diff --git a/img/logo_riot.png b/img/logo_riot.png deleted file mode 100644 index c39de76e..00000000 Binary files a/img/logo_riot.png and /dev/null differ diff --git a/src/freedombone-adduser b/src/freedombone-adduser index 4701f38f..b7a7ca95 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -156,6 +156,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then userdel -r $ADD_USERNAME exit 7 fi + gpg_agent_setup $ADD_USERNAME # add a monkeysphere subkey @@ -239,8 +240,18 @@ if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then echo 'controluser' >> /home/$ADD_USERNAME/.bashrc fi +# fix some gpg strangeness when searching for keys +printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr +if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then + chmod +x /home/$ADD_USERNAME/.gnupg/crls.d +fi + ${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD" + +gpg_agent_enable $ADD_USERNAME + clear + echo $"New user $ADD_USERNAME was created" echo $"Their login password is $NEW_USER_PASSWORD" echo '' diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma index bddb2729..e6af7e43 100755 --- a/src/freedombone-app-pleroma +++ b/src/freedombone-app-pleroma @@ -140,8 +140,46 @@ function expire_pleroma_posts { pleroma_expire_script=/etc/cron.daily/pleroma-expire echo '#!/bin/bash' > $pleroma_expire_script + echo 'cd /etc/postgresql' >> $pleroma_expire_script + echo 'if [ -d /etc/pleroma/tempfiles ]; then' >> $pleroma_expire_script + echo ' rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script + echo 'fi' >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '# make directory to temporarily store local avatars' >> $pleroma_expire_script + echo 'mkdir /etc/pleroma/tempfiles' >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '# get the local avatar files' >> $pleroma_expire_script + echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '# copy the avatar files to a temporary directory' >> $pleroma_expire_script + echo 'arr=( $avatars )' >> $pleroma_expire_script + echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script + echo ' if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script + echo " imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script + echo ' if [ -f $imagefile ]; then' >> $pleroma_expire_script + echo " imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script + echo ' nowdate=$(date +%s)' >> $pleroma_expire_script + echo ' sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script + echo ' daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script + echo " if [ \$daysold -ge ${expire_days_files} ]; then" >> $pleroma_expire_script + echo ' if [ ! -d /etc/pleroma/tempfiles/$imagedir ]; then' >> $pleroma_expire_script + echo ' mkdir /etc/pleroma/tempfiles/$imagedir' >> $pleroma_expire_script + echo ' fi' >> $pleroma_expire_script + echo ' cp -rp $imagefile /etc/pleroma/tempfiles/$imagedir' >> $pleroma_expire_script + echo ' fi' >> $pleroma_expire_script + echo ' fi' >> $pleroma_expire_script + echo ' fi' >> $pleroma_expire_script + echo 'done' >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '# delete old files' >> $pleroma_expire_script echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script - echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '# move avatar files back to uploads' >> $pleroma_expire_script + echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles' >> $pleroma_expire_script + echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads' >> $pleroma_expire_script + echo 'rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script + echo '' >> $pleroma_expire_script + echo '/usr/bin/pleroma-expire-posts 2> /dev/null' >> $pleroma_expire_script chmod +x $pleroma_expire_script # remove any old cron job @@ -624,6 +662,9 @@ function upgrade_pleroma { read_config_param PLEROMA_DOMAIN_NAME read_config_param PLEROMA_EXPIRE_MONTHS + if ! grep -q "/media/" /etc/cron.daily/pleroma-expire; then + rm $pleroma_expire_posts_script + fi if [ ! -f $pleroma_expire_posts_script ]; then expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS fi diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot index 1b1b423b..23f1a16a 100755 --- a/src/freedombone-app-riot +++ b/src/freedombone-app-riot @@ -155,15 +155,6 @@ function riot_download { fi cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs - # customize the login image - if [ -f ~/freedombone/img/logo_riot.png ]; then - cp ~/freedombone/img/logo_riot.png /var/www/$RIOT_DOMAIN_NAME/htdocs/img/logo.png - else - if [ -f /home/$MY_USERNAME/freedombone/img/logo_riot.png ]; then - cp /home/$MY_USERNAME/freedombone/img/logo_riot.png /var/www/$RIOT_DOMAIN_NAME/htdocs/img/logo.png - fi - fi - chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs } diff --git a/src/freedombone-base-email b/src/freedombone-base-email index c15b2958..d11c24e8 100755 --- a/src/freedombone-base-email +++ b/src/freedombone-base-email @@ -1365,7 +1365,8 @@ function configure_gpg { if [[ $(is_completed $FUNCNAME) == "1" ]]; then return fi - apt-get -yq install gnupg + apt-get -yq install gnupg dirmngr + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > ~/.gnupg/S.dirmngr check_email_address_exists @@ -1390,6 +1391,10 @@ function configure_gpg { chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir chmod 700 $gpg_dir chmod 600 $gpg_dir/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$MY_USERNAME/.gnupg/S.dirmngr + if [ -d /home/$MY_USERNAME/.gnupg/crls.d ]; then + chmod +x /home/$MY_USERNAME/.gnupg/crls.d + fi mark_completed $FUNCNAME return fi @@ -1418,6 +1423,10 @@ function configure_gpg { chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir chmod 700 $gpg_dir chmod 600 $gpg_dir/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > $gpg_dir/S.dirmngr + if [ -d $gpg_dir/crls.d ]; then + chmod +x $gpg_dir/crls.d + fi if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then echo $'Importing GPG keys from file' @@ -1466,6 +1475,10 @@ function configure_gpg { cp -r /home/$MY_USERNAME/.gnupg /root/ chmod 700 /root/.gnupg chmod 600 /root/.gnupg/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr + if [ -d /root/.gnupg/crls.d ]; then + chmod +x /root/.gnupg/crls.d + fi fi mark_completed $FUNCNAME diff --git a/src/freedombone-controlpanel-user b/src/freedombone-controlpanel-user index 894435aa..6940a81d 100755 --- a/src/freedombone-controlpanel-user +++ b/src/freedombone-controlpanel-user @@ -923,6 +923,7 @@ function menu_top_level { } sign_keys +gpg_agent_enable $USER menu_top_level clear . ~/.bashrc diff --git a/src/freedombone-template b/src/freedombone-template new file mode 100755 index 00000000..9026cea8 --- /dev/null +++ b/src/freedombone-template @@ -0,0 +1,650 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# Command to create app templates +# +# License +# ======= +# +# Copyright (C) 2018 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +PROJECT_NAME='freedombone' + +app_name='noapp' +app_name_lower="$(tr '[:upper:]' '[:lower:]' <<< ${app_name:0:1})${app_name:1}" +app_name=$app_name_lower +app_name_upper="$(tr '[:lower:]' '[:upper:]' <<< ${app_name:0:1})${app_name:1}" +app_repo="TODO" +app_repo_commit='TODO' +app_php= +app_node= +your_name='' +your_email='' +SHOW_ON_ABOUT=1 +database_type='' + +function show_help { + echo '' + echo $"${PROJECT_NAME}-template --app [myappname] --php yes -n \"My Name\" -e \"myname@mydomain\" > src/${PROJECT_NAME}-app-myappname" + echo '' + echo $'Creates a new app script which can then be filled in' + echo '' + echo '' + echo $' -h --help Show help' + echo $' -a --app [name] Name of the application' + echo $' -n --name [name] Your name' + echo $' -e --email [address] Your email address' + echo $' -r --repo [url] Git repo url for the app' + echo $' -c --commit [hash] Git commit' + echo $' --node [yes|no] Is this a nodejs app?' + echo $' -p --php [yes|no] Is this a PHP app?' + echo $' -d --database [mariadb|postgresql] Type of database' + echo '' + exit 0 +} + +while [[ $# > 1 ]] +do + key="$1" + + case $key in + -h|--help) + show_help + ;; + -a|--app|--appname) + shift + app_name="$1" + app_name_lower="$(tr '[:upper:]' '[:lower:]' <<< ${app_name:0:1})${app_name:1}" + app_name=$app_name_lower + app_name_upper="$(tr '[:lower:]' '[:upper:]' <<< ${app_name:0:1})${app_name:1}" + ;; + -r|--repo) + shift + app_repo="$1" + ;; + -c|--commit) + shift + app_repo_commit="$1" + ;; + -n|--name) + shift + your_name="$1" + ;; + -e|--email) + shift + your_email="$1" + ;; + -d|--database) + shift + database_type="$1" + ;; + -p|--php) + shift + app_php="$1" + ;; + --node|--nodejs) + shift + app_node="$1" + ;; + *) + # unknown option + ;; + esac + shift +done + +if [[ "$app_name" == 'noapp' ]]; then + show_help + exit 1 +fi + +if [[ "$app_name" == *' '* ]]; then + echo $'app name should not contain any spaces' + exit 2 +fi + +if [[ "$app_name" == *'_'* ]]; then + echo $'app name should not contain any underscore characters' + exit 3 +fi + +if [[ "$app_name" == *'-'* ]]; then + echo $'app name should not contain any hyphen characters' + exit 4 +fi + +if [ ${#app_name} -lt 3 ]; then + echo $'app name should be at least three characters' + exit 5 +fi + +if [ ${#your_name} -lt 2 ]; then + echo $'Specify your name with --name' + exit 6 +fi + +if [ ${#your_email} -lt 3 ]; then + echo $'Specify your email address with --email' + exit 7 +fi + +if [[ "$your_email" != *'@'* ]]; then + echo $"That doesn't look like an email address" + exit 8 +fi + +echo '#!/bin/bash' +echo '#' +echo '# .---. . .' +echo '# | | |' +echo '# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.' +echo "# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'" +echo "# ' ' --' --' -' - -' ' ' -' -' -' ' - --'" +echo '#' +echo '# Freedom in the Cloud' +echo '#' +echo '# License' +echo '# =======' +echo '#' +echo "# Copyright (C) $(date +%Y) ${your_name} <${your_email}>" +echo '#' +echo '# This program is free software: you can redistribute it and/or modify' +echo '# it under the terms of the GNU Affero General Public License as published by' +echo '# the Free Software Foundation, either version 3 of the License, or' +echo '# (at your option) any later version.' +echo '#' +echo '# This program is distributed in the hope that it will be useful,' +echo '# but WITHOUT ANY WARRANTY; without even the implied warranty of' +echo '# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the' +echo '# GNU Affero General Public License for more details.' +echo '#' +echo '# You should have received a copy of the GNU Affero General Public License' +echo '# along with this program. If not, see .' +echo '' +echo "VARIANTS='full full-vim'" +echo '' +echo 'IN_DEFAULT_INSTALL=0' +echo "SHOW_ON_ABOUT=${SHOW_ON_ABOUT}" +echo '' +echo "${app_name_upper}_DOMAIN_NAME=" +echo "${app_name_upper}_CODE=" +echo "${app_name_upper}_ONION_PORT=$(( ( RANDOM % 1000 ) + 9010 ))" +echo "${app_name_upper}_REPO=\"${app_repo}\"" +echo "${app_name_upper}_COMMIT='${app_repo_commit}'" +echo '' +echo "${app_name}=(ONION_ONLY" +echo " ${app_name_upper}_DOMAIN_NAME" +echo " ${app_name_upper}_CODE" +echo ' DDNS_PROVIDER' +echo " MY_USERNAME)" +echo '' +echo "function logging_on_${app_name} {" +echo " echo -n ''" +echo "}" +echo '' +echo "function logging_off_${app_name} {" +echo " echo -n ''" +echo '}' +echo '' +echo "function remove_user_${app_name} {" +echo ' remove_username="$1"' +echo '' +echo " \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}" +echo '}' +echo '' +echo "function add_user_${app_name} {" +echo ' new_username="$1"' +echo ' new_user_password="$2"' +echo '' +echo " \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\"" +echo " echo '0'" +echo '}' +echo '' +echo "function install_interactive_${app_name} {" +echo ' if [ ! $ONION_ONLY ]; then' +echo " ONION_ONLY='no'" +echo ' fi' +echo '' +echo ' if [[ $ONION_ONLY != "no" ]]; then' +echo " ${app_name_upper}_DOMAIN_NAME='${app_name}.local'" +echo " write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\"" +echo ' else' +echo " interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name}_CODE\"" +echo ' fi' +echo ' APP_INSTALLED=1' +echo '}' +echo '' +echo "function change_password_${app_name} {" +echo ' curr_username="$1"' +echo ' new_user_password="$2"' +echo '' +echo " read_config_param '${app_name_upper}_DOMAIN_NAME'" +echo '' +echo " \${PROJECT_NAME}-pass -u \"\$curr_username\" -a ${app_name} -p \"\$new_user_password\"" +echo '}' + +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then + echo '' + echo "function ${app_name}_create_database {" + echo ' if [ -f $IMAGE_PASSWORD_FILE ]; then' + echo " ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf `cat $IMAGE_PASSWORD_FILE`)\"" + echo ' else' + echo " if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then" + echo " ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\"" + echo ' fi' + echo ' fi' + echo " if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then" + echo ' return' + echo ' fi' + echo '' + if [[ "$database_type" != "postgres"* ]]; then + echo " create_database ${app_name} \"\$${app_name_upper}_ADMIN_PASSWORD\" \$MY_USERNAME" + else + echo ' systemctl restart postgresql' + echo " run_system_query_postgresql \"CREATE USER peertube WITH PASSWORD '\$${app_name_upper}_ADMIN_PASSWORD';\"" + echo " run_system_query_postgresql \"CREATE DATABASE ${app_name} OWNER ${app_name};\"" + echo " run_system_query_postgresql \"GRANT ALL PRIVILEGES ON DATABASE ${app_name} to ${app_name};\"" + echo " run_system_query_postgresql \"set statement_timeout to 40000;\"" + fi + echo '}' +fi +echo '' +echo "function reconfigure_${app_name} {" +echo ' # This is used if you need to switch identity. Dump old keys and generate new ones' +echo " echo -n ''" +echo '}' +echo '' +echo "function configure_interactive_${app_name} {" +echo ' while true' +echo ' do' +echo ' data=$(tempfile 2>/dev/null)' +echo ' trap "rm -f $data" 0 1 2 5 15' +echo " dialog --backtitle \$\"Freedombone Control Panel\" \\" +echo " --title \$\"${app_name}\" \\" +echo " --radiolist \$\"Choose an operation:\" 16 70 3 \\" +echo ' 1 $"Option 1" off \' +echo ' 2 $"Option 2" off \' +echo ' 3 $"Exit" on 2> $data' +echo ' sel=$?' +echo ' case $sel in' +echo ' 1) return;;' +echo ' 255) return;;' +echo ' esac' +echo ' case $(cat $data) in' +echo ' 1) # call some function for option 1' +echo ' ;;' +echo ' 2) # call some function for option 2' +echo ' ;;' +echo ' 3) break;;' +echo ' esac' +echo ' done' +echo '}' +echo '' +echo "function upgrade_${app_name} {" +echo " CURR_${app_name_upper}_COMMIT=\$(get_completion_param \"${app_name} commit\")" +echo " if [[ \"\$CURR_${app_name_upper}_COMMIT\" == \"\$${app_name_upper}_COMMIT\" ]]; then" +echo ' return' +echo ' fi' +echo '' +echo " if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then" +echo " ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")" +echo ' fi' +echo '' +echo ' # update to the next commit' +echo " set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO" +echo " chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs" +echo '}' +echo '' +echo "function backup_local_${app_name} {" +echo " ${app_name_upper}_DOMAIN_NAME='${app_name}'" +echo " if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then" +echo " ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")" +echo ' fi' +echo '' +echo " source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs" +echo '' +echo " suspend_site \${${app_name_upper}_DOMAIN_NAME}" +echo '' +echo " dest_directory=${app_name}" +echo ' backup_directory_to_usb $source_directory $dest_directory' +echo '' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo " backup_database_to_usb ${app_name}" + echo '' +fi +if [[ "$database_type" == "postgres"* ]]; then + echo ' USE_POSTGRESQL=1' + echo " backup_database_to_usb ${app_name}" + echo '' +fi +echo ' restart_site' +echo '}' +echo '' +echo "function restore_local_${app_name} {" +echo " if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then" +echo ' return' +echo ' fi' +echo " ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")" +echo " if [ \$${app_name_upper}_DOMAIN_NAME ]; then" +echo " temp_restore_dir=/root/temp${app_name}" +echo " ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs" +echo '' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo " ${app_name}_create_database" + echo '' + echo " restore_database ${app_name}" + echo ' if [ -d $temp_restore_dir ]; then' + echo ' rm -rf $temp_restore_dir' + echo ' fi' + echo '' +fi +if [[ "$database_type" == "postgres"* ]]; then + echo " ${app_name}_create_database" + echo '' + echo ' USE_POSTGRESQL=1' + echo " restore_database ${app_name}" + echo ' if [ -d $temp_restore_dir ]; then' + echo ' rm -rf $temp_restore_dir' + echo ' fi' + echo '' +fi +echo " restore_directory_from_usb \$temp_restore_dir ${app_name}" +echo ' if [ -d $temp_restore_dir ]; then' +echo " if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then" +echo " cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/" +echo ' else' +echo " if [ ! -d \$${app_name}_dir ]; then" +echo " mkdir \$${app_name}_dir" +echo ' fi' +echo " cp -rp \$temp_restore_dir/* \$${app_name}_dir/" +echo ' fi' +echo " chown -R www-data:www-data \$${app_name}_dir" +echo ' rm -rf $temp_restore_dir' +echo ' fi' +echo '' +echo ' fi' +echo '}' +echo '' +echo "function backup_remote_${app_name} {" +echo " ${app_name_upper}_DOMAIN_NAME='${app_name}'" +echo " if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then" +echo " ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")" +echo ' fi' +echo '' +echo " source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs" +echo '' +echo " suspend_site \${${app_name_upper}_DOMAIN_NAME}" +echo '' +echo " dest_directory=${app_name}" +echo ' backup_directory_to_friend $source_directory $dest_directory' +echo '' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo " backup_database_to_friend ${app_name}" +fi +if [[ "$database_type" == "postgres"* ]]; then + echo ' USE_POSTGRESQL=1' + echo " backup_database_to_friend ${app_name}" + echo '' +fi +echo '' +echo ' restart_site' +echo '}' +echo '' +echo "function restore_remote_${app_name} {" +echo " if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then" +echo ' return' +echo ' fi' +echo " ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")" +echo " if [ \$${app_name_upper}_DOMAIN_NAME ]; then" +echo " temp_restore_dir=/root/temp${app_name}" +echo " ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs" +echo '' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo " ${app_name}_create_database" + echo '' + echo " restore_database_from_friend ${app_name}" + echo ' if [ -d $temp_restore_dir ]; then' + echo ' rm -rf $temp_restore_dir' + echo ' fi' + echo '' +fi +if [[ "$database_type" == "postgres"* ]]; then + echo " ${app_name}_create_database" + echo '' + echo ' USE_POSTGRESQL=1' + echo " restore_database_from_friend ${app_name}" + echo ' if [ -d $temp_restore_dir ]; then' + echo ' rm -rf $temp_restore_dir' + echo ' fi' + echo '' +fi +echo " restore_directory_from_friend \$temp_restore_dir ${app_name}" +echo ' if [ -d $temp_restore_dir ]; then' +echo " if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then" +echo " cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/" +echo ' else' +echo " if [ ! -d \$${app_name}_dir ]; then" +echo " mkdir \$${app_name}_dir" +echo ' fi' +echo " cp -rp \$temp_restore_dir/* \$${app_name}_dir/" +echo ' fi' +echo " chown -R www-data:www-data \$${app_name}_dir" +echo ' rm -rf $temp_restore_dir' +echo ' fi' +echo '' +echo ' fi' +echo '}' +echo '' +echo "function remove_${app_name} {" +if [[ "$app_node" == 'yes' ]]; then + echo " remove_nodejs ${app_name}" + echo '' +fi +echo " nginx_dissite \$${app_name_upper}_DOMAIN_NAME" +echo " remove_certs \$${app_name_upper}_DOMAIN_NAME" +echo '' +echo " if [ -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then" +echo " rm -rf /var/www/\$${app_name_upper}_DOMAIN_NAME" +echo ' fi' +echo " if [ -f /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME ]; then" +echo " rm /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME" +echo ' fi' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo " drop_database ${app_name}" +fi +if [[ "$database_type" == "postgres"* ]]; then + echo " drop_database_postgresql ${app_name}" +fi +echo " remove_onion_service ${app_name} \${${app_name_upper}_ONION_PORT}" +echo " if grep -q \"${app_name}\" /etc/crontab; then" +echo " sed -i \"/${app_name}/d\" /etc/crontab" +echo ' fi' +echo " remove_app ${app_name}" +echo " remove_completion_param install_${app_name}" +echo " sed -i '/${app_name}/d' \$COMPLETION_FILE" +echo '' +echo " if grep -q '${app_name}-firewall' /etc/crontab; then" +echo " sed -i '/${app_name}-firewall/d' /etc/crontab" +echo ' fi' +echo '' +echo " remove_ddns_domain \$${app_name_upper}_DOMAIN_NAME" +echo '}' +echo '' +echo "function install_${app_name} {" +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo ' install_mariadb' + echo '' + echo ' get_mariadb_password' + echo '' +fi +if [[ "$database_type" == "postgres"* ]]; then + echo ' install_postgresql' + echo '' +fi +if [[ "$app_node" == 'yes' ]]; then + echo "install_nodejs ${app_name}" +fi +if [[ "$app_php" == 'yes' ]]; then + echo ' apt-get -yq install php-gettext php-curl php-gd php-mysql git curl' + echo ' apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl' + echo '' +fi +echo " if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then" +echo " mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME" +echo ' fi' +echo " if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then" +echo " if [ -d /repos/${app_name} ]; then" +echo " mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo " cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo " cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo ' git pull' +echo ' else' +echo " git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo ' fi' +echo '' +echo " if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then" +echo " echo \$'Unable to clone ${app_name} repo'" +echo ' exit 87525' +echo ' fi' +echo ' fi' +echo '' +echo " cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo " git checkout \$${app_name_upper}_COMMIT -b \$${app_name_upper}_COMMIT" +echo " set_completion_param \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\"" +echo '' +echo " chmod g+w /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" +echo " chown -R www-data:www-data /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs" + +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo '' + echo " ${app_name}_create_database" +fi +echo '' +echo " add_ddns_domain \$${app_name_upper}_DOMAIN_NAME" +echo '' +echo " ${app_name_upper}_ONION_HOSTNAME=\$(add_onion_service ${app_name} 80 \${${app_name_upper}_ONION_PORT})" +echo '' +echo " ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME" +echo ' if [[ $ONION_ONLY == "no" ]]; then' +if [[ "$app_php" == 'yes' ]]; then + echo " nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\"" +else + echo " nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.html\"" +fi +echo " echo 'server {' >> \$${app_name}_nginx_site" +echo " echo ' listen 443 ssl;' >> \$${app_name}_nginx_site" +echo " echo ' listen [::]:443 ssl;' >> \$${app_name}_nginx_site" +echo " echo \" server_name \$${app_name_upper}_DOMAIN_NAME;\" >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +echo " nginx_compress \$${app_name_upper}_DOMAIN_NAME" +echo " echo '' >> \$${app_name}_nginx_site" +echo " echo ' # Security' >> \$${app_name}_nginx_site" +echo " nginx_ssl \$${app_name_upper}_DOMAIN_NAME" +echo '' +echo " nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME" +echo '' +echo " echo ' add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +echo " echo ' # Logs' >> \$${app_name}_nginx_site" +echo " echo ' access_log /dev/null;' >> \$${app_name}_nginx_site" +echo " echo ' error_log /dev/null;' >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +echo " echo ' # Root' >> \$${app_name}_nginx_site" +echo " echo \" root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +if [[ "$app_php" == 'yes' ]]; then + echo " echo ' index index.php;' >> \$${app_name}_nginx_site" + echo " echo ' location ~ \.php {' >> \$${app_name}_nginx_site" + echo " echo ' include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site" + echo " echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site" + echo " echo ' fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site" + echo " echo ' }' >> \$${app_name}_nginx_site" + echo " echo '' >> \$${app_name}_nginx_site" +else + echo " echo ' index index.html;' >> \$${app_name}_nginx_site" +fi +echo " echo ' # Location' >> \$${app_name}_nginx_site" +echo " echo ' location / {' >> \$${app_name}_nginx_site" +echo " nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'" +echo " echo ' try_files \$uri \$uri/ @${app_name};' >> \$${app_name}_nginx_site" +echo " echo ' }' >> \$${app_name}_nginx_site" +echo " echo '}' >> \$${app_name}_nginx_site" +echo ' else' +echo " echo -n '' > \$${app_name}_nginx_site" +echo ' fi' +echo " echo 'server {' >> \$${app_name}_nginx_site" +echo " echo \" listen 127.0.0.1:\$${app_name_upper}_ONION_PORT default_server;\" >> \$${app_name}_nginx_site" +echo " echo \" server_name \$${app_name_upper}_ONION_HOSTNAME;\" >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +echo " nginx_compress \$${app_name_upper}_DOMAIN_NAME" +echo " echo '' >> \$${app_name}_nginx_site" +echo " nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME" +echo " echo '' >> \$${app_name}_nginx_site" +echo " echo ' # Logs' >> \$${app_name}_nginx_site" +echo " echo ' access_log /dev/null;' >> \$${app_name}_nginx_site" +echo " echo ' error_log /dev/null;' >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +echo " echo ' # Root' >> \$${app_name}_nginx_site" +echo " echo \" root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site" +echo " echo '' >> \$${app_name}_nginx_site" +if [[ "$app_php" == 'yes' ]]; then + echo " echo ' index index.php;' >> \$${app_name}_nginx_site" + echo " echo ' location ~ \.php {' >> \$${app_name}_nginx_site" + echo " echo ' include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site" + echo " echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site" + echo " echo ' fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site" + echo " echo ' }' >> \$${app_name}_nginx_site" + echo " echo '' >> \$${app_name}_nginx_site" +else + echo " echo ' index index.html;' >> \$${app_name}_nginx_site" +fi +echo " echo ' # Location' >> \$${app_name}_nginx_site" +echo " echo ' location / {' >> \$${app_name}_nginx_site" +echo " nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'" +echo " echo ' try_files \$uri \$uri/ @${app_name};' >> \$${app_name}_nginx_site" +echo " echo ' }' >> \$${app_name}_nginx_site" +echo " echo '}' >> \$${app_name}_nginx_site" +if [[ "$app_php" == 'yes' ]]; then + echo '' + echo ' configure_php' +fi +echo '' +echo " create_site_certificate \$${app_name_upper}_DOMAIN_NAME 'yes'" +echo '' +echo " nginx_ensite \$${app_name_upper}_DOMAIN_NAME" +echo '' +if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then + echo ' systemctl restart mariadb' +fi +if [[ "$app_php" == 'yes' ]]; then + echo ' systemctl restart php7.0-fpm' +fi +echo ' systemctl restart nginx' +echo '' +echo " \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\"" +echo " set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\"" +echo '' +echo ' APP_INSTALLED=1' +echo '}' +echo '' +echo '# NOTE: deliberately there is no "exit 0"' diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup index 3cbb078d..e3d2a22b 100755 --- a/src/freedombone-utils-backup +++ b/src/freedombone-utils-backup @@ -70,7 +70,8 @@ function configure_backup_key { if [[ $(is_completed $FUNCNAME) == "1" ]]; then return fi - apt-get -yq install gnupg + apt-get -yq install gnupg dirmngr + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > ~/.gnupg/S.dirmngr BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)") if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg index 0553c036..42e985e4 100755 --- a/src/freedombone-utils-gpg +++ b/src/freedombone-utils-gpg @@ -144,10 +144,18 @@ function gpg_set_permissions { if [[ "$key_username" != 'root' ]]; then chmod 700 /home/$key_username/.gnupg chmod -R 600 /home/$key_username/.gnupg/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr + if [ -d /home/$key_username/.gnupg/crls.d ]; then + chmod +x /home/$key_username/.gnupg/crls.d + fi chown -R $key_username:$key_username /home/$key_username/.gnupg else chmod 700 /root/.gnupg chmod -R 600 /root/.gnupg/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr + if [ -d /root/.gnupg/crls.d ]; then + chmod +x /root/.gnupg/crls.d + fi chown -R $key_username:$key_username /root/.gnupg fi } @@ -252,7 +260,38 @@ function gpg_agent_setup { if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf fi - su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username + if [[ "$gpg_username" != "$USER" ]]; then + su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username + else + echo RELOADAGENT | gpg-connect-agent + fi + fi +} + +function gpg_agent_enable { + gpg_username=$1 + + if [[ $gpg_username == 'root' ]]; then + return + else + if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then + sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc + chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc + fi + if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then + sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf + fi + if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then + sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf + fi + if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then + rm /home/$gpg_username/.gnupg/gpg-agent.conf + fi + if [[ "$gpg_username" != "$USER" ]]; then + su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username + else + echo RELOADAGENT | gpg-connect-agent + fi fi } diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys index 70f81c95..086a1162 100755 --- a/src/freedombone-utils-keys +++ b/src/freedombone-utils-keys @@ -264,6 +264,10 @@ function interactive_key_recovery { cp -rf /home/$MY_USERNAME/.gnupg /root chmod 700 /root/.gnupg chmod 600 /root/.gnupg/* + printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr + if [ -d /root/.gnupg/crls.d ]; then + chmod +x /root/.gnupg/crls.d + fi fi } diff --git a/src/freedombone-utils-postgresql b/src/freedombone-utils-postgresql index 8c81a0fe..c41b6e31 100755 --- a/src/freedombone-utils-postgresql +++ b/src/freedombone-utils-postgresql @@ -145,10 +145,7 @@ function run_query_postgresql_with_output { database_name=$1 database_query=$2 cd /etc/postgresql - output=$(sudo -u postgres psql -d $database_name -c << EOF -$database_query -EOF -) + output=$(sudo -u postgres psql -d $database_name -c "$database_query") echo "$output" }