free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tidying

This commit is contained in:
Bob Mottram 2018-03-01 11:45:51 +00:00
parent fa8f96bfdb
commit 7888f7ae63
6 changed files with 807 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
src/freedombone-app-syncthing
View File

@ -66,12 +66,12 @@ function syncthing_create_ids_file {
SYNCTHING_ID=$(cat ~/.syncthing-server-id) SYNCTHING_ID=$(cat ~/.syncthing-server-id)
if [ ! -f $SYNCTHING_CONFIG_FILE ]; then if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE { echo $'# Your syncthing configuration file';
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#';
echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#';
echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE echo '# Paste the IDs of your devices below';
echo '#' >> $SYNCTHING_CONFIG_FILE echo '#'; } > $SYNCTHING_CONFIG_FILE
fi fi
} }
@ -94,12 +94,13 @@ function syncthing_show_id {
SYNCTHING_ID=$(cat ~/.syncthing-server-id) SYNCTHING_ID=$(cat ~/.syncthing-server-id)
dialog --title $"Device ID for ${PROJECT_NAME}" \ dialog --title $"Device ID for ${PROJECT_NAME}" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78 --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
clear clear
echo $'Your Syncthing ID code' echo $'Your Syncthing ID code'
echo '' echo ''
echo -n "$SYNCTHING_ID" | qrencode -t UTF8 echo -n "$SYNCTHING_ID" | qrencode -t UTF8
echo '' echo ''
# shellcheck disable=SC2034
read -n1 -rsp $"Press any key to continue..." key read -n1 -rsp $"Press any key to continue..." key
} }
@ -110,21 +111,24 @@ function syncthing_add_id {
syncthing_create_ids_file syncthing_create_ids_file
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Add a Syncthing device ID" \ --title $"Add a Syncthing device ID" \
--form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \ --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
$"Device ID:" 1 1 "" 1 26 80 80 \ $"Device ID:" 1 1 "" 1 26 80 80 \
$"Description (optional):" 2 1 "" 2 26 80 80 \ $"Description (optional):" 2 1 "" 2 26 80 80 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p) SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p) SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return return
@ -164,19 +168,21 @@ function syncthing_remove_id {
syncthing_create_ids_file syncthing_create_ids_file
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"Remove a Syncthing device ID" \ --title $"Remove a Syncthing device ID" \
--form $"Paste the device ID which is to be removed below" 8 80 1 \ --form $"Paste the device ID which is to be removed below" 8 80 1 \
$"Device ID:" 1 1 "" 1 14 80 80 \ $"Device ID:" 1 1 "" 1 14 80 80 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p) SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
rm -f "$data"
if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
return return
@ -212,8 +218,7 @@ function run_client_syncthing {
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone User Control Panel" \ dialog --backtitle $"Freedombone User Control Panel" \
--title $"File Synchronization" \ --title $"File Synchronization" \
--radiolist $"Choose an operation:" 12 70 6 \ --radiolist $"Choose an operation:" 12 70 6 \
@ -221,19 +226,23 @@ function run_client_syncthing {
2 $"Add an ID for another machine or device" off \ 2 $"Add an ID for another machine or device" off \
3 $"Remove an ID for another machine or device" off \ 3 $"Remove an ID for another machine or device" off \
4 $"Manually edit device IDs" off \ 4 $"Manually edit device IDs" off \
5 $"Back to main menu" on 2> $data 5 $"Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) break;; 1) rm -f "$data"
255) break;; break;;
255) rm -f "$data"
break;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) syncthing_show_id;; 1) syncthing_show_id;;
2) syncthing_add_id;; 2) syncthing_add_id;;
3) syncthing_remove_id;; 3) syncthing_remove_id;;
4) syncthing_manual_edit;; 4) syncthing_manual_edit;;
5) break;; 5) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -260,21 +269,21 @@ function backup_local_syncthing {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/Sync ]; then if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME" echo $"Backing up syncthing files for $USERNAME"
backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings # ensure that device IDs will be backed up as part of user config settings
if [ ! -d /home/$USERNAME/.config/syncthing ]; then if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
mkdir -p /home/$USERNAME/.config/syncthing mkdir -p "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthingids ]; then if [ -f "/home/$USERNAME/.syncthingids" ]; then
cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
fi fi
fi fi
@ -288,7 +297,7 @@ function restore_local_syncthing {
fi fi
temp_restore_dir=/root/tempsyncthing temp_restore_dir=/root/tempsyncthing
if [ -d $USB_MOUNT/backup/syncthingconfig ]; then if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration" echo $"Restoring syncthing configuration"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb ${temp_restore_dir}config syncthingconfig restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@ -297,9 +306,7 @@ function restore_local_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH mkdir -p $SYNCTHING_CONFIG_PATH
fi fi
cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/ if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
systemctl start syncthing systemctl start syncthing
@ -309,7 +316,7 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}config rm -rf ${temp_restore_dir}config
fi fi
if [ -d $USB_MOUNT/backup/syncthingshared ]; then if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files" echo $"Restoring syncthing shared files"
restore_directory_from_usb ${temp_restore_dir}shared syncthingshared restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
#cp -r ${temp_restore_dir}shared/* / #cp -r ${temp_restore_dir}shared/* /
@ -321,28 +328,29 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir}shared rm -rf ${temp_restore_dir}shared
fi fi
if [ -d $USB_MOUNT/backup/syncthing ]; then if [ -d "$USB_MOUNT/backup/syncthing" ]; then
for d in $USB_MOUNT/backup/syncthing/*/ ; do for d in $USB_MOUNT/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring syncthing files for $USERNAME" echo $"Restoring syncthing files for $USERNAME"
restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/ cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/Sync ]; then if [ ! -d "/home/$USERNAME/Sync" ]; then
mkdir /home/$USERNAME/Sync mkdir "/home/$USERNAME/Sync"
fi fi
if [ -d /root/Sync ]; then if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync rm -rf /root/Sync
else else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
set_user_permissions set_user_permissions
@ -354,13 +362,13 @@ function restore_local_syncthing {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
# restore device IDs from config settings # restore device IDs from config settings
if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi fi
if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi fi
fi fi
done done
@ -389,21 +397,21 @@ function backup_remote_syncthing {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -d /home/$USERNAME/Sync ]; then if [ -d "/home/$USERNAME/Sync" ]; then
echo $"Backing up syncthing files for $USERNAME" echo $"Backing up syncthing files for $USERNAME"
backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
# ensure that device IDs will be backed up as part of user config settings # ensure that device IDs will be backed up as part of user config settings
if [ ! -d /home/$USERNAME/.config/syncthing ]; then if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
mkdir -p /home/$USERNAME/.config/syncthing mkdir -p "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
if [ -f /home/$USERNAME/.syncthingids ]; then if [ -f "/home/$USERNAME/.syncthingids" ]; then
cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
chown -R $USERNAME:$USERNAME /home/$USERNAME/.config chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
fi fi
fi fi
fi fi
@ -416,7 +424,7 @@ function restore_remote_syncthing {
systemctl stop cron systemctl stop cron
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
echo $"Restoring syncthing configuration" echo $"Restoring syncthing configuration"
temp_restore_dir=/root/tempsyncthingconfig temp_restore_dir=/root/tempsyncthingconfig
function_check restore_directory_from_friend function_check restore_directory_from_friend
@ -425,8 +433,7 @@ function restore_remote_syncthing {
if [ ! -d $SYNCTHING_CONFIG_PATH ]; then if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
mkdir -p $SYNCTHING_CONFIG_PATH mkdir -p $SYNCTHING_CONFIG_PATH
fi fi
cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/ if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
if [ ! "$?" = "0" ]; then
systemctl start syncthing systemctl start syncthing
systemctl start cron systemctl start cron
exit 6833 exit 6833
@ -434,7 +441,7 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
echo $"Restoring syncthing shared files" echo $"Restoring syncthing shared files"
temp_restore_dir=/root/tempsyncthingshared temp_restore_dir=/root/tempsyncthingshared
function_check restore_directory_from_friend function_check restore_directory_from_friend
@ -446,30 +453,31 @@ function restore_remote_syncthing {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
fi fi
if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring syncthing files for $USERNAME" echo $"Restoring syncthing files for $USERNAME"
temp_restore_dir=/root/tempsyncthing temp_restore_dir=/root/tempsyncthing
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/Sync ]; then if [ ! -d "/home/$USERNAME/Sync" ]; then
mkdir /home/$USERNAME/Sync mkdir "/home/$USERNAME/Sync"
fi fi
if [ -d /root/Sync ]; then if [ -d /root/Sync ]; then
cp -r /root/Sync/* /home/$USERNAME/Sync/ cp -r /root/Sync/* "/home/$USERNAME/Sync/"
rm -rf /root/Sync rm -rf /root/Sync
else else
cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/ cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
fi fi
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
systemctl start syncthing systemctl start syncthing
@ -479,13 +487,13 @@ function restore_remote_syncthing {
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
# restore device IDs from config settings # restore device IDs from config settings
if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
fi fi
if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
fi fi
echo $"Restore of syncthing files for $USERNAME complete" echo $"Restore of syncthing files for $USERNAME complete"
fi fi

317
src/freedombone-app-tahoelafs
View File

@ -72,52 +72,52 @@ function add_user_tahoelafs {
new_username="$1" new_username="$1"
new_user_password="$2" new_user_password="$2"
${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password" "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username} echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
echo '0' echo '0'
} }
function remove_user_tahoelafs { function remove_user_tahoelafs {
remove_username="$1" remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
} }
function change_password_tahoelafs { function change_password_tahoelafs {
change_username="$1" change_username="$1"
change_password="$2" change_password="$2"
${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password" "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username} echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
} }
function add_tahoelafs_storage_node_interactive { function add_tahoelafs_storage_node_interactive {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Add Tahoe-LAFS storage node" \ --title $"Add Tahoe-LAFS storage node" \
--form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
$"Hostname:" 1 1 "" 1 14 53 40 \ $"Hostname:" 1 1 "" 1 14 53 40 \
$"Public Key:" 2 1 "" 2 14 53 255 \ $"Public Key:" 2 1 "" 2 14 53 255 \
$"Nickname:" 3 1 "" 3 14 53 255 \ $"Nickname:" 3 1 "" 3 14 53 255 \
$"FURL:" 4 1 "" 4 14 53 255 \ $"FURL:" 4 1 "" 4 14 53 255 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) return;;
255) return;; 255) return;;
esac esac
storage_hostname=$(cat $data | sed -n 1p) storage_hostname=$(sed -n 1p < "$data")
public_key="$(cat $data | sed -n 2p)" public_key=$(sed -n 2p < "$data")
nick=$(cat $data | sed -n 3p) nick=$(sed -n 3p < "$data")
furl=$(cat $data | sed -n 4p) furl=$(sed -n 4p < "$data")
rm -f "$data"
if [ ${#public_key} -eq 0 ]; then if [ ${#public_key} -eq 0 ]; then
return return
@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
read_config_param TAHOELAFS_SHARES_HAPPY read_config_param TAHOELAFS_SHARES_HAPPY
read_config_param TAHOELAFS_SHARES_TOTAL read_config_param TAHOELAFS_SHARES_TOTAL
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS shares" \ --title $"Tahoe-LAFS shares" \
--form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \ --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
$"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \ $"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
$"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \ $"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
$"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \ $"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
tl_needed="$(cat $data | sed -n 1p)" tl_needed=$(sed -n 1p < "$data")
tl_happy="$(cat $data | sed -n 2p)" tl_happy=$(sed -n 2p < "$data")
tl_total="$(cat $data | sed -n 3p)" tl_total=$(sed -n 3p < "$data")
rm -f "$data"
if [ ${#tl_needed} -gt 0 ]; then if [ ${#tl_needed} -gt 0 ]; then
TAHOELAFS_SHARES_NEEDED=${tl_needed} TAHOELAFS_SHARES_NEEDED=${tl_needed}
fi fi
@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
} }
function configure_interactive_tahoelafs { function configure_interactive_tahoelafs {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"Tahoe-LAFS" \ --title $"Tahoe-LAFS" \
--radiolist $"The least authority is always the best" 11 50 5 \ --radiolist $"The least authority is always the best" 11 50 5 \
1 "Add a storage node" off \ 1 "Add a storage node" off \
2 "Manually edit storage nodes" off \ 2 "Manually edit storage nodes" off \
3 "Shares settings" off \ 3 "Shares settings" off \
4 "Back to main menu" on 2> $data 4 "Back to main menu" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) add_tahoelafs_storage_node_interactive;; 1) add_tahoelafs_storage_node_interactive;;
2) edit_tahoelafs_nodes;; 2) edit_tahoelafs_nodes;;
3) edit_tahoelafs_shares;; 3) edit_tahoelafs_shares;;
esac esac
rm -f "$data"
} }
function tahoelafs_setup_client_config { function tahoelafs_setup_client_config {
config_file=$1 config_file="$1"
nick="$2" nick="$2"
echo '[node]' > $config_file { echo '[node]';
echo "nickname = $nick" >> $config_file echo "nickname = $nick";
echo 'reveal-IP-address = false' >> $config_file echo 'reveal-IP-address = false';
echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
echo 'web.static = public_html' >> $config_file echo 'web.static = public_html';
echo 'tub.port = disabled' >> $config_file echo 'tub.port = disabled';
echo 'tub.location = disabled' >> $config_file echo 'tub.location = disabled';
echo '' >> $config_file echo '';
echo '[client]' >> $config_file echo '[client]';
echo 'introducer.furl =' >> $config_file echo 'introducer.furl =';
echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
echo '' >> $config_file echo '';
echo '[storage]' >> $config_file echo '[storage]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo 'reserved_space = 3G' >> $config_file echo 'reserved_space = 3G';
echo '' >> $config_file echo '';
echo '[helper]' >> $config_file echo '[helper]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo '' >> $config_file echo '';
echo '[connections]' >> $config_file echo '[connections]';
echo 'tcp = tor' >> $config_file echo 'tcp = tor'; } > "$config_file"
} }
function tahoelafs_setup_storage_config { function tahoelafs_setup_storage_config {
config_file=$1 config_file="$1"
nick="$2" nick="$2"
echo '[node]' > $config_file { echo '[node]';
echo "nickname = $nick" >> $config_file echo "nickname = $nick";
echo 'reveal-IP-address = false' >> $config_file echo 'reveal-IP-address = false';
echo 'web.port =' >> $config_file echo 'web.port =';
echo 'web.static = public_html' >> $config_file echo 'web.static = public_html';
echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
echo '' >> $config_file echo '';
echo '[client]' >> $config_file echo '[client]';
echo 'introducer.furl =' >> $config_file echo 'introducer.furl =';
echo 'helper.furl =' >> $config_file echo 'helper.furl =';
echo '' >> $config_file echo '';
echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
echo '' >> $config_file echo '';
echo '[storage]' >> $config_file echo '[storage]';
echo 'enabled = true' >> $config_file echo 'enabled = true';
echo 'reserved_space = 3G' >> $config_file echo 'reserved_space = 3G';
echo 'expire.enabled = true' >> $config_file echo 'expire.enabled = true';
echo 'expire.mode = age' >> $config_file echo 'expire.mode = age';
echo 'expire.override_lease_duration = 3 months' >> $config_file echo 'expire.override_lease_duration = 3 months';
echo '' >> $config_file echo '';
echo '[helper]' >> $config_file echo '[helper]';
echo 'enabled = false' >> $config_file echo 'enabled = false';
echo '' >> $config_file echo '';
echo '[connections]' >> $config_file echo '[connections]';
echo 'tcp = tor' >> $config_file echo 'tcp = tor'; } > "$config_file"
chown -R tahoelafs:debian-tor $TAHOE_DIR chown -R tahoelafs:debian-tor $TAHOE_DIR
} }
@ -304,6 +309,7 @@ function restore_local_tahoelafs {
else else
cp -r $temp_restore_dir/* $TAHOE_DIR/ cp -r $temp_restore_dir/* $TAHOE_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d ${TAHOE_DIR}-old ]; then if [ -d ${TAHOE_DIR}-old ]; then
mv ${TAHOE_DIR}-old $TAHOE_DIR mv ${TAHOE_DIR}-old $TAHOE_DIR
@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
else else
cp -r $temp_restore_dir/* $TAHOE_DIR/ cp -r $temp_restore_dir/* $TAHOE_DIR/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d ${$TAHOE_DIR}-old ]; then if [ -d "${TAHOE_DIR}-old" ]; then
mv ${TAHOE_DIR}-old $TAHOE_DIR mv "${TAHOE_DIR}-old" $TAHOE_DIR
fi fi
exit 623925 exit 623925
fi fi
if [ -d ${$TAHOE_DIR}-old ]; then if [ -d "${TAHOE_DIR}-old" ]; then
rm -rf ${$TAHOE_DIR}-old rm -rf "${TAHOE_DIR}-old"
fi fi
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
chown -R tahoelafs:debian-tor $TAHOE_DIR chown -R tahoelafs:debian-tor $TAHOE_DIR
@ -398,7 +405,7 @@ function remove_tahoelafs {
remove_completion_param install_tahoelafs remove_completion_param install_tahoelafs
function_check remove_onion_service function_check remove_onion_service
remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT} remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick) remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
sed -i '/HidServAuth /d' /etc/tor/torrc sed -i '/HidServAuth /d' /etc/tor/torrc
groupdel -f tahoelafs groupdel -f tahoelafs
@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
exit 682362 exit 682362
fi fi
if [ ! -f ${node_dir}/tahoe.cfg ]; then if [ ! -f "${node_dir}/tahoe.cfg" ]; then
su -c "mkdir ${node_dir}" - tahoelafs su -c "mkdir ${node_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick} tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
fi fi
if [ ! -f ${client_dir}/tahoe.cfg ]; then if [ ! -f "${client_dir}/tahoe.cfg" ]; then
su -c "mkdir ${client_dir}" - tahoelafs su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick} tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
fi fi
} }
function create_tahoelafs_introducer { function create_tahoelafs_introducer {
introducer_dir="$1" introducer_dir="$1"
if [ -f ${introducer_dir}/tahoe.cfg ]; then if [ -f "${introducer_dir}/tahoe.cfg" ]; then
return return
fi fi
@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
return return
fi fi
if [ -f ${node_dir}/tahoe.cfg ]; then if [ -f "${node_dir}/tahoe.cfg" ]; then
return return
fi fi
@ -487,15 +494,15 @@ function create_tahoelafs_client {
return return
fi fi
if [ -f ${client_dir}/tahoe.cfg ]; then if [ -f "${client_dir}/tahoe.cfg" ]; then
return return
fi fi
su -c "mkdir ${client_dir}" - tahoelafs su -c "mkdir ${client_dir}" - tahoelafs
su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
} }
function get_tahoelafs_furl { function get_tahoelafs_furl {
@ -510,11 +517,11 @@ function get_tahoelafs_nick {
} }
function get_tahoelafs_storage_hostname { function get_tahoelafs_storage_hostname {
echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)" cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
} }
function get_tahoelafs_public_key { function get_tahoelafs_public_key {
echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')" grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
} }
function add_tahoelafs_server { function add_tahoelafs_server {
@ -549,10 +556,10 @@ function add_tahoelafs_server {
fi fi
echo '# storage' >> ${tahoelafs_storage_file} echo '# storage' >> ${tahoelafs_storage_file}
fi fi
echo " ${public_key}:" >> ${tahoelafs_storage_file} { echo " ${public_key}:";
echo " ann:" >> ${tahoelafs_storage_file} echo " ann:";
echo " nickname: ${nick}" >> ${tahoelafs_storage_file} echo " nickname: ${nick}";
echo " anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file} echo " anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
chown tahoelafs:debian-tor ${tahoelafs_storage_file} chown tahoelafs:debian-tor ${tahoelafs_storage_file}
if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
echo "Creating daemon: $TAHOELAFS_DAEMON_FILE" echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
echo '[Unit]' > $TAHOELAFS_DAEMON_FILE { echo '[Unit]';
echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "Description=Tahoe-LAFS ${daemon_name}";
echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE echo 'After=syslog.target';
echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE echo 'After=network.target';
echo '' >> $TAHOELAFS_DAEMON_FILE echo '';
echo '[Service]' >> $TAHOELAFS_DAEMON_FILE echo '[Service]';
echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE echo 'Type=simple';
echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE echo "User=tahoelafs";
echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE echo "Group=debian-tor";
echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE echo "WorkingDirectory=${TAHOE_DIR}";
echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE echo 'Restart=on-failure';
echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE echo 'RestartSec=10';
echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
echo '' >> $TAHOELAFS_DAEMON_FILE echo '';
echo '[Install]' >> $TAHOELAFS_DAEMON_FILE echo '[Install]';
echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
systemctl enable tahoelafs-${daemon_name} systemctl enable "tahoelafs-${daemon_name}"
systemctl daemon-reload systemctl daemon-reload
systemctl start tahoelafs-${daemon_name} systemctl start "tahoelafs-${daemon_name}"
} }
function create_tahoelafs_web { function create_tahoelafs_web {
@ -596,44 +603,44 @@ function create_tahoelafs_web {
TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login' TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
echo 'server {' > $tahoelafs_nginx_site { echo 'server {';
echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
echo " server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site echo " server_name $TAHOELAFS_ONION_HOSTNAME;";
echo '' >> $tahoelafs_nginx_site echo ''; } > "$tahoelafs_nginx_site"
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing tahoelafs nginx_disable_sniffing tahoelafs
echo '' >> $tahoelafs_nginx_site { echo '';
echo ' # Logs' >> $tahoelafs_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $tahoelafs_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $tahoelafs_nginx_site echo ' error_log /dev/null;';
echo '' >> $tahoelafs_nginx_site echo '';
echo ' # Root' >> $tahoelafs_nginx_site echo ' # Root';
echo " root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site echo " root /var/www/tahoelafs/htdocs;";
echo '' >> $tahoelafs_nginx_site echo '';
echo ' location / {' >> $tahoelafs_nginx_site echo ' location / {';
echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site echo " auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site echo ' auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits tahoelafs '15m' nginx_limits tahoelafs '15m'
echo ' rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site { echo " rewrite /(.*) /\$1 break;";
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site echo " proxy_set_header X-Real-IP \$remote_addr;";
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site echo " proxy_set_header Host \$http_host;";
echo ' proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site echo ' proxy_set_header X-NginX-Proxy true;';
echo " proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site echo " proxy_pass http://localhost:${TAHOELAFS_PORT};";
echo ' proxy_redirect off;' >> $tahoelafs_nginx_site echo ' proxy_redirect off;';
echo ' }' >> $tahoelafs_nginx_site echo ' }';
echo '}' >> $tahoelafs_nginx_site echo '}'; } >> "$tahoelafs_nginx_site"
TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD" "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
touch /etc/nginx/.htpasswd-tahoelafs touch /etc/nginx/.htpasswd-tahoelafs
fi fi
if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
fi fi
echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME} echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
function_check nginx_ensite function_check nginx_ensite
nginx_ensite tahoelafs nginx_ensite tahoelafs
@ -641,7 +648,7 @@ function create_tahoelafs_web {
} }
function install_tahoelafs { function install_tahoelafs {
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
return return
fi fi
@ -692,7 +699,7 @@ function install_tahoelafs {
# create an onion address for client node # create an onion address for client node
TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT}) TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick} create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
# start the storage node # start the storage node
su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs

398
src/freedombone-app-tox
View File

@ -74,12 +74,12 @@ function logging_off_tox {
function remove_user_tox { function remove_user_tox {
remove_username="$1" remove_username="$1"
if [ -d /home/$remove_username/.config/tox ]; then if [ -d "/home/$remove_username/.config/tox" ]; then
if [ -d /home/$remove_username/.config/tox/chatlogs ]; then if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
shred -zu /home/$remove_username/.config/tox/chatlogs/* shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
rm -rf /home/$remove_username/.config/tox/chatlogs rm -rf "/home/$remove_username/.config/tox/chatlogs"
fi fi
shred -zu /home/$remove_username/.config/tox/* shred -zu "/home/$remove_username/.config/tox/*"
fi fi
} }
@ -87,27 +87,27 @@ function add_user_tox {
new_username="$1" new_username="$1"
# Note: password isn't used # Note: password isn't used
new_user_password="$2" #new_user_password="$2"
USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
if [ ! -f $USER_TOX_FILE ]; then if [ ! -f "$USER_TOX_FILE" ]; then
mkdir -p /home/${new_username}/.config/tox mkdir -p "/home/${new_username}/.config/tox"
chown -R ${new_username}:${new_username} /home/${new_username}/.config chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
su -c "toxid -u ${new_username} -n data" - $new_username su -c "toxid -u ${new_username} -n data" - "$new_username"
su -c "toxid --setuser ${new_username}" - $new_username su -c "toxid --setuser ${new_username}" - "$new_username"
fi fi
} }
function run_client_tox { function run_client_tox {
# create a tox user # create a tox user
USER_TOX_FILE=/home/${USER}/.config/tox/data.tox USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
if [ ! -f $USER_TOX_FILE ]; then if [ ! -f "$USER_TOX_FILE" ]; then
mkdir -p /home/${USER}/.config/tox mkdir -p "/home/${USER}/.config/tox"
chown -R ${USER}:${USER} /home/${USER}/.config chown -R "${USER}":"${USER}" "/home/${USER}/.config"
toxid -u ${USER} -n data toxid -u "${USER}" -n data
toxid --setuser ${USER} toxid --setuser "${USER}"
fi fi
toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050 toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
} }
function install_interactive_tox { function install_interactive_tox {
@ -121,16 +121,17 @@ function configure_interactive_tox {
fi fi
bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE) bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
dialog --title $"Tox Bootstrap Node ID" \ dialog --title $"Tox Bootstrap Node ID" \
--msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70 --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
} }
function mesh_tox_qtox { function mesh_tox_qtox {
if [ ! ${rootdir}$INSTALL_DIR ]; then # shellcheck disable=SC2154
if [ ! "${rootdir}$INSTALL_DIR" ]; then
INSTALL_DIR=${rootdir}/root/build INSTALL_DIR=${rootdir}/root/build
fi fi
if [ ! -d ${rootdir}$INSTALL_DIR ]; then if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
mkdir -p ${rootdir}$INSTALL_DIR mkdir -p "${rootdir}$INSTALL_DIR"
fi fi
chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@ -149,30 +150,30 @@ function mesh_tox_qtox {
chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
if [ -d /repos/qtox ]; then if [ -d /repos/qtox ]; then
mkdir ${rootdir}$INSTALL_DIR/qtox mkdir "${rootdir}$INSTALL_DIR/qtox"
cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
cd ${rootdir}$INSTALL_DIR/qtox cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
git pull git pull
else else
git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
fi fi
if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
exit 72428 exit 72428
fi fi
cd ${rootdir}${INSTALL_DIR}/qtox cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
git checkout $QTOX_COMMIT -b $QTOX_COMMIT git checkout $QTOX_COMMIT -b $QTOX_COMMIT
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/qtox cd ${INSTALL_DIR}/qtox
export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig" export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
cmake . cmake .
make make
make install make install
EOF EOF
if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
exit 75784 exit 75784
fi fi
cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
} }
function reconfigure_tox { function reconfigure_tox {
@ -181,9 +182,9 @@ function reconfigure_tox {
function upgrade_tox { function upgrade_tox {
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
cd $INSTALL_DIR/toxcore cd "$INSTALL_DIR/toxcore" || exit 53683563
sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
autoreconf -i autoreconf -i
./configure --enable-daemon ./configure --enable-daemon
@ -194,9 +195,9 @@ function upgrade_tox {
fi fi
function_check set_repo_commit function_check set_repo_commit
set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
cd $INSTALL_DIR/toxic cd "$INSTALL_DIR/toxic" || exit 4684618
make make
make install make install
fi fi
@ -221,12 +222,11 @@ function backup_local_tox {
} }
function restore_local_tox { function restore_local_tox {
if [ -d $USB_MOUNT/backup/tox ]; then if [ -d "$USB_MOUNT/backup/tox" ]; then
echo $"Restoring Tox node settings" echo $"Restoring Tox node settings"
function_check restore_directory_from_usb function_check restore_directory_from_usb
#restore_directory_from_usb / tox #restore_directory_from_usb / tox
restore_directory_from_usb /var/lib/tox-bootstrapd tox if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
if [ ! "$?" = "0" ]; then
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
function_check backup_unmount_drive function_check backup_unmount_drive
@ -234,8 +234,7 @@ function restore_local_tox {
exit 6393 exit 6393
fi fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
systemctl restart tox-bootstrapd.service if ! systemctl restart tox-bootstrapd.service; then
if [ ! "$?" = "0" ]; then
systemctl status tox-bootstrapd.service systemctl status tox-bootstrapd.service
function_check set_user_permissions function_check set_user_permissions
set_user_permissions set_user_permissions
@ -259,17 +258,15 @@ function backup_remote_tox {
} }
function restore_remote_tox { function restore_remote_tox {
if [ -d $SERVER_DIRECTORY/backup/tox ]; then if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
echo $"Restoring Tox node settings" echo $"Restoring Tox node settings"
function_check restore_directory_from_friend function_check restore_directory_from_friend
#restore_directory_from_friend / tox #restore_directory_from_friend / tox
restore_directory_from_friend /var/lib/tox-bootstrapd tox if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
if [ ! "$?" = "0" ]; then
exit 93653 exit 93653
fi fi
cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
systemctl restart tox-bootstrapd.service if ! systemctl restart tox-bootstrapd.service; then
if [ ! "$?" = "0" ]; then
systemctl status tox-bootstrapd.service systemctl status tox-bootstrapd.service
exit 59369 exit 59369
fi fi
@ -283,8 +280,7 @@ function remove_tox_node {
function_check remove_onion_service function_check remove_onion_service
remove_onion_service tox ${TOX_PORT} remove_onion_service tox ${TOX_PORT}
${PROJECT_NAME}-mesh-install -f tox_node --remove yes if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Failed to remove tox node' echo $'Failed to remove tox node'
exit 763836 exit 763836
fi fi
@ -293,21 +289,20 @@ function remove_tox_node {
} }
function remove_tox_avahi { function remove_tox_avahi {
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 82456275
make uninstall make uninstall
rm -rf $INSTALL_DIR/toxid rm -rf "$INSTALL_DIR/toxid"
sed -i '/tox_avahi/d' $COMPLETION_FILE sed -i '/tox_avahi/d' "$COMPLETION_FILE"
} }
function remove_tox_client { function remove_tox_client {
${PROJECT_NAME}-mesh-install -f tox_client --remove yes if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
if [ ! "$?" = "0" ]; then
echo $'Could not remove Tox client' echo $'Could not remove Tox client'
exit 737253 exit 737253
fi fi
sed -i '/install_tox_client/d' $COMPLETION_FILE sed -i '/install_tox_client/d' "$COMPLETION_FILE"
sed -i '/Tox /d' $COMPLETION_FILE sed -i '/Tox /d' "$COMPLETION_FILE"
sed -i '/Toxic /d' $COMPLETION_FILE sed -i '/Toxic /d' "$COMPLETION_FILE"
} }
function remove_tox { function remove_tox {
@ -317,7 +312,7 @@ function remove_tox {
} }
function configure_firewall_for_tox { function configure_firewall_for_tox {
if [ ! $INSTALLING_MESH ]; then if [ ! "$INSTALLING_MESH" ]; then
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return return
fi fi
@ -331,16 +326,16 @@ function configure_firewall_for_tox {
return return
fi fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN TOX_PORT=$TOX_PORT_MAIN
fi fi
if [ ! $TOX_PORT ]; then if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified' echo $'No Tox port was specified'
exit 32856 exit 32856
fi fi
firewall_add Tox ${TOX_PORT} firewall_add Tox "${TOX_PORT}"
mark_completed "${FUNCNAME[0]}" mark_completed "${FUNCNAME[0]}"
} }
@ -355,24 +350,23 @@ function tox_avahi {
fi fi
# install a command to obtain the Tox ID # install a command to obtain the Tox ID
cd $INSTALL_DIR cd "$INSTALL_DIR" || exit 131497953
if [ -d /repos/toxid ]; then if [ -d /repos/toxid ]; then
mkdir $INSTALL_DIR/toxid mkdir "$INSTALL_DIR/toxid"
cp -r -p /repos/toxid/. $INSTALL_DIR/toxid cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 468276424526
git pull git pull
else else
function_check git_clone function_check git_clone
git_clone $TOXID_REPO $INSTALL_DIR/toxid git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
fi fi
if [ ! -d $INSTALL_DIR/toxid ]; then if [ ! -d "$INSTALL_DIR/toxid" ]; then
exit 63921 exit 63921
fi fi
cd $INSTALL_DIR/toxid cd "$INSTALL_DIR/toxid" || exit 4782462846
make if ! make; then
if [ ! "$?" = "0" ]; then
exit 58432 exit 58432
fi fi
make install make install
@ -399,13 +393,13 @@ function install_tox_node {
mesh_tox_node mesh_tox_node
# onion address for bootstrapping # onion address for bootstrapping
TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT}) add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
systemctl restart tox-bootstrapd.service systemctl restart tox-bootstrapd.service
sleep 3 sleep 3
TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}') TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
echo $'Could not obtain the tox node public key' echo $'Could not obtain the tox node public key'
exit 6529 exit 6529
@ -435,58 +429,58 @@ function install_tox_client {
function mesh_tox_node { function mesh_tox_node {
# obtain commits from the main file # obtain commits from the main file
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
fi fi
if [ ! $TOXCORE_COMMIT ]; then if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified' echo $'No Tox commit was specified'
exit 76325 exit 76325
fi fi
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
TOXID_REPO=$TOXID_REPO_MAIN TOXID_REPO=$TOXID_REPO_MAIN
fi fi
if [ ! $TOXID_REPO ]; then if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified' echo $'No ToxID repo was specified'
exit 78252 exit 78252
fi fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN TOX_PORT=$TOX_PORT_MAIN
fi fi
if [ ! $TOX_PORT ]; then if [ ! "$TOX_PORT" ]; then
echo $'No Tox port was specified' echo $'No Tox port was specified'
exit 32856 exit 32856
fi fi
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
TOXCORE_REPO=$TOXCORE_REPO_MAIN TOXCORE_REPO=$TOXCORE_REPO_MAIN
fi fi
if [ ! $TOXCORE_REPO ]; then if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified' echo $'No Tox repo was specified'
exit 16865 exit 16865
fi fi
if [ ! $TOXCORE_COMMIT ]; then if [ ! "$TOXCORE_COMMIT" ]; then
echo $'No Tox commit was specified' echo $'No Tox commit was specified'
exit 76325 exit 76325
fi fi
if [ ! $TOXCORE_REPO ]; then if [ ! "$TOXCORE_REPO" ]; then
echo $'No Tox repo was specified' echo $'No Tox repo was specified'
exit 16865 exit 16865
fi fi
if [ $rootdir ]; then if [ "$rootdir" ]; then
chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
else else
apt-get -yq install build-essential libtool autotools-dev apt-get -yq install build-essential libtool autotools-dev
apt-get -yq install automake checkinstall check git yasm apt-get -yq install automake checkinstall check git yasm
@ -495,27 +489,26 @@ function mesh_tox_node {
apt-get -yq install libopus-dev libvpx-dev apt-get -yq install libopus-dev libvpx-dev
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
mkdir -p ${rootdir}${INSTALL_DIR} mkdir -p "${rootdir}${INSTALL_DIR}"
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
if [ -d /repos/toxcore ]; then if [ -d /repos/toxcore ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxcore mkdir "${rootdir}${INSTALL_DIR}/toxcore"
cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
cd ${rootdir}${INSTALL_DIR}/toxcore cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
git pull git pull
else else
git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
if [ ! "$?" = "0" ]; then exit 4292521
exit 429252
fi fi
fi fi
fi fi
cd ${rootdir}$INSTALL_DIR/toxcore cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxcore cd ${INSTALL_DIR}/toxcore
autoreconf -i autoreconf -i
./configure --enable-daemon ./configure --enable-daemon
@ -532,28 +525,28 @@ make install
EOF EOF
fi fi
cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/ cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/ cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} systemctl enable tox-bootstrapd.service chroot "${rootdir}" systemctl enable tox-bootstrapd.service
else else
systemctl enable tox-bootstrapd.service systemctl enable tox-bootstrapd.service
fi fi
SECONDS=0 SECONDS=0
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
duration=$SECONDS duration=$SECONDS
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make toxcore' echo $'Unable to make toxcore'
exit 73835 exit 73835
fi fi
duration=$SECONDS duration=$SECONDS
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
else else
chmod 600 /etc/shadow chmod 600 /etc/shadow
chmod 600 /etc/gshadow chmod 600 /etc/gshadow
@ -564,87 +557,89 @@ EOF
fi fi
# remove Maildir # remove Maildir
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
fi fi
# create configuration file # create configuration file
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG { echo "port = $TOX_PORT";
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_ipv6 = true';
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_ipv4_fallback = true';
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_lan_discovery = true';
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_tcp_relay = true';
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG echo 'enable_motd = true';
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
if [ $TOX_NODES ]; then if [ $TOX_NODES ]; then
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
toxcount=0 toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ] while [ "x${TOX_NODES[toxcount]}" != "x" ]
do do
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') # shellcheck disable=SC2102
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') nodes_str=$(echo $TOX_NODES[toxcount])
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
if [[ $toxval_ipv6 != 'NONE' ]]; then if [[ $toxval_ipv6 != 'NONE' ]]; then
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG echo " address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
else else
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG echo " address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG echo " port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG echo " public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
toxcount=$(( $toxcount + 1 )) toxcount=$((toxcount + 1))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
echo "}," >> $TOX_BOOTSTRAP_CONFIG echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
else else
echo "}" >> $TOX_BOOTSTRAP_CONFIG echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
done done
echo ')' >> $TOX_BOOTSTRAP_CONFIG echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
fi fi
if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
chmod 700 $rootdir/var/lib/tox-bootstrapd/keys chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
fi fi
} }
function mesh_tox_avahi { function mesh_tox_avahi {
if [ ! -d $rootdir/etc/avahi ]; then if [ ! -d "$rootdir/etc/avahi" ]; then
echo $'tox_avahi: avahi is not installed' echo $'tox_avahi: avahi is not installed'
exit 87359 exit 87359
fi fi
if [ ! $TOXID_REPO ]; then if [ ! "$TOXID_REPO" ]; then
echo $'No ToxID repo was specified' echo $'No ToxID repo was specified'
exit 78252 exit 78252
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR} ]; then if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
mkdir -p ${rootdir}${INSTALL_DIR} mkdir -p "${rootdir}${INSTALL_DIR}"
fi fi
if [ -d /repos/toxid ]; then if [ -d /repos/toxid ]; then
mkdir ${rootdir}${INSTALL_DIR}/toxid mkdir "${rootdir}${INSTALL_DIR}/toxid"
cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
cd ${rootdir}${INSTALL_DIR}/toxid cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
git pull git pull
else else
git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
fi fi
if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
echo $'Unable to clone toxid repo' echo $'Unable to clone toxid repo'
exit 768352 exit 768352
fi fi
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /bin/bash -x <<EOF chroot "${rootdir}" /bin/bash -x <<EOF
cd ${INSTALL_DIR}/toxid cd ${INSTALL_DIR}/toxid
make make
make install make install
@ -657,45 +652,46 @@ make install
EOF EOF
fi fi
if [ ! -f $rootdir/usr/local/bin/toxid ]; then if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
echo $'toxid not found' echo $'toxid not found'
exit 74370 exit 74370
fi fi
if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
exit 3621729 exit 3621729
fi fi
MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
echo '#!/bin/bash' > $MESH_SYNC_COMMAND { echo '#!/bin/bash';
echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/toxavahi 2> /dev/null';
echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
chmod +x $MESH_SYNC_COMMAND chmod +x "$MESH_SYNC_COMMAND"
if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab { echo "*/1 * * * * root /usr/bin/mesh-sync 2> /dev/null";
echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab echo "*/1 * * * * root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
echo "*/1 * * * * root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
fi fi
} }
function mesh_tox_client { function mesh_tox_client {
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
# obtain commits from the main file # obtain commits from the main file
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
fi fi
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
TOXIC_REPO=$TOXIC_REPO_MAIN TOXIC_REPO=$TOXIC_REPO_MAIN
fi fi
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
chroot ${rootdir} apt-get -yq install libqrencode-dev chroot "${rootdir}" apt-get -yq install libqrencode-dev
else else
apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@ -704,57 +700,57 @@ function mesh_tox_client {
TEMP_SCRIPT_NAME=fbtmp728353.sh TEMP_SCRIPT_NAME=fbtmp728353.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT { echo '#!/bin/bash';
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT echo "mkdir -p $INSTALL_DIR";
echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT echo 'if [ -d /repos/toxic ]; then';
echo " mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " mkdir $INSTALL_DIR/toxic";
echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
echo " cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " cd $INSTALL_DIR/toxic";
echo ' git pull' >> $TEMP_SCRIPT echo ' git pull';
echo 'else' >> $TEMP_SCRIPT echo 'else';
echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo " git clone $TOXIC_REPO $INSTALL_DIR/toxic";
echo 'fi' >> $TEMP_SCRIPT echo 'fi';
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT echo "cd $INSTALL_DIR/toxic";
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
echo 'make' >> $TEMP_SCRIPT echo 'make';
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT echo 'if [ ! "$?" = "0" ]; then';
echo ' exit 1' >> $TEMP_SCRIPT echo ' exit 1';
echo 'fi' >> $TEMP_SCRIPT echo 'fi';
echo 'make install' >> $TEMP_SCRIPT echo 'make install';
echo 'exit 0' >> $TEMP_SCRIPT echo 'exit 0'; } > "$TEMP_SCRIPT"
chmod +x $TEMP_SCRIPT chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/ cp "$TEMP_SCRIPT" "$rootdir/root/"
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
SECONDS=0 SECONDS=0
if [ ${rootdir} ]; then if [ "${rootdir}" ]; then
chroot ${rootdir} /root/$TEMP_SCRIPT_NAME chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
else else
/root/$TEMP_SCRIPT_NAME /root/$TEMP_SCRIPT_NAME
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
cat -n /root/fbtmp728353.sh cat -n /root/fbtmp728353.sh
duration=$SECONDS duration=$SECONDS
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo $'Unable to make tox client' echo $'Unable to make tox client'
rm $TEMP_SCRIPT rm $TEMP_SCRIPT
exit 74872 exit 74872
fi fi
rm $TEMP_SCRIPT rm $TEMP_SCRIPT
if [ ! -f $rootdir$TOXIC_FILE ]; then if [ ! -f "$rootdir$TOXIC_FILE" ]; then
echo $"Tox client was not installed to $TOXIC_FILE" echo $"Tox client was not installed to $TOXIC_FILE"
exit 63278 exit 63278
fi fi
duration=$SECONDS duration=$SECONDS
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
} }
function enable_tox_repo { function enable_tox_repo {
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
cat >> "$rootdir/root/gettoxkey.sh" <<EOF
cat >> $rootdir/root/gettoxkey.sh <<EOF
#!/bin/bash #!/bin/bash
wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
apt-key add /root/tox.key apt-key add /root/tox.key
@ -769,30 +765,30 @@ EOF
function install_tox { function install_tox {
configure_firewall_for_tox configure_firewall_for_tox
if [ $INSTALLING_MESH ]; then if [ "$INSTALLING_MESH" ]; then
mesh_tox_node mesh_tox_node
mesh_tox_avahi mesh_tox_avahi
mesh_tox_client mesh_tox_client
else else
avoid_tor_restart= avoid_tor_restart=
if [ -f $IMAGE_PASSWORD_FILE ]; then if [ -f "$IMAGE_PASSWORD_FILE" ]; then
if [[ $ONION_ONLY != 'no' ]]; then if [[ $ONION_ONLY != 'no' ]]; then
avoid_tor_restart=1 avoid_tor_restart=1
fi fi
fi fi
if [ $avoid_tor_restart ]; then if [ $avoid_tor_restart ]; then
${PROJECT_NAME}-logging on --onion "${PROJECT_NAME}-logging" on --onion
else else
${PROJECT_NAME}-logging on "${PROJECT_NAME}-logging" on
fi fi
install_tox_node install_tox_node
if [ $avoid_tor_restart ]; then if [ $avoid_tor_restart ]; then
${PROJECT_NAME}-logging off --onion "${PROJECT_NAME}-logging" off --onion
else else
${PROJECT_NAME}-logging off "${PROJECT_NAME}-logging" off
fi fi
tox_avahi tox_avahi

154
src/freedombone-app-turtl
View File

@ -68,22 +68,24 @@ function logging_off_turtl {
} }
function change_password_turtl { function change_password_turtl {
change_username="$1" echo -n ''
new_user_password="$2" # change_username="$1"
# new_user_password="$2"
} }
function remove_user_turtl { function remove_user_turtl {
remove_username="$1" echo -n ''
# remove_username="$1"
} }
function add_user_turtl { function add_user_turtl {
new_username="$1" # new_username="$1"
new_user_password="$2" # new_user_password="$2"
echo '0' echo '0'
} }
function install_interactive_turtl { function install_interactive_turtl {
if [ ! $ONION_ONLY ]; then if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no' ONION_ONLY='no'
fi fi
@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
dialog --title $"Allow new turtl signups" \ dialog --title $"Allow new turtl signups" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--defaultno \ --defaultno \
--yesno $"\nAllow registration of new users?" 10 60 --yesno $"\\nAllow registration of new users?" 10 60
sel=$? sel=$?
case $sel in case $sel in
0) 0)
@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
} }
function configure_interactive_turtl_storage { function configure_interactive_turtl_storage {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Change storage limit" \ dialog --title $"Change storage limit" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
STORAGE=$(<$data) STORAGE=$(<"$data")
if [ ${#STORAGE} -gt 0 ]; then if [ ${#STORAGE} -gt 0 ]; then
TURTL_STORAGE_LIMIT_MB=$STORAGE TURTL_STORAGE_LIMIT_MB=$STORAGE
sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_turtl { function configure_interactive_turtl {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"turtl app settings" \ --title $"turtl app settings" \
--radiolist $"Choose an operation:" 12 70 3 \ --radiolist $"Choose an operation:" 12 70 3 \
1 $"Enable/disable new user registrations" off \ 1 $"Enable/disable new user registrations" off \
2 $"Change storage limit" off \ 2 $"Change storage limit" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) configure_interactive_turtl_signups;; 1) configure_interactive_turtl_signups;;
2) configure_interactive_turtl_storage;; 2) configure_interactive_turtl_storage;;
3) return;; 3) rm -f "$data"
return;;
esac esac
rm -f "$data"
} }
function reconfigure_turtl { function reconfigure_turtl {
@ -255,7 +260,7 @@ function restore_local_turtl {
else else
cp -r ${temp_restore_dir}/* /etc/turtl/ cp -r ${temp_restore_dir}/* /etc/turtl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -273,6 +278,7 @@ function restore_local_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/ cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
backup_unmount_drive backup_unmount_drive
@ -318,6 +324,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /etc/turtl/ cp -r ${temp_restore_dir}/* /etc/turtl/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [ -d /etc/turtl_previous ]; then if [ -d /etc/turtl_previous ]; then
mv /etc/turtl_previous $TURTL_BASE_DIR mv /etc/turtl_previous $TURTL_BASE_DIR
@ -338,6 +345,7 @@ function restore_remote_turtl {
cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/ cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
set_user_permissions set_user_permissions
exit 26783 exit 26783
@ -358,7 +366,7 @@ function remove_turtl {
remove_rethinkdb remove_rethinkdb
remove_app turtl remove_app turtl
remove_completion_param install_turtl remove_completion_param install_turtl
sed -i '/turtl/d' $COMPLETION_FILE sed -i '/turtl/d' "$COMPLETION_FILE"
nginx_dissite $TURTL_DOMAIN_NAME nginx_dissite $TURTL_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@ -444,18 +452,18 @@ __ENDCONFIG__
exit 6238234 exit 6238234
fi fi
echo '[Unit]' > /etc/systemd/system/turtl.service { echo '[Unit]';
echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service echo 'Description=Note taking service';
echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service echo 'Documentation=http://turtl.it';
echo 'Requires=network.target' >> /etc/systemd/system/turtl.service echo 'Requires=network.target';
echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service echo 'Requires=rethinkdb.service';
echo 'After=network.target' >> /etc/systemd/system/turtl.service echo 'After=network.target';
echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service echo 'After=rethinkdb.service';
echo '' >> /etc/systemd/system/turtl.service echo '';
echo '[Service]' >> /etc/systemd/system/turtl.service echo '[Service]';
echo 'Type=simple' >> /etc/systemd/system/turtl.service echo 'Type=simple';
echo 'User=turtl' >> /etc/systemd/system/turtl.service echo 'User=turtl';
echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@ -466,9 +474,9 @@ __ENDCONFIG__
echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
fi fi
fi fi
echo '' >> /etc/systemd/system/turtl.service { echo '';
echo '[Install]' >> /etc/systemd/system/turtl.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
chmod +x /etc/systemd/system/turtl.service chmod +x /etc/systemd/system/turtl.service
chown -R turtl:turtl $TURTL_BASE_DIR chown -R turtl:turtl $TURTL_BASE_DIR
@ -484,7 +492,7 @@ function install_turtl_api {
if [ ! -d $TURTL_BASE_DIR ]; then if [ ! -d $TURTL_BASE_DIR ]; then
mkdir -p $TURTL_BASE_DIR mkdir -p $TURTL_BASE_DIR
fi fi
cd $TURTL_BASE_DIR cd "$TURTL_BASE_DIR" || exit 745726542
mkdir cd $TURTL_BASE_DIR/data mkdir cd $TURTL_BASE_DIR/data
check_architecture=$(uname -a) check_architecture=$(uname -a)
@ -600,21 +608,21 @@ __ENDCONFIG__
chown -R rethinkdb:rethinkdb /var/lib/rethinkdb chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
# install turtl API # install turtl API
cd $TURTL_BASE_DIR/ cd "$TURTL_BASE_DIR/" || exit 6428462
if [ -d /repos/turtl ]; then if [ -d /repos/turtl ]; then
mkdir $TURTL_BASE_DIR/api mkdir $TURTL_BASE_DIR/api
cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
cd $TURTL_BASE_DIR/api cd "$TURTL_BASE_DIR/api" || exit 57141845
git pull git pull
else else
git clone $TURTL_REPO $TURTL_BASE_DIR/api git clone $TURTL_REPO $TURTL_BASE_DIR/api
fi fi
cd $TURTL_BASE_DIR/api cd "$TURTL_BASE_DIR/api" || exit 35814614
git checkout $TURTL_COMMIT -b $TURTL_COMMIT git checkout $TURTL_COMMIT -b $TURTL_COMMIT
set_completion_param "turtl commit" "$TURTL_COMMIT" set_completion_param "turtl commit" "$TURTL_COMMIT"
cd $TURTL_BASE_DIR/quicklisp/local-projects cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
git clone git://github.com/orthecreedence/cl-hash-util git clone git://github.com/orthecreedence/cl-hash-util
if [[ "$check_architecture" != *"arm"* ]]; then if [[ "$check_architecture" != *"arm"* ]]; then
if [[ "$check_architecture" == *"64"* ]]; then if [[ "$check_architecture" == *"64"* ]]; then
@ -657,54 +665,54 @@ function install_turtl_nginx {
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect function_check nginx_http_redirect
nginx_http_redirect $TURTL_DOMAIN_NAME nginx_http_redirect $TURTL_DOMAIN_NAME
echo 'server {' >> $turtl_nginx_site { echo 'server {';
echo ' listen 443 ssl;' >> $turtl_nginx_site echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;' >> $turtl_nginx_site echo ' #listen [::]:443 ssl;';
echo " server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site echo " server_name ${TURTL_DOMAIN_NAME};";
echo '' >> $turtl_nginx_site echo '';
echo ' # Security' >> $turtl_nginx_site echo ' # Security'; } >> "$turtl_nginx_site"
function_check nginx_ssl function_check nginx_ssl
nginx_ssl $TURTL_DOMAIN_NAME nginx_ssl $TURTL_DOMAIN_NAME
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME nginx_disable_sniffing $TURTL_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site { echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '' >> $turtl_nginx_site echo '';
echo ' # Logs' >> $turtl_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $turtl_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $turtl_nginx_site echo ' error_log /dev/null;';
echo '' >> $turtl_nginx_site echo '';
echo ' location / {' >> $turtl_nginx_site echo ' location / {'; } >> "$turtl_nginx_site"
function_check nginx_limits function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m' nginx_limits $TURTL_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
echo ' proxy_set_header Host $host;' >> $turtl_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $turtl_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $turtl_nginx_site echo ' }';
echo '}' >> $turtl_nginx_site echo '}'; } >> "$turtl_nginx_site"
else else
echo -n '' > $turtl_nginx_site echo -n '' > $turtl_nginx_site
fi fi
echo 'server {' >> $turtl_nginx_site { echo 'server {';
echo " listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site echo " listen 127.0.0.1:${TURTL_ONION_PORT};";
echo " server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site echo " server_name ${TURTL_ONION_HOSTNAME};";
echo '' >> $turtl_nginx_site echo ''; } >> $turtl_nginx_site
function_check nginx_disable_sniffing function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME nginx_disable_sniffing $TURTL_DOMAIN_NAME
echo '' >> $turtl_nginx_site { echo '';
echo ' # Logs' >> $turtl_nginx_site echo ' # Logs';
echo ' access_log /dev/null;' >> $turtl_nginx_site echo ' access_log /dev/null;';
echo ' error_log /dev/null;' >> $turtl_nginx_site echo ' error_log /dev/null;';
echo '' >> $turtl_nginx_site echo '';
echo ' location / {' >> $turtl_nginx_site echo ' location / {'; } >> $turtl_nginx_site
function_check nginx_limits function_check nginx_limits
nginx_limits $TURTL_DOMAIN_NAME '15m' nginx_limits $TURTL_DOMAIN_NAME '15m'
echo " proxy_pass http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site { echo " proxy_pass http://localhost:${TURTL_PORT}/;";
echo ' proxy_set_header Host $host;' >> $turtl_nginx_site echo " proxy_set_header Host \$host;";
echo ' proxy_buffering off;' >> $turtl_nginx_site echo ' proxy_buffering off;';
echo ' }' >> $turtl_nginx_site echo ' }';
echo '}' >> $turtl_nginx_site echo '}'; } >> $turtl_nginx_site
function_check add_ddns_domain function_check add_ddns_domain
add_ddns_domain $TURTL_DOMAIN_NAME add_ddns_domain $TURTL_DOMAIN_NAME

122
src/freedombone-app-vim
View File

@ -62,27 +62,27 @@ function backup_local_vim {
echo $"Backing up Vim config for $USERNAME" echo $"Backing up Vim config for $USERNAME"
# create a temporary directory # create a temporary directory
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# copy config files into the directory # copy config files into the directory
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# backup the directory # backup the directory
function_check backup_directory_to_usb function_check backup_directory_to_usb
backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory # remove temporary directory
if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi fi
fi fi
done done
@ -90,24 +90,25 @@ function backup_local_vim {
function restore_local_vim { function restore_local_vim {
temp_restore_dir=/root/tempvim temp_restore_dir=/root/tempvim
if [ -d $USB_MOUNT/backup/vim ]; then if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Vim config for $USERNAME" echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_usb function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir vim/$USERNAME restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -116,14 +117,14 @@ function restore_local_vim {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi fi
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi fi
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
done done
@ -137,27 +138,27 @@ function backup_remote_vim {
echo $"Backing up Vim config for $USERNAME" echo $"Backing up Vim config for $USERNAME"
# create a temporary directory # create a temporary directory
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# copy config files into the directory # copy config files into the directory
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
# backup the directory # backup the directory
function_check backup_directory_to_friend function_check backup_directory_to_friend
backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
# remove temporary directory # remove temporary directory
if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
fi fi
fi fi
done done
@ -165,24 +166,25 @@ function backup_remote_vim {
function restore_remote_vim { function restore_remote_vim {
temp_restore_dir=/root/tempvim temp_restore_dir=/root/tempvim
if [ -d $USB_MOUNT/backup/vim ]; then if [ -d "$USB_MOUNT/backup/vim" ]; then
for d in $USB_MOUNT/backup/vim/*/ ; do for d in $USB_MOUNT/backup/vim/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $6}') USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ ! -d /home/$USERNAME ]; then if [ ! -d "/home/$USERNAME" ]; then
${PROJECT_NAME}-adduser $USERNAME "${PROJECT_NAME}-adduser" "$USERNAME"
fi fi
echo $"Restoring Vim config for $USERNAME" echo $"Restoring Vim config for $USERNAME"
function_check restore_directory_from_friend function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir vim/$USERNAME restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/ cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
else else
if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
mkdir /home/$USERNAME/$VIM_TEMP_DIR mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
fi fi
cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/ cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
fi fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
function_check set_user_permissions function_check set_user_permissions
@ -191,14 +193,14 @@ function restore_remote_vim {
backup_unmount_drive backup_unmount_drive
exit 664 exit 664
fi fi
cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
if [ -f /home/$USERNAME/.viminfo ]; then if [ -f "/home/$USERNAME/.viminfo" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
fi fi
if [ -f /home/$USERNAME/.vimrc ]; then if [ -f "/home/$USERNAME/.vimrc" ]; then
chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
fi fi
rm -rf /home/$USERNAME/$VIM_TEMP_DIR rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
rm -rf $temp_restore_dir rm -rf $temp_restore_dir
fi fi
done done
@ -210,7 +212,7 @@ function remove_vim {
# This may change with Debian Stretch # This may change with Debian Stretch
# apt-get -yq remove --purge vim # apt-get -yq remove --purge vim
update-alternatives --set editor /usr/bin/nano update-alternatives --set editor /usr/bin/nano
sed -i '/install_vim/d' $COMPLETION_FILE sed -i '/install_vim/d' "$COMPLETION_FILE"
# remove Vim as the mutt email editor # remove Vim as the mutt email editor
if [ -f /etc/Muttrc ]; then if [ -f /etc/Muttrc ]; then
@ -220,9 +222,9 @@ function remove_vim {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if grep -q "set editor=" /home/$USERNAME/.muttrc; then if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
sed -i '/set editor=/d' /home/$USERNAME/.muttrc sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi
@ -244,11 +246,11 @@ function install_vim {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then if [ -f "/home/$USERNAME/.muttrc" ]; then
if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
else else
sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
fi fi
fi fi
fi fi

408
src/freedombone-app-vpn
View File

@ -82,23 +82,24 @@ function install_interactive_vpn {
VPN_DETAILS_COMPLETE= VPN_DETAILS_COMPLETE=
while [ ! $VPN_DETAILS_COMPLETE ] while [ ! $VPN_DETAILS_COMPLETE ]
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}') currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
if [ $currtlsport ]; then if [ "$currtlsport" ]; then
VPN_TLS_PORT=$currtlsport VPN_TLS_PORT=$currtlsport
fi fi
dialog --backtitle $"Freedombone Configuration" \ dialog --backtitle $"Freedombone Configuration" \
--title $"VPN Configuration" \ --title $"VPN Configuration" \
--form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \ --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
$"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \ $"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
2> $data 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) rm -f "$data"
255) exit 1;; exit 1;;
255) rm -f "$data"
exit 1;;
esac esac
tlsport=$(cat $data | sed -n 1p) tlsport=$(sed -n 1p < "$data")
if [ ${#tlsport} -gt 1 ]; then if [ ${#tlsport} -gt 1 ]; then
if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
VPN_TLS_PORT="$tlsport" VPN_TLS_PORT="$tlsport"
@ -106,27 +107,27 @@ function install_interactive_vpn {
write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT" write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
fi fi
fi fi
rm -f "$data"
done done
clear clear
APP_INSTALLED=1 APP_INSTALLED=1
} }
function vpn_change_tls_port { function vpn_change_tls_port {
if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
EXISTING_VPN_TLS_PORT=443 EXISTING_VPN_TLS_PORT=443
else else
EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}') EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
fi fi
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"VPN Configuration" \ dialog --title $"VPN Configuration" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
tlsport=$(<$data) tlsport=$(<"$data")
if [ ${#tlsport} -gt 0 ]; then if [ ${#tlsport} -gt 0 ]; then
if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
clear clear
@ -137,22 +138,22 @@ function vpn_change_tls_port {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel-client.conf ]; then if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
fi fi
done done
if [ $VPN_TLS_PORT -eq 443 ]; then if [ "$VPN_TLS_PORT" -eq 443 ]; then
if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT} firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
fi fi
systemctl stop nginx systemctl stop nginx
systemctl disable nginx systemctl disable nginx
else else
if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT} firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
firewall_add VPN-TLS ${VPN_TLS_PORT} tcp firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
fi fi
systemctl enable nginx systemctl enable nginx
systemctl restart nginx systemctl restart nginx
@ -160,7 +161,7 @@ function vpn_change_tls_port {
systemctl restart stunnel systemctl restart stunnel
if [ $VPN_TLS_PORT -eq 443 ]; then if [ "$VPN_TLS_PORT" -eq 443 ]; then
dialog --title $"VPN Configuration" \ dialog --title $"VPN Configuration" \
--msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60 --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
else else
@ -171,52 +172,56 @@ function vpn_change_tls_port {
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function vpn_regenerate_client_keys { function vpn_regenerate_client_keys {
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Regenerate VPN keys for a user" \ dialog --title $"Regenerate VPN keys for a user" \
--backtitle $"Freedombone Control Panel" \ --backtitle $"Freedombone Control Panel" \
--inputbox $'username' 10 50 2>$data --inputbox $'username' 10 50 2>"$data"
sel=$? sel=$?
case $sel in case $sel in
0) 0)
USERNAME=$(<$data) USERNAME=$(<"$data")
if [ ${#USERNAME} -gt 0 ]; then if [ ${#USERNAME} -gt 0 ]; then
if [ -d /home/$USERNAME ]; then if [ -d "/home/$USERNAME" ]; then
clear clear
create_user_vpn_key $USERNAME create_user_vpn_key "$USERNAME"
dialog --title $"Regenerate VPN keys for a user" \ dialog --title $"Regenerate VPN keys for a user" \
--msgbox $"VPN keys were regenerated for $USERNAME" 6 60 --msgbox $"VPN keys were regenerated for $USERNAME" 6 60
fi fi
fi fi
;; ;;
esac esac
rm -f "$data"
} }
function configure_interactive_vpn { function configure_interactive_vpn {
read_config_param VPN_TLS_PORT read_config_param VPN_TLS_PORT
while true while true
do do
data=$(tempfile 2>/dev/null) data=$(mktemp 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"VPN Configuration" \ --title $"VPN Configuration" \
--radiolist $"Choose an operation:" 13 70 3 \ --radiolist $"Choose an operation:" 13 70 3 \
1 $"Change TLS port (currently $VPN_TLS_PORT)" off \ 1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
2 $"Regenerate keys for a user" off \ 2 $"Regenerate keys for a user" off \
3 $"Exit" on 2> $data 3 $"Exit" on 2> "$data"
sel=$? sel=$?
case $sel in case $sel in
1) return;; 1) rm -f "$data"
255) return;; return;;
255) rm -f "$data"
return;;
esac esac
case $(cat $data) in case $(cat "$data") in
1) vpn_change_tls_port;; 1) vpn_change_tls_port;;
2) vpn_regenerate_client_keys;; 2) vpn_regenerate_client_keys;;
3) break;; 3) rm -f "$data"
break;;
esac esac
rm -f "$data"
done done
} }
@ -231,8 +236,8 @@ function upgrade_vpn {
function backup_local_vpn { function backup_local_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi fi
done done
@ -252,9 +257,9 @@ function restore_local_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
done done
fi fi
@ -265,13 +270,13 @@ function restore_local_vpn {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel.pem ]; then if [ -f "/home/$USERNAME/stunnel.pem" ]; then
cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi fi
if [ -f /home/$USERNAME/stunnel.p12 ]; then if [ -f "/home/$USERNAME/stunnel.p12" ]; then
cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12 chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi fi
done done
fi fi
@ -280,8 +285,8 @@ function restore_local_vpn {
function backup_remote_vpn { function backup_remote_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
fi fi
done done
@ -301,9 +306,9 @@ function restore_remote_vpn {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
done done
fi fi
@ -314,13 +319,13 @@ function restore_remote_vpn {
rm -rf ${temp_restore_dir} rm -rf ${temp_restore_dir}
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/stunnel.pem ]; then if [ -f "/home/$USERNAME/stunnel.pem" ]; then
cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
fi fi
if [ -f /home/$USERNAME/stunnel.p12 ]; then if [ -f "/home/$USERNAME/stunnel.p12" ]; then
cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12 chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
fi fi
done done
fi fi
@ -332,8 +337,8 @@ function remove_vpn {
rm /etc/systemd/system/stunnel.service rm /etc/systemd/system/stunnel.service
systemctl stop openvpn systemctl stop openvpn
if [ $VPN_TLS_PORT -ne 443 ]; then if [ "$VPN_TLS_PORT" -ne 443 ]; then
firewall_remove VPN-TLS $VPN_TLS_PORT firewall_remove VPN-TLS "$VPN_TLS_PORT"
else else
systemctl enable nginx systemctl enable nginx
systemctl restart nginx systemctl restart nginx
@ -354,10 +359,10 @@ function remove_vpn {
# remove any client keys # remove any client keys
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
fi fi
rm /home/$USERNAME/stunnel* rm "/home/$USERNAME/stunnel*"
done done
userdel -f vpn userdel -f vpn
groupdel -f vpn groupdel -f vpn
@ -370,107 +375,108 @@ function remove_vpn {
function create_user_vpn_key { function create_user_vpn_key {
username=$1 username=$1
if [ ! -d /home/$username ]; then if [ ! -d "/home/$username" ]; then
return return
fi fi
echo $"Creating VPN key for $username" echo $"Creating VPN key for $username"
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa || exit 4728468246
if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.crt rm "/etc/openvpn/easy-rsa/keys/$username.crt"
fi fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.key rm "/etc/openvpn/easy-rsa/keys/$username.key"
fi fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
rm /etc/openvpn/easy-rsa/keys/$username.csr rm "/etc/openvpn/easy-rsa/keys/$username.csr"
fi fi
sed -i 's| --interact||g' build-key sed -i 's| --interact||g' build-key
./build-key "$username" ./build-key "$username"
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
echo $'VPN user cert not generated' echo $'VPN user cert not generated'
exit 783528 exit 783528
fi fi
user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt) user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
if [ ${#user_cert} -lt 10 ]; then if [ ${#user_cert} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.crt cat "/etc/openvpn/easy-rsa/keys/$username.crt"
echo $'User cert generation failed' echo $'User cert generation failed'
exit 634659 exit 634659
fi fi
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
echo $'VPN user key not generated' echo $'VPN user key not generated'
exit 682523 exit 682523
fi fi
user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key) user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
if [ ${#user_key} -lt 10 ]; then if [ ${#user_key} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.key cat "/etc/openvpn/easy-rsa/keys/$username.key"
echo $'User key generation failed' echo $'User key generation failed'
exit 285838 exit 285838
fi fi
user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
echo 'client' > $user_vpn_cert_file { echo 'client';
echo 'dev tun' >> $user_vpn_cert_file echo 'dev tun';
echo 'proto tcp' >> $user_vpn_cert_file echo 'proto tcp';
echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file echo "remote localhost $STUNNEL_PORT";
echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
echo 'resolv-retry infinite' >> $user_vpn_cert_file echo 'resolv-retry infinite';
echo 'nobind' >> $user_vpn_cert_file echo 'nobind';
echo 'tun-mtu 1500' >> $user_vpn_cert_file echo 'tun-mtu 1500';
echo 'tun-mtu-extra 32' >> $user_vpn_cert_file echo 'tun-mtu-extra 32';
echo 'mssfix 1450' >> $user_vpn_cert_file echo 'mssfix 1450';
echo 'persist-key' >> $user_vpn_cert_file echo 'persist-key';
echo 'persist-tun' >> $user_vpn_cert_file echo 'persist-tun';
echo 'auth-nocache' >> $user_vpn_cert_file echo 'auth-nocache';
echo 'remote-cert-tls server' >> $user_vpn_cert_file echo 'remote-cert-tls server';
echo 'comp-lzo' >> $user_vpn_cert_file echo 'comp-lzo';
echo 'verb 3' >> $user_vpn_cert_file echo 'verb 3';
echo '' >> $user_vpn_cert_file echo ''; } > "$user_vpn_cert_file"
echo '<ca>' >> $user_vpn_cert_file {
cat /etc/openvpn/ca.crt >> $user_vpn_cert_file echo '<ca>';
echo '</ca>' >> $user_vpn_cert_file cat /etc/openvpn/ca.crt;
echo '</ca>';
echo '<cert>' >> $user_vpn_cert_file echo '<cert>';
cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
echo '</cert>' >> $user_vpn_cert_file echo '</cert>';
echo '<key>' >> $user_vpn_cert_file echo '<key>';
cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file cat "/etc/openvpn/easy-rsa/keys/$username.key;"
echo '</key>' >> $user_vpn_cert_file echo '</key>'; } >> "$user_vpn_cert_file"
chown $username:$username $user_vpn_cert_file chown "$username":"$username" "$user_vpn_cert_file"
# keep a backup # keep a backup
cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
#rm /etc/openvpn/easy-rsa/keys/$username.crt #rm /etc/openvpn/easy-rsa/keys/$username.crt
#rm /etc/openvpn/easy-rsa/keys/$username.csr #rm /etc/openvpn/easy-rsa/keys/$username.csr
shred -zu /etc/openvpn/easy-rsa/keys/$username.key shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
echo $"VPN key created at $user_vpn_cert_file" echo $"VPN key created at $user_vpn_cert_file"
} }
function add_user_vpn { function add_user_vpn {
new_username="$1" new_username="$1"
new_user_password="$2" # new_user_password="$2"
create_user_vpn_key $new_username create_user_vpn_key "$new_username"
if [ -f /etc/stunnel/stunnel.pem ]; then if [ -f /etc/stunnel/stunnel.pem ]; then
cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
chown $new_username:$new_username /home/$new_username/stunnel.pem chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
fi fi
if [ -f /etc/stunnel/stunnel.p12 ]; then if [ -f /etc/stunnel/stunnel.p12 ]; then
cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
chown $new_username:$new_username /home/$new_username/stunnel.p12 chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
fi fi
cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
chown $new_username:$new_username /home/$new_username/stunnel-client.conf chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
} }
function remove_user_vpn { function remove_user_vpn {
@ -516,15 +522,16 @@ function generate_stunnel_keys {
fi fi
chmod 640 /etc/stunnel/stunnel.p12 chmod 640 /etc/stunnel/stunnel.p12
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12 cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel* chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
} }
function install_stunnel { function install_stunnel {
prefix= prefix=
prefixchroot= prefixchroot=
if [ $rootdir ]; then # shellcheck disable=SC2154
if [ "$rootdir" ]; then
prefix=$rootdir prefix=$rootdir
prefixchroot="chroot $rootdir" prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@ -532,53 +539,53 @@ function install_stunnel {
$prefixchroot apt-get -yq install stunnel4 $prefixchroot apt-get -yq install stunnel4
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
cd /etc/stunnel cd /etc/stunnel || exit 46284624
generate_stunnel_keys generate_stunnel_keys
fi fi
echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf { echo 'chroot = /var/lib/stunnel4';
echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf echo 'pid = /stunnel4.pid';
echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf echo 'setuid = stunnel4';
echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf echo 'setgid = stunnel4';
echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf echo 'socket = l:TCP_NODELAY=1';
echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf echo 'socket = r:TCP_NODELAY=1';
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem';
echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf echo '[openvpn]';
echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf echo "accept = $VPN_TLS_PORT";
echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf echo 'connect = localhost:1194';
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem';
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4 sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf { echo '[openvpn]';
echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf echo 'client = yes';
echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "accept = $STUNNEL_PORT";
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf echo 'cert = stunnel.pem';
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service { echo '[Unit]';
echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service echo 'Description=SSL tunnel for network daemons';
echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service echo 'DefaultDependencies=no';
echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service echo 'After=network.target';
echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service echo 'After=syslog.target';
echo '' >> $prefix/etc/systemd/system/stunnel.service echo '';
echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service echo '[Install]';
echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service echo 'WantedBy=multi-user.target';
echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service echo 'Alias=stunnel.target';
echo '' >> $prefix/etc/systemd/system/stunnel.service echo '';
echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service echo '[Service]';
echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service echo 'Type=forking';
echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service echo 'RuntimeDirectory=stunnel';
echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service echo 'ExecStop=/usr/bin/killall -9 stunnel';
echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
if [ $VPN_TLS_PORT -eq 443 ]; then if [ $VPN_TLS_PORT -eq 443 ]; then
systemctl stop nginx systemctl stop nginx
systemctl disable nginx systemctl disable nginx
@ -591,15 +598,15 @@ function install_stunnel {
systemctl daemon-reload systemctl daemon-reload
systemctl start stunnel systemctl start stunnel
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
fi fi
} }
function vpn_generate_keys { function vpn_generate_keys {
# generate host keys # generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then if [ ! -f /etc/openvpn/dh2048.pem ]; then
${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
fi fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated' echo $'vpn dhparams were not generated'
@ -607,7 +614,8 @@ function vpn_generate_keys {
fi fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa || exit 5628756256
# shellcheck disable=SC1091
. ./vars . ./vars
./clean-all ./clean-all
vpn_openssl_version='1.0.0' vpn_openssl_version='1.0.0'
@ -651,13 +659,13 @@ function vpn_generate_keys {
fi fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
create_user_vpn_key ${MY_USERNAME} create_user_vpn_key "${MY_USERNAME}"
} }
function install_vpn { function install_vpn {
prefix= prefix=
prefixchroot= prefixchroot=
if [ $rootdir ]; then if [ "$rootdir" ]; then
prefix=$rootdir prefix=$rootdir
prefixchroot="chroot $rootdir" prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@ -668,50 +676,50 @@ function install_vpn {
$prefixchroot useradd -r -s /bin/false -g vpn vpn $prefixchroot useradd -r -s /bin/false -g vpn vpn
# server configuration # server configuration
echo 'port 1194' > $prefix/etc/openvpn/server.conf { echo 'port 1194';
echo 'proto tcp' >> $prefix/etc/openvpn/server.conf echo 'proto tcp';
echo 'dev tun' >> $prefix/etc/openvpn/server.conf echo 'dev tun';
echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf echo 'tun-mtu 1500';
echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf echo 'tun-mtu-extra 32';
echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf echo 'mssfix 1450';
echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf echo 'ca /etc/openvpn/ca.crt';
echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf echo 'cert /etc/openvpn/server.crt';
echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf echo 'key /etc/openvpn/server.key';
echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf echo 'dh /etc/openvpn/dh2048.pem';
echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf echo 'server 10.8.0.0 255.255.255.0';
echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"';
echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf echo "push \"dhcp-option DNS 85.214.73.63\"";
echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf echo "push \"dhcp-option DNS 213.73.91.35\"";
echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf echo 'keepalive 5 30';
echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf echo 'comp-lzo';
echo 'persist-key' >> $prefix/etc/openvpn/server.conf echo 'persist-key';
echo 'persist-tun' >> $prefix/etc/openvpn/server.conf echo 'persist-tun';
echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf echo 'status /dev/null';
echo 'verb 3' >> $prefix/etc/openvpn/server.conf echo 'verb 3';
echo '' >> $prefix/etc/openvpn/server.conf echo ''; } > "$prefix/etc/openvpn/server.conf"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
fi fi
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
mkdir $prefix/etc/openvpn/easy-rsa/keys mkdir "$prefix/etc/openvpn/easy-rsa/keys"
fi fi
# keys configuration # keys configuration
sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
vpn_generate_keys vpn_generate_keys
firewall_enable_vpn firewall_enable_vpn
@ -724,7 +732,7 @@ function install_vpn {
install_stunnel install_stunnel
if [ ! $prefix ]; then if [ ! "$prefix" ]; then
systemctl restart openvpn systemctl restart openvpn
fi fi