cryptpad app

This commit is contained in:
Bob Mottram 2017-05-26 14:26:27 +01:00
parent 921266cce1
commit 2ce3937be4
2 changed files with 518 additions and 7 deletions

502
src/freedombone-app-cryptpad Executable file
View File

@ -0,0 +1,502 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# cryptpad application
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
CRYPTPAD_DOMAIN_NAME=
CRYPTPAD_CODE=
CRYPTPAD_ONION_PORT=8119
CRYPTPAD_PORT=9003
CRYPTPAD_REPO=""
CRYPTPAD_COMMIT=''
CRYPTPAD_ADMIN_PASSWORD=
CRYPTPAD_DIR=/etc/cryptpad
cryptpad_variables=(ONION_ONLY
CRYPTPAD_DOMAIN_NAME
CRYPTPAD_CODE
DDNS_PROVIDER
MY_EMAIL_ADDRESS
MY_USERNAME)
function remove_user_cryptpad {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp cryptpad
}
function add_user_cryptpad {
new_username="$1"
new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a cryptpad -p "$new_user_password"
echo '0'
}
function install_interactive_cryptpad {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
CRYPTPAD_DOMAIN_NAME='cryptpad.local'
else
CRYPTPAD_DETAILS_COMPLETE=
while [ ! $CRYPTPAD_DETAILS_COMPLETE ]
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"Cryptpad Configuration" \
--form $"\nPlease enter your Cryptpad details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'CRYPTPAD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
$"Code:" 2 1 "$(grep 'CRYPTPAD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
2> $data
else
dialog --backtitle $"Freedombone Configuration" \
--title $"Cryptpad Configuration" \
--form $"\nPlease enter your Cryptpad details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
$"Domain:" 1 1 "$(grep 'CRYPTPAD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
2> $data
fi
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
CRYPTPAD_DOMAIN_NAME=$(cat $data | sed -n 1p)
if [ $CRYPTPAD_DOMAIN_NAME ]; then
if [[ $CRYPTPAD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
CRYPTPAD_DOMAIN_NAME=""
fi
TEST_DOMAIN_NAME=$CRYPTPAD_DOMAIN_NAME
validate_domain_name
if [[ $TEST_DOMAIN_NAME != $CRYPTPAD_DOMAIN_NAME ]]; then
CRYPTPAD_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
CRYPTPAD_CODE=$(cat $data | sed -n 2p)
validate_freedns_code "$CRYPTPAD_CODE"
if [ ! $VALID_CODE ]; then
CRYPTPAD_DOMAIN_NAME=
fi
fi
fi
fi
if [ $CRYPTPAD_DOMAIN_NAME ]; then
CRYPTPAD_DETAILS_COMPLETE="yes"
fi
done
# save the results in the config file
write_config_param "CRYPTPAD_CODE" "$CRYPTPAD_CODE"
fi
write_config_param "CRYPTPAD_DOMAIN_NAME" "$CRYPTPAD_DOMAIN_NAME"
APP_INSTALLED=1
}
function change_password_cryptpad {
curr_username="$1"
new_user_password="$2"
read_config_param 'CRYPTPAD_DOMAIN_NAME'
${PROJECT_NAME}-pass -u "$curr_username" -a cryptpad -p "$new_user_password"
}
function reconfigure_cryptpad {
if [ -d $CRYPTPAD_DIR/datastore ]; then
rm -rf $CRYPTPAD_DIR/datastore
fi
}
function upgrade_cryptpad {
if grep -q "cryptpad domain" $COMPLETION_FILE; then
CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain")
fi
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
return
fi
systemctl stop cryptpad
# update to the next commit
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR
chown -R cryptpad:cryptpad *
systemctl start cryptpad
}
function backup_local_cryptpad {
CRYPTPAD_DOMAIN_NAME='cryptpad'
if grep -q "cryptpad domain" $COMPLETION_FILE; then
CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain")
fi
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
systemctl stop cryptpad
dest_directory=cryptpad
function_check suspend_site
suspend_site ${CRYPTPAD_DOMAIN_NAME}
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start cryptpad
fi
}
function restore_local_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir cryptpad
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
systemctl start cryptpad
fi
}
function backup_remote_cryptpad {
if grep -q "cryptpad domain" $COMPLETION_FILE; then
CRYPTPAD_DOMAIN_NAME=$(get_completion_param "cryptpad domain")
temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad
function_check suspend_site
suspend_site ${CRYPTPAD_DOMAIN_NAME}
echo $"Backing up Cryptpad installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir cryptpad
function_check restart_site
restart_site
systemctl start cryptpad
else
echo $"cryptpad domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_friend $temp_restore_dir cryptpad
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
systemctl start cryptpad
fi
}
function remove_cryptpad {
if [ ${#CRYPTPAD_DOMAIN_NAME} -eq 0 ]; then
return
fi
systemctl stop cryptpad
systemctl disable cryptpad
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
function_check remove_nodejs
remove_nodejs cryptpad
read_config_param "CRYPTPAD_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $CRYPTPAD_DOMAIN_NAME"
nginx_dissite $CRYPTPAD_DOMAIN_NAME
remove_certs $CRYPTPAD_DOMAIN_NAME
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -f /etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME
fi
function_check remove_onion_service
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
sed -i '/cryptpad/d' $COMPLETION_FILE
userdel -r cryptpad
function_check remove_ddns_domain
remove_ddns_domain $CRYPTPAD_DOMAIN_NAME
}
function install_cryptpad_main {
if [ ! $CRYPTPAD_DOMAIN_NAME ]; then
echo $'No domain name was given for cryptpad'
exit 7359
fi
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/$CRYPTPAD_DOMAIN_NAME ]; then
mkdir /var/www/$CRYPTPAD_DOMAIN_NAME
fi
if [ ! -d $CRYPTPAD_DIR ]; then
mkdir -p $CRYPTPAD_DIR
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
fi
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
cd $CRYPTPAD_DIR
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
chown -R cryptpad:cryptpad $CRYPTPAD_COMMIT
function_check add_ddns_domain
add_ddns_domain $CRYPTPAD_DOMAIN_NAME
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/$CRYPTPAD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $CRYPTPAD_DOMAIN_NAME "index index.html"
echo 'server {' >> $cryptpad_nginx_site
echo ' listen 443 ssl;' >> $cryptpad_nginx_site
echo ' listen [::]:443 ssl;' >> $cryptpad_nginx_site
echo " server_name $CRYPTPAD_DOMAIN_NAME;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Security' >> $cryptpad_nginx_site
function_check nginx_ssl mobile
nginx_ssl $CRYPTPAD_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $CRYPTPAD_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Logs' >> $cryptpad_nginx_site
echo ' access_log /dev/null;' >> $cryptpad_nginx_site
echo ' error_log /dev/null;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Root' >> $cryptpad_nginx_site
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location = / {' >> $cryptpad_nginx_site
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location = /api/config {' >> $cryptpad_nginx_site
echo ' default_type text/javascript;' >> $cryptpad_nginx_site
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' try_files $uri $uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
echo '}' >> $cryptpad_nginx_site
else
echo -n '' > $cryptpad_nginx_site
fi
echo 'server {' >> $cryptpad_nginx_site
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site
echo " server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Logs' >> $cryptpad_nginx_site
echo ' access_log /dev/null;' >> $cryptpad_nginx_site
echo ' error_log /dev/null;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Root' >> $cryptpad_nginx_site
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location = / {' >> $cryptpad_nginx_site
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location = /api/config {' >> $cryptpad_nginx_site
echo ' default_type text/javascript;' >> $cryptpad_nginx_site
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' try_files $uri $uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
echo '}' >> $cryptpad_nginx_site
sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
function_check create_site_certificate
create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'
function_check nginx_ensite
nginx_ensite $CRYPTPAD_DOMAIN_NAME
${PROJECT_NAME}-pass -u $MY_USERNAME -a cryptpad -p "$CRYPTPAD_ADMIN_PASSWORD"
set_completion_param "cryptpad domain" "$CRYPTPAD_DOMAIN_NAME"
install_completed cryptpad_main
}
function install_cryptpad {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
function_check install_nodejs
install_nodejs cryptpad
install_cryptpad_main
cd $CRYPTPAD_DIR
npm install
npm install -g bower
bower install
cp config.example.js config.js
if [ ! -f config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" config.js
sed -i "s|websocketPath:.*|websocketPath: '/',|g" config.js
sed -i "s|// domain:|domain:|g" config.js
sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' config.js
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "s|domain:.*|domain: 'https://$CRYPTPAD_DOMAIN_NAME',|g" config.js
else
sed -i "s|domain:.*|domain: 'https://$CRYPTPAD_ONION_HOSTNAME',|g" config.js
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
echo '[Unit]' > /etc/systemd/system/cryptpad.service
echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service
echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service
echo 'After=network.target' >> /etc/systemd/system/cryptpad.service
echo '' >> /etc/systemd/system/cryptpad.service
echo '[Service]' >> /etc/systemd/system/cryptpad.service
echo 'Type=simple' >> /etc/systemd/system/cryptpad.service
echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service
echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service
echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service
echo "ExecStart=/usr/local/bin/node ./server.js" >> /etc/systemd/system/cryptpad.service
echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service
echo '' >> /etc/systemd/system/cryptpad.service
echo '[Install]' >> /etc/systemd/system/cryptpad.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
systemctl restart nginx
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"

View File

@ -323,6 +323,8 @@ function backup_local_koel {
source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $source_directory ]; then
systemctl stop koal
dest_directory=koel
function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME}
@ -335,6 +337,8 @@ function backup_local_koel {
function_check restart_site
restart_site
systemctl start koal
fi
}
@ -345,6 +349,8 @@ function restore_local_koel {
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
if [ $KOEL_DOMAIN_NAME ]; then
echo $"Restoring koel"
systemctl stop koal
temp_restore_dir=/root/tempkoel
koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
@ -355,6 +361,7 @@ function restore_local_koel {
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
fi
systemctl start koal
fi
}
@ -363,6 +370,8 @@ function backup_remote_koel {
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
if [ -d $temp_backup_dir ]; then
systemctl stop koal
function_check suspend_site
suspend_site ${KOEL_DOMAIN_NAME}
@ -376,6 +385,8 @@ function backup_remote_koel {
function_check restart_site
restart_site
systemctl start koal
else
echo $"koel domain specified but not found in ${temp_backup_dir}"
fi
@ -385,11 +396,10 @@ function backup_remote_koel {
function restore_remote_koel {
if grep -q "koel domain" $COMPLETION_FILE; then
echo $"Restoring koel"
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
# stop the daemons
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
systemctl stop koal
KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
function_check koel_create_database
koel_create_database
@ -400,9 +410,8 @@ function restore_remote_koel {
rm -rf /root/tempkoel
fi
# start the daemons
cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
systemctl start koal
echo $"Restore of koel complete"
fi
}