;'; + echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; + echo ' fastcgi_read_timeout 30;'; + echo ' fastcgi_param HTTPS off;'; + echo ' }'; + echo ''; + echo ' # Location'; + echo ' location / {'; } >> "$smolrss_nginx_site" + nginx_limits "$SMOLRSS_DOMAIN_NAME" '15m' + { echo " try_files \$uri \$uri/ index.php?\$args;"; + echo ' }'; + echo '}'; } >> "$smolrss_nginx_site" + + configure_php + + create_site_certificate "$SMOLRSS_DOMAIN_NAME" 'yes' + + nginx_ensite "$SMOLRSS_DOMAIN_NAME" + + systemctl restart php7.0-fpm + + systemctl restart nginx + + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a smolrss -p "$SMOLRSS_ADMIN_PASSWORD" + set_completion_param "smolrss domain" "$SMOLRSS_DOMAIN_NAME" + + APP_INSTALLED=1 +} + +# NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 56fe1fc7..9af78d53 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -1993,6 +1993,7 @@ image_preinstall_repos() { git clone "$PRIVATEBIN_REPO" "$rootdir/repos/privatebin" git clone "$EDITH_REPO" "$rootdir/repos/edith" git clone "$BDSMAIL_REPO" "$rootdir/repos/bdsmail" + git clone "$SMOLRSS_REPO" "$rootdir/repos/smolrss" #git clone "$WEKAN_REPO" "$rootdir/repos/wekan" #git clone "$FLOW_ROUTER_REPO" "$rootdir/repos/flowrouter" #git clone "$ZERONET_REPO" "$rootdir/repos/zeronet" From 9e5b32d42ca317078765cbfe10f57506929ca80d Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 22:25:01 +0100 Subject: [PATCH 05/22] Change onion port --- src/freedombone-app-smolrss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index 648d2b89..c516fde1 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -33,7 +33,7 @@ SHOW_ICANN_ADDRESS_ON_ABOUT=0 SMOLRSS_DOMAIN_NAME= SMOLRSS_CODE= -SMOLRSS_ONION_PORT=9051 +SMOLRSS_ONION_PORT=8751 SMOLRSS_REPO="https://github.com/bashrc/smolrss" SMOLRSS_COMMIT='afa7135651ef87073e366b8ed183917e245ccc0e' From ef52dc23b7ffc331fbaf3b06da836f36abe59069 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 22:27:36 +0100 Subject: [PATCH 06/22] Set domain name --- src/freedombone-app-smolrss | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index c516fde1..1256fd77 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -310,10 +310,7 @@ function install_smolrss { apt-get -yq install php-gettext php-curl php-gd php-mysql git curl apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl - if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then - echo $'No domain name was given' - exit 3568356 - fi + SMOLRSS_DOMAIN_NAME='smolrss.local' if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" From 61f1ed2e1ef335c9519739b242315d9eac993b44 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 22:33:02 +0100 Subject: [PATCH 07/22] Regenerate feeds after upgrades --- src/freedombone-app-smolrss | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index 1256fd77..3e3dc466 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -193,6 +193,10 @@ function upgrade_smolrss { # update to the next commit set_repo_commit "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" "smolrss commit" "$SMOLRSS_COMMIT" "$SMOLRSS_REPO" + + cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return + ./create_feeds feeds.txt > feeds.xml + chown -R www-data:www-data "/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs" } From a7d7c5240dc602fe69493475d7d8844b4c48ae45 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 22:35:52 +0100 Subject: [PATCH 08/22] Reduce dialog height --- src/freedombone-app-smolrss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index 3e3dc466..ceabbb77 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -162,7 +162,7 @@ function configure_interactive_smolrss { while true do # shellcheck disable=SC2068 - selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3) + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 12 70 3 "${W[@]}" 3>&2 2>&1 1>&3) if [ ! "$selection" ]; then break From 73dd18371fbcea01507a9733382fec415637f0aa Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 23:02:48 +0100 Subject: [PATCH 09/22] Documentation for smolrss --- doc/EN/app_smolrss.org | 29 +++ doc/EN/apps.org | 10 +- website/EN/app_smolrss.html | 219 ++++++++++++++++++ website/EN/apps.html | 433 +++++++++++++++--------------------- 4 files changed, 432 insertions(+), 259 deletions(-) create mode 100644 doc/EN/app_smolrss.org create mode 100644 website/EN/app_smolrss.html diff --git a/doc/EN/app_smolrss.org b/doc/EN/app_smolrss.org new file mode 100644 index 00000000..573b2f8e --- /dev/null +++ b/doc/EN/app_smolrss.org @@ -0,0 +1,29 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, smolrss, rss +#+DESCRIPTION: How to use Smol RSS +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+attr_html: :width 80% :height 10% :align center +[[file:images/logo.png]] + +* Smol RSS +This is an extremely simple RSS reader which is available only from an onion address, so that you have /the right to read/. There is very little code and so not much attack surface, and it will scale to screens of any size. This should be a better reading experience on mobile than with [[./app_ttrss.html][tt-rss]]. + +A disadvantage is that you can only add or remove feeds via the Freedombone administrator control panel, so this isn't suitable for multi-user environments. But once you have your feeds set up it's trivial to use, and unless you publish the onion address confidentiality should be maintained. + +* Installation + +ssh into the system with: + +#+BEGIN_SRC bash +ssh myusername@mydomain.com -p 2222 +#+END_SRC + +Select *Administrator controls* then *Add/Remove Apps* then *smolrss*. + +After installation within *Administrator controls* go to *App settings* then *smolrss*. You can then add some feeds or edit the existing feed list. There are a few default feeds as an example. + +Within *Administrator controls* go to *About this system* and select *smolrss*. You will then have the onion address. Navigate to your reader in a Tor compatible browser, select a feed from the list and begin reading. That's all there is to it. diff --git a/doc/EN/apps.org b/doc/EN/apps.org index 66306e2f..d38e1e93 100644 --- a/doc/EN/apps.org +++ b/doc/EN/apps.org @@ -163,14 +163,18 @@ A non-federated chat server (x86 systems only). A metasearch engine for customised and private web searches. [[./app_searx.html][How to use it]] -* tt-rss -Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox. +* Smol RSS +A very minimal RSS reader. -[[./app_rss.html][How to use it]] +[[./app_smolrss.html][How to use it]] * Syncthing Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed. [[./app_syncthing.html][How to use it]] +* tt-rss +Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox. + +[[./app_rss.html][How to use it]] * Tahoe-LAFS Robust and encrypted storage of files on one or more server. diff --git a/website/EN/app_smolrss.html b/website/EN/app_smolrss.html new file mode 100644 index 00000000..289bafee --- /dev/null +++ b/website/EN/app_smolrss.html @@ -0,0 +1,219 @@ + + + + + + + + + + + + + + + + +
+ +
+
+

+ +
+

logo.png +

+
+ +
+

Smol RSS

+
+

+This is an extremely simple RSS reader which is available only from an onion address, so that you have the right to read. There is very little code and so not much attack surface, and it will scale to screens of any size. This should be a better reading experience on mobile than with tt-rss. +

+ +

+A disadvantage is that you can only add or remove feeds via the Freedombone administrator control panel, so this isn't suitable for multi-user environments. But once you have your feeds set up it's trivial to use, and unless you publish the onion address confidentiality should be maintained. +

+
+
+ +
+

Installation

+
+

+ssh into the system with: +

+ +
+ +
ssh myusername@mydomain.com -p 2222
+
+
+ +

+Select Administrator controls then Add/Remove Apps then smolrss. +

+ +

+After installation within Administrator controls go to App settings then smolrss. You can then add some feeds or edit the existing feed list. There are a few default feeds as an example. +

+ +

+Within Administrator controls go to About this system and select smolrss. You will then have the onion address. Navigate to your reader in a Tor compatible browser, select a feed from the list and begin reading. That's all there is to it. +

+
+
+
+
+ + + +
+Back to top | E-mail me +
+
+ + diff --git a/website/EN/apps.html b/website/EN/apps.html index 96da0862..3603d2ac 100644 --- a/website/EN/apps.html +++ b/website/EN/apps.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,6 +144,7 @@ for the JavaScript code in this tag.
+

logo.png @@ -258,9 +167,9 @@ The base install of the system just contains an email server and Mutt client, bu

-
-

Akaunting

-
+
+

Akaunting

+

A web based accounts system for small businesses or freelancers.

@@ -270,9 +179,9 @@ A web based accounts system for small businesses or freelancers.

-
-

BDS Mail

-
+
+

BDS Mail

+

It's like ordinary email, but with i2p as the transport mechanism.

@@ -282,9 +191,9 @@ It's like ordinary email, but with i

-
-

Bludit

-
+
+

Bludit

+

This is a simple databaseless blogging system which uses markdown files. It should run well on any hardware.

@@ -294,9 +203,9 @@ This is a simple databaseless blogging system which uses markdown files. It shou

-
-

CryptPad

-
+
+

CryptPad

+

Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.

@@ -306,9 +215,9 @@ Collaborate on editing documents, presentations and source code, or vote on thin

-
-

DLNA

-
+
+

DLNA

+

Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.

@@ -318,9 +227,9 @@ Enables you to use the system as a music server which any DLNA compatible device

-
-

Dokuwiki

-
+
+

Dokuwiki

+

A databaseless wiki system.

@@ -330,9 +239,9 @@ A databaseless wiki system.

-
-

Edith

-
+
+

Edith

+

Extremely simple and distraction-free notes system.

@@ -342,9 +251,9 @@ Extremely simple and distraction-free notes system.

-
-

Emacs

-
+
+

Emacs

+

If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.

@@ -354,17 +263,17 @@ If you use the Mutt client to read your email then this will set it up to use em

-
-

Email Server

-
+
+

Email Server

+

Since many apps require email registration an email server is installed by default. You can find advice on using the email system here.

-
-

Etherpad

-
+
+

Etherpad

+

Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.

@@ -374,9 +283,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday

-
-

Federated wiki

-
+
+

Federated wiki

+

A new approach to creating wiki content.

@@ -386,9 +295,9 @@ A new approach to creating wiki content.

-
-

Friendica

-
+
+

Friendica

+

Federated social network system.

@@ -398,9 +307,9 @@ Federated social network system.

-
-

GNU Social

-
+
+

GNU Social

+

Federated social network based on the OStatus protocol. You can "remote follow" other users within the GNU Social federation.

@@ -410,9 +319,9 @@ Federated social network based on the OStatus protocol. You can "remote follo

-
-

Gogs

-
+
+

Gogs

+

Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar fork-and-pull workflow. If you can use Github then you can also use Gogs.

@@ -422,9 +331,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or

-
-

HTMLy

-
+
+

HTMLy

+

Databaseless blogging system. Quite simple and with a markdown-like format.

@@ -434,9 +343,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.

-
-

Hubzilla

-
+
+

Hubzilla

+

Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.

@@ -446,9 +355,9 @@ Web publishing platform with social network like features and good privacy contr

-
-

Icecast media stream

-
+
+

Icecast media stream

+

Make your own internet radio station.

@@ -458,9 +367,9 @@ Make your own internet radio station.

-
-

IRC Server (ngirc)

-
+
+

IRC Server (ngirc)

+

Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.

@@ -470,18 +379,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl

-
-

Jitsi Meet

-
+
+

Jitsi Meet

+

Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.

-
-

KanBoard

-
+
+

KanBoard

+

A simple kanban system for managing projects or TODO lists.

@@ -491,9 +400,9 @@ A simple kanban system for managing projects or TODO lists.

-
-

Key Server

-
+
+

Key Server

+

An OpenPGP key server for storing and retrieving GPG public keys.

@@ -503,9 +412,9 @@ An OpenPGP key server for storing and retrieving GPG public keys.

-
-

Koel

-
+
+

Koel

+

Access your music collection from any internet connected device.

@@ -515,9 +424,9 @@ Access your music collection from any internet connected device.

-
-

Lychee

-
+
+

Lychee

+

Make your photo albums available on the web.

@@ -527,9 +436,9 @@ Make your photo albums available on the web.

-
-

Mailpile

-
+
+

Mailpile

+

Modern email client which supports GPG encryption.

@@ -539,9 +448,9 @@ Modern email client which supports GPG encryption.

-
-

Matrix

-
+
+

Matrix

+

Multi-user chat with some security and moderation controls.

@@ -551,9 +460,9 @@ Multi-user chat with some security and moderation controls.

-
-

Mediagoblin

-
+
+

Mediagoblin

+

Publicly host video and audio files so that you don't need to use YouTube/Vimeo/etc.

@@ -563,9 +472,9 @@ Publicly host video and audio files so that you don't need to use YouTube/Vimeo/

-
-

Mumble

-
+
+

Mumble

+

The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.

@@ -575,9 +484,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co

-
-

NextCloud

-
+
+

NextCloud

+

Store files on your server and sync them with laptops or mobile devices. Includes many plugins including videoconferencing and collaborative document editing.

@@ -587,9 +496,9 @@ Store files on your server and sync them with laptops or mobile devices. Include

-
-

PeerTube

-
+
+

PeerTube

+

Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better enables the streaming load to be shared across servers.

@@ -599,9 +508,9 @@ Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better en

-
-

PI-Hole

-
+
+

PI-Hole

+

The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.

@@ -611,9 +520,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo

-
-

Pleroma

-
+
+

Pleroma

+

Fediverse instance which is compatible with GNU Social and Mastodon, and suited for systems without much RAM or CPU resource.

@@ -623,9 +532,9 @@ Fediverse instance which is compatible with GNU Social and Mastodon, and suited

-
-

PostActiv

-
+
+

PostActiv

+

An alternative federated social networking system compatible with GNU Social, Pleroma and Mastodon. It includes some optimisations and fixes currently not available within the main GNU Social project.

@@ -635,9 +544,9 @@ An alternative federated social networking system compatible with GNU Social, Pl

-
-

PrivateBin

-
+
+

PrivateBin

+

A pastebin where the server has zero knowledge of the content being pasted.

@@ -647,9 +556,9 @@ A pastebin where the server has zero knowledge of the content being pasted.

-
-

Profanity

-
+
+

Profanity

+

A shell based XMPP client which you can run on the Freedombone server via ssh.

@@ -659,9 +568,9 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.

-
-

Riot Web

-
+
+

Riot Web

+

A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.

@@ -671,9 +580,9 @@ A browser based user interface for the Matrix federated communications system, i

-
-

Rocketchat

-
+
+

Rocketchat

+

A non-federated chat server (x86 systems only).

@@ -683,9 +592,9 @@ A non-federated chat server (x86 systems only).

-
-

SearX

-
+
+

SearX

+

A metasearch engine for customised and private web searches.

@@ -695,21 +604,21 @@ A metasearch engine for customised and private web searches.

-
-

tt-rss

-
+
+

Smol RSS

+

-Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox. +A very minimal RSS reader.

-How to use it +How to use it

-
-

Syncthing

-
+
+

Syncthing

+

Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.

@@ -719,9 +628,21 @@ Possibly the best way to synchronise files across all of your devices. Once it h

-
-

Tahoe-LAFS

-
+
+

tt-rss

+
+

+Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox. +

+ +

+How to use it +

+
+
+
+

Tahoe-LAFS

+

Robust and encrypted storage of files on one or more server.

@@ -731,9 +652,9 @@ Robust and encrypted storage of files on one or more server.

-
-

Tox

-
+
+

Tox

+

Client and bootstrap node for the Tox chat/VoIP system.

@@ -743,9 +664,9 @@ Client and bootstrap node for the Tox chat/VoIP system.

-
-

Turtl

-
+
+

Turtl

+

A system for privately creating and sharing notes and images, similar to Evernote but without the spying.

@@ -755,18 +676,18 @@ A system for privately creating and sharing notes and images, similar to Evernot

-
-

Vim

-
+
+

Vim

+

If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.

-
-

Virtual Private Network (VPN)

-
+
+

Virtual Private Network (VPN)

+

Set up a VPN on your server so that you can bypass local internet censorship.

@@ -776,9 +697,9 @@ Set up a VPN on your server so that you can bypass local internet censorship.

-
-

XMPP

-
+
+

XMPP

+

Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as client state notification to save battery power on your mobile devices, support for seamless roaming between networks and message carbons so that you can receive the same messages while being simultaneously logged in to your account on more than one device.

From e45adfc5208c233a45cdf5e2d8be3bedd5483f2a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 19 May 2018 23:13:05 +0100 Subject: [PATCH 10/22] Mention noscript --- doc/EN/app_smolrss.org | 2 +- website/EN/app_smolrss.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/EN/app_smolrss.org b/doc/EN/app_smolrss.org index 573b2f8e..ad775374 100644 --- a/doc/EN/app_smolrss.org +++ b/doc/EN/app_smolrss.org @@ -26,4 +26,4 @@ Select *Administrator controls* then *Add/Remove Apps* then *smolrss*. After installation within *Administrator controls* go to *App settings* then *smolrss*. You can then add some feeds or edit the existing feed list. There are a few default feeds as an example. -Within *Administrator controls* go to *About this system* and select *smolrss*. You will then have the onion address. Navigate to your reader in a Tor compatible browser, select a feed from the list and begin reading. That's all there is to it. +Within *Administrator controls* go to *About this system* and select *smolrss*. You will then have the onion address. Navigate to your reader in a Tor compatible browser. You may need to allow the site within NoScript. Then select a feed from the list and begin reading. That's all there is to it. diff --git a/website/EN/app_smolrss.html b/website/EN/app_smolrss.html index 289bafee..d3565de2 100644 --- a/website/EN/app_smolrss.html +++ b/website/EN/app_smolrss.html @@ -4,7 +4,7 @@ - + @@ -186,7 +186,7 @@ After installation within Administrator controls go to App settings

-Within Administrator controls go to About this system and select smolrss. You will then have the onion address. Navigate to your reader in a Tor compatible browser, select a feed from the list and begin reading. That's all there is to it. +Within Administrator controls go to About this system and select smolrss. You will then have the onion address. Navigate to your reader in a Tor compatible browser. You may need to allow the site within NoScript. Then select a feed from the list and begin reading. That's all there is to it.

From b066aef973402e8f339cc2e0eb779cb2f0e413c9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 20 May 2018 10:46:23 +0100 Subject: [PATCH 11/22] No need to create certificate for smolrss --- src/freedombone-app-smolrss | 2 -- src/freedombone-template | 6 ++++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index ceabbb77..17079653 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -379,8 +379,6 @@ function install_smolrss { configure_php - create_site_certificate "$SMOLRSS_DOMAIN_NAME" 'yes' - nginx_ensite "$SMOLRSS_DOMAIN_NAME" systemctl restart php7.0-fpm diff --git a/src/freedombone-template b/src/freedombone-template index 00946298..ba45ebbf 100755 --- a/src/freedombone-template +++ b/src/freedombone-template @@ -1002,8 +1002,10 @@ if [ $app_daemon ]; then echo " systemctl start ${app_name}" fi if [ $app_webui ]; then - echo '' - echo " create_site_certificate \"\$${app_name_upper}_DOMAIN_NAME\" 'yes'" + if [ ! $app_onion_only ]; then + echo '' + echo " create_site_certificate \"\$${app_name_upper}_DOMAIN_NAME\" 'yes'" + fi echo '' echo " nginx_ensite \"\$${app_name_upper}_DOMAIN_NAME\"" fi From 73f269bca7fb5b89937a0aa15d12e4fdbd1f777b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 20 May 2018 13:17:25 +0100 Subject: [PATCH 12/22] Bump smolrss commit --- src/freedombone-app-smolrss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index 17079653..b09f5685 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -35,7 +35,7 @@ SMOLRSS_DOMAIN_NAME= SMOLRSS_CODE= SMOLRSS_ONION_PORT=8751 SMOLRSS_REPO="https://github.com/bashrc/smolrss" -SMOLRSS_COMMIT='afa7135651ef87073e366b8ed183917e245ccc0e' +SMOLRSS_COMMIT='f6478243e43c53fe40116eabf7118b0cd2d28f1a' smolrss_variables=(ONION_ONLY SMOLRSS_DOMAIN_NAME From 708e0b45ea79c78b4743eef7fba37061dfe0983b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 20 May 2018 13:21:18 +0100 Subject: [PATCH 13/22] Options to switch smolrss themes --- src/freedombone-app-smolrss | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index b09f5685..b5fd0379 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -155,14 +155,17 @@ function smolrss_remove_feed { function configure_interactive_smolrss { W=(1 $"Add an RSS feed" 2 $"Remove an RSS feed" - 3 $'Edit all feeds') + 3 $'Edit all feeds' + 4 $'Light theme' + 5 $'Dark theme') read_config_param SMOLRSS_DOMAIN_NAME while true do + # shellcheck disable=SC2068 - selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 12 70 3 "${W[@]}" 3>&2 2>&1 1>&3) + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 14 70 5 "${W[@]}" 3>&2 2>&1 1>&3) if [ ! "$selection" ]; then break @@ -177,6 +180,18 @@ function configure_interactive_smolrss { ./create_feeds feeds.txt > feeds.xml chown www-data:www-data feeds.txt ;; + 4) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break + cp style.light.css style.css + chown www-data:www-data style.css + dialog --title $"Smol RSS theme" \ + --msgbox $"Switched theme to light" 6 50 + ;; + 5) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break + cp style.dark.css style.css + chown www-data:www-data style.css + dialog --title $"Smol RSS theme" \ + --msgbox $"Switched theme to dark" 6 50 + ;; esac done } From e03d056d8af00b120679d2473f0c63a3dfce9193 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 13:45:54 +0100 Subject: [PATCH 14/22] Beginning of hackmd --- src/freedombone-app-hackmd | 484 +++++++++++++++++++++++++++++++++++++ 1 file changed, 484 insertions(+) create mode 100755 src/freedombone-app-hackmd diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd new file mode 100755 index 00000000..c2a50e91 --- /dev/null +++ b/src/freedombone-app-hackmd @@ -0,0 +1,484 @@ +#!/bin/bash +# +# _____ _ _ +# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ +# | __| _| -_| -_| . | . | | . | . | | -_| +# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| +# +# Freedom in the Cloud +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='full full-vim' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 + +HACKMD_DOMAIN_NAME= +HACKMD_CODE= +HACKMD_ONION_PORT=9052 +HACKMD_REPO="https://github.com/hackmdio/hackmd" +HACKMD_COMMIT='c71361467d6eee6519b050fb5c40fc32520a19a8' +HACKMD_PORT_INTERNAL=TODO + +hackmd_variables=(ONION_ONLY + HACKMD_DOMAIN_NAME + HACKMD_CODE + DDNS_PROVIDER + MY_USERNAME) + +function logging_on_hackmd { + echo -n '' +} + +function logging_off_hackmd { + echo -n '' +} + +function remove_user_hackmd { + remove_username="$1" + + "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hackmd +} + +function add_user_hackmd { + new_username="$1" + new_user_password="$2" + + "${PROJECT_NAME}-pass" -u "$new_username" -a hackmd -p "$new_user_password" + echo '0' +} + +function install_interactive_hackmd { + if [ ! "$ONION_ONLY" ]; then + ONION_ONLY='no' + fi + + if [[ "$ONION_ONLY" != "no" ]]; then + HACKMD_DOMAIN_NAME='hackmd.local' + write_config_param "HACKMD_DOMAIN_NAME" "$HACKMD_DOMAIN_NAME" + else + interactive_site_details "hackmd" "HACKMD_DOMAIN_NAME" "HACKMD_CODE" + fi + APP_INSTALLED=1 +} + +function change_password_hackmd { + curr_username="$1" + new_user_password="$2" + + read_config_param 'HACKMD_DOMAIN_NAME' + + "${PROJECT_NAME}-pass" -u "$curr_username" -a hackmd -p "$new_user_password" +} + +function hackmd_create_database { + if [ -f $IMAGE_PASSWORD_FILE ]; then + HACKMD_ADMIN_PASSWORD="$(printf "%d" "$(cat "")")" + else + if [ ! $HACKMD_ADMIN_PASSWORD ]; then + HACKMD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + if [ ! $HACKMD_ADMIN_PASSWORD ]; then + return + fi + + create_database hackmd "$HACKMD_ADMIN_PASSWORD" $MY_USERNAME +} + +function reconfigure_hackmd { + # This is used if you need to switch identity. Dump old keys and generate new ones + echo -n '' +} + +function configure_interactive_hackmd { + W=(1 $"Option 1" + 2 $"Option 2") + + while true + do + # shellcheck disable=SC2068 + selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"hackmd" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3) + + if [ ! "$selection" ]; then + break + fi + case $selection in + 1) # call some function for option 1 + ;; + 2) # call some function for option 2 + ;; + esac + done +} + +function upgrade_hackmd { + CURR_HACKMD_COMMIT=$(get_completion_param "hackmd commit") + if [[ "$CURR_HACKMD_COMMIT" == "$HACKMD_COMMIT" ]]; then + return + fi + + if grep -q "hackmd domain" "$COMPLETION_FILE"; then + HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") + fi + + # update to the next commit + set_repo_commit "/etc/hackmd" "hackmd commit" "$HACKMD_COMMIT" "$HACKMD_REPO" + chown -R hackmd:hackmd "/etc/hackmd" + systemctl restart hackmd +} + +function backup_local_hackmd { + HACKMD_DOMAIN_NAME='hackmd' + if grep -q "hackmd domain" "$COMPLETION_FILE"; then + HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") + fi + + source_directory=/etc/hackmd + + suspend_site "${HACKMD_DOMAIN_NAME}" + + systemctl stop hackmd + + dest_directory=hackmd + backup_directory_to_usb "$source_directory" $dest_directory + + backup_database_to_usb hackmd + + restart_site + systemctl start hackmd +} + +function restore_local_hackmd { + if ! grep -q "hackmd domain" "$COMPLETION_FILE"; then + return + fi + HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") + if [ ! "$HACKMD_DOMAIN_NAME" ]; then + return + fi + suspend_site "${HACKMD_DOMAIN_NAME}" + systemctl stop hackmd + + temp_restore_dir=/root/temphackmd + hackmd_dir=/etc/hackmd + + hackmd_create_database + + restore_database hackmd + if [ -d $temp_restore_dir ]; then + rm -rf $temp_restore_dir + fi + + restore_directory_from_usb $temp_restore_dir hackmd + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$hackmd_dir" ]; then + cp -rp "$temp_restore_dir$hackmd_dir"/* "$hackmd_dir"/ + else + if [ ! -d "$hackmd_dir" ]; then + mkdir "$hackmd_dir" + fi + cp -rp "$temp_restore_dir"/* "$hackmd_dir"/ + fi + chown -R hackmd:hackmd "$hackmd_dir" + rm -rf $temp_restore_dir + fi + systemctl start hackmd + + restart_site +} + +function backup_remote_hackmd { + HACKMD_DOMAIN_NAME='hackmd' + if grep -q "hackmd domain" "$COMPLETION_FILE"; then + HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") + fi + + source_directory=/etc/hackmd + + suspend_site "${HACKMD_DOMAIN_NAME}" + systemctl stop hackmd + + dest_directory=hackmd + backup_directory_to_friend "$source_directory" $dest_directory + backup_database_to_friend hackmd + + + systemctl start hackmd + + restart_site +} + +function restore_remote_hackmd { + if ! grep -q "hackmd domain" "$COMPLETION_FILE"; then + return + fi + HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") + if [ ! "$HACKMD_DOMAIN_NAME" ]; then + return + fi + suspend_site "${HACKMD_DOMAIN_NAME}" + systemctl stop hackmd + + temp_restore_dir=/root/temphackmd + hackmd_dir=/etc/hackmd + + hackmd_create_database + + restore_database_from_friend hackmd + if [ -d "$temp_restore_dir" ]; then + rm -rf $temp_restore_dir + fi + + restore_directory_from_friend $temp_restore_dir hackmd + if [ -d $temp_restore_dir ]; then + if [ -d "$temp_restore_dir$hackmd_dir" ]; then + cp -rp "$temp_restore_dir$hackmd_dir"/* "$hackmd_dir"/ + else + if [ ! -d "$hackmd_dir" ]; then + mkdir "$hackmd_dir" + fi + cp -rp $temp_restore_dir/* "$hackmd_dir"/ + fi + chown -R hackmd:hackmd "$hackmd_dir" + rm -rf $temp_restore_dir + fi + systemctl start hackmd + + restart_site +} + +function remove_hackmd { + nginx_dissite "$HACKMD_DOMAIN_NAME" + remove_certs "$HACKMD_DOMAIN_NAME" + + if [ -f /etc/systemd/system/hackmd.service ]; then + systemctl stop hackmd + systemctl disable hackmd + rm /etc/systemd/system/hackmd.service + fi + userdel -r hackmd + remove_nodejs hackmd + + + if [ -d "/var/www/$HACKMD_DOMAIN_NAME" ]; then + rm -rf "/var/www/$HACKMD_DOMAIN_NAME" + fi + if [ -f "/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME" ]; then + rm "/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME" + fi + drop_database hackmd + remove_onion_service hackmd "${HACKMD_ONION_PORT}" + if grep -q "hackmd" /etc/crontab; then + sed -i "/hackmd/d" /etc/crontab + fi + remove_app hackmd + remove_completion_param install_hackmd + sed -i '/hackmd/d' "$COMPLETION_FILE" + + remove_ddns_domain "$HACKMD_DOMAIN_NAME" +} + +function hackmd_create_config { + { echo '{'; + echo ' "production": {'; + echo ' "domain": "localhost",'; + echo ' "hsts": {'; + echo ' "enable": true,'; + echo ' "maxAgeSeconds": "31536000",'; + echo ' "includeSubdomains": true,'; + echo ' "preload": true'; + echo ' },'; + echo ' "csp": {'; + echo ' "enable": true,'; + echo ' "directives": {'; + echo ' },'; + echo ' "upgradeInsecureRequests": "auto",'; + echo ' "addDefaults": true,'; + echo ' "addDisqus": true,'; + echo ' "addGoogleAnalytics": true'; + echo ' },'; + echo ' "db": {'; + echo " \"username\": \"root\","; + echo " \"password\": \"$MARIADB_PASSWORD\","; + echo ' "database": "hackmd",'; + echo ' "host": "localhost",'; + echo ' "port": "5432",'; + echo ' "dialect": "mysql"'; + echo ' },'; + echo ' "github": {'; + echo ' "clientID": "change this",'; + echo ' "clientSecret": "change this"'; + echo ' },'; + echo ' "gitlab": {'; + echo ' "baseURL": "change this",'; + echo ' "clientID": "change this",'; + echo ' "clientSecret": "change this",'; + echo ' "scope": "use read_user scope for auth user only or remove this property if you need gitlab snippet import/export support (will result to be default scope api)"'; + echo ' }'; + echo ' }'; + echo '}'; } > config.json +} + +function install_hackmd { + install_mariadb + + get_mariadb_password + + install_nodejs hackmd + if [ ! "$HACKMD_DOMAIN_NAME" ]; then + echo $'No domain name was given' + exit 3568356 + fi + + if [ -d "/var/www/$HACKMD_DOMAIN_NAME/htdocs" ]; then + rm -rf "/var/www/$HACKMD_DOMAIN_NAME/htdocs" + fi + if [ -d /repos/hackmd ]; then + mkdir "/var/www/$HACKMD_DOMAIN_NAME/htdocs" + cp -r -p /repos/hackmd/. "/etc/hackmd" + cd "/etc/hackmd" || exit 36487365 + git pull + else + git_clone "$HACKMD_REPO" "/etc/hackmd" + fi + + if [ ! -d "/etc/hackmd" ]; then + echo $'Unable to clone hackmd repo' + exit 87525 + fi + + cd "/etc/hackmd" || exit 3463754637 + git checkout "$HACKMD_COMMIT" -b "$HACKMD_COMMIT" + set_completion_param "hackmd commit" "$HACKMD_COMMIT" + + if [ ! -f bin/setup ]; then + echo $'No setup file found' + exit 36587356 + fi + chmod +x bin/setup + ./bin/setup + hackmd_create_config + npm run build + + chmod g+w "/var/www/$HACKMD_DOMAIN_NAME/htdocs" + chown -R www-data:www-data "/var/www/$HACKMD_DOMAIN_NAME/htdocs" + + hackmd_create_database + + add_ddns_domain "$HACKMD_DOMAIN_NAME" + + HACKMD_ONION_HOSTNAME=$(add_onion_service hackmd 80 "${HACKMD_ONION_PORT}") + + hackmd_nginx_site=/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME + if [[ "$ONION_ONLY" == "no" ]]; then + nginx_http_redirect "$HACKMD_DOMAIN_NAME" "index index.html" + { echo 'server {'; + echo ' listen 443 ssl;'; + echo ' #listen [::]:443 ssl;'; + echo " server_name $HACKMD_DOMAIN_NAME;"; + echo ''; } >> "$hackmd_nginx_site" + nginx_compress "$HACKMD_DOMAIN_NAME" + echo '' >> "$hackmd_nginx_site" + echo ' # Security' >> "$hackmd_nginx_site" + nginx_ssl "$HACKMD_DOMAIN_NAME" + + nginx_security_options "$HACKMD_DOMAIN_NAME" + + { echo ' add_header Strict-Transport-Security max-age=15768000;'; + echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$HACKMD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.html;'; + echo ' # Location'; + echo ' location / {'; } >> "$hackmd_nginx_site" + nginx_limits "$HACKMD_DOMAIN_NAME" '15m' + { echo " proxy_pass http://localhost:$HACKMD_PORT_INTERNAL;"; + echo ' }'; + echo '}'; } >> "$hackmd_nginx_site" + else + echo -n '' > "$hackmd_nginx_site" + fi + { echo 'server {'; + echo " listen 127.0.0.1:$HACKMD_ONION_PORT default_server;"; + echo " server_name $HACKMD_ONION_HOSTNAME;"; + echo ''; } >> "$hackmd_nginx_site" + nginx_compress "$HACKMD_DOMAIN_NAME" + echo '' >> "$hackmd_nginx_site" + nginx_security_options "$HACKMD_DOMAIN_NAME" + { echo ''; + echo ' access_log /dev/null;'; + echo ' error_log /dev/null;'; + echo ''; + echo " root /var/www/$HACKMD_DOMAIN_NAME/htdocs;"; + echo ''; + echo ' index index.html;'; + echo ' # Location'; + echo ' location / {'; } >> "$hackmd_nginx_site" + nginx_limits "$HACKMD_DOMAIN_NAME" '15m' + { echo " proxy_pass http://localhost:$HACKMD_PORT_INTERNAL;"; + echo ' }'; + echo '}'; } >> "$hackmd_nginx_site" + + adduser --system --home="/etc/hackmd" --group hackmd + + + + { echo '[Unit]'; + echo 'Description=hackmd'; + echo 'After=syslog.target'; + echo 'After=network.target'; + echo "Documentation=$HACKMD_REPO"; + echo ''; + echo '[Service]'; + echo 'Type=simple'; + echo 'User=hackmd'; + echo 'Group=hackmd'; + echo 'WorkingDirectory=/etc/hackmd'; + echo 'ExecStart=/usr/local/bin/npm start'; + echo 'ExecStop=/usr/local/bin/npm stop'; + echo 'Environment=USER=hackmd'; + echo 'Restart=always'; + echo 'StandardError=syslog'; + echo ''; + echo '[Install]'; + echo 'WantedBy=multi-user.target'; } >> "/etc/systemd/system/hackmd.service" + systemctl enable hackmd + chown -R hackmd:hackmd "/etc/hackmd" + systemctl start hackmd + + create_site_certificate "$HACKMD_DOMAIN_NAME" 'yes' + + nginx_ensite "$HACKMD_DOMAIN_NAME" + + systemctl restart mariadb + + systemctl restart nginx + + "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hackmd -p "$HACKMD_ADMIN_PASSWORD" + set_completion_param "hackmd domain" "$HACKMD_DOMAIN_NAME" + + APP_INSTALLED=1 +} + +# NOTE: deliberately there is no "exit 0" From d592ad2619e9df06a2bfc3ca9ab2f09b30cb3e12 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 13:58:00 +0100 Subject: [PATCH 15/22] Extra quotes --- src/freedombone-app-hackmd | 10 +++++----- src/freedombone-template | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd index c2a50e91..253d348b 100755 --- a/src/freedombone-app-hackmd +++ b/src/freedombone-app-hackmd @@ -89,18 +89,18 @@ function change_password_hackmd { } function hackmd_create_database { - if [ -f $IMAGE_PASSWORD_FILE ]; then + if [ -f "$IMAGE_PASSWORD_FILE" ]; then HACKMD_ADMIN_PASSWORD="$(printf "%d" "$(cat "")")" else - if [ ! $HACKMD_ADMIN_PASSWORD ]; then - HACKMD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + if [ ! "$HACKMD_ADMIN_PASSWORD" ]; then + HACKMD_ADMIN_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}") fi fi - if [ ! $HACKMD_ADMIN_PASSWORD ]; then + if [ ! "$HACKMD_ADMIN_PASSWORD" ]; then return fi - create_database hackmd "$HACKMD_ADMIN_PASSWORD" $MY_USERNAME + create_database hackmd "$HACKMD_ADMIN_PASSWORD" "$MY_USERNAME" } function reconfigure_hackmd { diff --git a/src/freedombone-template b/src/freedombone-template index ba45ebbf..ce334fd4 100755 --- a/src/freedombone-template +++ b/src/freedombone-template @@ -344,22 +344,22 @@ echo '}' if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* || "$database_type" == "mongo"* ]]; then echo '' echo "function ${app_name}_create_database {" - echo " if [ -f \$IMAGE_PASSWORD_FILE ]; then" + echo " if [ -f \"\$IMAGE_PASSWORD_FILE\" ]; then" echo " ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf \"%d\" \"\$(cat \"$IMAGE_PASSWORD_FILE\")\")\"" echo ' else' - echo " if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then" - echo " ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\"" + echo " if [ ! \"\$${app_name_upper}_ADMIN_PASSWORD\" ]; then" + echo " ${app_name_upper}_ADMIN_PASSWORD=\$(create_password \"\${MINIMUM_PASSWORD_LENGTH}\")" echo ' fi' echo ' fi' - echo " if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then" + echo " if [ ! \"\$${app_name_upper}_ADMIN_PASSWORD\" ]; then" echo ' return' echo ' fi' echo '' if [[ "$database_type" = "mysql" || "$database_type" = "mariadb" ]]; then - echo " create_database ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \$MY_USERNAME" + echo " create_database ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \"\$MY_USERNAME\"" fi if [[ "$database_type" = "mongo"* ]]; then - echo " create_database_mongodb ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \$MY_USERNAME" + echo " create_database_mongodb ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \"\$MY_USERNAME\"" fi if [[ "$database_type" == "postgres"* ]]; then echo ' systemctl restart postgresql' From 749f8ab283affc416e1b3c4302ca1318b886345f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 14:24:55 +0100 Subject: [PATCH 16/22] Extra environment variables --- src/freedombone-app-hackmd | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd index 253d348b..e49f2a05 100755 --- a/src/freedombone-app-hackmd +++ b/src/freedombone-app-hackmd @@ -35,7 +35,7 @@ HACKMD_CODE= HACKMD_ONION_PORT=9052 HACKMD_REPO="https://github.com/hackmdio/hackmd" HACKMD_COMMIT='c71361467d6eee6519b050fb5c40fc32520a19a8' -HACKMD_PORT_INTERNAL=TODO +HACKMD_PORT_INTERNAL=3007 hackmd_variables=(ONION_ONLY HACKMD_DOMAIN_NAME @@ -301,19 +301,19 @@ function hackmd_create_config { echo ' "production": {'; echo ' "domain": "localhost",'; echo ' "hsts": {'; - echo ' "enable": true,'; + echo ' "enable": false,'; echo ' "maxAgeSeconds": "31536000",'; echo ' "includeSubdomains": true,'; echo ' "preload": true'; echo ' },'; echo ' "csp": {'; - echo ' "enable": true,'; + echo ' "enable": false,'; echo ' "directives": {'; echo ' },'; - echo ' "upgradeInsecureRequests": "auto",'; + echo ' "upgradeInsecureRequests": "false",'; echo ' "addDefaults": true,'; - echo ' "addDisqus": true,'; - echo ' "addGoogleAnalytics": true'; + echo ' "addDisqus": false,'; + echo ' "addGoogleAnalytics": false'; echo ' },'; echo ' "db": {'; echo " \"username\": \"root\","; @@ -442,7 +442,10 @@ function install_hackmd { adduser --system --home="/etc/hackmd" --group hackmd - + hmd_domain="$HACKMD_DOMAIN_NAME" + if [[ "$ONION_ONLY" != 'no' ]]; then + hmd_domain="$HACKMD_ONION_HOSTNAME" + fi { echo '[Unit]'; echo 'Description=hackmd'; @@ -458,6 +461,12 @@ function install_hackmd { echo 'ExecStart=/usr/local/bin/npm start'; echo 'ExecStop=/usr/local/bin/npm stop'; echo 'Environment=USER=hackmd'; + echo 'Environment=NODE_ENV=production'; + echo "Environment=HMD_DOMAIN=$hmd_domain"; + echo "Environment=HMD_PORT=$HACKMD_PORT_INTERNAL"; + echo 'Environment=HMD_PROTOCOL_USESSL=false'; + echo 'Environment=HMD_ALLOW_ANONYMOUS=false'; + echo 'Environment=HMD_ALLOW_FREEURL=true'; echo 'Restart=always'; echo 'StandardError=syslog'; echo ''; From 2d934d1fdd47c4d27becdc39aeb24b160a90a316 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 14:27:20 +0100 Subject: [PATCH 17/22] Restart nginx on removal --- src/freedombone-app-hackmd | 1 + 1 file changed, 1 insertion(+) diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd index e49f2a05..de147dfa 100755 --- a/src/freedombone-app-hackmd +++ b/src/freedombone-app-hackmd @@ -294,6 +294,7 @@ function remove_hackmd { sed -i '/hackmd/d' "$COMPLETION_FILE" remove_ddns_domain "$HACKMD_DOMAIN_NAME" + systemctl restart nginx } function hackmd_create_config { From e570985bfea1f79fe27aa51e6077c90d14234b1a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 18:14:18 +0100 Subject: [PATCH 18/22] Extra node packages --- src/freedombone-app-hackmd | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd index de147dfa..e74093b1 100755 --- a/src/freedombone-app-hackmd +++ b/src/freedombone-app-hackmd @@ -339,6 +339,8 @@ function hackmd_create_config { } function install_hackmd { + apt-get -yq install phantomjs + install_mariadb get_mariadb_password @@ -377,6 +379,23 @@ function install_hackmd { chmod +x bin/setup ./bin/setup hackmd_create_config + npm install + npm install ejs + npm install passport + npm install method-override + npm install cookie-parser + npm install compression + npm install express-session + npm install connect-session-sequelize + npm install morgan + npm install passport.socketio + npm install helmet + npm install i18n + npm install connect-flash + npm install lodash + npm install deep-freeze + npm install winston + npm install markdown-pdf npm run build chmod g+w "/var/www/$HACKMD_DOMAIN_NAME/htdocs" From 0291dbdbf1708d9d1446a658312e9ce04aab77c2 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 19:47:29 +0100 Subject: [PATCH 19/22] Extra packages --- src/freedombone-app-hackmd | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd index e74093b1..617b2760 100755 --- a/src/freedombone-app-hackmd +++ b/src/freedombone-app-hackmd @@ -141,6 +141,14 @@ function upgrade_hackmd { # update to the next commit set_repo_commit "/etc/hackmd" "hackmd commit" "$HACKMD_COMMIT" "$HACKMD_REPO" + + # Remove references to markdown-pdf node package, because it doesn't install on arm + cd /etc/hackmd || return + sed -i '/markdown-pdf/d' lib/response.js + sed -i '/markdownpdf/,/})/d' lib/response.js + mv yarn.lock yarn.lock.old + npm install + chown -R hackmd:hackmd "/etc/hackmd" systemctl restart hackmd } @@ -298,8 +306,11 @@ function remove_hackmd { } function hackmd_create_config { + hackmd_secret=$(create_password "30")$(create_password "30")$(create_password "30") + { echo '{'; echo ' "production": {'; + echo " \"sessionSecret\": \"$hackmd_secret\","; echo ' "domain": "localhost",'; echo ' "hsts": {'; echo ' "enable": false,'; @@ -395,7 +406,19 @@ function install_hackmd { npm install lodash npm install deep-freeze npm install winston - npm install markdown-pdf + npm install graceful-fs + npm install webpack + npm install extract-text-webpack-plugin + npm install html-webpack-plugin + npm install copy-webpack-plugin + npm install eve + npm install js-sequence-diagrams + #npm install markdown-pdf + + sed -i '/markdown-pdf/d' lib/response.js + sed -i '/markdownpdf/,/})/d' lib/response.js + + mv yarn.lock yarn.lock.old npm run build chmod g+w "/var/www/$HACKMD_DOMAIN_NAME/htdocs" From e483f37c009ed8d00db5673767da76a00065d0c4 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 19:48:30 +0100 Subject: [PATCH 20/22] Hackmd seems hard to install, especially on arm Particularly the node package markdown-pdf --- src/freedombone-app-hackmd | 536 ------------------------------------- 1 file changed, 536 deletions(-) delete mode 100755 src/freedombone-app-hackmd diff --git a/src/freedombone-app-hackmd b/src/freedombone-app-hackmd deleted file mode 100755 index 617b2760..00000000 --- a/src/freedombone-app-hackmd +++ /dev/null @@ -1,536 +0,0 @@ -#!/bin/bash -# -# _____ _ _ -# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ -# | __| _| -_| -_| . | . | | . | . | | -_| -# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| -# -# Freedom in the Cloud -# -# License -# ======= -# -# Copyright (C) 2018 Bob Mottram -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -VARIANTS='full full-vim' - -IN_DEFAULT_INSTALL=0 -SHOW_ON_ABOUT=1 - -HACKMD_DOMAIN_NAME= -HACKMD_CODE= -HACKMD_ONION_PORT=9052 -HACKMD_REPO="https://github.com/hackmdio/hackmd" -HACKMD_COMMIT='c71361467d6eee6519b050fb5c40fc32520a19a8' -HACKMD_PORT_INTERNAL=3007 - -hackmd_variables=(ONION_ONLY - HACKMD_DOMAIN_NAME - HACKMD_CODE - DDNS_PROVIDER - MY_USERNAME) - -function logging_on_hackmd { - echo -n '' -} - -function logging_off_hackmd { - echo -n '' -} - -function remove_user_hackmd { - remove_username="$1" - - "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hackmd -} - -function add_user_hackmd { - new_username="$1" - new_user_password="$2" - - "${PROJECT_NAME}-pass" -u "$new_username" -a hackmd -p "$new_user_password" - echo '0' -} - -function install_interactive_hackmd { - if [ ! "$ONION_ONLY" ]; then - ONION_ONLY='no' - fi - - if [[ "$ONION_ONLY" != "no" ]]; then - HACKMD_DOMAIN_NAME='hackmd.local' - write_config_param "HACKMD_DOMAIN_NAME" "$HACKMD_DOMAIN_NAME" - else - interactive_site_details "hackmd" "HACKMD_DOMAIN_NAME" "HACKMD_CODE" - fi - APP_INSTALLED=1 -} - -function change_password_hackmd { - curr_username="$1" - new_user_password="$2" - - read_config_param 'HACKMD_DOMAIN_NAME' - - "${PROJECT_NAME}-pass" -u "$curr_username" -a hackmd -p "$new_user_password" -} - -function hackmd_create_database { - if [ -f "$IMAGE_PASSWORD_FILE" ]; then - HACKMD_ADMIN_PASSWORD="$(printf "%d" "$(cat "")")" - else - if [ ! "$HACKMD_ADMIN_PASSWORD" ]; then - HACKMD_ADMIN_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}") - fi - fi - if [ ! "$HACKMD_ADMIN_PASSWORD" ]; then - return - fi - - create_database hackmd "$HACKMD_ADMIN_PASSWORD" "$MY_USERNAME" -} - -function reconfigure_hackmd { - # This is used if you need to switch identity. Dump old keys and generate new ones - echo -n '' -} - -function configure_interactive_hackmd { - W=(1 $"Option 1" - 2 $"Option 2") - - while true - do - # shellcheck disable=SC2068 - selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"hackmd" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3) - - if [ ! "$selection" ]; then - break - fi - case $selection in - 1) # call some function for option 1 - ;; - 2) # call some function for option 2 - ;; - esac - done -} - -function upgrade_hackmd { - CURR_HACKMD_COMMIT=$(get_completion_param "hackmd commit") - if [[ "$CURR_HACKMD_COMMIT" == "$HACKMD_COMMIT" ]]; then - return - fi - - if grep -q "hackmd domain" "$COMPLETION_FILE"; then - HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") - fi - - # update to the next commit - set_repo_commit "/etc/hackmd" "hackmd commit" "$HACKMD_COMMIT" "$HACKMD_REPO" - - # Remove references to markdown-pdf node package, because it doesn't install on arm - cd /etc/hackmd || return - sed -i '/markdown-pdf/d' lib/response.js - sed -i '/markdownpdf/,/})/d' lib/response.js - mv yarn.lock yarn.lock.old - npm install - - chown -R hackmd:hackmd "/etc/hackmd" - systemctl restart hackmd -} - -function backup_local_hackmd { - HACKMD_DOMAIN_NAME='hackmd' - if grep -q "hackmd domain" "$COMPLETION_FILE"; then - HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") - fi - - source_directory=/etc/hackmd - - suspend_site "${HACKMD_DOMAIN_NAME}" - - systemctl stop hackmd - - dest_directory=hackmd - backup_directory_to_usb "$source_directory" $dest_directory - - backup_database_to_usb hackmd - - restart_site - systemctl start hackmd -} - -function restore_local_hackmd { - if ! grep -q "hackmd domain" "$COMPLETION_FILE"; then - return - fi - HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") - if [ ! "$HACKMD_DOMAIN_NAME" ]; then - return - fi - suspend_site "${HACKMD_DOMAIN_NAME}" - systemctl stop hackmd - - temp_restore_dir=/root/temphackmd - hackmd_dir=/etc/hackmd - - hackmd_create_database - - restore_database hackmd - if [ -d $temp_restore_dir ]; then - rm -rf $temp_restore_dir - fi - - restore_directory_from_usb $temp_restore_dir hackmd - if [ -d $temp_restore_dir ]; then - if [ -d "$temp_restore_dir$hackmd_dir" ]; then - cp -rp "$temp_restore_dir$hackmd_dir"/* "$hackmd_dir"/ - else - if [ ! -d "$hackmd_dir" ]; then - mkdir "$hackmd_dir" - fi - cp -rp "$temp_restore_dir"/* "$hackmd_dir"/ - fi - chown -R hackmd:hackmd "$hackmd_dir" - rm -rf $temp_restore_dir - fi - systemctl start hackmd - - restart_site -} - -function backup_remote_hackmd { - HACKMD_DOMAIN_NAME='hackmd' - if grep -q "hackmd domain" "$COMPLETION_FILE"; then - HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") - fi - - source_directory=/etc/hackmd - - suspend_site "${HACKMD_DOMAIN_NAME}" - systemctl stop hackmd - - dest_directory=hackmd - backup_directory_to_friend "$source_directory" $dest_directory - backup_database_to_friend hackmd - - - systemctl start hackmd - - restart_site -} - -function restore_remote_hackmd { - if ! grep -q "hackmd domain" "$COMPLETION_FILE"; then - return - fi - HACKMD_DOMAIN_NAME=$(get_completion_param "hackmd domain") - if [ ! "$HACKMD_DOMAIN_NAME" ]; then - return - fi - suspend_site "${HACKMD_DOMAIN_NAME}" - systemctl stop hackmd - - temp_restore_dir=/root/temphackmd - hackmd_dir=/etc/hackmd - - hackmd_create_database - - restore_database_from_friend hackmd - if [ -d "$temp_restore_dir" ]; then - rm -rf $temp_restore_dir - fi - - restore_directory_from_friend $temp_restore_dir hackmd - if [ -d $temp_restore_dir ]; then - if [ -d "$temp_restore_dir$hackmd_dir" ]; then - cp -rp "$temp_restore_dir$hackmd_dir"/* "$hackmd_dir"/ - else - if [ ! -d "$hackmd_dir" ]; then - mkdir "$hackmd_dir" - fi - cp -rp $temp_restore_dir/* "$hackmd_dir"/ - fi - chown -R hackmd:hackmd "$hackmd_dir" - rm -rf $temp_restore_dir - fi - systemctl start hackmd - - restart_site -} - -function remove_hackmd { - nginx_dissite "$HACKMD_DOMAIN_NAME" - remove_certs "$HACKMD_DOMAIN_NAME" - - if [ -f /etc/systemd/system/hackmd.service ]; then - systemctl stop hackmd - systemctl disable hackmd - rm /etc/systemd/system/hackmd.service - fi - userdel -r hackmd - remove_nodejs hackmd - - - if [ -d "/var/www/$HACKMD_DOMAIN_NAME" ]; then - rm -rf "/var/www/$HACKMD_DOMAIN_NAME" - fi - if [ -f "/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME" ]; then - rm "/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME" - fi - drop_database hackmd - remove_onion_service hackmd "${HACKMD_ONION_PORT}" - if grep -q "hackmd" /etc/crontab; then - sed -i "/hackmd/d" /etc/crontab - fi - remove_app hackmd - remove_completion_param install_hackmd - sed -i '/hackmd/d' "$COMPLETION_FILE" - - remove_ddns_domain "$HACKMD_DOMAIN_NAME" - systemctl restart nginx -} - -function hackmd_create_config { - hackmd_secret=$(create_password "30")$(create_password "30")$(create_password "30") - - { echo '{'; - echo ' "production": {'; - echo " \"sessionSecret\": \"$hackmd_secret\","; - echo ' "domain": "localhost",'; - echo ' "hsts": {'; - echo ' "enable": false,'; - echo ' "maxAgeSeconds": "31536000",'; - echo ' "includeSubdomains": true,'; - echo ' "preload": true'; - echo ' },'; - echo ' "csp": {'; - echo ' "enable": false,'; - echo ' "directives": {'; - echo ' },'; - echo ' "upgradeInsecureRequests": "false",'; - echo ' "addDefaults": true,'; - echo ' "addDisqus": false,'; - echo ' "addGoogleAnalytics": false'; - echo ' },'; - echo ' "db": {'; - echo " \"username\": \"root\","; - echo " \"password\": \"$MARIADB_PASSWORD\","; - echo ' "database": "hackmd",'; - echo ' "host": "localhost",'; - echo ' "port": "5432",'; - echo ' "dialect": "mysql"'; - echo ' },'; - echo ' "github": {'; - echo ' "clientID": "change this",'; - echo ' "clientSecret": "change this"'; - echo ' },'; - echo ' "gitlab": {'; - echo ' "baseURL": "change this",'; - echo ' "clientID": "change this",'; - echo ' "clientSecret": "change this",'; - echo ' "scope": "use read_user scope for auth user only or remove this property if you need gitlab snippet import/export support (will result to be default scope api)"'; - echo ' }'; - echo ' }'; - echo '}'; } > config.json -} - -function install_hackmd { - apt-get -yq install phantomjs - - install_mariadb - - get_mariadb_password - - install_nodejs hackmd - if [ ! "$HACKMD_DOMAIN_NAME" ]; then - echo $'No domain name was given' - exit 3568356 - fi - - if [ -d "/var/www/$HACKMD_DOMAIN_NAME/htdocs" ]; then - rm -rf "/var/www/$HACKMD_DOMAIN_NAME/htdocs" - fi - if [ -d /repos/hackmd ]; then - mkdir "/var/www/$HACKMD_DOMAIN_NAME/htdocs" - cp -r -p /repos/hackmd/. "/etc/hackmd" - cd "/etc/hackmd" || exit 36487365 - git pull - else - git_clone "$HACKMD_REPO" "/etc/hackmd" - fi - - if [ ! -d "/etc/hackmd" ]; then - echo $'Unable to clone hackmd repo' - exit 87525 - fi - - cd "/etc/hackmd" || exit 3463754637 - git checkout "$HACKMD_COMMIT" -b "$HACKMD_COMMIT" - set_completion_param "hackmd commit" "$HACKMD_COMMIT" - - if [ ! -f bin/setup ]; then - echo $'No setup file found' - exit 36587356 - fi - chmod +x bin/setup - ./bin/setup - hackmd_create_config - npm install - npm install ejs - npm install passport - npm install method-override - npm install cookie-parser - npm install compression - npm install express-session - npm install connect-session-sequelize - npm install morgan - npm install passport.socketio - npm install helmet - npm install i18n - npm install connect-flash - npm install lodash - npm install deep-freeze - npm install winston - npm install graceful-fs - npm install webpack - npm install extract-text-webpack-plugin - npm install html-webpack-plugin - npm install copy-webpack-plugin - npm install eve - npm install js-sequence-diagrams - #npm install markdown-pdf - - sed -i '/markdown-pdf/d' lib/response.js - sed -i '/markdownpdf/,/})/d' lib/response.js - - mv yarn.lock yarn.lock.old - npm run build - - chmod g+w "/var/www/$HACKMD_DOMAIN_NAME/htdocs" - chown -R www-data:www-data "/var/www/$HACKMD_DOMAIN_NAME/htdocs" - - hackmd_create_database - - add_ddns_domain "$HACKMD_DOMAIN_NAME" - - HACKMD_ONION_HOSTNAME=$(add_onion_service hackmd 80 "${HACKMD_ONION_PORT}") - - hackmd_nginx_site=/etc/nginx/sites-available/$HACKMD_DOMAIN_NAME - if [[ "$ONION_ONLY" == "no" ]]; then - nginx_http_redirect "$HACKMD_DOMAIN_NAME" "index index.html" - { echo 'server {'; - echo ' listen 443 ssl;'; - echo ' #listen [::]:443 ssl;'; - echo " server_name $HACKMD_DOMAIN_NAME;"; - echo ''; } >> "$hackmd_nginx_site" - nginx_compress "$HACKMD_DOMAIN_NAME" - echo '' >> "$hackmd_nginx_site" - echo ' # Security' >> "$hackmd_nginx_site" - nginx_ssl "$HACKMD_DOMAIN_NAME" - - nginx_security_options "$HACKMD_DOMAIN_NAME" - - { echo ' add_header Strict-Transport-Security max-age=15768000;'; - echo ''; - echo ' access_log /dev/null;'; - echo ' error_log /dev/null;'; - echo ''; - echo " root /var/www/$HACKMD_DOMAIN_NAME/htdocs;"; - echo ''; - echo ' index index.html;'; - echo ' # Location'; - echo ' location / {'; } >> "$hackmd_nginx_site" - nginx_limits "$HACKMD_DOMAIN_NAME" '15m' - { echo " proxy_pass http://localhost:$HACKMD_PORT_INTERNAL;"; - echo ' }'; - echo '}'; } >> "$hackmd_nginx_site" - else - echo -n '' > "$hackmd_nginx_site" - fi - { echo 'server {'; - echo " listen 127.0.0.1:$HACKMD_ONION_PORT default_server;"; - echo " server_name $HACKMD_ONION_HOSTNAME;"; - echo ''; } >> "$hackmd_nginx_site" - nginx_compress "$HACKMD_DOMAIN_NAME" - echo '' >> "$hackmd_nginx_site" - nginx_security_options "$HACKMD_DOMAIN_NAME" - { echo ''; - echo ' access_log /dev/null;'; - echo ' error_log /dev/null;'; - echo ''; - echo " root /var/www/$HACKMD_DOMAIN_NAME/htdocs;"; - echo ''; - echo ' index index.html;'; - echo ' # Location'; - echo ' location / {'; } >> "$hackmd_nginx_site" - nginx_limits "$HACKMD_DOMAIN_NAME" '15m' - { echo " proxy_pass http://localhost:$HACKMD_PORT_INTERNAL;"; - echo ' }'; - echo '}'; } >> "$hackmd_nginx_site" - - adduser --system --home="/etc/hackmd" --group hackmd - - hmd_domain="$HACKMD_DOMAIN_NAME" - if [[ "$ONION_ONLY" != 'no' ]]; then - hmd_domain="$HACKMD_ONION_HOSTNAME" - fi - - { echo '[Unit]'; - echo 'Description=hackmd'; - echo 'After=syslog.target'; - echo 'After=network.target'; - echo "Documentation=$HACKMD_REPO"; - echo ''; - echo '[Service]'; - echo 'Type=simple'; - echo 'User=hackmd'; - echo 'Group=hackmd'; - echo 'WorkingDirectory=/etc/hackmd'; - echo 'ExecStart=/usr/local/bin/npm start'; - echo 'ExecStop=/usr/local/bin/npm stop'; - echo 'Environment=USER=hackmd'; - echo 'Environment=NODE_ENV=production'; - echo "Environment=HMD_DOMAIN=$hmd_domain"; - echo "Environment=HMD_PORT=$HACKMD_PORT_INTERNAL"; - echo 'Environment=HMD_PROTOCOL_USESSL=false'; - echo 'Environment=HMD_ALLOW_ANONYMOUS=false'; - echo 'Environment=HMD_ALLOW_FREEURL=true'; - echo 'Restart=always'; - echo 'StandardError=syslog'; - echo ''; - echo '[Install]'; - echo 'WantedBy=multi-user.target'; } >> "/etc/systemd/system/hackmd.service" - systemctl enable hackmd - chown -R hackmd:hackmd "/etc/hackmd" - systemctl start hackmd - - create_site_certificate "$HACKMD_DOMAIN_NAME" 'yes' - - nginx_ensite "$HACKMD_DOMAIN_NAME" - - systemctl restart mariadb - - systemctl restart nginx - - "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hackmd -p "$HACKMD_ADMIN_PASSWORD" - set_completion_param "hackmd domain" "$HACKMD_DOMAIN_NAME" - - APP_INSTALLED=1 -} - -# NOTE: deliberately there is no "exit 0" From 56a8a7ac7e4dd9d7ab728c946b46e46dbf8dc969 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 21 May 2018 21:40:14 +0100 Subject: [PATCH 21/22] Bump smolrss commit --- src/freedombone-app-smolrss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-smolrss b/src/freedombone-app-smolrss index b5fd0379..0fa7b103 100755 --- a/src/freedombone-app-smolrss +++ b/src/freedombone-app-smolrss @@ -35,7 +35,7 @@ SMOLRSS_DOMAIN_NAME= SMOLRSS_CODE= SMOLRSS_ONION_PORT=8751 SMOLRSS_REPO="https://github.com/bashrc/smolrss" -SMOLRSS_COMMIT='f6478243e43c53fe40116eabf7118b0cd2d28f1a' +SMOLRSS_COMMIT='d9fca3fd76b95c601553a1264ff500c287211105' smolrss_variables=(ONION_ONLY SMOLRSS_DOMAIN_NAME From 77ef565a3c80be5492247537eda3b8d38e49fc34 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 23 May 2018 12:28:52 +0100 Subject: [PATCH 22/22] Matrix synapse 0.28.1 --- src/freedombone-app-matrix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix index 3992238d..de34a5f1 100755 --- a/src/freedombone-app-matrix +++ b/src/freedombone-app-matrix @@ -48,7 +48,7 @@ MATRIX_PORT=8009 MATRIX_FEDERATION_ONION_PORT=8111 MATRIX_ONION_PORT=8109 MATRIX_REPO="https://github.com/matrix-org/synapse" -MATRIX_COMMIT='ddb00efc1ddec646d02e8def6053003f04d077d7' +MATRIX_COMMIT='ab5e888927e6a38190a65e10af7acf67873124e3' REPORT_STATS="no" MATRIX_SECRET= MATRIX_EXPIRE_MONTHS=1