Enable web user interface for git ssb via scuttlebot app

2017-12-12 16:35:14 +00:00 · 2017-12-12 16:35:14 +00:00 · 70b0430bc5
parent 2370f32323
commit 70b0430bc5
2 changed files with 102 additions and 1 deletions
--- a/src/freedombone-app-scuttlebot
+++ b/src/freedombone-app-scuttlebot
@ -35,8 +35,13 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 SHOW_ICANN_ADDRESS_ON_ABOUT=0

+SCUTTLEBOT_DOMAIN_NAME=
+SCUTTLEBOT_CODE=
 SCUTTLEBOT_VERSION='10.4.6'
 SCUTTLEBOT_PORT=8010
+SCUTTLEBOT_ONION_PORT=8623
+GIT_SSB_PORT=7718
+NGINX_GIT_SSB_PORT=7719

 scuttlebot_variables=(MY_USERNAME
                      DEFAULT_DOMAIN_NAME
@ -91,7 +96,13 @@ function add_user_scuttlebot {
 }

 function install_interactive_scuttlebot {
-    echo -n ''
+    if [[ $ONION_ONLY != "no" ]]; then
+        SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
+        write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
+    else
+        function_check interactive_site_details
+        interactive_site_details scuttlebot
+    fi
    APP_INSTALLED=1
 }

@ -180,6 +191,10 @@ function restore_remote_scuttlebot {

 function remove_scuttlebot {
    firewall_remove ${SCUTTLEBOT_PORT}
+    firewall_remove ${GIT_SSB_PORT}
+
+    nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
+    rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}

    systemctl stop scuttlebot
    systemctl disable scuttlebot
@ -196,7 +211,81 @@ function remove_scuttlebot {
    sed -i '/scuttlebot /d' $COMPLETION_FILE
 }

+function scuttlebot_git_setup {
+    if [[ "$1" == "mesh" ]]; then
+        git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
+        echo 'server {' > $git_ssb_nginx_site
+        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
+        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
+        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
+        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
+        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+    else
+        git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
+        function_check nginx_http_redirect
+        nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
+        echo 'server {' >> $git_ssb_nginx_site
+        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
+        echo '  listen [::]:443 ssl;' >> $git_ssb_nginx_site
+        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        function_check nginx_compress
+        nginx_compress $SCUTTLEBOT_DOMAIN_NAME
+        echo '' >> $git_ssb_nginx_site
+        echo '  # Security' >> $git_ssb_nginx_site
+        function_check nginx_ssl
+        nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
+
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
+    fi
+
+    echo '' >> $git_ssb_nginx_site
+    echo '  location = / {' >> $git_ssb_nginx_site
+    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
+    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
+    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
+    echo '  }' >> $git_ssb_nginx_site
+    echo '}' >> $git_ssb_nginx_site
+
+    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
+        echo '' >> $git_ssb_nginx_site
+        echo 'server {' >> $git_ssb_nginx_site
+        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
+        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
+        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
+        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
+        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        echo '' >> $git_ssb_nginx_site
+        echo '  location = / {' >> $git_ssb_nginx_site
+        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
+        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
+        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
+        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
+        echo '  }' >> $git_ssb_nginx_site
+        echo '}' >> $git_ssb_nginx_site
+    fi
+    nginx_ensite git_ssb
+}
+
 function mesh_install_scuttlebot {
+    SCUTTLEBOT_ONION_HOSTNAME=
+
    get_npm_arch

    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
@ -238,6 +327,8 @@ EOF
    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+
+    scuttlebot_git_setup mesh
 }

 function install_scuttlebot {
@ -316,6 +407,12 @@ function install_scuttlebot {
    systemctl restart scuttlebot.service

    firewall_add scuttlebot ${SCUTTLEBOT_PORT}
+    firewall_add git_ssb ${GIT_SSB_PORT}
+
+
+    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
+    scuttlebot_git_setup
+    systemctl restart nginx

    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@ -71,6 +71,8 @@ TOX_PORT=33445
 TRACKER_PORT=6969
 LIBREVAULT_PORT=42345
 TAHOELAFS_PORT=50213
+GIT_SSB_PORT=7718
+NGINX_GIT_SSB_PORT=7719

 # Ethernet bridge definition (bridged to bat0)
 BRIDGE=br-mesh
@ -178,6 +180,7 @@ function stop {
    iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
    iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
    # SSB/Scuttlebot/Patchwork
+    iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
    iptables -D INPUT -p udp --dport 8008 -j ACCEPT
    iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
    iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -450,6 +453,7 @@ function start {
    iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
    iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
    # SSB/Scuttlebot/Patchwork
+    iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
    iptables -A INPUT -p udp --dport 8008 -j ACCEPT
    iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
    iptables -A INPUT -p udp --dport 8010 -j ACCEPT